solana: Validate token_authority is multisig signer

wormhole-foundation · Dec 14, 2024 · 2bd3584 · 2bd3584
1 parent e2c6d0c
commit 2bd3584
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 4 deletions.
diff --git a/solana/programs/example-native-token-transfers/src/error.rs b/solana/programs/example-native-token-transfers/src/error.rs
@@ -53,6 +53,8 @@ pub enum NTTError {
     BitmapIndexOutOfBounds,
     #[msg("NoRegisteredTransceivers")]
     NoRegisteredTransceivers,
+    #[msg("InvalidMultisig")]
+    InvalidMultisig,
 }
 
 impl From<ScalingError> for NTTError {

diff --git a/solana/programs/example-native-token-transfers/src/instructions/initialize.rs b/solana/programs/example-native-token-transfers/src/instructions/initialize.rs
@@ -10,6 +10,7 @@ use crate::{
     bitmap::Bitmap,
     error::NTTError,
     queue::{outbox::OutboxRateLimit, rate_limit::RateLimitState},
+    spl_multisig::SplMultisig,
 };
 
 #[derive(Accounts)]
@@ -117,8 +118,12 @@ pub struct InitializeMultisig<'info> {
     )]
     pub common: Initialize<'info>,
 
-    /// CHECK: multisig is mint authority
-    pub multisig: UncheckedAccount<'info>,
+    #[account(
+        constraint =
+            multisig.m == 1 && multisig.signers.contains(&common.token_authority.key())
+            @ NTTError::InvalidMultisig, 
+    )]
+    pub multisig: InterfaceAccount<'info, SplMultisig>,
 }
 
 pub fn initialize_multisig(ctx: Context<InitializeMultisig>, args: InitializeArgs) -> Result<()> {

diff --git a/solana/programs/example-native-token-transfers/src/instructions/release_inbound.rs b/solana/programs/example-native-token-transfers/src/instructions/release_inbound.rs
@@ -7,6 +7,7 @@ use crate::{
     config::*,
     error::NTTError,
     queue::inbox::{InboxItem, ReleaseStatus},
+    spl_multisig::SplMultisig,
 };
 
 #[derive(Accounts)]
@@ -137,8 +138,12 @@ pub struct ReleaseInboundMintMultisig<'info> {
     )]
     common: ReleaseInbound<'info>,
 
-    /// CHECK: multisig account should be mint authority
-    pub multisig: UncheckedAccount<'info>,
+    #[account(
+        constraint =
+         multisig.m == 1 && multisig.signers.contains(&common.token_authority.key())
+            @ NTTError::InvalidMultisig,
+    )]
+    pub multisig: InterfaceAccount<'info, SplMultisig>,
 }
 
 pub fn release_inbound_mint_multisig<'info>(

diff --git a/solana/ts/idl/3_0_0/json/example_native_token_transfers.json b/solana/ts/idl/3_0_0/json/example_native_token_transfers.json
@@ -2188,6 +2188,11 @@
       "code": 6023,
       "name": "NoRegisteredTransceivers",
       "msg": "NoRegisteredTransceivers"
+    },
+    {
+      "code": 6024,
+      "name": "InvalidMultisig",
+      "msg": "InvalidMultisig"
     }
   ]
 }
diff --git a/solana/ts/idl/3_0_0/ts/example_native_token_transfers.ts b/solana/ts/idl/3_0_0/ts/example_native_token_transfers.ts
@@ -2188,6 +2188,11 @@ export type ExampleNativeTokenTransfers = {
       "code": 6023,
       "name": "NoRegisteredTransceivers",
       "msg": "NoRegisteredTransceivers"
+    },
+    {
+      "code": 6024,
+      "name": "InvalidMultisig",
+      "msg": "InvalidMultisig"
     }
   ]
 }
@@ -4381,6 +4386,11 @@ export const IDL: ExampleNativeTokenTransfers = {
       "code": 6023,
       "name": "NoRegisteredTransceivers",
       "msg": "NoRegisteredTransceivers"
+    },
+    {
+      "code": 6024,
+      "name": "InvalidMultisig",
+      "msg": "InvalidMultisig"
     }
   ]
 }