docs: add security section (#2003)

2022-06-25 10:30:17 -04:00 · 2022-06-25 10:30:17 -04:00 · e4dfd34dc5
parent 3cc3d85fa4
commit e4dfd34dc5
2 changed files with 22 additions and 0 deletions
--- a/docs/src/pages/_app.jsx
+++ b/docs/src/pages/_app.jsx
@ -92,6 +92,10 @@ const navigation = [
    title: 'Projects',
    links: [{ title: 'Tic-Tac-Toe', href: '/docs/tic-tac-toe' }],
  },
+  {
+    title: 'Common Security Exploits',
+    links: [{ title: 'Sealevel Attacks', href: '/docs/security-exploits' }]
+  },
 ]

 function getNodeText(node) {
--- a/docs/src/pages/docs/security-exploits.md
+++ b/docs/src/pages/docs/security-exploits.md
@ -0,0 +1,18 @@
+---
+title: Sealevel Attacks
+description: Anchor - Sealevel Attacks
+---
+
+Anchor uses a lot of magic to help eliminate footguns, but if you're shipping anything to mainnet,
+it's important you understand every bit of that magic and the motivation behind it. A list of common
+attacks can be found [here](https://github.com/coral-xyz/sealevel-attacks), providing three different
+examples for each example attack
+
+1. insecure - represents flawed code that may be insecure
+2. secure - represents a fix
+3. recommended - represents a fix with idiomatic Anchor code
+
+Note that none of these examples are not necessarily secure, but they are meant to showcase a specific issue
+and a recommended fix in isolation. One can find some nice explanations of these sealevel attacks
+[here](https://twitter.com/pencilflip/status/1483880018858201090). It's strongly recommended to study each
+of these cases when building protocols on Solana.