fix: add validation for connected program pda (#90)

Author: skosito

programs/gateway/src/lib.rs

@@ -332,7 +332,7 @@ pub mod gateway {
         let token = &ctx.accounts.token_program;
         let signer_seeds: &[&[&[u8]]] = &[&[b"meta", &[ctx.bumps.pda]]];
 
-        // make sure that ctx.accounts.recipient_ata is ATA (PDA account of token program)
+        // make sure that ctx.accounts.destination_program_pda_ata is ATA of destination_program
         let recipient_ata = get_associated_token_address(
             &ctx.accounts.destination_program_pda.key(),
             &ctx.accounts.mint_account.key(),
@@ -346,9 +346,7 @@ pub mod gateway {
                     .key(),
             Errors::SPLAtaAndMintAddressMismatch,
         );
-
-        // TODO: also create destination program pda ata? add later for simplicity
-
+        // withdraw to destination program pda
         let xfer_ctx = CpiContext::new_with_signer(
             token.to_account_info(),
             anchor_spl::token::TransferChecked {
@@ -986,9 +984,17 @@ pub struct Execute<'info> {
     pub pda: Account<'info, Pda>,
 
     /// The destination program.
+    /// CHECK: This is arbitrary program.
     pub destination_program: AccountInfo<'info>,
 
     // Pda for destination program
+    /// CHECK: Validation will occur during instruction processing.
+    #[account(
+        mut,
+        seeds = [b"connected"],
+        bump,
+        seeds::program = destination_program.key()
+    )]
     pub destination_program_pda: UncheckedAccount<'info>,
 }
 
@@ -1124,9 +1130,17 @@ pub struct ExecuteSPLToken<'info> {
     pub mint_account: Account<'info, Mint>,
 
     /// The destination program.
+    /// CHECK: This is arbitrary program.
     pub destination_program: AccountInfo<'info>,
 
     // Pda for destination program
+    /// CHECK: Validation will occur during instruction processing.
+    #[account(
+        mut,
+        seeds = [b"connected"],
+        bump,
+        seeds::program = destination_program.key()
+    )]
     pub destination_program_pda: UncheckedAccount<'info>,
 
     /// The destination program associated token account.

tests/gateway.ts

@@ -1009,6 +1009,80 @@ describe("Gateway", () => {
     }
   });
 
+  it("Calls execute and onCall reverts if signer is passed in remaining accounts", async () => {
+    await gatewayProgram.methods
+      .deposit(new anchor.BN(1_000_000_000), Array.from(address))
+      .rpc();
+
+    const randomWallet = anchor.web3.Keypair.generate();
+    const lastMessageData = "revert";
+    const data = Buffer.from(lastMessageData, "utf-8");
+    let seeds = [Buffer.from("connected", "utf-8")];
+    const [connectedPdaAccount] = anchor.web3.PublicKey.findProgramAddressSync(
+      seeds,
+      connectedProgram.programId
+    );
+    const amount = new anchor.BN(500000000);
+
+    // signature
+    const pdaAccountData = await gatewayProgram.account.pda.fetch(pdaAccount);
+    const nonce = pdaAccountData.nonce;
+    const buffer = Buffer.concat([
+      Buffer.from("ZETACHAIN", "utf-8"),
+      Buffer.from([0x05]),
+      chain_id_bn.toArrayLike(Buffer, "be", 8),
+      nonce.toArrayLike(Buffer, "be", 8),
+      amount.toArrayLike(Buffer, "be", 8),
+      connectedProgram.programId.toBuffer(),
+      data,
+    ]);
+    const message_hash = keccak256(buffer);
+    const signature = keyPair.sign(message_hash, "hex");
+    const { r, s, recoveryParam } = signature;
+    const signatureBuffer = Buffer.concat([
+      r.toArrayLike(Buffer, "be", 32),
+      s.toArrayLike(Buffer, "be", 32),
+    ]);
+
+    try {
+      // call the `execute` function in the gateway program
+      await gatewayProgram.methods
+        .execute(
+          amount,
+          Array.from(address),
+          data,
+          Array.from(signatureBuffer),
+          Number(recoveryParam),
+          Array.from(message_hash),
+          nonce
+        )
+        .accountsPartial({
+          // mandatory predefined accounts
+          signer: wallet.publicKey,
+          pda: pdaAccount,
+          destinationProgram: connectedProgram.programId,
+          destinationProgramPda: connectedPdaAccount,
+        })
+        .remainingAccounts([
+          // accounts coming from withdraw and call msg
+          { pubkey: wallet.publicKey, isSigner: true, isWritable: true },
+          { pubkey: connectedPdaAccount, isSigner: false, isWritable: true },
+          { pubkey: pdaAccount, isSigner: false, isWritable: false },
+          { pubkey: randomWallet.publicKey, isSigner: false, isWritable: true },
+          {
+            pubkey: anchor.web3.SystemProgram.programId,
+            isSigner: false,
+            isWritable: false,
+          },
+        ])
+        .rpc();
+      throw new Error("Expected error not thrown"); // This line will make the test fail if no error is thrown
+    } catch (err) {
+      expect(err).to.be.instanceof(anchor.AnchorError);
+      expect(err.message).to.include("InvalidInstructionData");
+    }
+  });
+
   it("Calls execute spl token and onCall", async () => {
     await connectedSPLProgram.methods.initialize().rpc();
 
@@ -1251,6 +1325,123 @@ describe("Gateway", () => {
     }
   });
 
+  it("Calls execute spl token and onCall reverts if signer is passed in remaining accounts", async () => {
+    const randomWallet = anchor.web3.Keypair.generate();
+    let randomWalletAta = await spl.getOrCreateAssociatedTokenAccount(
+      conn,
+      wallet,
+      mint.publicKey,
+      randomWallet.publicKey,
+      true
+    );
+    const lastMessageData = "revert";
+    const data = Buffer.from(lastMessageData, "utf-8");
+    let seeds = [Buffer.from("connected", "utf-8")];
+    const [connectedPdaAccount] = anchor.web3.PublicKey.findProgramAddressSync(
+      seeds,
+      connectedSPLProgram.programId
+    );
+    let pda_ata = await spl.getAssociatedTokenAddress(
+      mint.publicKey,
+      pdaAccount,
+      true
+    );
+    const pdaAccountData = await gatewayProgram.account.pda.fetch(pdaAccount);
+    const amount = new anchor.BN(500_000);
+    const nonce = pdaAccountData.nonce;
+
+    let destinationPdaAta = await spl.getOrCreateAssociatedTokenAccount(
+      conn,
+      wallet,
+      mint.publicKey,
+      connectedPdaAccount,
+      true
+    );
+
+    const buffer = Buffer.concat([
+      Buffer.from("ZETACHAIN", "utf-8"),
+      Buffer.from([0x06]),
+      chain_id_bn.toArrayLike(Buffer, "be", 8),
+      nonce.toArrayLike(Buffer, "be", 8),
+      amount.toArrayLike(Buffer, "be", 8),
+      mint.publicKey.toBuffer(),
+      destinationPdaAta.address.toBuffer(),
+      data,
+    ]);
+    const message_hash = keccak256(buffer);
+    const signature = keyPair.sign(message_hash, "hex");
+    const { r, s, recoveryParam } = signature;
+    const signatureBuffer = Buffer.concat([
+      r.toArrayLike(Buffer, "be", 32),
+      s.toArrayLike(Buffer, "be", 32),
+    ]);
+
+    try {
+      // call the `execute_spl_token` function in the gateway program
+      await gatewayProgram.methods
+        .executeSplToken(
+          usdcDecimals,
+          amount,
+          Array.from(address),
+          data,
+          Array.from(signatureBuffer),
+          Number(recoveryParam),
+          Array.from(message_hash),
+          nonce
+        )
+        .accountsPartial({
+          // mandatory predefined accounts
+          signer: wallet.publicKey,
+          pda: pdaAccount,
+          pdaAta: pda_ata,
+          mintAccount: mint.publicKey,
+          destinationProgram: connectedSPLProgram.programId,
+          destinationProgramPda: connectedPdaAccount,
+          destinationProgramPdaAta: destinationPdaAta.address,
+          tokenProgram: spl.TOKEN_PROGRAM_ID,
+          associatedTokenProgram: spl.ASSOCIATED_TOKEN_PROGRAM_ID,
+          systemProgram: SYSTEM_PROGRAM_ID,
+        })
+        .remainingAccounts([
+          // accounts coming from withdraw and call msg
+          { pubkey: wallet.publicKey, isSigner: true, isWritable: true },
+          { pubkey: connectedPdaAccount, isSigner: false, isWritable: true },
+          {
+            pubkey: destinationPdaAta.address,
+            isSigner: false,
+            isWritable: true,
+          },
+          { pubkey: mint.publicKey, isSigner: false, isWritable: false },
+          { pubkey: pdaAccount, isSigner: false, isWritable: false },
+          {
+            pubkey: randomWallet.publicKey,
+            isSigner: false,
+            isWritable: false,
+          },
+          {
+            pubkey: randomWalletAta.address,
+            isSigner: false,
+            isWritable: true,
+          },
+          {
+            pubkey: spl.TOKEN_PROGRAM_ID,
+            isSigner: false,
+            isWritable: false,
+          },
+          {
+            pubkey: SYSTEM_PROGRAM_ID,
+            isSigner: false,
+            isWritable: false,
+          },
+        ])
+        .rpc();
+      throw new Error("Expected error not thrown"); // This line will make the test fail if no error is thrown
+    } catch (err) {
+      expect(err).to.be.instanceof(anchor.AnchorError);
+      expect(err.message).to.include("InvalidInstructionData");
+    }
+  });
+
   it("Calls execute spl token and onCall reverts if wrong msg hash", async () => {
     const randomWallet = anchor.web3.Keypair.generate();
     let randomWalletAta = await spl.getOrCreateAssociatedTokenAccount(