DEVREL-997 Solana OFT wiring: warn when provided address is not the admin/delegate

[nazreen]

Problem

When the owner/delegate of a Solana OFT is a Squads Vault, but wire is ran without the --multisig-key param, the error is unhelpful:

Error: Signature verification failed.
Missing signature for public key [9x3vKSwioT85mPwWFrdR4ZXQoWV2KRyw6EWbWDYeBWCc].

Endpoint: SOLANA_V2_TESTNET
OmniAddress: 5jBe5bLSsm1wXu6YD5KTDyDehFmgUrE4Crw9LyedkWTe
OmniContract: -
Function Name: -
Function Arguments: -

Description: Setting enforced options to [
  {
    "eid": 40231,
    "option": {
      "msgType": 1,
      "options": "0x00030100110100000000000000000000000000013882"
    }
  }
]

Data: 02000306c5e6e695fea2780025efd3d9211876ab08ca14af52d8bc3fac40034da287901484f7bda19500a4638aa2ba9a44b29aa3c2d2d8436f96c0fdd59b9af241d39275278334c658beece92cedb77f418d363fb44ac2611eb8964370f8f0da2d01f11e0000000000000000000000000000000000000000000000000000000000000000463d2bec7817509d907084101bf40ad464c4e16fc0f0b3edecb0e344cf8093b5eff74af6924cd55b014ff481b2c6e37638ebd7c0dc5d9880fd51060e71640e38772db01aaa737988ec5378d2276fa2da28a2375c75cbea9accd2cd81d305bea5010504010204032d4fbba8398b8c5d2f279d0000021600000000030100110100000000000000000000000000013882020000000003

Value: -
Gas Limit: -

error: ⤫ Failed to configure the OApp

Changes

Added check of the active keypair or provided multisig against the Solana OFT's admin/delegate

examples/oft-solana $ npx hardhat lz:oapp:wire --oapp-config layerzero.config.ts     
bigint: Failed to load bindings, pure JS will be used (try npm run rebuild?)
info:    Using Solana keypair from SOLANA_PRIVATE_KEY => EKXXXF8kzh4Bnq1HBHVwZgA5egJJWLDYqXmJTQtbbd5D
(Use `node --trace-warnings ...` to show where the warning was created)
info:    Read-only mode: Using ephemeral keypair.
warn:    Signing authority (EKXXXF8kzh4Bnq1HBHVwZgA5egJJWLDYqXmJTQtbbd5D) is not the admin (9x3vKSwioT85mPwWFrdR4ZXQoWV2KRyw6EWbWDYeBWCc). Use the correct keypair or supply the correct value for    --multisig-key if the admin is a Squads Vault.
warn:    Signing authority (EKXXXF8kzh4Bnq1HBHVwZgA5egJJWLDYqXmJTQtbbd5D) is not the delegate (9x3vKSwioT85mPwWFrdR4ZXQoWV2KRyw6EWbWDYeBWCc). Use the correct keypair or supply the correct value for --multisig-key if the delegate is a Squads Vault.

The check will also warn if the wrong multisig key is provided (which will derive to the wrong vault PDA).

Testing

Deploy a Solana OFT
Update the delegate and admin to a Squads vault
Then, change anything in LZ config and run the wire command without the --multisig-key param

[github-actions]

🚨 E2E Tests Failed

The E2E tests failed during CI. These tests validate real blockchain interactions and may fail due to:

• Network connectivity issues
• RPC rate limiting
• External service downtime
  Action Run: https://github.com/LayerZero-Labs/devtools/actions/runs/20144083360

This is non-blocking and does not prevent merging. Check the action logs above for detailed failure information.

[github-actions]

🚨 E2E Tests Failed

The E2E tests failed during CI. These tests validate real blockchain interactions and may fail due to:

• Network connectivity issues
• RPC rate limiting
• External service downtime
  Action Run: https://github.com/LayerZero-Labs/devtools/actions/runs/20144464783

This is non-blocking and does not prevent merging. Check the action logs above for detailed failure information.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​sqds/​multisig@​2.1.4

View full report

[cursor]

PR Summary

Improves Solana OFT wiring UX by warning when the active signer (or provided multisig) lacks admin/delegate authority.

• In wire.ts, derive connection and call validateSigningAuthority before wiring; log any warnings
• New helpers in solana/utils.ts: getOftAdminAndDelegate (reads admin/delegate from OFT store and OApp registry) and validateSigningAuthority (derives signer or Squads vault PDA via @sqds/multisig and compares)
• Add @sqds/multisig dependency; lockfiles updated

^{Written by Cursor Bugbot for commit 39de6b2. This will update automatically on new commits. Configure here.}

[cursor]

Warning triggers incorrectly when delegate is undefined

The getOftAdminAndDelegate function can return delegate as undefined, but validateSigningAuthority compares signingAuthority !== delegate without checking if delegate exists. When delegate is undefined, this comparison always evaluates to true (since any string is not equal to undefined), causing a confusing warning message like "is not the delegate (undefined)" even when no delegate has been set for the OFT.

Additional Locations (1)

• examples/oft-solana/tasks/solana/utils.ts#L102-L103

 

[github-actions]

🚨 E2E Tests Failed

The E2E tests failed during CI. These tests validate real blockchain interactions and may fail due to:

• Network connectivity issues
• RPC rate limiting
• External service downtime
  Action Run: https://github.com/LayerZero-Labs/devtools/actions/runs/20720751174

This is non-blocking and does not prevent merging. Check the action logs above for detailed failure information.