On-chain activity
Riverguard
Riverguard automates vulnerability detection in Solana smart contracts through transaction simulation and mutation testing. The system ingests live Solana transactions, applies mutation rules to test for exploitable bugs, and reports findings to contract developers. Riverguard operates continuously on Solana mainnet, analyzing millions of transactions to identify common vulnerability patterns including loss of funds and denial of service issues.
Neodyme Security Services
Smart Contract Audit Services provides comprehensive security assessments of blockchain smart contracts through manual code review and automated analysis. The service specializes in Solana smart contract security with experience auditing DeFi protocols, NFT platforms, liquid staking solutions, and cross-chain protocols. Auditors examine contract code for common vulnerability classes, architectural soundness, economic attack vectors, and authority structure security.
Neodyme news, features & analysis
Matched from published articles, podcasts, and talks using the project name, token name, or token symbol.
-
Asymmetric Research Publishes First STRIDE Findings After 12 Weeks Auditing Solana Protocols
STRIDE audited 40 Solana DeFi protocols: 17% have full logging, 13% mature key management, 9% advanced program defenses. First findings by Asymmetric Research.
-
Security Block: Neodyme - Who Controls Solana's Funds?
According to new research from leading Solana security firm Neodyme, it's actually Squads—a revelation that most DeFi aggregators completely miss. ... At Breakpoint 2025, Sebastian Fritsch, co-founder of Neodyme, presented groundbreaking research into how funds are distributed and controlled across Solana's smart contract ecosystem.
-
Breakpoint 2023: Riverguard - Fishing for Loss of Funds in the Stream of Solana Transactions
Summary At Breakpoint 2023, the co-founders of NEODYME introduced Riverguard, an innovative security tool designed to fish out bugs and vulnerabilities within Solana's blockchain transactions. ... Addressing the common issue of loss of funds due to exploits, the NEODYME team, led by Thomas Lambert and Nico Grundel, detailed their proactive methodology to safeguard all contracts on the Solana network, including closed-source contracts.
-
Breakpoint 2023: An Inside Look into the Past and Future of Solana Security
Summary At Breakpoint 2023, Thomas Lambertz, CEO and co-founder of Neodyme, delivered a comprehensive overview of the evolution of security within the Solana blockchain ecosystem. ... As a security research company specializing in Solana, Neodyme has been instrumental in identifying and mitigating security risks.
-
Breakpoint 2023: A Fireside Chat on Solana Security with Anatoly Yakovenko and Thomas Lambertz
Summary In an insightful conversation, Anatoly Yakovenko, the co-founder of Solana, and Thomas Lambertz, co-founder of Neodyme, delve deep into the nuances of blockchain security, particularly within the Solana ecosystem.
Neodyme
Neodyme is a German cybersecurity firm that has become one of the most trusted security auditors in the Solana ecosystem. Founded in 2021 by Leo and Hendrik — two security researchers who began experimenting with Solana validators in 2020 — the company traces its origins directly to early work on Solana's core code. After reporting multiple critical vulnerabilities to the Solana team in 2021, the Solana Foundation contracted them for sustained source code review work, and Neodyme was formally established to meet that demand.
The company's tagline is "Make Security Your Strength," reflecting a philosophy that security should be a competitive advantage rather than a compliance checkbox. Neodyme operates primarily as a service firm — it holds no token, runs no protocol, and manages no on-chain treasury. Its product is expertise.
Team and Background
Neodyme employs 25 people with an average age of 29. Twenty-two of those are active CTF (Capture The Flag) players — a competitive hacking discipline that rewards finding real vulnerabilities in constrained time windows. Eleven team members are European hacking champions. CEOs Thomas and Tobias M. lead the company day to day, with founding members Leo and Hendrik serving on the board. The research, pentesting, and training divisions are headed by Karla, Alain, and Ruben respectively.
The team's CTF background is not incidental. CTF-trained researchers develop the pattern-recognition and adversarial mindset that translates directly into finding non-obvious vulnerabilities in production code — precisely the kind of subtle issues that automated tools miss. Neodyme earned 20.75 Master of Pwn points at international Pwn2Own competitions in 2022 and 2024, placing them among the top-ranked vulnerability research teams globally.
Services
Neodyme offers four core service lines:
Smart contract audits are their signature offering in the Solana space. Engagements involve manual review of on-chain program code, economic attack modeling, and a structured severity classification system. Their rating methodology distinguishes informational findings from low, medium, high, and critical vulnerabilities, with published reports making the findings transparent to the community.
Penetration testing extends their capabilities beyond on-chain code to web infrastructure, APIs, and backend systems that support blockchain protocols.
Security training ranges from internal team workshops to conference-format sessions. Neodyme delivers training at events including DEF CON and runs a dedicated Solana security workshop at workshop.neodyme.io, which was initially developed for the Solana Breakpoint conference.
Security research and consulting covers proprietary research into new vulnerability classes, including contributions to bug bounty programs and responsible disclosure pipelines.
Solana Ecosystem Work
Neodyme's impact on Solana security is documented across several high-profile disclosures and audits.
In mid-2021, Neodyme researchers discovered a hash collision vulnerability between Solana's Program Derived Addresses (PDAs) and seeded accounts. By crafting inputs where a seeded account's seed and owner matched a PDA's derivation inputs, an attacker could modify what should be protected program vaults. The bug was reported to Solana's team in June 2021 and patched within one day. Separately, Neodyme reported a vulnerability in Solana's durable nonces feature — used for offline transaction signing — through the Solana bug bounty program before any exploitation occurred.
In December 2021, Neodyme performed a coordinated public disclosure of a critical arithmetic flaw in the SPL Token Lending program, a core component of Solana's DeFi infrastructure. A subtle rounding error allowed an attacker to repeatedly borrow a small amount and withdraw a larger rounded-up amount, draining lending pools. At the time of disclosure, roughly $2.6 billion in assets were at risk across protocols built on the program. The disclosure was coordinated with the Solana team before going public.
Over approximately eighteen months of continuous work on Solana core, Neodyme reported more than 80 bugs of varying severity — all responsibly disclosed and subsequently fixed. The company estimates that its work on the Solana blockchain has helped protect more than $50 billion in total value locked.
Named protocol audits include:
- Marinade Finance (2023): Neodyme audited Marinade's liquid staking program and economic model. Their review found clean design and above-average code quality, with no findings above low severity.
- Neon EVM (2023): A comprehensive audit of Neon's launch infrastructure, governance contracts, multisig, and the main EVM execution contract — the component that runs Ethereum-compatible smart contracts on Solana. All findings were resolved before the audit concluded.
- Firedancer v0.1 and v0.4 (2024–2025): Neodyme audited Jump Crypto's Firedancer validator client — an independent reimplementation of the Solana validator in C — across two engagements. The v0.4 audit was conducted over late February and March 2025 by five senior researchers examining different layers of the validator stack. All findings were addressed and verified by Neodyme before public release.
- Drift Protocol: Neodyme conducted a full security audit of the Drift perpetuals trading protocol on Solana.
Research and Open-Source Contributions
Neodyme's research arm publishes technical writing and open-source tooling that has become reference material in the Solana developer community.
Their blog post "Solana Smart Contracts: Common Pitfalls and How to Avoid Them" catalogues five recurring vulnerability classes — missing ownership checks, missing signer checks, integer overflow, arbitrary program invocation, and account type confusion — drawn from patterns observed across dozens of audits. It has become a standard reference for developers learning Solana security.
"How a Little-Known Solana Feature Made Program Vaults Unsafe" details the PDA/seeded account hash collision bug discovered in 2021 and is one of the clearest public write-ups of a core Solana protocol vulnerability.
A December 2024 deep-dive into Solana's consensus mechanism ("Solana Consensus — From Forks to Finality") walked through Proof of History, TowerBFT lockout mechanics, and fork resolution by reading directly from the Agave validator source code. The post noted that Solana lacks formal incentive-compatibility guarantees and that slashing remains unimplemented, relying instead on community-driven validator exclusion.
In May 2025, Neodyme published details of Riverguard, a mutation-based fuzzing framework built specifically to find vulnerabilities in Solana programs.
On the tooling side, the neodyme-labs GitHub organization hosts several widely-used open-source projects: solana-security-txt (390 stars) provides a standardized on-chain security contact format analogous to security.txt on the web; solana-poc-framework (247 stars) is a testing harness for writing proofs of concept for Solana vulnerabilities; solana-ctf (199 stars) is a collection of capture-the-flag challenges for learning Solana security; and SolDragon (78 stars) provides Solana-specific extensions for the Ghidra reverse-engineering suite.
Broader Security Work
While Neodyme's Solana work is its most visible, the firm operates across a wide range of security disciplines. Published research includes analysis of Windows local privilege escalation via COM hijacking, BitLocker encryption weaknesses, endpoint detection and response (EDR) vulnerabilities, router exploitation at Pwn2Own competitions, Widevine L3 DRM reverse engineering, and post-quantum FIDO authentication hardware. Their clients include Solana, Lido Finance, TNG Technology Consulting, and Linde.
Neodyme is headquartered in Germany and can be reached at [email protected].
Contents
- Team and Background
- Services
- Solana Ecosystem Work
- Research and Open-Source Contributions
- Broader Security Work
Solana Token Markets
