crif

A transaction legibility and simulation engine for Solana. Decodes what an instruction actually does, diffs state against live RPC, and detects the exact shape that drained $285 million out of Drift on April 1, 2026.

What it does

Given a serialized versioned transaction, the engine:

1. Fetches pre-state for every writable account via JSON-RPC.
2. Calls simulateTransaction with the accounts config and captures the post-state image.
3. Computes per-account state diffs: lamport delta, owner change, data-length change, raw byte delta.
4. Decodes every top-level instruction through a program-aware registry covering 8 programs and 80+ instructions.
5. Detects durable-nonce transactions from the first instruction and escalates their risk.
6. Flags the Drift 2026 pattern — durable nonce + multisig admin execute — as CRITICAL.
7. Returns a LegibilityReport that is safe to render in any UI or pipe into any automated review.

Design principles

Offline by default. The engine can run without any network access. You pass a base64 transaction and the --offline flag; the decoder and classifier run on the static transaction structure alone. No keys leave the machine. No telemetry.

Program-aware, not signature-aware. There is no heuristic scoring, no ML model, no signal learned from historical attacks. Every verdict is derived from the actual program IDs, instruction discriminators, and account layouts present in the tx.

Fail loud, fail honest. Unknown programs receive a MEDIUM fallback with a "requires human review" reason. Unknown Anchor discriminators receive the same. The engine never silently approves something it does not understand.

Start here