fix(audit): N1 use auth_bump, N2 validate system_program, N3 check RP…#28
Merged
Conversation
… ID hash
N1: Use client-provided auth_bump with create_program_address instead of
find_program_address for efficiency and proper validation
N2: Add system_program ID validation in all processors:
- create_wallet.rs
- create_session.rs
- manage_authority.rs
- transfer_ownership.rs
N3: Add explicit RP ID hash verification in Secp256r1 authenticator:
- Compute SHA256 of user-provided rp_id
- Compare against stored rp_id_hash for defense in depth
- Completely remove sdk/ directory (temporary removal per user request) - Add tests-e2e/src/scenarios/audit_validations.rs for N1/N2/N3 tests - Fix all E2E tests to use correct auth_bump from find_program_address - Fix failures.rs account order to match program expectation Note: CreateWallet tests pass with new N1/N2 fixes. Execute tests need separate investigation for UnsupportedProgramId error (unrelated to audit).
- Fix happy_path.rs compact instruction indices (program_id_index 0→4, accounts 1,2→5,6) - Fix manage_authority.rs Secp256r1 space calculation (add 4-byte counter prefix) - Fix failures.rs signing (remove owner_keypair from sign) - All Happy Path tests now pass - Failures scenarios 1-2 now pass
- Fix failures.rs Scenario 4 (Session Expiry): use warp_to_slot to ensure expiry - Fix failures.rs Scenario 5 (Admin Perms): fix instruction data and account order - Fix cross_wallet_attacks.rs: fix instruction data and signing keypairs - Add warp_to_slot to TestContext - All E2E tests PASS
- Replace hardcoded rent constants with Rent::minimum_balance(space) in manage_authority.rs - Use Rent sysvar in all AddAuthority logic (program + tests) - Update TEST_ISSUES.md
onspeedhp
added a commit
that referenced
this pull request
Apr 7, 2026
fix(audit): N1 use auth_bump, N2 validate system_program, N3 check RP…
onspeedhp
added a commit
that referenced
this pull request
Apr 7, 2026
fix(audit): N1 use auth_bump, N2 validate system_program, N3 check RP…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
… ID hash
N1: Use client-provided auth_bump with create_program_address instead of
find_program_address for efficiency and proper validation
N2: Add system_program ID validation in all processors:
- create_wallet.rs
- create_session.rs
- manage_authority.rs
- transfer_ownership.rs
N3: Add explicit RP ID hash verification in Secp256r1 authenticator:
- Compute SHA256 of user-provided rp_id
- Compare against stored rp_id_hash for defense in depth