let (address, expected_bump) =
Pubkey::find_program_address(&[key.to_le_bytes().as_ref(), &[bump]], ctx.program_id);
implies that expected_bump != bump.
The reason is that while the Pubkey::create_program_address expects the bump as the last item in the seeds argument, the find_program_address would just use it as another seed and result in a different bump. (See also find_program_address, and create_program_address).
So I think this should be changed to
let (address, expected_bump) =
Pubkey::find_program_address(&[key.to_le_bytes().as_ref()], ctx.program_id);
I think that the following snippet from 7-bump-seed-canonicalization
implies that
expected_bump != bump.The reason is that while the
Pubkey::create_program_addressexpects thebumpas the last item in theseedsargument, thefind_program_addresswould just use it as another seed and result in a different bump. (See also find_program_address, and create_program_address).So I think this should be changed to