zero out voter completely

Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
2022-04-08 14:55:33 +02:00 · 2022-04-08 14:55:33 +02:00 · bb29cb7efc
parent a3771f1d16
commit bb29cb7efc
3 changed files with 44 additions and 27 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -431,18 +431,18 @@ dependencies = [

 [[package]]
 name = "bytemuck"
-version = "1.7.2"
+version = "1.9.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72957246c41db82b8ef88a5486143830adeb8227ef9837740bdec67724cf2c5b"
+checksum = "cdead85bdec19c194affaeeb670c0e41fe23de31459efd1c174d049269cf02cc"
 dependencies = [
 "bytemuck_derive",
 ]

 [[package]]
 name = "bytemuck_derive"
-version = "1.0.1"
+version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e215f8c2f9f79cb53c8335e687ffd07d5bfcb6fe5fc80723762d0be46e7cc54"
+checksum = "562e382481975bc61d11275ac5e62a19abd00b0547d99516a415336f183dcd0e"
 dependencies = [
 "proc-macro2",
 "quote",
--- a/programs/voter-stake-registry/Cargo.toml
+++ b/programs/voter-stake-registry/Cargo.toml
@ -28,6 +28,8 @@ anchor-spl = { version = "0.20.1" }
 # The rev used for spl-governance must match what the fixture binary
 # programs/voter-stake-registry/tests/fixtures/spl_governance.so is built from.

+bytemuck = "1.9.1"
+
 # spl-governance 2.2.0 TODO: Upgrade Anchor to spl-token 3.3.0 to refernce directly 
 spl-governance = { git = "https://github.com/solana-labs/solana-program-library", rev = "4c0bc4c968d5d6feaee18b1c633c636f20d66b15", features = ["no-entrypoint"] }

--- a/programs/voter-stake-registry/src/instructions/close_voter.rs
+++ b/programs/voter-stake-registry/src/instructions/close_voter.rs
@ -1,7 +1,10 @@
+use std::ops::DerefMut;
+
 use crate::error::*;
 use crate::state::*;
 use anchor_lang::prelude::*;
 use anchor_spl::token::{self, CloseAccount, Token, TokenAccount};
+use bytemuck::bytes_of_mut;

 // Remaining accounts must be all the token token accounts owned by voter, he wants to close,
 // they should be writable so that they can be closed and sol required for rent
@ -17,7 +20,8 @@ pub struct CloseVoter<'info> {
        seeds = [voter.load()?.registrar.key().as_ref(), b"voter".as_ref(), voter_authority.key().as_ref()],
        bump = voter.load()?.voter_bump,
        has_one = voter_authority,
-        close = sol_destination)]
+        close = sol_destination
+    )]
    pub voter: AccountLoader<'info, Voter>,

    pub voter_authority: Signer<'info>,
@ -34,31 +38,42 @@ pub struct CloseVoter<'info> {
 pub fn close_voter<'key, 'accounts, 'remaining, 'info>(
    ctx: Context<'key, 'accounts, 'remaining, 'info, CloseVoter<'info>>,
 ) -> Result<()> {
-    let voter = &ctx.accounts.voter.load()?;
-    let amount = voter.deposits.iter().fold(0u64, |sum, d| {
-        sum.checked_add(d.amount_deposited_native).unwrap()
-    });
-    require!(amount == 0, VotingTokenNonZero);
+    {
+        let voter = ctx.accounts.voter.load()?;
+        let amount = voter.deposits.iter().fold(0u64, |sum, d| {
+            sum.checked_add(d.amount_deposited_native).unwrap()
+        });
+        require!(amount == 0, VotingTokenNonZero);

-    let voter_seeds = voter_seeds!(voter);
-    for account in &mut ctx.remaining_accounts.iter() {
-        let token = Account::<TokenAccount>::try_from(&account.clone()).unwrap();
-        require!(token.owner == ctx.accounts.voter.key(), InvalidAuthority);
-        require!(token.amount == 0, VaultTokenNonZero);
+        let voter_seeds = voter_seeds!(voter);
+        for account in &mut ctx.remaining_accounts.iter() {
+            let token = Account::<TokenAccount>::try_from(&account.clone()).unwrap();
+            require!(token.owner == ctx.accounts.voter.key(), InvalidAuthority);
+            require!(token.amount == 0, VaultTokenNonZero);

-        let cpi_accounts = CloseAccount {
-            account: account.to_account_info(),
-            destination: ctx.accounts.sol_destination.to_account_info(),
-            authority: ctx.accounts.voter.to_account_info(),
-        };
-        let cpi_program = ctx.accounts.token_program.to_account_info();
-        token::close_account(CpiContext::new_with_signer(
-            cpi_program,
-            cpi_accounts,
-            &[voter_seeds],
-        ))?;
+            let cpi_accounts = CloseAccount {
+                account: account.to_account_info(),
+                destination: ctx.accounts.sol_destination.to_account_info(),
+                authority: ctx.accounts.voter.to_account_info(),
+            };
+            let cpi_program = ctx.accounts.token_program.to_account_info();
+            token::close_account(CpiContext::new_with_signer(
+                cpi_program,
+                cpi_accounts,
+                &[voter_seeds],
+            ))?;

-        account.exit(ctx.program_id)?;
+            account.exit(ctx.program_id)?;
+        }
+    }
+
+    // zero out voter account to prevent reinit attacks
+    // appease rust borrow checker
+    {
+        let mut voter = ctx.accounts.voter.load_mut()?;
+        let voter_dereffed = voter.deref_mut();
+        let voter_bytes = bytes_of_mut(voter_dereffed);
+        voter_bytes.fill(0);
    }

    Ok(())