Assessing safety in non-EVM blockchains requires moving beyond Ethereum-centric mental models. While EVM chains share a common execution environment defined by the Ethereum Yellow Paper, non-EVM ecosystems like Solana, Cosmos, Aptos Move, and Sui Move introduce fundamentally different architectures for consensus, state management, and transaction processing. A safety assessment must first map the core components: the virtual machine (VM), the consensus mechanism, the state model, and the native asset (gas) economics. For instance, Solana's parallel execution via Sealevel or Cosmos SDK's ABCI interface present unique failure modes not found in sequential EVM processing.
LABS
Guides
How to Assess Safety Models in Non-EVM Blockchains
A technical guide for developers and researchers to systematically evaluate the security assumptions, consensus mechanisms, and runtime safety of non-EVM blockchains like Solana, Cosmos, Aptos, and Sui.
Chainscore © 2026
introduction
SECURITY GUIDE
Introduction to Non-EVM Safety Assessment
A practical guide to evaluating security models for non-EVM blockchains like Solana, Cosmos, and Aptos, focusing on architectural differences and key risk vectors.
The security model is defined by the interplay between the runtime and the consensus layer. In Cosmos zones, the Tendermint BFT consensus provides instant finality, shifting the security analysis from probabilistic reorganization risks to validator set governance and slashing conditions. For parallel execution engines like Aptos' Block-STM, assess how the runtime handles transaction conflicts and aborts, and whether the state storage model (e.g., Move's resource-oriented global storage) introduces new reentrancy or race condition paradigms. Key questions include: How are fees calculated and prioritized? What are the limits of a single block (compute units vs. gas)? How does the client software validate state transitions?
Smart contract safety diverges significantly based on the underlying programming model. The Move language used by Aptos and Sui enforces linear types and explicit resource ownership at the bytecode level, eliminating whole classes of vulnerabilities like unintentional token duplication or reentrancy common in Solidity. An assessment must verify the correct use of these inherent protections. For Solana's Rust-based programs, auditors focus on CPI (Cross-Program Invocation) security, account privilege validation, and arithmetic overflow, as the runtime provides fewer built-in safeguards. Always review the canonical security documentation for the chain, such as Solana's Security Best Practices.
Node and validator security forms the bedrock of network safety. Evaluate the operational requirements for running a validator: recommended hardware specifications, key management procedures (often involving HSMs), and software update processes. For Proof-of-Stake chains, analyze the slashing conditions for double-signing or downtime, the unbonding period, and the governance processes for parameter changes. A chain's resilience often depends on validator decentralization; examine the distribution of voting power and the barriers to entry for new validators. Tools like the Cosmos Gravity Bridge or Solana's validator setup require specific security configurations that differ from Geth or Erigon nodes.
Finally, integrate these assessments into a holistic view. Map the trust assumptions from the user to the settlement layer. For an appchain in the Cosmos ecosystem, this includes the security of the Cosmos Hub via interchain security, the correctness of the IBC light client, and the appchain's own validator set. Use a structured framework: 1) Architecture Review of core components, 2) Contract/Program Audit for business logic, 3) Node/Validator Configuration check, and 4) Economic & Governance Analysis of staking and upgrades. This systematic approach is essential for navigating the diverse and evolving landscape of non-EVM blockchain security.
prerequisites
PREREQUISITES FOR SECURITY ASSESSMENT
How to Assess Safety Models in Non-EVM Chains
Evaluating the security of non-EVM blockchains requires a foundational understanding of their unique architectures and consensus mechanisms.
Before analyzing a non-EVM chain's safety, you must first understand its core architectural components. Unlike the standardized Ethereum Virtual Machine, non-EVM chains like Solana, Cosmos, or Polkadot have distinct execution environments. Key areas to map include the consensus mechanism (e.g., Solana's Proof of History, Cosmos' Tendermint BFT), the virtual machine or execution layer (e.g., Solana's Sealevel runtime, Cosmos CosmWasm), and the state model (e.g., account-based vs. UTXO-based). This foundational mapping is critical for identifying the attack surface and security assumptions.
Next, you need to analyze the chain's economic security model. This involves examining the tokenomics that secure the network. Assess the staking requirements for validators, the slashing conditions for misbehavior, and the inflation/reward schedules. For example, a Cosmos SDK chain using Tendermint requires validators to bond tokens, which can be slashed for double-signing or downtime. Understanding the cost of attack relative to the potential reward is a fundamental security metric. Tools like the Big Dipper block explorer can help visualize validator sets and staking dynamics.
A crucial prerequisite is establishing the chain's trust assumptions and bridge dependencies. Many non-EVM chains are not isolated; they interact with other ecosystems via bridges. You must identify all canonical and third-party bridges (e.g., IBC for Cosmos, Wormhole for Solana) and assess their security models. Is the bridge validated by the chain's native consensus, or does it rely on its own multi-sig or oracle set? Bridge compromises are a leading cause of exploits, so mapping data flow and trust boundaries is essential for a complete safety assessment.
Finally, you must set up a local development and testing environment. This goes beyond running an EVM node. For a chain like Aptos (Move VM) or Sui, you need to install the specific CLI tools, run a local testnet node, and understand how to deploy and interact with smart contracts in their native languages (Move, Rust for Solana). Being able to execute transactions, query state, and simulate attacks in a controlled environment is the only way to gain practical insight into the chain's operational security and potential vulnerabilities.
assessment-framework
NON-EVM CHAINS
A 5-Step Framework for Safety Assessment
A systematic methodology for evaluating the security of smart contracts on non-EVM chains like Solana, Aptos, and Cosmos.
Assessing smart contract safety on non-EVM chains requires a structured approach, as their architectural differences from Ethereum introduce unique risks. This 5-step framework provides a repeatable methodology for developers and auditors to systematically evaluate security. The steps are: 1) Runtime Environment Analysis, 2) State Model Verification, 3) Transaction Semantics Review, 4) Native Asset & Cross-Program Invocation Audit, and 5) Tooling and Ecosystem Maturity Check. Each step addresses a critical divergence from the EVM paradigm, from account models to fee mechanics.
Step 1: Runtime Environment Analysis. Begin by understanding the chain's execution model. For Solana, analyze the constraints of the Sealevel parallel runtime—how programs are compiled to BPF, the structure of a ProgramDerivedAddress (PDA), and the single-threaded per-transaction execution guarantee. On Aptos, examine the Move VM, focusing on its linear type system for resource safety and the signer type for authorization. Contrast this with Cosmos chains using the CosmWasm module, where WebAssembly (Wasm) sandboxing and a capability-based security model define the attack surface. Misunderstanding the runtime is the root cause of many non-EVM vulnerabilities.
Step 2: State Model Verification. Audit how the contract stores and accesses persistent data. In the EVM, contracts own their storage. In Solana, programs are stateless; all data resides in external Account structures passed via instruction parameters. You must verify: ownership checks (.is_writable, .is_signer), adequate rent-exempt lamports, and correct derivation of PDAs. For Move-based chains (Aptos, Sui), the model revolves around resources—objects stored directly under user accounts. Check that resources are properly packaged and that global storage operations use the correct signer capabilities to prevent unauthorized state creation or deletion.
Step 3: Transaction Semantics Review. Non-EVM chains have fundamentally different transaction formats. A Solana transaction is a bundle of atomic instructions that can call multiple programs. You must audit for cross-program invocation (CPI) order dependencies and ensure that account metas remain consistent throughout. On Cosmos, review the message-based structure and the gas semantics for Wasm execution. A critical check is for reentrancy-like risks that emerge differently; for example, in Solana, a malicious program invoked via CPI could mutate the accounts of the calling program within the same transaction if proper checks are missing.
Step 4: Native Asset & Cross-Program Invocation Audit. Native tokens (like SOL or APT) and token standards (SPL on Solana, Coin on Aptos) are deeply integrated. Assess how the contract handles these assets. For Solana, verify SPL token account ownership transfers and delegate authorities. For CPI, a major risk vector, validate that every invoked program and passed account is validated, and that the instruction data is serialized correctly using the official borsh or scale crate. On Aptos, audit Coin withdrawals and deposits, ensuring acquires keywords are used correctly to prevent double-spend errors at the VM level.
Step 5: Tooling and Ecosystem Maturity Check. The security of a contract is also a function of its ecosystem. Evaluate the available tooling: Is there a mature static analyzer (like cargo-audit for Solana's Rust programs or the Move Prover for Aptos)? Are there battle-tested libraries and program examples from the core team? Scarcity of auditing tools and formal verification frameworks increases risk. Finally, review the chain's security history and governance processes for handling critical bugs. A contract on a chain with a responsive security team and a bug bounty program is inherently safer.
RUNTIME ARCHITECTURES
Non-EVM Runtime Safety Feature Comparison
A comparison of key security mechanisms across major non-EVM execution environments.
| Safety Feature | Solana (Sealevel) | CosmWasm | FuelVM | Move VM (Aptos/Sui) |
|---|---|---|---|---|
Memory Safety Guarantee | ||||
Formal Verification Support | ||||
Default Reentrancy Protection | ||||
Parallel Execution Safety | Runtime-enforced | Single-threaded | Script-based | Type-system enforced |
Transaction Fee Model | Priority-based | Gas metering | Predicate-based | Gas metering |
State Access Control | Account ownership | Message sender | UTXO ownership | Object ownership |
On-Chain Upgrade Mechanism | BPF Loader | Governance vote | Predicate root | On-chain governance |
Native Overflow/Underflow Checks |
key-concepts
SECURITY PRIMER
Core Safety Models in Non-EVM Ecosystems
EVM security models don't translate directly. This guide covers the unique consensus, transaction, and smart contract paradigms you must assess in ecosystems like Solana, Cosmos, and Bitcoin L2s.
audit-process
TECHNICAL AUDIT GUIDE
How to Assess Safety Models in Non-EVM Chains
A practical guide for auditors to evaluate the unique security assumptions, consensus mechanisms, and execution environments of non-EVM blockchains like Solana, Cosmos, and Aptos.
Security audits for non-EVM chains require a fundamental shift in perspective. Unlike the Ethereum Virtual Machine (EVM) ecosystem, where tools and patterns are largely standardized, non-EVM environments introduce distinct architectural paradigms. Your first step is to map the core components: the consensus mechanism (e.g., Proof-of-History, Tendermint BFT), the execution environment (e.g., Solana's Sealevel, Cosmos CosmWasm, Move VM), and the data availability layer. Understanding the trust model of the underlying chain is non-negotiable, as it defines the security guarantees for the applications built on top.
The programming model is your primary attack surface. For a Move-based chain like Aptos or Sui, you must audit for resource-oriented vulnerabilities—ensuring strict ownership rules are enforced and preventing unauthorized resource duplication or deletion. In a CosmWasm smart contract on Cosmos, focus on message-handling logic and inter-contract calls, which differ from Solidity's function-based model. For Solana, audit the interaction between programs and account data structures, checking for improper privilege escalation and rent exemption logic. Always review the chain's native client and SDK for potential injection or deserialization flaws.
Tooling is less mature, demanding a manual, code-first approach. You will often need to write custom scripts to analyze state transitions or simulate complex interactions. For formal verification, leverage chain-specific frameworks like the Move Prover for Aptos. Key areas to scrutinize include cross-program invocations, fee mechanics, validator client diversity, and the handling of chain upgrades (hard forks). Document any deviations from the chain's official specifications, as these can be critical vulnerabilities. Your final report must contextualize findings within the specific non-EVM architecture, explaining risks in terms of its unique safety model.
SECURITY FRAMEWORKS
Platform-Specific Assessment Checklists
Solana Runtime Security
Assess a Solana program's safety by verifying its handling of the runtime environment. Check for proper deserialization of AccountInfo and Program Derived Addresses (PDAs) to prevent account confusion attacks. Validate that the program correctly checks all required account ownership and writability flags.
Key Checks:
- Instruction Data Parsing: Ensure the program safely deserializes instruction data using
anchor-langor robust custom deserializers. - PDA Verification: Confirm PDAs are derived on-chain with the correct seeds and program address to prevent forgery.
- Cross-Program Invocations (CPIs): Audit CPI calls for reentrancy risks and validate that all invoked programs are the expected, immutable versions.
- Compute Budget: Verify the program respects compute unit limits and handles out-of-gas scenarios gracefully to avoid failed transactions that still modify state.
Example of a critical check in an Anchor program:
rust// Ensure the correct signer for a PDA let (pda, bump) = Pubkey::find_program_address(&[b"vault", user.key.as_ref()], program_id); if *pda_account.key != pda { return Err(ProgramError::InvalidArgument); }
NON-EVM NETWORKS
Validator & Network Risk Assessment Matrix
Key security and decentralization metrics for evaluating non-EVM blockchain validators and network architecture.
| Assessment Metric | Cosmos Hub (Tendermint) | Solana (Proof of History) | Polkadot (Nominated PoS) | Aptos (Move-based DiemBFT) |
|---|---|---|---|---|
Validator Set Size | 175 Active Validators | ~2,000 Validators | 297 Active Validators | ~100 Validators |
Minimum Stake | Self-Bond: 1 ATOM Delegated: Varies | No Minimum (Delegation Pools) | Self-Bond: ~200 DOT Nominator: 10 DOT | No Minimum (Stake Pools) |
Slashing Conditions | ||||
Governance-Controlled Upgrades | ||||
Client Diversity | Gaia (Go) Multiple Clients in Dev | Single Client (Solana Labs) | Polkadot (Rust) Multiple Light Clients | Aptos Core (Rust) |
Time to Finality | ~6 seconds | ~400-800 ms | ~12-60 seconds | ~3-4 seconds |
Validator Concentration (Top 10) | ~33% of Voting Power | ~35% of Stake | ~28% of Stake | ~50% of Stake |
Protocol Pause/Safety Mechanism | Governance Halt | Validator Vote to Halt | Technical Committee + Council | On-Chain Governance Vote |
resource-links
DEVELOPER GUIDE
Essential Resources & Tools
These resources help developers and security reviewers assess safety models in non-EVM blockchains. Each card focuses on concrete mechanisms like language guarantees, runtime checks, validator assumptions, and tooling you can use to evaluate real risk.
01
Language-Level Safety Guarantees
Non-EVM chains often rely on programming language restrictions instead of runtime gas semantics to enforce safety. Assessing these guarantees starts with the language spec, not just the VM.
Key areas to evaluate:
- Memory safety and ownership: Rust-based chains like Solana use compile-time borrow checking to prevent reentrancy and memory corruption.
- Resource semantics: Move enforces linear types that prevent asset duplication or accidental loss.
- Undefined behavior boundaries: Understand where
unsafeblocks, native calls, or syscalls bypass protections.
Actionable steps:
- Review the language reference and safety sections.
- Identify which invariants are enforced at compile time vs runtime.
- Look for documented footguns or forbidden patterns.
Language guarantees define the baseline safety model. If the language allows unsafe escapes, contract audits must assume developers can bypass protections.
02
Runtime and Execution Model
Beyond language safety, non-EVM chains differ sharply in execution and runtime architecture. Parallel execution, optimistic concurrency, or UTXO-style accounting change the threat model.
What to examine:
- Transaction ordering: Solana’s Sealevel executes transactions in parallel based on declared account access, reducing but not eliminating race conditions.
- State contention rules: How conflicts are detected, retried, or aborted.
- Atomicity guarantees: Whether cross-program or cross-module calls are fully atomic.
Actionable steps:
- Read runtime documentation describing scheduling and conflict resolution.
- Identify how state locks are expressed and enforced.
- Test adversarial transaction ordering in local validators.
Many exploits in non-EVM systems stem from incorrect assumptions about parallelism rather than classic reentrancy issues.
03
Formal Verification and Static Analysis
Several non-EVM ecosystems prioritize formal verification as part of their safety model. This shifts risk assessment from post-deployment monitoring to pre-deployment proofs.
Examples of what to look for:
- Specification languages: Move Prover allows developers to write invariants like balance conservation.
- Static analyzers: Tools that detect missing checks, unsafe arithmetic, or authority leaks.
- Proof scope: Whether proofs apply to individual modules or entire transaction flows.
Actionable steps:
- Check which verification tools are officially supported.
- Determine if contracts in production actually use them.
- Review the limitations documented by the tool authors.
Formal tools reduce entire classes of bugs, but only if their assumptions match real-world usage. Unverified modules still inherit all standard risks.
04
Consensus and Validator Trust Assumptions
Safety models extend beyond code. Non-EVM chains often rely on different validator and consensus assumptions that affect finality, rollback risk, and censorship resistance.
Key aspects to assess:
- Finality model: Deterministic finality vs probabilistic rollback windows.
- Validator behavior assumptions: Thresholds for safety during equivocation or liveness failures.
- Upgrade authority: Who can halt the chain or upgrade runtime logic.
Actionable steps:
- Read the consensus specification, not just a high-level overview.
- Identify how many faulty or malicious validators break safety.
- Check historical incidents involving halts or rollbacks.
A chain with strong language safety can still be unsafe if its consensus model allows frequent rewrites or centralized intervention.
05
Official Security and Architecture Documentation
Primary documentation is often the most accurate source for understanding a chain’s intended safety model. Non-EVM projects usually document explicit design tradeoffs.
What to focus on:
- Threat models: Sections describing what the protocol does and does not protect against.
- Known limitations: Documented classes of bugs or unsupported patterns.
- Security advisories: Past incidents reveal real failure modes.
Actionable steps:
- Compare the documented model with observed behavior on-chain.
- Cross-reference docs with audit reports or postmortems.
- Track changes across versions to see how safety assumptions evolve.
If the design relies heavily on developer discipline rather than enforced invariants, treat audits and runtime monitoring as mandatory.
NON-EVM SECURITY
Frequently Asked Questions
Common questions from developers evaluating and building on non-EVM blockchains like Solana, Cosmos, Aptos, and others.
The core difference lies in the execution environment and state management. EVM chains use a stack-based virtual machine with persistent storage slots, where contract logic and state are tightly coupled. Non-EVM chains like Solana use a register-based runtime (Sealevel) where programs are stateless and accounts hold data, separating logic from storage. Cosmos chains use the CometBFT consensus engine with application-specific logic built via the ABCI. Aptos and Sui use the Move VM, which enforces strict resource ownership and linear types at the bytecode level to prevent reentrancy and other common vulnerabilities. This architectural shift changes the attack surface, requiring different security auditing approaches.
conclusion
ASSESSING NON-EVM SECURITY
Conclusion and Next Steps
This guide has outlined a framework for evaluating the unique security models of non-EVM blockchains. The next steps involve applying these principles to your specific use case.
Evaluating a non-EVM blockchain's safety is a multi-layered process. You must move beyond the familiar EVM paradigm to assess the consensus mechanism (e.g., Solana's Proof of History, Cardano's Ouroboros), the virtual machine's formal verification capabilities (like Move Prover for Sui/Aptos), and the runtime's security invariants. The key is to understand the security trade-offs inherent in each design choice—higher throughput often requires trusting a smaller validator set, while formal verification can limit developer flexibility.
To put this into practice, start by auditing the on-chain activity. Use a blockchain explorer specific to the chain (like Solana Explorer or Sui Explorer) to examine recent transactions, validator performance, and smart contract interactions. Look for patterns of failed transactions or network congestion. Next, review the core protocol's bug bounty program and public audit reports. A mature project will have undergone multiple audits from firms like Trail of Bits or Kudelski Security, with findings publicly disclosed.
Your assessment should culminate in a risk matrix tailored to your interaction. For a DeFi application on a high-throughput chain, prioritize validator decentralization and oracle reliability. For an NFT project, focus on the immutability guarantees of the underlying ledger and the security of the digital asset standard (e.g., SPL Token vs. Cosmos CW-721). Document the identified risks—such as reliance on a small set of sequencers or novel cryptographic assumptions—and decide if they are acceptable for your asset's value and intended holding period.
The landscape of non-EVM chains is rapidly evolving. To stay current, engage directly with the developer communities on Discord or GitHub, follow core protocol research blogs, and monitor real-time network metrics with tools like Solana Beach for Solana or Mintscan for Cosmos. Continuously testing your assumptions against live network behavior is the most effective way to build confidence in these innovative but complex ecosystems.