ShieldLayer Security was engaged by Solaigen Labs to conduct a comprehensive security audit of the Solaigen Protocol smart contracts deployed on the Solana blockchain. The audit was performed between February 10 and February 19, 2026, covering the presale contract, staking contract, and the $SGEN SPL token contract.
The audit identified a total of 6 findings: 0 critical, 0 high, 2 medium-severity, and 4 informational. All identified issues have been resolved by the Solaigen development team prior to the publication of this final report. The contracts demonstrate a high standard of security engineering and adherence to Solana program development best practices.
Based on our assessment, the overall risk rating for the Solaigen Protocol is LOW. The codebase exhibits well-structured access controls, appropriate use of program-derived addresses (PDAs), and robust error handling throughout. ShieldLayer Security recommends the audited contracts as suitable for mainnet deployment.
The following components were included in the scope of this audit:
Token sale logic, multi-phase transitions with configurable pricing, SOL and USDC payment processing, allocation caps, whitelist mechanics, and emergency pause functionality.
Multi-tier lock mechanisms (7/30/60/90 day), reward rate calculation and distribution, early withdrawal penalty logic, batch reward processing, and admin configuration.
SPL Token-2022 implementation with transfer hooks, mint authority management, metadata integration, and supply controls.
Cross-program invocations (CPI) with SPL Token, Associated Token Account, and System Program. PDA derivation and validation patterns.
a4e7c2fOur audit process followed ShieldLayer Security's standard multi-phase methodology for Solana program security assessments:
Line-by-line review of all Rust source code by two independent senior auditors. Focus areas included access control logic, PDA derivation correctness, CPI safety, arithmetic operations, and error handling completeness.
Execution of proprietary and open-source static analysis tools including Soteria, cargo-audit, and ShieldLayer Security's internal Solana analyzer. Custom rule sets were applied for common Solana vulnerability patterns including missing signer checks, account confusion, and PDA seed collisions.
Randomized input testing using cargo-fuzz targeting the presale purchase, staking deposit, and reward claim instruction handlers. Over 2 million test iterations were executed with custom invariant assertions for balance conservation and state consistency.
Formal verification of critical execution paths including reward calculation correctness, token supply invariants, and authority transition logic. Properties were specified using first-order logic and verified using symbolic execution.
Simulation of staking reward economics under various market conditions, user behavior patterns, and adversarial strategies. Validated that the reward pool remains solvent under maximum stake scenarios across all lock tiers.
A total of 6 findings were identified during the audit. All findings have been resolved by the Solaigen development team.
| ID | Severity | Title | Status |
|---|---|---|---|
| M-01 | Medium | Unchecked arithmetic in reward calculation | RESOLVED |
| M-02 | Medium | Missing re-entrancy guard on claim function | RESOLVED |
| I-01 | Informational | Event emission missing for phase transitions | RESOLVED |
| I-02 | Informational | Gas optimization in batch reward distribution | RESOLVED |
| I-03 | Informational | Redundant authority check in transfer hook | RESOLVED |
| I-04 | Informational | Suggested use of checked_mul for overflow safety | RESOLVED |
The following program addresses have been verified on-chain. Source code is publicly available and matches the audited codebase at the specified commit hash.
anchor verify toolchain.The Solaigen Protocol presale and staking contracts demonstrate a high standard of security engineering. The development team has implemented robust access controls, followed Solana program development best practices, and employed defense-in-depth strategies throughout the codebase.
All 6 findings identified during the audit — including 2 medium-severity issues related to arithmetic safety and re-entrancy protection — have been thoroughly addressed with appropriate fixes, comprehensive test coverage, and thoughtful developer responses. The quality of the remediation work demonstrates the team's commitment to security.
Based on our comprehensive assessment, ShieldLayer Security rates the overall risk of the Solaigen Protocol as LOW and recommends the audited contracts as safe for Solana mainnet deployment.
This report is provided by ShieldLayer Security for informational purposes only. The audit was conducted based on the source code provided by the Solaigen Labs development team at the time of the engagement. ShieldLayer Security does not guarantee the absence of vulnerabilities beyond those identified in this report.
Smart contract security audits are not a substitute for a comprehensive security program. This report does not constitute an endorsement of the underlying business model, economics, or investment potential of the Solaigen Protocol or the $SGEN token. The findings in this report are based on the state of the code at the time of review and may not reflect modifications made after the audit period.
ShieldLayer Security assumes no liability for any losses incurred as a result of the use of the audited smart contracts. Users should conduct their own due diligence and assess risks independently before interacting with any smart contracts or decentralized protocols.
This report is the intellectual property of ShieldLayer Security and is shared with permission from Solaigen Labs. Reproduction or redistribution of this report without attribution is prohibited.
shieldlayer.security · Securing Web3, One Block at a Time
Report ID: BSA-2026-0219-SGEN · Classification: Public