Support

# Missing PDA check The piggy program is designed so that only the PDA derived from the caller can withdraw SOL after some time. But there is a bug in this program. Find the bug and drain SOL from the PDA. # Task 1 - Write your exploit Write your exploit inside [`test`](https://github.com/Cyfrin/solana-course/blob/main/apps/ctf/pda/exercise/tests/test.rs). # Build ```shell cargo build-sbf ``` # Test Your exploit is successful if the test passes. ```shell cargo test -- --nocapture ```

Missing PDA check

The piggy program is designed so that only the PDA derived from the caller can withdraw SOL after some time.

But there is a bug in this program. Find the bug and drain SOL from the PDA.

Task 1 - Write your exploit

Write your exploit inside test.

Build

cargo build-sbf

Test

Your exploit is successful if the test passes.

cargo test -- --nocapture

Missing Pda Check

A tactical challenge to Missing PDA Check - Audit a vulnerable piggy bank smart contract to uncover a critical flaw in address verification. Develop a Rust-based exploit to bypass the intended logic and successfully drain SOL from an insecure Program Derived Address.

Give us feedback

Course Overview

About the course

What you'll learn

Native Rust & Anchor framework

PDAs, CPIs, and SPL Tokens

DeFi builds: oracles, auctions, AMMs

Course Description

Meet your instructors

Tasuku Nakamura

Founder at smartcontract.engineer

Smart contract engineer and educator.

Last updated on January 12, 2026

Thanks for checking us out

Start learning for free

Start for free

Rust Developer

Solana

Section 1: Course Intro

Duration: 8min

Section 2: Core Concepts

Duration: 23min

Section 3: Hello Program

Duration: 4min

Section 4: Oracle

Duration: 2min

Section 5: Piggy Bank

Duration: 4min

Section 6: Dutch Auction

Duration: 11min

Section 7: AMM

Duration: 4min

Section 8: CPI IDL

Duration: 0min

Section 9: Common Bugs

Duration: 0min

1. Missing Signer Check

A security-focused challenge to Missing Signer Checks - Uncover a critical vulnerability in an oracle program that neglects to verify transaction signatures. Write a Rust exploit to bypass ownership controls and update on-chain price data without valid authorization. Reading Time: 0min

2. Missing Authorization Check

A tactical challenge to Missing Authorization Checks - Detect and leverage a critical security oversight where an oracle program fails to validate transaction signers. Construct a Rust-based exploit to bypass ownership restrictions and manipulate on-chain price feeds without permission. Reading Time: 0min

3. Missing Pda Check

4. Missing Rent Cleanup

A tactical challenge to Missing Rent Cleanup - Analyze a vulnerable piggy bank contract to uncover a critical bug in how account rent is managed. Develop a Rust exploit to bypass PDA restrictions and successfully extract the locked SOL. Reading Time: 0min

Give us feedback!

Course Overview

About the course

What you'll learn

Native Rust & Anchor framework

PDAs, CPIs, and SPL Tokens

DeFi builds: oracles, auctions, AMMs

Course Description

Meet your instructors

Tasuku Nakamura

Founder at smartcontract.engineer

Smart contract engineer and educator.

Last updated on January 12, 2026