-
Notifications
You must be signed in to change notification settings - Fork 294
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix and improve signer-auth.md & reinitialization-attacks.md & pda-sharing.md & owner-checks.md & closing-accounts.md & arbitrary-cpi.md #372
Conversation
replace "init" with "init_if_needed" for vault field in the struct InitializeVault<'info>. delete unnecessary parameters "accounts()" in the test typescript.
I've reviewed the PR on the other repo, but also forked it (and all branches to https://github.com/solana-developers/solana-signer-auth/ and invited you. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work. Nearly ready to go in. Just some minor bits.
PS - I'm mikemaccana on telegram and x if you want faster responses.
…st typescript. Consistently use "rpc()" in the test typescript. Use InitSpace to calculate space needed for accounts. Update BDD style for the test typescript.
change "token account" in the "Starter" section to "associated token account" change "token account" in the "Add `initialize_pool_secure" section to "associated token account"
Please do the same things:
|
Use InitSpace to calculate space needed for accounts. Use the latest "connection.confirmTransaction()" Delete Unnecessary parameters found in the test typescript. Consistently use "rpc()" as sending transactions in the test typescript.
Replace "BorshDeserialize" and "BorshSerialize" with "AnchorDeserialize" and "AnchorSerialize". Make test descriptions more clear.
Delete the "Secure account closing section" section because “CLOSED_ACCOUNT_DISCRIMINATOR” was removed in the latest version of anchor-lang. Delete "force_defund" because “CLOSED_ACCOUNT_DISCRIMINATOR” was removed in the latest version of anchor-lang. Add the new secure instruction of account closing. Delete Unnecessary parameters found in the test typescript. Change the Logic of closing account "Sets the account discriminator to the `CLOSED_ACCOUNT_DISCRIMINATOR` variant" to "Assigning the owner to the System Program"
Use InitSpace to calculate space needed for accounts.
Update the error message in the section "Run the existing test". Add “--skip-deploy” to the test command. Delete an unnecessary setup in the section "Adding a `local-testing` feature". Delete Unnecessary parameters found in the test typescript.
…-content into program-security
great work @wuuer!
https://github.com/solana-developers/reinitialization-attacks/ https://github.com/Unboxed-Software/solana-duplicate-mutable-accounts PRs need rebasing, as someone else already submitted updates. I could not do https://github.com/Unboxed-Software/solana-owner-checks, see Unboxed-Software/solana-owner-checks#2 |
@mikemaccana |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@wuuer sorry about the wait here - we had a 24-person in-room class with new content in NY, then Rustconf then Breakpoint.
Re: your recent comment, some of your PRs are shortlisted for some lessons but yes, it's much easier to do one PR per lesson as others have done. There's no guarantee that someone that wins one lesson will win another one so we want to be able to merge and review them independently.
After you split them out, link them here with the lesson they are for.
token and nftstoken-program token extensionsprogram securitysigner-auth program optimization |
@@ -1,13 +1,13 @@ | |||
--- | |||
title: Program Configuration | |||
title: Admin configuration |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@wuuer this is great, sorry it's the last big PR and I've just gotten around to reviewing it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the approach of labelling this as 'admin' config, ie program configuration could be per-user config. 👍
We should probably rename it, but maybe we can do that later to not worry about 404s for the old URL
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is some solid work, if you can address the small issues below you'll win at least another one of the bounties.
@@ -1,13 +1,13 @@ | |||
--- | |||
title: Program Configuration | |||
title: Admin configuration |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the approach of labelling this as 'admin' config, ie program configuration could be per-user config. 👍
We should probably rename it, but maybe we can do that later to not worry about 404s for the old URL
"env9Y3szLdqMLU9rXpEGPqkjdvVn8YNHtxYNvCKXmHe.json" | ||
); | ||
let keyData = JSON.parse(rawdata); | ||
let key = anchor.web3.Keypair.fromSecretKey(new Uint8Array(keyData)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just use loadKeypairFromFile()
for this, see https://github.com/solana-developers/helpers
``` | ||
|
||
Boom. Just like that, you've used features to run two different code paths for | ||
different environments. | ||
|
||
#### 4. Program Config | ||
#### 4. admin config |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#### 4. admin config | |
#### 4. Admin config |
@@ -650,7 +640,7 @@ pub mod config { | |||
} | |||
``` | |||
|
|||
#### 5. Program Config State | |||
#### 5. admin config State |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#### 5. admin config State | |
#### 5. Admin config state |
#[account(init, seeds = [SEED_PROGRAM_CONFIG], bump, payer = authority, space = ProgramConfig::LEN)] | ||
pub program_config: Account<'info, ProgramConfig>, | ||
pub struct InitializeAdminConfig<'info> { | ||
#[account(init, seeds = [SEED_ADMIN_CONFIG], bump, payer = authority, space = AdminConfig::LEN)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You only use AdminConfig::LEN once - just remove it and inline
DISCRIMINATOR_SIZE + AdminConfig::INIT_SPACE;
|
||
```typescript | ||
it("Payment completes successfully", async () => { | ||
it("Payment should complete successfully", async () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Grammar is off with these.
Either:
it("should complete successfully"
(if describe was 'payment')
or
test("payment completes sucessfully")
See https://github.com/solana-foundation/developer-content/blob/main/CONTRIBUTING.md#jsts
Do this with all the tests.
|
||
```typescript | ||
it("Update Program Config Account with unauthorized admin (expect fail)", async () => { | ||
it("Admin Config Update with unauthorized admin should throw an exception", async () => { | ||
try { | ||
const tx = await program.methods |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use transaction, instruction, signature, error, etc everywhere. See 'use full names' in https://github.com/solana-foundation/developer-content/blob/main/CONTRIBUTING.md#code
@@ -1027,52 +1024,6 @@ of [the same repository](https://github.com/Unboxed-Software/solana-admin-instr | |||
|
|||
## Challenge | |||
|
|||
Now it's time for you to do some of this on your own. We mentioned being able to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let me know why you got rid of this!
@mikemaccana . As 0xCipherCoder won the lesson Please let me know if there are other PRs of mine left to win the Superteam earn 😉 |
@wuuer I sent you an email with details on your 3 official wins! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a reminder this has won program-security/closing-accounts.md, you can probably remove the changes to other lessons (maybe submit them later) and focus on program-security/closing-accounts.md
This pull request has been automatically marked as stale because it has not had recent activity. Remove stale label or comment or this will be closed in 7 days. |
Problem
signer-auth.md
The way to get the seed "*ctx.bumps.get("vault").unwrap()" is outdated for the latest anchor version.
Unnecessary parameters in "accounts()" in the test typescript.
reinitialization-attacks.md
Magic number found on space calculation
“@project-serum/anchor” is outdated.
The two recommendedInitialization test cases do not use the same method to send transactions.
pda-sharing.md
Magic number found on space calculation.
"token account" in the" Starter" section should refer to "associated token account"
"token account" in the "Add
initialize_pool_secure
instruction" section should refer to "associated token account"Some typescript code is not synced to the project.
owner-checks.md
Magic number found on space calculation.
Unnecessary parameters are found in the test typescript.
Two Different ways to send transactions are found.
duplicate-mutable-accounts.md
Magic number found on space calculation.
"BorshDeserialize" and "BorshSerialize" are outdated.
Test descriptions are not clear enough.
closing-accounts.md
Use InitSpace to calculate space needed for accounts.
Delete "force_defund" because “CLOSED_ACCOUNT_DISCRIMINATOR” was removed in the latest version of anchor-lang
Add the new secure instruction for account closing in the "Secure account closing" section .
Delete Unnecessary parameters found in the test typescript.
Change the Logic of account closing "Sets the account discriminator to the
CLOSED_ACCOUNT_DISCRIMINATOR
variant" to "Assigning the owner of the account to the System Program and rellocating thesize of the account's data with 0 bytes."
arbitrary-cpi.md
The anchor cpi lesson link is invalid.
Magic number found on space calculation.
Summary of Changes
signer-auth.md
Update the latest way to get the seed.
replace "init" with "init_if_needed" for vault field in the struct InitializeVault<'info>.
delete unnecessary parameters "accounts()" in the test typescript.
Update the project repo links.
reinitialization-attacks.md
Use InitSpace to calculate space needed for accounts.
Use "@coral-xyz/anchor" instead of "@project-serum/anchor" for the test typescript.
Consistently use "rpc()" to send transactions in the test typescript.
Update BDD style for the test typescript.
Also, I made a PR for solana-reinitialization-attacks starter branch and a PR for solana-reinitialization-attacks solution branch
which must be sync with this PR.
pda-sharing.md
Use InitSpace to calculate space needed for accounts.
change "token account" in the "Starter" section to "associated token account"
change "token account" in the "Add `initialize_pool_secure" section to "associated token account"
Also, I made a PR for solana-pda-sharing starter branch and a PR for solana-pda-sharing solution branch
which must be synced with this PR.
owner-checks.md
Use InitSpace to calculate space needed for accounts.
Delete Unnecessary parameters found in the test typescript.
Consistently use "rpc()" as sending transactions in the test typescript.
Also, I made a PR for solana-owner-checks starter branch and a PR for solana-owner-checks solution branch
which must be synced with this PR.
duplicate-mutable-accounts.md
Use InitSpace to calculate space needed for accounts.
Replace "BorshDeserialize" and "BorshSerialize" with "AnchorDeserialize" and "AnchorSerialize".
Make test descriptions more clear.
Also, I made a PR for solana-duplicate-mutable-accounts starter branch and a PR for solana-duplicate-mutable-accounts solution branch
which must be synced with this PR.
closing-accounts.md
Use InitSpace to calculate space needed for accounts.
Delete "force_defund" because “CLOSED_ACCOUNT_DISCRIMINATOR” was removed in the latest version of anchor-lang.
Add the new secure instruction for account closing in the "Secure account closing" section.
Change the Logic of closing account "Sets the account discriminator to the
CLOSED_ACCOUNT_DISCRIMINATOR
variant" to "Assigning the owner to the System Program".Also, I made a PR for solana-closing-accounts starter branch and a PR for solana-closing-accounts solution branch
which must be synced with this PR.
arbitrary-cpi.md
Fix the anchor cpi lesson link.
Use InitSpace to calculate space needed for accounts.
Also, I made a PR for solana-arbitrary-cpi starter branch and a PR for solana-arbitrary-cpi solution branch
which must be synced with this PR.