Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(svm): N-04 reset use of PDA signer in multicall handler #837

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Reinis-FRP
Copy link
Contributor

@Reinis-FRP Reinis-FRP commented Jan 6, 2025

OZ identified following issue:

Across deposits may include additional message data that must be processed during relayer fills, in which
case the data is deserialized and processed as various accounts and instructions that are invoked on the
message handler specified in the relayer data. In the provided multicall_handler example, the handler_signer
may be included as an additional signer in the CPI calls decoded from the message. However, it may be
included when not necessary. This is because, in each program call, use_handler_signer is set if any accounts
in the call match the handler_signer key, but it is never reset to false before checking subsequent calls.

Consider correcting this logic by resetting the value of use_handler_signer at the top of the outermost for
loop to avoid passing additional unnecessary signers in CPI calls.

This PR addresses the issue by resetting use_handler_signer to false at the start of processing each instruction.

Fixes: https://linear.app/uma/issue/ACX-3593/n-04-unneccessary-pda-signer-can-be-used-in-multicall-handler

Signed-off-by: Reinis Martinsons <reinis@umaproject.org>
Copy link

linear bot commented Jan 6, 2025

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants