Fix CPI Guard bypass: block close_authority set to None during CPI#1237
Open
victorchukwuemeka wants to merge 1 commit into
Open
Fix CPI Guard bypass: block close_authority set to None during CPI#1237victorchukwuemeka wants to merge 1 commit into
victorchukwuemeka wants to merge 1 commit into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
In
processor.rs:772, the CPI Guard check forAuthorityType::CloseAccountrequiresnew_authority.is_some():if cpi_guard.lock_cpi.into() && in_cpi() && new_authority.is_some() {
return Err(TokenError::CpiGuardSetAuthorityBlocked.into());
}
This means setting
close_authority = Noneduring CPI bypasses the CPI Guard entirely. TheAccountOwnerpath (line 737) does not have this condition.Per the CPI Guard spec,
SetAuthorityshould only allow removing an existing close authority during CPI -- but the guard should still be enforced.Fix
Remove
&& new_authority.is_some()soset_authority(CloseAccount, None)is also blocked during CPI when CPI Guard is enabled.Test
test_set_authority_with_cpi_guard_extensioncreates a token account with CPI Guard, enables it, and verifies that settingclose_authorityto bothSomeandNonesucceeds outside CPI (wherein_cpi()returnsfalse). A full CPI-path validation requires running against a Solana validator.