{"id":1118,"date":"2025-08-26T14:16:07","date_gmt":"2025-08-26T12:16:07","guid":{"rendered":"https:\/\/ackee.xyz\/blog\/?p=1118"},"modified":"2025-08-26T14:23:06","modified_gmt":"2025-08-26T12:23:06","slug":"trident-brings-manually-guided-fuzzing-to-solana","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/trident-brings-manually-guided-fuzzing-to-solana\/","title":{"rendered":"Trident Brings Manually Guided Fuzzing to Solana"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Until recently, Solana developers had virtually no access to fuzzing tools. While Ethereum has a mature fuzzing ecosystem, Solana&#8217;s security testing has so far consisted primarily of unit tests, integration tests, and academic research tools that are not production-ready.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><a href=\"https:\/\/usetrident.xyz\" target=\"_blank\" rel=\"noopener\">Trident<\/a> changes this by bringing the most advanced smart contract fuzzing technique, <a href=\"https:\/\/ackee.xyz\/blog\/introducing-manually-guided-fuzzing-a-new-approach-in-smart-contract-testing\/\" target=\"_blank\" rel=\"noopener\">Manually Guided Fuzzing (MGF)<\/a>, directly to Solana programs. This enables Solana developers to enjoy the best fuzzing methodology for security testing.<\/span><\/p>\n<h2><b>Guided Discovery Instead of Brute Force<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Unit and integration tests provide essential ground-level protection, but they miss complex edge cases. Traditional black-box fuzzing attempts to explore the entire state space through brute force, but Solana programs&#8217; state space is too large to search completely.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The key issue is that black-box fuzzers either stop at arbitrary points, or implement heuristics to guide exploration. Both approaches miss critical vulnerabilities.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Instead of relying on algorithmic heuristics, MGF enables developers and security researchers to:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Target known attack patterns<\/b><span style=\"font-weight: 400;\"> by testing scenarios based on real vulnerability research,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Simulate attacker behavior<\/b><span style=\"font-weight: 400;\"> through crafted instruction sequences that mirror actual exploits,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Focus on protocol-specific risks,<\/b><span style=\"font-weight: 400;\"> addressing a given system&#8217;s unique attack surface,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Achieve deterministic coverage<\/b><span style=\"font-weight: 400;\"> \u2013 ensuring critical edge cases receive testing attention.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">This approach has proven effective in our Ethereum security work, consistently discovering vulnerabilities that other automated approaches and manual audits miss.<\/span><\/p>\n<h2><b>Solana Needs Specialized Fuzz Testing<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Solana&#8217;s execution model is different from Ethereum&#8217;s EVM in state management. Unlike Ethereum contracts that maintain internal persistent storage, Solana programs are stateless executables that operate on external accounts passed in each transaction. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">This separation enables Solana&#8217;s parallel processing capabilities but introduces specific types of vulnerabilities. Generic fuzzing tools miss these unique attack vectors.<\/span><\/p>\n<h3><b>Account-Based State Management<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Solana programs must explicitly validate every account provided in a transaction, creating opportunities for account confusion attacks. A program might assume an account is one of its owned Program Derived Addresses (PDAs) when an attacker has actually provided a malicious substitute.<\/span><\/p>\n<p><b>Example vulnerability pattern:<\/b><\/p>\n<pre><code class=\"language-rust\">\/\/ Vulnerable: No ownership verification\n\npub fn process_instruction(\n\n\u00a0\u00a0\u00a0\u00a0program_id: &amp;Pubkey,\n\n\u00a0\u00a0\u00a0\u00a0accounts: &amp;[AccountInfo],\n\n\u00a0\u00a0\u00a0\u00a0instruction_data: &amp;[u8],\n\n) -&gt; ProgramResult {\n\n\u00a0\u00a0\u00a0\u00a0let vault_account = &amp;accounts[0]; \/\/ Assumes this is the correct vault\n\n\u00a0\u00a0\u00a0\u00a0\/\/ Process without verifying vault_account.owner == program_id\n\n}<\/code><\/pre>\n<p><span style=\"font-weight: 400;\">Black-box fuzzing cannot systematically discover these vulnerabilities because it doesn&#8217;t account for expected account relationships. MGF defines specific flows that test account substitution scenarios.<\/span><\/p>\n<h3><b>Parallel Execution and Race Conditions<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Solana&#8217;s Sealevel runtime executes transactions concurrently when they don&#8217;t conflict on account access. While account locking prevents basic race conditions, subtle timing issues can still emerge, particularly around multi-instruction transactions and cross-program invocations (CPIs).<\/span><\/p>\n<h3><b>Cross-Program Invocation Complexities<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Solana programs frequently invoke other programs through CPIs, creating complex transaction flows. A single user transaction can pack multiple instructions across different programs, with each potentially calling back to others. This creates Solana-specific attack surfaces, such as arbitrary CPI vulnerabilities where programs fail to validate the target program ID.<\/span><\/p>\n<h2><b>Solana-Specific Attack Vectors for MGF<\/b><\/h2>\n<p><b>Account Revival<\/b><span style=\"font-weight: 400;\">: The<\/span> <a href=\"https:\/\/solana.com\/developers\/courses\/program-security\/closing-accounts\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">account closure and revival attack<\/span><\/a><span style=\"font-weight: 400;\"> occurs when programs close accounts by zeroing lamports without proper marking. Attackers can &#8220;revive&#8221; accounts within the same transaction by transferring lamports back.<\/span><\/p>\n<p><b>MGF Flow Example:<\/b><\/p>\n<pre><code class=\"language-python\"># Flow 1: Close account (zeroes lamports)\ndef flow_close_account():\n    close_user_stake_account(attacker_account)\n\n# Flow 2: Revive account (same transaction)\ndef flow_revive_account():\n    system_transfer(attacker, closed_account, 1_lamport)\n\n# Flow 3: Exploit revived account\ndef flow_exploit_revived():\n    claim_rewards(closed_account)  # Should fail but might succeed\n\n# Invariant: Closed accounts should not be reusable\n@invariant\ndef account_closure_invariant():\n    assert closed_accounts_are_not_exploitable()\n<\/code><\/pre>\n<p><b>Missing Signer Checks<\/b><span style=\"font-weight: 400;\">:<\/span> <a href=\"https:\/\/arxiv.org\/abs\/2309.03006\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">FuzzDelSol research<\/span><\/a><span style=\"font-weight: 400;\"> found this vulnerability class in numerous deployed programs where critical operations proceeded without proper signer verification.<\/span><\/p>\n<p><b>Arbitrary CPI Attacks<\/b><span style=\"font-weight: 400;\">: Programs allowing user-specified program IDs create attack vectors through malicious programs mimicking legitimate interfaces.<\/span><\/p>\n<p><b>Vulnerable pattern:<\/b><\/p>\n<pre><code class=\"language-rust\">\/\/ Dangerous: User-controlled program_id\ninvoke(\n    &amp;token_instruction,\n    &amp;[\n        user_provided_token_program.clone(), \/\/ Attacker controls this\n        source_account.clone(),\n        dest_account.clone(),\n    ],\n)?;\n<\/code><\/pre>\n<h2><b>Solana Fuzzing Toolings<\/b><\/h2>\n<h3><b>Trident: The first fuzzing framework for Solana programs written in Rust<\/b><\/h3>\n<p><a href=\"https:\/\/usetrident.xyz\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Trident 0.11.0<\/span><\/a><span style=\"font-weight: 400;\"> is a major step forward in Solana security testing. While Ethereum has had Manually Guided Fuzzing for years, Solana developers previously lacked native tooling for this advanced testing approach. Trident brings the most sophisticated smart contract testing technique directly to Solana&#8217;s execution model.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Where black-box fuzzing relies on statistical sampling to find vulnerabilities, Trident enables systematic attack scenario construction. This targeted approach has already discovered vulnerabilities in leading Solana protocols, demonstrating the power of guided discovery over brute force.<\/span><\/p>\n<p><b>Why Use Trident:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>SVM-speed execution: <\/b><span style=\"font-weight: 400;\">Optimized for Solana&#8217;s virtual machine performance<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Account model awareness<\/b><span style=\"font-weight: 400;\">: Understands Solana&#8217;s unique state management<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>On-chain data integration<\/b><span style=\"font-weight: 400;\">: Enables testing against realistic blockchain conditions<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Cross-program interaction support<\/b><span style=\"font-weight: 400;\">: Handles complex CPI scenarios<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Property-based and stateful fuzzing<\/b><span style=\"font-weight: 400;\">: Provides c<\/span><span style=\"font-weight: 400;\">omprehensive coverage approaches<\/span><\/li>\n<\/ul>\n<p><b>Battle-Tested on Major Protocols:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Trident has been validated through real-world implementations with leading Solana projects:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Wormhole<\/b><span style=\"font-weight: 400;\">: Cross-chain bridge infrastructure testing<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Unstoppable Domains<\/b><span style=\"font-weight: 400;\">: Decentralized domain security validation<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Kamino Finance<\/b><span style=\"font-weight: 400;\">: DeFi protocol vulnerability discovery<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">These deployments demonstrate Trident&#8217;s capability to handle complex, production-grade protocols where security failures could result in significant financial losses.<\/span><\/p>\n<p><b>Alternative tools<\/b><span style=\"font-weight: 400;\">:<\/span> <a href=\"https:\/\/github.com\/anza-xyz\/mollusk\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Mollusk<\/span><\/a><span style=\"font-weight: 400;\"> provides lightweight SVM execution for high-performance scenarios. Custom integrations use RPC interfaces but sacrifice in-process performance benefits.<\/span><\/p>\n<h2><b>Implementation Strategy<\/b><\/h2>\n<h3><b>1. Environment Setup<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">First, set up your testing environment with the Solana toolchain, the Anchor framework, and the chosen fuzzing tools. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">For Trident integration:<\/span><\/p>\n<pre><code class=\"language-shell-session\">cargo install trident-cli\n\ntrident init your-project<\/code><\/pre>\n<h3><b>2. Invariant Implementation<\/b><\/h3>\n<p><b>Invariants<\/b><span style=\"font-weight: 400;\"> are properties that must always hold after any sequence of operations. They&#8217;re security assertions that get checked after each flow execution.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Define invariants that capture essential security properties:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Conservation laws (token balances, reserves)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Access control requirements<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">State consistency across accounts<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Account ownership verification<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">State consistency checks<\/span><\/li>\n<\/ul>\n<h3><b>3. Flow Definition<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">A <\/span><b>flow<\/b><span style=\"font-weight: 400;\"> represents a single test step in a sequence. Think of it as a single transaction or instruction call within a larger attack scenario. Flows allow you to model real-world attack patterns by chaining together specific instructions.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Identify critical instruction sequences based on program functionality and known vulnerability patterns. Focus on multi-instruction transactions that could expose race conditions or state inconsistencies.<\/span><\/p>\n<h3><b>4. Coverage Strategy<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Ensure fuzzing campaigns cover:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">All public instructions with varied parameters<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Multi-instruction transaction patterns<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Account substitution scenarios<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">CPI interaction patterns<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Edge cases around rent, compute limits<\/span><\/li>\n<\/ul>\n<h2><b>Advanced Techniques and Considerations<\/b><\/h2>\n<h3><b>Differential Testing with Off-Chain Models<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Implement simplified models of complex mathematical operations in high-level languages for comparison against on-chain implementations. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">This technique proved effective in identifying precision errors in Solidity libraries and applies equally to Solana programs handling financial calculations.<\/span><\/p>\n<h3><b>Fork Testing Adaptation<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">While Solana doesn&#8217;t support direct mainnet forking like Ethereum&#8217;s Anvil, developers can clone specific mainnet accounts into test environments. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">This enables testing against realistic on-chain data while maintaining the safety of a test environment.<\/span><\/p>\n<h3><b>Performance and Computational Considerations<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Solana&#8217;s compute budget limits impose practical constraints on fuzzing scenarios. Design flows to remain within realistic transaction compute limits while still exercising critical code paths. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Consider using Mollusk for high-iteration scenarios where performance is a priority.<\/span><\/p>\n<h2><b>Best Practices and Limitations<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Manually Guided Fuzzing on Solana requires a deep understanding of both the program logic and Solana&#8217;s execution model. The technique excels at finding complex interaction bugs but depends heavily on the quality of defined flows and invariants.<\/span><\/p>\n<p><b>Key limitations of MGF:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Requires significant manual effort and expertise<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">May miss vulnerabilities outside defined flow scenarios<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Performance constraints limit iteration counts for complex scenarios<\/span><\/li>\n<\/ul>\n<p><b>Mitigation strategies:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Combine MGF with broad coverage-guided fuzzing for baseline coverage<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Regularly update flows based on new vulnerability research<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Integrate static analysis tools like<\/span><a href=\"https:\/\/solana.com\/de\/docs\/toolkit\/test-suite\/security-scanner\" target=\"_blank\" rel=\"noopener\"> <span style=\"font-weight: 400;\">Sec3&#8217;s X-Ray<\/span><\/a><span style=\"font-weight: 400;\"> for comprehensive coverage<\/span><\/li>\n<\/ul>\n<h2><b>Conclusion<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Solana&#8217;s architecture requires specialized security approaches. MGF transforms testing from hundreds of individual integration tests to systematic attack vector validation, discovering vulnerabilities that existing methods miss.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Success requires understanding Solana&#8217;s unique characteristics and relevant attack vectors. The payoff is systematic discovery of subtle vulnerabilities before production deployment.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The security of the Solana ecosystem depends on proactive testing approaches that can keep pace with increasingly sophisticated protocols. Trident provides the foundation for building that security into your development workflow from day one.<\/span><\/p>\n<h2><b>Start Securing Your Solana Programs Today<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Trident makes Manually Guided Fuzzing accessible to any Solana development team. The framework is open source and designed to evolve with your security needs, from basic fuzzing to guided precision testing.<\/span><\/p>\n<p><b>Get Started:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Install<\/b><span style=\"font-weight: 400;\">: <code class=\"codehl\">cargo install trident-cli<\/code><\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Website<\/b><span style=\"font-weight: 400;\">: <\/span><a href=\"https:\/\/usetrident.xyz\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/usetrident.xyz\/<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>GitHub Repository<\/b><span style=\"font-weight: 400;\">:<\/span><a href=\"https:\/\/github.com\/Ackee-Blockchain\/trident\" target=\"_blank\" rel=\"noopener\"> <span style=\"font-weight: 400;\">https:\/\/github.com\/Ackee-Blockchain\/trident<\/span><\/a><\/li>\n<\/ul>\n<h2><b>Additional Resources<\/b><\/h2>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/solana.com\/developers\/courses\/program-security\/closing-accounts\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Solana Program Security Model<\/span><\/a><span style=\"font-weight: 400;\">: Official documentation on account closure and other security considerations<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/github.com\/Ackee-Blockchain\/solana-common-attack-vectors\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Solana Common Attack Vectors<\/span><\/a><span style=\"font-weight: 400;\">: Community-maintained repository of typical Solana vulnerabilities<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/arxiv.org\/abs\/2309.03006\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">FuzzDelSol Research<\/span><\/a><span style=\"font-weight: 400;\">: Academic paper detailing Solana-specific fuzzing approaches and bug discovery<\/span><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Until recently, Solana developers had virtually no access to fuzzing tools. While Ethereum has a mature fuzzing ecosystem, Solana&#8217;s security testing has so far consisted primarily of unit tests, integration tests, and academic research tools that are not production-ready. Trident changes this by bringing the most advanced smart contract fuzzing technique, Manually Guided Fuzzing (MGF), directly to Solana programs. This enables Solana&hellip;<\/p>\n","protected":false},"author":30,"featured_media":1120,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[61,5,113],"tags":[123,64,6,114],"class_list":["post-1118","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education","category-solana","category-trident","tag-developer-tooling","tag-security","tag-solana","tag-trident"],"aioseo_notices":[],"featured_image_src":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/08\/trident-fuzzing-cover-600x400.png","featured_image_src_square":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/08\/trident-fuzzing-cover-600x600.png","author_info":{"display_name":"Tom\u00e1\u0161 Kova\u0159\u00edk","author_link":"https:\/\/ackee.xyz\/blog\/author\/tomas-kovarik\/"},"_links":{"self":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/1118","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/users\/30"}],"replies":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/comments?post=1118"}],"version-history":[{"count":0,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/1118\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media\/1120"}],"wp:attachment":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media?parent=1118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/categories?post=1118"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/tags?post=1118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}