From c592cc90bcf7d036055a267dcf8abe65ea6eed3b Mon Sep 17 00:00:00 2001 From: techvoyagerX Date: Thu, 12 Sep 2024 06:11:35 -0400 Subject: [PATCH] Add comments explaining vulnerabilities and security measures in PDA-sharing programs --- programs/8-pda-sharing/insecure/src/lib.rs | 4 +++- programs/8-pda-sharing/recommended/src/lib.rs | 18 ++++++++---------- programs/8-pda-sharing/secure/src/lib.rs | 6 ++---- 3 files changed, 13 insertions(+), 15 deletions(-) diff --git a/programs/8-pda-sharing/insecure/src/lib.rs b/programs/8-pda-sharing/insecure/src/lib.rs index 11cf24b..1a6ae1c 100644 --- a/programs/8-pda-sharing/insecure/src/lib.rs +++ b/programs/8-pda-sharing/insecure/src/lib.rs @@ -9,6 +9,8 @@ pub mod pda_sharing_insecure { pub fn withdraw_tokens(ctx: Context) -> ProgramResult { let amount = ctx.accounts.vault.amount; + // Using the mint field as part of the seeds for the PDA, which allows + // an attacker to manipulate the mint value and withdraw funds. let seeds = &[ctx.accounts.pool.mint.as_ref(), &[ctx.accounts.pool.bump]]; token::transfer(ctx.accounts.transfer_ctx().with_signer(&[seeds]), amount) } @@ -39,7 +41,7 @@ impl<'info> WithdrawTokens<'info> { #[account] pub struct TokenPool { vault: Pubkey, - mint: Pubkey, + mint: Pubkey, // Vulnerable because it allows manipulation of the mint field. withdraw_destination: Pubkey, bump: u8, } diff --git a/programs/8-pda-sharing/recommended/src/lib.rs b/programs/8-pda-sharing/recommended/src/lib.rs index 6c094d7..bef4ef1 100644 --- a/programs/8-pda-sharing/recommended/src/lib.rs +++ b/programs/8-pda-sharing/recommended/src/lib.rs @@ -9,10 +9,8 @@ pub mod pda_sharing_recommended { pub fn withdraw_tokens(ctx: Context) -> ProgramResult { let amount = ctx.accounts.vault.amount; - let seeds = &[ - ctx.accounts.pool.withdraw_destination.as_ref(), - &[ctx.accounts.pool.bump], - ]; + // Using the withdraw_destination instead of mint to create the seeds, which is more secure. + let seeds = &[ctx.accounts.pool.withdraw_destination.as_ref(), &[ctx.accounts.pool.bump]]; token::transfer(ctx.accounts.transfer_ctx().with_signer(&[seeds]), amount) } } @@ -20,11 +18,11 @@ pub mod pda_sharing_recommended { #[derive(Accounts)] pub struct WithdrawTokens<'info> { #[account( - has_one = vault, - has_one = withdraw_destination, - seeds = [withdraw_destination.key().as_ref()], - bump = pool.bump, - )] + has_one = vault, + has_one = withdraw_destination, + seeds = [withdraw_destination.key().as_ref()], // Adds PDA security by making sure the seed is deterministic. + bump = pool.bump, + )] pool: Account<'info, TokenPool>, vault: Account<'info, TokenAccount>, withdraw_destination: Account<'info, TokenAccount>, @@ -48,6 +46,6 @@ impl<'info> WithdrawTokens<'info> { pub struct TokenPool { vault: Pubkey, mint: Pubkey, - withdraw_destination: Pubkey, + withdraw_destination: Pubkey, // The key used to derive the PDA is now secure. bump: u8, } diff --git a/programs/8-pda-sharing/secure/src/lib.rs b/programs/8-pda-sharing/secure/src/lib.rs index 066be29..d7466e2 100644 --- a/programs/8-pda-sharing/secure/src/lib.rs +++ b/programs/8-pda-sharing/secure/src/lib.rs @@ -9,10 +9,8 @@ pub mod pda_sharing_secure { pub fn withdraw_tokens(ctx: Context) -> ProgramResult { let amount = ctx.accounts.vault.amount; - let seeds = &[ - ctx.accounts.pool.withdraw_destination.as_ref(), - &[ctx.accounts.pool.bump], - ]; + // Withdraw using PDA derived from withdraw_destination for secure withdrawal. + let seeds = &[ctx.accounts.pool.withdraw_destination.as_ref(), &[ctx.accounts.pool.bump]]; token::transfer(ctx.accounts.transfer_ctx().with_signer(&[seeds]), amount) } }