Smart Contract Security Pre-Audit Checklist 2026 (Solidity + Solana)

The exact pre-audit checklist an independent security researcher runs on Solidity and Solana code before a paid audit.

A formal audit costs $30k to $200k and the clock is running. Every hour spent on issues you could have caught yourself is money burned. Clear this checklist first and you walk into your audit deeper and cheaper.

What's inside (22 sections, EVM + Solana):

PART A, Solidity / EVM:

- Access control, reentrancy, oracles and pricing

- Accounting and rounding, ERC-4626 vaults, liquidations

- Cross-chain and bridges, upgradeability, token compliance

- Tests, invariants, coverage and pre-audit hygiene

PART B, Solana (Anchor / native Rust):

- Signer and authority checks, account ownership and type checks

- PDA derivation and bumps, Cross-Program Invocation safety

- Anchor constraints, checked arithmetic, oracle staleness

- Token-2022 pitfalls, account lifecycle, invariants and fuzzing

Each item is a yes/no. Every "no" is a fix or a one-line justification you hand the auditors.

By DanWave, independent smart contract security researcher.

Portfolio: github.com/1DanWave2/audit-portfolio