fix(solana): fix accounts added to BypassExecute instruction (#366)

After investigating issues with the RMNRemote curse integration tests,
we realized that we were mishandling the accounts that are passed to the
BypassExecuteBatch instruction. This PR fixes that, by implementing the
following changes:

* add the Program ID to the list of "remaining accounts"
* de-duplicate the accounts in the "remaining accounts" slice, ensuring
the "signer" attribute is unset
* adjust the writable attribute of the non-remaining accounts of the
BypassExecuteBatch instruction itself

In addition, the PR also fixes the predecessor value used when computing
the operation id -- since bypass executions don't respect the
predecessor value, the operation id computed by the onchain Solana
program assumes that the predecessor is always "null".

[DX-610](https://smartcontract-it.atlassian.net/browse/DX-610)

[DX-610]:
https://smartcontract-it.atlassian.net/browse/DX-610?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

Author: gustavogama-cll

.changeset/pretty-flies-chew.md

@@ -0,0 +1,5 @@
+---
+"@smartcontractkit/mcms": minor
+---
+
+fix(solana): fix the accounts added to the BypassExecuteBatch instruction

e2e/config.toml

@@ -35,10 +35,10 @@ public_key ="9n1pyVGGo6V4mpiSDMVay5As9NurEkY283wwRk1Kto2C"
 
 
 [solana_config.solana_programs]
-mcm = "6UmMZr5MEqiKWD5jqTJd1WCR5kT8oZuFYBLJFi1o6GQX"
-timelock = "LoCoNsJFuhTkSQjfdDfn3yuwqhSYoPujmviRHVCzsqn"
-access_controller = "9xi644bRR8birboDGdTiwBq3C7VEeR7VuamRYYXCubUW"
-external_program_cpi_stub = "4HeqEoSyfYpeC2goFLj9eHgkxV33mR5G7JYAbRsN14uQ"
+mcm = "5vNJx78mz7KVMjhuipyr9jKBKcMrKYGdjGkgE4LUmjKk"
+timelock = "DoajfR5tK24xVw51fWcawUZWhAXD8yrBJVacc13neVQA"
+access_controller = "6KsN58MTnRQ8FfPaXHiFPPFGDRioikj9CdPvPxZJdCjb"
+external_program_cpi_stub = "2zZwzyptLqwFJFEFxjPvrdhiGpH9pJ3MfrrmZX6NTKxm"
 
 [aptos_config]
 type = "aptos"

e2e/tests/solana/set_root.go

@@ -26,6 +26,7 @@ func (s *SolanaTestSuite) Test_Solana_SetRoot() {
 	// --- arrange ---
 	ctx := context.Background()
 	s.SetupMCM(testPDASeedSetRootTest)
+	s.SetupTimelock(testPDASeedSetRootTest, 1*time.Second)
 
 	mcmAddress := solanasdk.ContractAddress(s.MCMProgramID, testPDASeedSetRootTest)
 
@@ -92,6 +93,6 @@ func (s *SolanaTestSuite) Test_Solana_SetRoot() {
 
 	gotRoot, gotValidUntil, err := inspectors[s.ChainSelector].GetRoot(ctx, mcmAddress)
 	s.Require().NoError(err)
-	s.Require().Equal(common.HexToHash("0x11329486f2a7bb589320f2a8e9fad50fd5ed9ceeb3c1e2f71491d5ab848c7f60"), gotRoot)
+	s.Require().Equal(common.HexToHash("0x2b970fa3b929cafc45e8740e5123ebf150c519813bcf4d9c7284518fd5720108"), gotRoot)
 	s.Require().Equal(uint32(validUntil), gotValidUntil)
 }

e2e/tests/solana/timelock_converter.go

@@ -5,15 +5,18 @@ package solanae2e
 
 import (
 	"context"
+	"testing"
+	"time"
 
 	"github.com/gagliardetto/solana-go"
 	"github.com/gagliardetto/solana-go/programs/token"
 	"github.com/gagliardetto/solana-go/rpc"
 	"github.com/smartcontractkit/chainlink-ccip/chains/solana/contracts/tests/testutils"
-	"github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings/access_controller"
+	"github.com/stretchr/testify/require"
+
 	"github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings/timelock"
-	timelockutils "github.com/smartcontractkit/chainlink-ccip/chains/solana/utils/timelock"
 
+	e2eutils "github.com/smartcontractkit/mcms/e2e/utils/solana"
 	mcmsSolana "github.com/smartcontractkit/mcms/sdk/solana"
 	"github.com/smartcontractkit/mcms/types"
 )
@@ -25,117 +28,61 @@ const BatchAddAccessChunkSize = 24
 // Test_Solana_TimelockExecute tests the timelock Execute functionality by scheduling a mint tokens transaction and
 // executing it via the timelock ExecuteBatch
 func (s *SolanaTestSuite) Test_Solana_TimelockExecute() {
+	// --- arrange ---
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	s.T().Cleanup(cancel)
+
+	token.SetProgramID(solana.Token2022ProgramID)
+	s.SetupMCM(testTimelockExecuteID)
 	s.SetupTimelock(testTimelockExecuteID, 1)
-	// Get required programs and accounts
-	ctx := context.Background()
-	timelock.SetProgramID(s.TimelockProgramID)
-	access_controller.SetProgramID(s.AccessControllerProgramID)
 
-	// Fund the auth private key
+	// Create auth and executor private keys
 	auth, err := solana.PrivateKeyFromBase58(privateKey)
 	s.Require().NoError(err)
-
-	// Setup SPL token for testing a mint via timelock
-	mintKeypair, err := solana.NewRandomPrivateKey()
-	s.Require().NoError(err)
-	mint := mintKeypair.PublicKey()
-	// set up the token program
-	signerPDA, err := mcmsSolana.FindTimelockSignerPDA(s.TimelockProgramID, testTimelockExecuteID)
+	proposerAndExecutorKey, err := solana.NewRandomPrivateKey()
 	s.Require().NoError(err)
-	receiverATA := s.setupTokenProgram(ctx, auth, signerPDA, mintKeypair)
-
-	// Get receiverATA initial balance
-	initialBalance, err := s.SolanaClient.GetTokenAccountBalance(
-		context.Background(),
-		receiverATA, // The associated token account address
-		rpc.CommitmentProcessed,
-	)
+	mintKey, err := solana.NewRandomPrivateKey()
 	s.Require().NoError(err)
 
-	// Set propose roles
-	proposerAndExecutorKey := s.setProposerAndExecutor(ctx, auth, s.Roles)
-	s.Require().NotNil(proposerAndExecutorKey)
+	e2eutils.FundAccounts(s.T(), ctx, []solana.PublicKey{auth.PublicKey(), proposerAndExecutorKey.PublicKey()}, 1, s.SolanaClient)
 
-	// Schedule the mint tx
-	var predecessor [32]byte
-	salt := [32]byte{123}
-	mintIx, operationID := s.scheduleMintTx(ctx,
-		mint,
-		receiverATA,
-		s.Roles[timelock.Proposer_Role].AccessController.PublicKey(),
-		signerPDA,
-		*proposerAndExecutorKey,
-		predecessor,
-		salt)
+	s.AssignRoleToAccounts(ctx, testTimelockExecuteID, auth, []solana.PublicKey{proposerAndExecutorKey.PublicKey()},
+		timelock.Proposer_Role)
+	s.AssignRoleToAccounts(ctx, testTimelockExecuteID, auth, []solana.PublicKey{proposerAndExecutorKey.PublicKey()},
+		timelock.Executor_Role)
 
-	// --- act: call Timelock Execute ---
-	executor := mcmsSolana.NewTimelockExecutor(s.SolanaClient, *proposerAndExecutorKey)
-	contractID := mcmsSolana.ContractAddress(s.TimelockProgramID, testTimelockExecuteID)
-	ixData, err := mintIx.Data()
-	s.Require().NoError(err)
-	accounts := mintIx.Accounts()
-	accounts = append(accounts, &solana.AccountMeta{PublicKey: solana.Token2022ProgramID, IsSigner: false, IsWritable: false})
-	solanaTx, err := mcmsSolana.NewTransaction(solana.Token2022ProgramID.String(), ixData, nil, accounts, "Token", []string{})
-	s.Require().NoError(err)
-	batchOp := types.BatchOperation{
-		Transactions:  []types.Transaction{solanaTx},
-		ChainSelector: s.ChainSelector,
-	}
-	// --- Wait for the operation to be ready ---
-	s.waitForOperationToBeReady(ctx, testTimelockExecuteID, operationID)
-	signature, err := executor.Execute(ctx, batchOp, contractID, predecessor, salt)
-	s.Require().NoError(err)
-	s.Require().NotEqual(signature, "")
-
-	// --- assert balances
-	finalBalance, err := s.SolanaClient.GetTokenAccountBalance(
-		ctx,
-		receiverATA,
-		rpc.CommitmentProcessed,
-	)
+	signerPDA, err := mcmsSolana.FindTimelockSignerPDA(s.TimelockProgramID, testTimelockExecuteID)
 	s.Require().NoError(err)
 
-	// final balance should be 1000000000000 more units
-	s.Require().Equal(initialBalance.Value.Amount, "0")
-	s.Require().Equal(finalBalance.Value.Amount, "1000000000000")
-}
+	// Setup SPL token for testing a mint via timelock
+	receiverATA := s.setupTokenProgram(ctx, auth, signerPDA, mintKey)
+
+	predecessor := [32]byte{}
+	salt := [32]byte{123}
+	executor := mcmsSolana.NewTimelockExecutor(s.SolanaClient, proposerAndExecutorKey)
+	timelockAddress := mcmsSolana.ContractAddress(s.TimelockProgramID, testTimelockExecuteID)
 
-// setProposerAndExecutor sets the proposer for the timelock
-func (s *SolanaTestSuite) setProposerAndExecutor(ctx context.Context, auth solana.PrivateKey, roleMap timelockutils.RoleMap) *solana.PrivateKey {
-	proposerAndExecutorKey := solana.NewWallet()
-	testutils.FundAccounts(ctx, []solana.PrivateKey{proposerAndExecutorKey.PrivateKey}, s.SolanaClient, s.T())
+	initialBalance := getBalance(ctx, s.T(), s.SolanaClient, receiverATA)
 
-	// Add proposers to the timelock program
-	batchAddAccessIxs, err := timelockutils.GetBatchAddAccessIxs(
-		ctx,
-		testTimelockExecuteID,
-		roleMap[timelock.Proposer_Role].AccessController.PublicKey(),
-		timelock.Proposer_Role,
-		[]solana.PublicKey{proposerAndExecutorKey.PublicKey()},
-		auth,
-		BatchAddAccessChunkSize,
-		s.SolanaClient)
+	// schedule mint transaction and build batch operation from the returned ScheduleBatch instruction
+	mintIx, operationID := s.scheduleMintTx(ctx, mintKey.PublicKey(), receiverATA,
+		s.Roles[timelock.Proposer_Role].AccessController.PublicKey(), signerPDA, proposerAndExecutorKey,
+		predecessor, salt)
+	s.waitForOperationToBeReady(ctx, testTimelockExecuteID, operationID)
+
+	// --- act: call Timelock Execute ---
+	mcmsTransaction, err := mcmsSolana.NewTransactionFromInstruction(mintIx, "Token", nil)
 	s.Require().NoError(err)
-	for _, ix := range batchAddAccessIxs {
-		testutils.SendAndConfirm(ctx, s.T(), s.SolanaClient, []solana.Instruction{ix}, auth, rpc.CommitmentConfirmed)
-	}
+	batchOp := types.BatchOperation{Transactions: []types.Transaction{mcmsTransaction}, ChainSelector: s.ChainSelector}
 
-	// Add executor to the timelock program
-	batchAddAccessIxs, err = timelockutils.GetBatchAddAccessIxs(
-		ctx,
-		testTimelockExecuteID,
-		roleMap[timelock.Executor_Role].AccessController.PublicKey(),
-		timelock.Executor_Role,
-		[]solana.PublicKey{proposerAndExecutorKey.PublicKey()},
-		auth,
-		BatchAddAccessChunkSize,
-		s.SolanaClient)
+	signature, err := executor.Execute(ctx, batchOp, timelockAddress, predecessor, salt)
 	s.Require().NoError(err)
-	for _, ix := range batchAddAccessIxs {
-		testutils.SendAndConfirm(ctx, s.T(), s.SolanaClient, []solana.Instruction{ix}, auth, rpc.CommitmentConfirmed)
-	}
+	s.Require().NotEqual("", signature)
 
-	return &proposerAndExecutorKey.PrivateKey
+	// --- assert ---
+	finalBalance := getBalance(ctx, s.T(), s.SolanaClient, receiverATA)
+	s.Require().Equal("0", initialBalance)
+	s.Require().Equal("1000000000000", finalBalance)
 }
 
 // scheduleMintTx schedules a MintTx on the timelock
@@ -151,7 +98,9 @@ func (s *SolanaTestSuite) scheduleMintTx(
 	// and not the deployer account.
 	authPublicKey solana.PublicKey,
 	auth solana.PrivateKey, // The account to sign the init, append schedule instructions.
-	predecessor, salt [32]byte) (instruction *token.Instruction, operationID [32]byte) {
+	predecessor,
+	salt [32]byte,
+) (instruction *token.Instruction, operationID [32]byte) {
 	amount := 1000 * solana.LAMPORTS_PER_SOL
 	mintIx, err := token.NewMintToInstruction(amount, mint, receiverATA, authPublicKey, nil).ValidateAndBuild()
 	s.Require().NoError(err)
@@ -160,31 +109,27 @@ func (s *SolanaTestSuite) scheduleMintTx(
 			acc.IsSigner = false
 		}
 	}
-	s.Require().NoError(err)
+
 	// Get the operation ID
 	ixData, err := mintIx.Data()
 	s.Require().NoError(err)
-	accounts := make([]timelock.InstructionAccount, 0, len(mintIx.Accounts())+1)
-	for _, account := range mintIx.Accounts() {
-		accounts = append(accounts, timelock.InstructionAccount{
+	accounts := make([]timelock.InstructionAccount, len(mintIx.Accounts()))
+	for i, account := range mintIx.Accounts() {
+		accounts[i] = timelock.InstructionAccount{
 			Pubkey:     account.PublicKey,
 			IsSigner:   account.IsSigner,
 			IsWritable: account.IsWritable,
-		})
+		}
 	}
-	accounts = append(accounts, timelock.InstructionAccount{
-		Pubkey:     solana.Token2022ProgramID,
-		IsSigner:   false,
-		IsWritable: false,
-	})
-	opInstructions := []timelock.InstructionData{{Data: ixData, ProgramId: solana.Token2022ProgramID, Accounts: accounts}}
+	opInstructions := []timelock.InstructionData{{Data: ixData, ProgramId: mintIx.ProgramID(), Accounts: accounts}}
+
 	operationID, err = mcmsSolana.HashOperation(opInstructions, predecessor, salt)
 	s.Require().NoError(err)
+
 	operationPDA, err := mcmsSolana.FindTimelockOperationPDA(s.TimelockProgramID, testTimelockExecuteID, operationID)
 	s.Require().NoError(err)
 	configPDA, err := mcmsSolana.FindTimelockConfigPDA(s.TimelockProgramID, testTimelockExecuteID)
 	s.Require().NoError(err)
-
 	proposerAC := s.Roles[timelock.Proposer_Role].AccessController.PublicKey()
 
 	// Preload and Init Operation
@@ -257,6 +202,7 @@ func (s *SolanaTestSuite) scheduleMintTx(
 	s.Require().NoError(err)
 	ixs = append(ixs, finOpIx)
 	testutils.SendAndConfirm(ctx, s.T(), s.SolanaClient, ixs, auth, rpc.CommitmentConfirmed)
+
 	// Schedule the operation
 	scheduleIx, err := timelock.NewScheduleBatchInstruction(
 		testTimelockExecuteID,
@@ -272,3 +218,12 @@ func (s *SolanaTestSuite) scheduleMintTx(
 
 	return mintIx, operationID
 }
+
+func getBalance(ctx context.Context, t *testing.T, client *rpc.Client, account solana.PublicKey) string {
+	t.Helper()
+
+	balance, err := client.GetTokenAccountBalance(ctx, account, rpc.CommitmentProcessed)
+	require.NoError(t, err)
+
+	return balance.Value.Amount
+}

e2e/tests/solana/timelock_execution.go

@@ -17,7 +17,7 @@ require (
 	github.com/karalabe/hid v1.0.1-0.20240306101548-573246063e52
 	github.com/smartcontractkit/chain-selectors v1.0.48
 	github.com/smartcontractkit/chainlink-aptos v0.0.0-20250414155853-651b4e583ee9
-	github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20250226104101-11778f2ead98
+	github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20250422205932-c33527859fd6
 	github.com/smartcontractkit/chainlink-testing-framework/framework v0.4.7
 	github.com/spf13/cast v1.7.1
 	github.com/stretchr/testify v1.10.0
@@ -30,6 +30,7 @@ require (
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
+	github.com/BurntSushi/toml v1.4.0 // indirect
 	github.com/DataDog/zstd v1.5.2 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/VictoriaMetrics/fastcache v1.12.2 // indirect

go.mod

@@ -10,6 +10,8 @@ github.com/AlekSi/pointer v1.1.0/go.mod h1:y7BvfRI3wXPWKXEBhU71nbnIEEZX0QTSB2Bj4
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=
+github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/DataDog/zstd v1.5.2 h1:vUG4lAyuPCXO0TLbXvPv7EB7cNK1QV/luu55UHLrrn8=
 github.com/DataDog/zstd v1.5.2/go.mod h1:g4AWEaM3yOg3HYfnJ3YIawPnVdXJh9QME85blwSAmyw=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
@@ -597,8 +599,8 @@ github.com/smartcontractkit/chain-selectors v1.0.48 h1:wa03tlcGj08qZfv1p+LXZIimp
 github.com/smartcontractkit/chain-selectors v1.0.48/go.mod h1:xsKM0aN3YGcQKTPRPDDtPx2l4mlTN1Djmg0VVXV40b8=
 github.com/smartcontractkit/chainlink-aptos v0.0.0-20250414155853-651b4e583ee9 h1:lw8RZ8IR4UX1M7djAB3IuMtcAqFX4Z4bzQczClfb8bs=
 github.com/smartcontractkit/chainlink-aptos v0.0.0-20250414155853-651b4e583ee9/go.mod h1:Sq/ddMOYch6ZuAnW2k5u9V4+TlGKFzuHQnTM8JXEU+g=
-github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20250226104101-11778f2ead98 h1:uHdawaiGBA3Xmju92tzbQ2SwsG2DDVJS5E+Jm5QnsQg=
-github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20250226104101-11778f2ead98/go.mod h1:Bmwq4lNb5tE47sydN0TKetcLEGbgl+VxHEWp4S0LI60=
+github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20250422205932-c33527859fd6 h1:EWpKT2h/jyqCcblfmtHuY5oN2k8k2Mrmi5KqX+hc2lo=
+github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20250422205932-c33527859fd6/go.mod h1:k3/Z6AvwurPUlfuDFEonRbkkiTSgNSrtVNhJEWNlUZA=
 github.com/smartcontractkit/chainlink-common v0.6.1-0.20250329081313-84ec641e0758 h1:SyaVoJtYZ54dO4HyUcfWsuvC0hRsjk+Lyy/k++WQc7Y=
 github.com/smartcontractkit/chainlink-common v0.6.1-0.20250329081313-84ec641e0758/go.mod h1:ASXpANdCfcKd+LF3Vhz37q4rmJ/XYQKEQ3La1k7idp0=
 github.com/smartcontractkit/chainlink-testing-framework/framework v0.4.7 h1:E7k5Sym9WnMOc4X40lLnQb6BMosxi8DfUBU9pBJjHOQ=
@@ -922,6 +924,8 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
 golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da h1:noIWHXmPHxILtqtCOPIhSt0ABwskkZKjD3bXGnZGpNY=
 golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
+gonum.org/v1/gonum v0.15.1 h1:FNy7N6OUZVUaWG9pTiD+jlhdQ3lMP+/LcTpJ6+a8sQ0=
+gonum.org/v1/gonum v0.15.1/go.mod h1:eZTZuRFrzu5pcyjN5wJhcIhnUdNijYxX1T2IcrOGY0o=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=

go.sum

@@ -97,16 +97,15 @@ func (e *Executor) ExecuteOperation(
 		uint64(nonce),
 		op.Transaction.Data,
 		byteProof,
-
 		configPDA,
 		rootMetadataPDA,
 		expiringRootAndOpCountPDA,
 		toProgramID,
 		signedPDA,
 		e.auth.PublicKey(),
 	)
-	// Append the accounts from the AdditionalFields
 	ix.AccountMetaSlice = append(ix.AccountMetaSlice, additionalFields.Accounts...)
+
 	signature, tx, err := e.sendAndConfirm(ctx, e.client, e.auth, ix, rpc.CommitmentConfirmed)
 	if err != nil {
 		return types.TransactionResult{}, fmt.Errorf("unable to call execute operation instruction: %w", err)