coral-xyz / sealevel-attacks

☠️ Common Security Exploits and Protections on Solana
507 stars 95 forks source link

Error in secure version of 7-bump-seed-canonicalization #9

Closed kodemartin closed 2 years ago

kodemartin commented 2 years ago

I think that the following snippet from 7-bump-seed-canonicalization

        let (address, expected_bump) =
            Pubkey::find_program_address(&[key.to_le_bytes().as_ref(), &[bump]], ctx.program_id);

implies that expected_bump != bump.

The reason is that while the Pubkey::create_program_address expects the bump as the last item in the seeds argument, the find_program_address would just use it as another seed and result in a different bump. (See also find_program_address, and create_program_address).

So I think this should be changed to

        let (address, expected_bump) =
            Pubkey::find_program_address(&[key.to_le_bytes().as_ref()], ctx.program_id);