Mithril
Go-Based Solana Node
Critical / High
Medium
Low / Informative
Report files
Audit lifecycle
Public reports represent completed engagements with finalized deliverables.
Completed
Scheduled
Scope, timeline, and review plan were agreed.
Completed
In Progress
Manual review and verification work were carried out.
Current stage
Completed
The engagement wrapped with a published final report.
Executive Summary
High-level assessment and conclusions
A concise overview of the audit scope, core findings, and the key outcomes from the engagement.
The audit assessed the security and correctness of Mithril, a Go-based Solana full node developed by the Overclock team to improve accessibility and decentralization of validator infrastructure. Commissioned by the Solana Foundation, the audit was conducted by Runtime Verification from 1st of September to 5th of December, 2025, following a two-week extension of the original timeline.
The engagement included a design and codebase review of critical components within a limited scope, using manual inspection, specification generation, and invariant analysis. A comprehensive fuzzing campaign, incorporating both targeted and differential fuzzing, was also performed to identify crashes, invariant violations, and correctness issues. The audit produced findings ranging from critical to informative, including issues identified through fuzzing. Given the size of the codebase and the effectiveness of differential fuzzing late in the engagement, a follow-up audit was recommended to further extend this analysis.
Reports
Download the audit artifacts
Access the published PDF deliverables associated with this engagement.
PDF report 1
Overclock-Validator Mithril Audit.pdf
Download the published report for this engagement.