A thread of 10 vulnerabilities to avoid when writing Solana programs.
We'll go over the Candy Machine creation process from prepping your NFTs, creating Candy Machine, uploading your NFT, validating, and loading it to the frontend.
Discussion on SPL Associated Token Accounts (ATA) and the risks of signing an unknown setAuthority() transaction and maybe a few ways to mitigate the risks
One key Solana innovation is separating executable code from its state. In web2 terminology, you could say a Solana smart contract is a stateless function.
A wallet isn't an actual data struct. It's just a public key. All tokens are stored in "associated" token accounts stored at addresses deterministically found by hashing the wallet and mint addresses