instruction checks added

Bengt Lofgren · Bengt Lofgren · commit 99a3e4895e2b · 2025-04-29T15:36:08.000+01:00
diff --git a/solana/programs/matching-engine/src/fallback/processor/settle_auction_none_cctp.rs b/solana/programs/matching-engine/src/fallback/processor/settle_auction_none_cctp.rs
@@ -1,3 +1,4 @@
+use crate::ID;
 use anchor_lang::{prelude::*, Discriminator};
 use anchor_spl::token::{spl_token, TokenAccount};
 use common::wormhole_io::TypePrefixedPayload;
@@ -12,7 +13,7 @@ use crate::{
 
 use super::{
     burn_and_post::{burn_and_post, PostMessageAccounts, PostMessageDerivedAccounts},
-    helpers::{require_min_account_infos_len, create_account_reliably},
+    helpers::{create_account_reliably, require_min_account_infos_len},
 };
 
 #[derive(Copy, Clone)]
@@ -38,81 +39,81 @@ impl SettleAuctionNoneCctpShimData {
 
 pub struct SettleAuctionNoneCctpShimAccounts<'ix> {
     /// Payer of the account
-    pub payer: &'ix Pubkey,                                        // 0
+    pub payer: &'ix Pubkey, // 0
     /// Post shim message account
-    pub post_shim_message: &'ix Pubkey,                         // 1
+    pub post_shim_message: &'ix Pubkey, // 1
     /// Core bridge emitter sequence account
-    pub core_bridge_emitter_sequence: &'ix Pubkey,                        // 2
-    /// Post message shim event authority CHECK: Mutable. Seeds must be \["core-msg", payer, payer_sequence.value\].
-    pub post_message_shim_event_authority: &'ix Pubkey,            // 3
+    pub core_bridge_emitter_sequence: &'ix Pubkey, // 2
+    /// Post message shim event authority
+    pub post_message_shim_event_authority: &'ix Pubkey, // 3
     /// Post message shim program
-    pub post_message_shim_program: &'ix Pubkey,                    // 4
-    /// Cctp message
-    pub cctp_message: &'ix Pubkey,                                 // 5
+    pub post_message_shim_program: &'ix Pubkey, // 4
+    /// Cctp message CHECK: Seeds must be \["cctp-msg", auction.key().as_ref()\].
+    pub cctp_message: &'ix Pubkey, // 5
     /// Custodian account
-    pub custodian: &'ix Pubkey,                                    // 6
+    pub custodian: &'ix Pubkey, // 6
     /// Fee recipient token
-    pub fee_recipient_token: &'ix Pubkey,                          // 7
+    pub fee_recipient_token: &'ix Pubkey, // 7
     /// Closed prepared order response actor (closed_by)
-    pub closed_prepared_order_response_actor: &'ix Pubkey,         // 8
+    pub closed_prepared_order_response_actor: &'ix Pubkey, // 8
     /// Closed prepared order response
-    pub closed_prepared_order_response: &'ix Pubkey,               // 9
+    pub closed_prepared_order_response: &'ix Pubkey, // 9
     /// Closed prepared order response custody token
     pub closed_prepared_order_response_custody_token: &'ix Pubkey, // 10
-    /// Auction account
-    pub auction: &'ix Pubkey,                                      // 11
+    /// Auction account CHECK: Init if needed, Seeds must be \["auction", prepared.order_response.seeds.fast_vaa_hash.as_ref()\].
+    pub auction: &'ix Pubkey, // 11
     /// Cctp mint (must be USDC mint)
-    pub cctp_mint: &'ix Pubkey,                                    // 12
+    pub cctp_mint: &'ix Pubkey, // 12
     /// Cctp token messenger minter sender authority
     pub cctp_token_messenger_minter_sender_authority: &'ix Pubkey, // 13
     /// Cctp message transmitter config
-    pub cctp_message_transmitter_config: &'ix Pubkey,              // 14
+    pub cctp_message_transmitter_config: &'ix Pubkey, // 14
     /// Cctp token messenger
-    pub cctp_token_messenger: &'ix Pubkey,                         // 15
+    pub cctp_token_messenger: &'ix Pubkey, // 15
     /// Cctp remote token messenger
-    pub cctp_remote_token_messenger: &'ix Pubkey,                  // 16
+    pub cctp_remote_token_messenger: &'ix Pubkey, // 16
     /// Cctp token minter
-    pub cctp_token_minter: &'ix Pubkey,                            // 17
+    pub cctp_token_minter: &'ix Pubkey, // 17
     /// Cctp local token
-    pub cctp_local_token: &'ix Pubkey,                             // 18
+    pub cctp_local_token: &'ix Pubkey, // 18
     /// Cctp token messenger minter event authority
-    pub cctp_token_messenger_minter_event_authority: &'ix Pubkey,  // 19
+    pub cctp_token_messenger_minter_event_authority: &'ix Pubkey, // 19
     /// Cctp token messenger minter program
-    pub cctp_token_messenger_minter_program: &'ix Pubkey,          // 20
+    pub cctp_token_messenger_minter_program: &'ix Pubkey, // 20
     /// Cctp message transmitter program
-    pub cctp_message_transmitter_program: &'ix Pubkey,             // 21
+    pub cctp_message_transmitter_program: &'ix Pubkey, // 21
     /// Core bridge program
-    pub core_bridge_program: &'ix Pubkey,                          // 22
+    pub core_bridge_program: &'ix Pubkey, // 22
     /// Core bridge fee collector
-    pub core_bridge_fee_collector: &'ix Pubkey,                    // 23
+    pub core_bridge_fee_collector: &'ix Pubkey, // 23
     /// Core bridge config
-    pub core_bridge_config: &'ix Pubkey,                           // 24
+    pub core_bridge_config: &'ix Pubkey, // 24
     /// Token program
-    pub token_program: &'ix Pubkey,                                // 25
+    pub token_program: &'ix Pubkey, // 25
     /// System program
-    pub system_program: &'ix Pubkey,                               // 26
+    pub system_program: &'ix Pubkey, // 26
     /// Clock
-    pub clock: &'ix Pubkey,                                        // 27
+    pub clock: &'ix Pubkey, // 27
     /// Rent
-    pub rent: &'ix Pubkey,                                         // 28
+    pub rent: &'ix Pubkey, // 28
 }
 
 impl<'ix> SettleAuctionNoneCctpShimAccounts<'ix> {
     pub fn to_account_metas(&self) -> Vec<AccountMeta> {
         vec![
-            AccountMeta::new_readonly(*self.payer, true),        // 0
+            AccountMeta::new_readonly(*self.payer, true),     // 0
             AccountMeta::new(*self.post_shim_message, false), // 1
             AccountMeta::new(*self.core_bridge_emitter_sequence, false), // 2
             AccountMeta::new_readonly(*self.post_message_shim_event_authority, false), // 3
             AccountMeta::new_readonly(*self.post_message_shim_program, false), // 4
-            AccountMeta::new(*self.cctp_message, false),         // 5
-            AccountMeta::new(*self.custodian, false),            // 6
-            AccountMeta::new(*self.fee_recipient_token, false),  // 7
+            AccountMeta::new(*self.cctp_message, false),      // 5
+            AccountMeta::new(*self.custodian, false),         // 6
+            AccountMeta::new(*self.fee_recipient_token, false), // 7
             AccountMeta::new(*self.closed_prepared_order_response_actor, false), // 8
             AccountMeta::new_readonly(*self.closed_prepared_order_response, false), // 9
             AccountMeta::new(*self.closed_prepared_order_response_custody_token, false), // 10
-            AccountMeta::new(*self.auction, false),              // 11
-            AccountMeta::new(*self.cctp_mint, false),            // 12
+            AccountMeta::new(*self.auction, false),           // 11
+            AccountMeta::new(*self.cctp_mint, false),         // 12
             AccountMeta::new_readonly(*self.cctp_token_messenger_minter_sender_authority, false), // 13
             AccountMeta::new(*self.cctp_message_transmitter_config, false), // 14
             AccountMeta::new_readonly(*self.cctp_token_messenger, false),   // 15
@@ -186,20 +187,83 @@ pub fn settle_auction_none_cctp_shim(
         _ => return Err(MatchingEngineError::InvalidCctpEndpoint.into()),
     };
 
-    // TODO: Make more checks
-    // Do checks
+    // Start of checks
     // ------------------------------------------------------------------------------------------------
+
+    // Check cctp message is writable
     if !cctp_message.is_writable {
         msg!("Cctp message is not writable");
         return Err(MatchingEngineError::AccountNotWritable.into())
             .map_err(|e: Error| e.with_account_name("cctp_message"));
     }
-    // End of checks
-    // ------------------------------------------------------------------------------------------------
+    let auction_key = auction.key();
 
-    // Begin of initialisation of auction account
-    // ------------------------------------------------------------------------------------------------
-    let auction_space = 8 + Auction::INIT_SPACE_NO_AUCTION;
+    // Check cctp message seeds are valid
+    let cctp_message_seeds = [
+        common::CCTP_MESSAGE_SEED_PREFIX,
+        auction_key.as_ref(),
+        &[data.cctp_message_bump],
+    ];
+
+    let cctp_message_pda = Pubkey::create_program_address(&cctp_message_seeds, &ID)
+        .map_err(|_| MatchingEngineError::InvalidPda)?;
+    if cctp_message_pda != cctp_message.key() {
+        msg!("Cctp message seeds are invalid");
+        return Err(ErrorCode::ConstraintSeeds.into())
+            .map_err(|e: Error| e.with_pubkeys((cctp_message_pda, cctp_message.key())));
+    };
+    // Check custodian owner is the matching engine program and that it deserializes into a checked custodian
+    require_eq!(custodian.owner, &ID);
+    let _checked_custodian = Custodian::try_deserialize(&mut &custodian.data.borrow_mut()[..])?;
+    // Check that fee recipient token is a token account
+    let _checked_fee_recipient_token = Box::new(TokenAccount::try_deserialize(
+        &mut &fee_recipient_token.data.borrow_mut()[..],
+    )?);
+    // Check seeds of prepared order response are valid
+    let prepared_order_response_pda = Pubkey::create_program_address(
+        &[
+            PreparedOrderResponse::SEED_PREFIX,
+            prepared_order_response_account.seeds.fast_vaa_hash.as_ref(),
+            &[prepared_order_response_account.seeds.bump],
+        ],
+        program_id,
+    )
+    .map_err(|_| MatchingEngineError::InvalidPda)?;
+    if prepared_order_response_pda != closed_prepared_order_response.key() {
+        msg!("Prepared order response seeds are invalid");
+        return Err(ErrorCode::ConstraintSeeds.into()).map_err(|e: Error| {
+            e.with_pubkeys((
+                prepared_order_response_pda,
+                closed_prepared_order_response.key(),
+            ))
+        });
+    };
+    // Check seeds of prepared custody token are valid
+    {
+        let (prepared_custody_token_pda, _) = Pubkey::find_program_address(
+            &[
+                crate::PREPARED_CUSTODY_TOKEN_SEED_PREFIX,
+                closed_prepared_order_response.key().as_ref(),
+            ],
+            program_id,
+        );
+        if prepared_custody_token_pda != closed_prepared_order_response_custody_token.key() {
+            msg!("Prepared custody token seeds are invalid");
+            return Err(ErrorCode::ConstraintSeeds.into()).map_err(|e: Error| {
+                e.with_pubkeys((
+                    prepared_custody_token_pda,
+                    closed_prepared_order_response_custody_token.key(),
+                ))
+            });
+        };
+    }
+    // Check that custody token is a token account
+    let _checked_prepared_custody_token = Box::new(TokenAccount::try_deserialize(
+        &mut &closed_prepared_order_response_custody_token
+            .data
+            .borrow_mut()[..],
+    )?);
+    // Check seeds of auction are valid
     let auction_seeds = [
         Auction::SEED_PREFIX,
         prepared_order_response_account.seeds.fast_vaa_hash.as_ref(),
@@ -210,6 +274,14 @@ pub fn settle_auction_none_cctp_shim(
     if auction_pda != auction.key() {
         return Err(MatchingEngineError::InvalidPda.into());
     }
+
+    // End of checks
+    // ------------------------------------------------------------------------------------------------
+
+    // Begin of initialisation of auction account
+    // ------------------------------------------------------------------------------------------------
+    let auction_space = 8 + Auction::INIT_SPACE_NO_AUCTION;
+
     let auction_signer_seeds = &[&auction_seeds[..]];
     create_account_reliably(
         &payer.key(),
@@ -251,6 +323,11 @@ pub fn settle_auction_none_cctp_shim(
         .try_to_vec()
         .map_err(|_| MatchingEngineError::BorshDeserializationError)?;
     auction_data[8..8_usize.saturating_add(auction_bytes.len())].copy_from_slice(&auction_bytes);
+    // ------------------------------------------------------------------------------------------------
+    // End of initialisation of auction account
+
+    // Begin of burning and posting the message
+    // ------------------------------------------------------------------------------------------------
     let post_message_accounts = PostMessageAccounts {
         emitter: custodian.key(),
         payer: payer.key(),
@@ -303,7 +380,11 @@ pub fn settle_auction_none_cctp_shim(
         post_message_accounts,
         accounts,
     )?;
-    // TODO: Emit event?
+    // ------------------------------------------------------------------------------------------------
+    // End of burning and posting the message
+
+    // Begin of closing the prepared order response
+    // ------------------------------------------------------------------------------------------------
     let close_token_account_ix = spl_token::instruction::close_account(
         &spl_token::ID,
         &closed_prepared_order_response_custody_token.key(),
@@ -316,6 +397,9 @@ pub fn settle_auction_none_cctp_shim(
         accounts,
         &[&Custodian::SIGNER_SEEDS],
     )?;
+    // ------------------------------------------------------------------------------------------------
+    // End of closing the prepared order response
+
     Ok(())
 }
 
