✨ CPI Authentication using a World PDA

[notdanilo]

Status	Type	⚠️ Core Change	Issue
Ready	Feature	Yes	#29

Problem

We needed to improve the CPI authentication mechanism to guarantee that the instruction is being called from the World program. We couldn't rely on getting the relative instructions from sysvar because we could only test against the topmost instruction, making it impossible to CPI the World program.

Solution

Use a PDA from the World program as an authentication mechanism.

Greptile Summary

This PR implements a significant security enhancement to the CPI (Cross-Program Invocation) authentication mechanism in the Bolt ECS framework. The change replaces the previous instruction sysvar-based authentication with a World PDA (Program Derived Address) based system.

What Changed:
The PR removes the vulnerable solana_program::sysvar::instructions::get_instruction_relative approach that could only verify the topmost instruction in a transaction. Instead, it introduces a hardcoded World PDA address (B2f2y3QTBv346wE6nWKor72AUhUvFF6mPk7TWCF2QVhi) that serves as a cryptographic proof for legitimate CPI calls.

Key Implementation Details:

• Added CPI_AUTH_ADDRESS constant across TypeScript and C# clients
• Replaced instruction_sysvar_account fields with cpi_auth fields in all instruction account structures
• Updated the World program to generate PDA seeds using World::cpi_auth_seeds() for signing CPI calls
• Modified the bolt-component program to expect cpi_auth as a Signer account
• Updated IDL files with new program address and version bump to 0.2.4

How It Fits in the Codebase:
This change touches the core authentication layer of the Bolt ECS framework, affecting how the World program communicates with component programs. The World program now acts as the sole authority for component operations by providing its PDA signature, ensuring that only legitimate World program instructions can modify components. This maintains the architectural integrity of the ECS system while strengthening security guarantees.

Confidence score: 3/5

• This PR introduces a major security improvement but uses a hardcoded PDA address that could cause issues if not properly coordinated across deployments
• The implementation correctly addresses the identified vulnerability but the hardcoded approach reduces flexibility
• The World program address change in the IDL suggests this may require careful deployment coordination

[greptile-apps]

_{13 files reviewed, no comments}

_{Edit Code Review Bot Settings | Greptile}