From d22346f174f1897026140d24b2b832341831616d Mon Sep 17 00:00:00 2001 From: Samuel Vanderwaal Date: Wed, 3 Jan 2024 12:23:11 -0900 Subject: [PATCH] add seeds checks for asset metadata (#78) * add seeds checks to mip-1 endpoints * add seeds checks to rest of the handlers --- .../mmm/src/instructions/mip1/mip1_deposit_sell.rs | 10 +++++++++- .../mmm/src/instructions/mip1/mip1_withdraw_sell.rs | 10 +++++++++- .../mmm/src/instructions/mip1/sol_mip1_fulfill_buy.rs | 10 +++++++++- .../mmm/src/instructions/mip1/sol_mip1_fulfill_sell.rs | 10 +++++++++- programs/mmm/src/instructions/ocp/ocp_deposit_sell.rs | 9 +++++++++ programs/mmm/src/instructions/ocp/ocp_withdraw_sell.rs | 9 +++++++++ .../mmm/src/instructions/ocp/sol_ocp_fulfill_buy.rs | 9 +++++++++ .../mmm/src/instructions/ocp/sol_ocp_fulfill_sell.rs | 9 +++++++++ programs/mmm/src/instructions/vanilla/deposit_sell.rs | 9 +++++++++ .../mmm/src/instructions/vanilla/sol_fulfill_buy.rs | 9 +++++++++ .../mmm/src/instructions/vanilla/sol_fulfill_sell.rs | 9 +++++++++ 11 files changed, 99 insertions(+), 4 deletions(-) diff --git a/programs/mmm/src/instructions/mip1/mip1_deposit_sell.rs b/programs/mmm/src/instructions/mip1/mip1_deposit_sell.rs index 6b53dcb..618d211 100644 --- a/programs/mmm/src/instructions/mip1/mip1_deposit_sell.rs +++ b/programs/mmm/src/instructions/mip1/mip1_deposit_sell.rs @@ -33,7 +33,15 @@ pub struct Mip1DepositSell<'info> { )] pub pool: Box>, /// CHECK: we will check the metadata in check_allowlists_for_mint(), also checked in cpi - #[account(mut)] + #[account(mut, + seeds = [ + "metadata".as_bytes(), + mpl_token_metadata::ID.as_ref(), + asset_mint.key().as_ref(), + ], + bump, + seeds::program = mpl_token_metadata::ID, + )] pub asset_metadata: UncheckedAccount<'info>, #[account( constraint = asset_mint.supply == 1 && asset_mint.decimals == 0 @ MMMErrorCode::InvalidMip1AssetParams, diff --git a/programs/mmm/src/instructions/mip1/mip1_withdraw_sell.rs b/programs/mmm/src/instructions/mip1/mip1_withdraw_sell.rs index 2b8a5e0..0126e5d 100644 --- a/programs/mmm/src/instructions/mip1/mip1_withdraw_sell.rs +++ b/programs/mmm/src/instructions/mip1/mip1_withdraw_sell.rs @@ -40,7 +40,15 @@ pub struct Mip1WithdrawSell<'info> { /// CHECK: will be checked in cpi asset_master_edition: UncheckedAccount<'info>, /// CHECK: will be checked in cpi - #[account(mut)] + #[account(mut, + seeds = [ + "metadata".as_bytes(), + mpl_token_metadata::ID.as_ref(), + asset_mint.key().as_ref(), + ], + bump, + seeds::program = mpl_token_metadata::ID, + )] pub asset_metadata: UncheckedAccount<'info>, #[account( init_if_needed, diff --git a/programs/mmm/src/instructions/mip1/sol_mip1_fulfill_buy.rs b/programs/mmm/src/instructions/mip1/sol_mip1_fulfill_buy.rs index 2822604..1ce68bc 100644 --- a/programs/mmm/src/instructions/mip1/sol_mip1_fulfill_buy.rs +++ b/programs/mmm/src/instructions/mip1/sol_mip1_fulfill_buy.rs @@ -58,7 +58,15 @@ pub struct SolMip1FulfillBuy<'info> { )] pub buyside_sol_escrow_account: UncheckedAccount<'info>, /// CHECK: we will check the metadata in check_allowlists_for_mint() - #[account(mut)] + #[account(mut, + seeds = [ + "metadata".as_bytes(), + mpl_token_metadata::ID.as_ref(), + asset_mint.key().as_ref(), + ], + bump, + seeds::program = mpl_token_metadata::ID, + )] pub asset_metadata: UncheckedAccount<'info>, #[account( constraint = asset_mint.supply == 1 && asset_mint.decimals == 0 @ MMMErrorCode::InvalidMip1AssetParams, diff --git a/programs/mmm/src/instructions/mip1/sol_mip1_fulfill_sell.rs b/programs/mmm/src/instructions/mip1/sol_mip1_fulfill_sell.rs index 9cca5da..46e6515 100644 --- a/programs/mmm/src/instructions/mip1/sol_mip1_fulfill_sell.rs +++ b/programs/mmm/src/instructions/mip1/sol_mip1_fulfill_sell.rs @@ -64,7 +64,15 @@ pub struct SolMip1FulfillSell<'info> { )] pub buyside_sol_escrow_account: AccountInfo<'info>, /// CHECK: we will check the metadata in check_allowlists_for_mint() - #[account(mut)] + #[account(mut, + seeds = [ + "metadata".as_bytes(), + mpl_token_metadata::ID.as_ref(), + asset_mint.key().as_ref(), + ], + bump, + seeds::program = mpl_token_metadata::ID, + )] pub asset_metadata: UncheckedAccount<'info>, #[account( constraint = asset_mint.supply == 1 && asset_mint.decimals == 0 @ MMMErrorCode::InvalidMip1AssetParams, diff --git a/programs/mmm/src/instructions/ocp/ocp_deposit_sell.rs b/programs/mmm/src/instructions/ocp/ocp_deposit_sell.rs index 7c14fb0..4ddb821 100644 --- a/programs/mmm/src/instructions/ocp/ocp_deposit_sell.rs +++ b/programs/mmm/src/instructions/ocp/ocp_deposit_sell.rs @@ -28,6 +28,15 @@ pub struct OcpDepositSell<'info> { )] pub pool: Box>, /// CHECK: we will check the metadata in check_allowlists_for_mint() + #[account( + seeds = [ + "metadata".as_bytes(), + mpl_token_metadata::ID.as_ref(), + asset_mint.key().as_ref(), + ], + bump, + seeds::program = mpl_token_metadata::ID, + )] pub asset_metadata: UncheckedAccount<'info>, #[account( constraint = asset_mint.supply == 1 && asset_mint.decimals == 0 @ MMMErrorCode::InvalidOcpAssetParams, diff --git a/programs/mmm/src/instructions/ocp/ocp_withdraw_sell.rs b/programs/mmm/src/instructions/ocp/ocp_withdraw_sell.rs index b816120..6ec7050 100644 --- a/programs/mmm/src/instructions/ocp/ocp_withdraw_sell.rs +++ b/programs/mmm/src/instructions/ocp/ocp_withdraw_sell.rs @@ -32,6 +32,15 @@ pub struct OcpWithdrawSell<'info> { )] pub asset_mint: Account<'info, Mint>, /// CHECK: will be checked in cpi + #[account( + seeds = [ + "metadata".as_bytes(), + mpl_token_metadata::ID.as_ref(), + asset_mint.key().as_ref(), + ], + bump, + seeds::program = mpl_token_metadata::ID, + )] pub asset_metadata: UncheckedAccount<'info>, /// CHECK: checked in init_if_needed_ocp_ata #[account(mut)] diff --git a/programs/mmm/src/instructions/ocp/sol_ocp_fulfill_buy.rs b/programs/mmm/src/instructions/ocp/sol_ocp_fulfill_buy.rs index c2c45af..2934955 100644 --- a/programs/mmm/src/instructions/ocp/sol_ocp_fulfill_buy.rs +++ b/programs/mmm/src/instructions/ocp/sol_ocp_fulfill_buy.rs @@ -55,6 +55,15 @@ pub struct SolOcpFulfillBuy<'info> { )] pub buyside_sol_escrow_account: UncheckedAccount<'info>, /// CHECK: we will check the metadata in check_allowlists_for_mint() + #[account( + seeds = [ + "metadata".as_bytes(), + mpl_token_metadata::ID.as_ref(), + asset_mint.key().as_ref(), + ], + bump, + seeds::program = mpl_token_metadata::ID, + )] pub asset_metadata: UncheckedAccount<'info>, #[account( constraint = asset_mint.supply == 1 && asset_mint.decimals == 0 @ MMMErrorCode::InvalidOcpAssetParams, diff --git a/programs/mmm/src/instructions/ocp/sol_ocp_fulfill_sell.rs b/programs/mmm/src/instructions/ocp/sol_ocp_fulfill_sell.rs index f4f16f2..f34ec15 100644 --- a/programs/mmm/src/instructions/ocp/sol_ocp_fulfill_sell.rs +++ b/programs/mmm/src/instructions/ocp/sol_ocp_fulfill_sell.rs @@ -62,6 +62,15 @@ pub struct SolOcpFulfillSell<'info> { )] pub buyside_sol_escrow_account: AccountInfo<'info>, /// CHECK: we will check the metadata in check_allowlists_for_mint() + #[account( + seeds = [ + "metadata".as_bytes(), + mpl_token_metadata::ID.as_ref(), + asset_mint.key().as_ref(), + ], + bump, + seeds::program = mpl_token_metadata::ID, + )] pub asset_metadata: UncheckedAccount<'info>, #[account( constraint = asset_mint.supply == 1 && asset_mint.decimals == 0 @ MMMErrorCode::InvalidOcpAssetParams, diff --git a/programs/mmm/src/instructions/vanilla/deposit_sell.rs b/programs/mmm/src/instructions/vanilla/deposit_sell.rs index 06c7918..e90513a 100644 --- a/programs/mmm/src/instructions/vanilla/deposit_sell.rs +++ b/programs/mmm/src/instructions/vanilla/deposit_sell.rs @@ -32,6 +32,15 @@ pub struct DepositSell<'info> { )] pub pool: Box>, /// CHECK: we will check the metadata in check_allowlists_for_mint() + #[account( + seeds = [ + "metadata".as_bytes(), + mpl_token_metadata::ID.as_ref(), + asset_mint.key().as_ref(), + ], + bump, + seeds::program = mpl_token_metadata::ID, + )] pub asset_metadata: UncheckedAccount<'info>, /// CHECK: we will check the master_edition in check_allowlists_for_mint() pub asset_master_edition: UncheckedAccount<'info>, diff --git a/programs/mmm/src/instructions/vanilla/sol_fulfill_buy.rs b/programs/mmm/src/instructions/vanilla/sol_fulfill_buy.rs index 859707b..923a0b7 100644 --- a/programs/mmm/src/instructions/vanilla/sol_fulfill_buy.rs +++ b/programs/mmm/src/instructions/vanilla/sol_fulfill_buy.rs @@ -62,6 +62,15 @@ pub struct SolFulfillBuy<'info> { )] pub buyside_sol_escrow_account: UncheckedAccount<'info>, /// CHECK: we will check the metadata in check_allowlists_for_mint() + #[account( + seeds = [ + "metadata".as_bytes(), + mpl_token_metadata::ID.as_ref(), + asset_mint.key().as_ref(), + ], + bump, + seeds::program = mpl_token_metadata::ID, + )] pub asset_metadata: UncheckedAccount<'info>, /// CHECK: we will check the master_edtion in check_allowlists_for_mint() pub asset_master_edition: UncheckedAccount<'info>, diff --git a/programs/mmm/src/instructions/vanilla/sol_fulfill_sell.rs b/programs/mmm/src/instructions/vanilla/sol_fulfill_sell.rs index 66e1d63..1e72087 100644 --- a/programs/mmm/src/instructions/vanilla/sol_fulfill_sell.rs +++ b/programs/mmm/src/instructions/vanilla/sol_fulfill_sell.rs @@ -62,6 +62,15 @@ pub struct SolFulfillSell<'info> { )] pub buyside_sol_escrow_account: AccountInfo<'info>, /// CHECK: we will check the metadata in check_allowlists_for_mint() + #[account( + seeds = [ + "metadata".as_bytes(), + mpl_token_metadata::ID.as_ref(), + asset_mint.key().as_ref(), + ], + bump, + seeds::program = mpl_token_metadata::ID, + )] pub asset_metadata: UncheckedAccount<'info>, /// CHECK: we will check the master_edtion in check_allowlists_for_mint() pub asset_master_edition: UncheckedAccount<'info>,