The Solana CPI Security Playbook: 7 Cross-Program Invocation Patterns That Prevent Nine-Figure Exploits

Cross-Program Invocations (CPIs) are the composability backbone of Solana DeFi. They're also where the money disappears. From the Wormhole bridge exploit ($320M) to countless smaller drains, the pattern is almost always the same: a CPI that trusted something it shouldn't have. The program ID wasn't verified. The signer authority was forwarded blindly. The account passed in looked right but wasn't. This playbook distills the seven CPI security patterns every Solana developer needs to internalize before deploying anything that touches real funds. Pattern 1: Always Verify the Target Program ID The vulnerability: Your program invokes what it thinks is the SPL Token program. An attacker substitutes a malicious program that mimics the interface but steals funds. The fix: // ❌ DANGEROUS: No program ID verification pub fn transfer_tokens ( ctx : Context < Transfer > ) -> Result < () > { let cpi_accounts = token :: Transfer { from : ctx .accounts.source .to_account_info (), to : ctx .accounts.d