fix(audit): skip zero-padded destination/puller slots (MULT-8)#36
Merged
dev-jodee merged 5 commits intoApr 28, 2026
Conversation
Compute Unit Report
Generated: 2026-04-28 |
dev-jodee
force-pushed
the
audit/ai-scanner/06-subscribe-terms-binding
branch
from
33dfaf3 to
9a6c2b0
Compare
Plan::check_destination and Plan::can_pull now filter out zero-padded slots before membership tests. A plan with fewer than four configured destinations no longer authorizes a zero-owned receiver, and a plan with fewer than four pullers no longer authorizes a zero-pubkey caller.
dev-jodee
force-pushed
the
audit/ai-scanner/07-filter-zero-destinations
branch
from
b6941f7 to
b916404
Compare
6 tasks
…-10) Webapp exit flows now pass the on-chain payer as receiver when it differs from the connected signer, so sponsor-funded delegations and SubscriptionAuthority accounts can actually be closed. Also migrates revokeSubscription and cancelAndRevokeSubscription from buildRevokeDelegation to buildRevokeSubscription with planPda + receiver, fixing subscription revoke for both sponsor and non-sponsor cases.
…(MULT-9) Stale-delegation cleanup no longer appends a close on the current SubscriptionAuthority. Revoking stale delegations is now scoped to the supplied delegation accounts; the SA stays open and current grants remain valid.
dev-jodee
merged commit 5bb7598
into
audit/ai-scanner/06-subscribe-terms-binding
6 checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Audit finding: MULT-8
Plan::check_destinationandPlan::can_pullchecked membership against the full fixed-size 4-slot arrays, including zero-padded unused slots. A plan with fewer than 4 configured destinations effectively whitelistedPubkey::default()as a valid receiver — a whitelisted puller could route subscription pulls to a same-mint token account owned by the all-zero address, locking funds permanently in an unspendable account.Fix
Filter zero-padded slots before membership tests in both
check_destinationandcan_pull. Defense-in-depth oncan_pulleven though the signer requirement already prevents exploitation there.Test plan
cargo test -p subscriptions --lib(216/216 pass; 3 new unit tests)cargo build -p subscriptionscheck_destination_rejects_zero_owned_receiver_with_partial_whitelistcheck_destination_open_when_all_zerocan_pull_rejects_zero_caller_with_partial_whitelistStack
Stacked on top of #35 (MULT-6).