Discussion on "Building a Transfer Hook Exploit Scanner: Automated Detection of CPI Depth Bombs and Callback Reentrancy in Solana Token-2022"

ohmygod · 2026-03-23T11:27:18.130Z

Solana was supposed to be the chain where reentrancy couldn't happen. No dynamic dispatch. No fallback functions. No receive() callbacks lurking in token transfers. Then Token-2022 transfer hooks arrived, and suddenly Solana programs had the same cal...