blockworks-foundation
/
solana
mirror of https://github.com/blockworks-foundation/solana.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Adds a missing check_number_of_instruction_accounts() in StakeInstruction::Authorize. (#23672)

This commit is contained in:
Alexander Meißner 2022-03-15 15:53:11 +01:00 committed by GitHub
parent 8c4f010b8d
commit e9040d2766
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 26 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
programs/stake/src/stake_instruction.rs
View File

@ -139,6 +139,7 @@ pub fn process_instruction(
me.initialize(&authorized, &lockup, &rent)
}
StakeInstruction::Authorize(authorized_pubkey, stake_authorize) => {
instruction_context.check_number_of_instruction_accounts(3)?;
let require_custodian_for_locked_stake_authorize = invoke_context
.feature_set
.is_active(&feature_set::require_custodian_for_locked_stake_authorize::id());
@ -1501,6 +1502,11 @@ mod tests {
is_signer: false,
is_writable: false,
},
AccountMeta {
pubkey: authority_address,
is_signer: false,
is_writable: false,
},
];
// should fail, uninit
@ -1567,11 +1573,7 @@ mod tests {
// Test a second authorization by the new authority_address
instruction_accounts[0].is_signer = false;
instruction_accounts.push(AccountMeta {
pubkey: authority_address,
is_signer: true,
is_writable: false,
});
instruction_accounts[2].is_signer = true;
let accounts = process_instruction(
&serialize(&StakeInstruction::Authorize(
authority_address_2,
@ -1666,6 +1668,11 @@ mod tests {
is_signer: false,
is_writable: false,
},
AccountMeta {
pubkey: authority_address,
is_signer: false,
is_writable: false,
},
];
// Authorize a staker pubkey and move the withdrawer key into cold storage.
@ -1683,11 +1690,7 @@ mod tests {
// Attack! The stake key (a hot key) is stolen and used to authorize a new staker.
instruction_accounts[0].is_signer = false;
instruction_accounts.push(AccountMeta {
pubkey: authority_address,
is_signer: true,
is_writable: false,
});
instruction_accounts[2].is_signer = true;
let accounts = process_instruction(
&serialize(&StakeInstruction::Authorize(
mallory_address,
@ -1714,7 +1717,7 @@ mod tests {
// Verify the withdrawer (pulled from cold storage) can save the day.
instruction_accounts[0].is_signer = true;
instruction_accounts.pop();
instruction_accounts[2].is_signer = false;
let accounts = process_instruction(
&serialize(&StakeInstruction::Authorize(
authority_address,
@ -1729,11 +1732,11 @@ mod tests {
// Attack! Verify the staker cannot be used to authorize a withdraw.
instruction_accounts[0].is_signer = false;
instruction_accounts.push(AccountMeta {
instruction_accounts[2] = AccountMeta {
pubkey: mallory_address,
is_signer: true,
is_writable: false,
});
};
process_instruction(
&serialize(&StakeInstruction::Authorize(
authority_address,
@ -1973,6 +1976,11 @@ mod tests {
is_signer: false,
is_writable: false,
},
AccountMeta {
pubkey: authority_address,
is_signer: false,
is_writable: false,
},
],
Ok(()),
);
@ -3571,6 +3579,11 @@ mod tests {
is_signer: false,
is_writable: false,
},
AccountMeta {
pubkey: authorized_address,
is_signer: false,
is_writable: false,
},
],
Ok(()),
);