Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lang: Require zero accounts to be unique #3409

Merged
merged 5 commits into from
Dec 10, 2024
Merged

lang: Require zero accounts to be unique #3409

merged 5 commits into from
Dec 10, 2024

Conversation

acheroncrypto
Copy link
Collaborator

Problem

Anchor doesn't guarantee uniqueness of mutable accounts.

Requiring all mutable accounts to be unique could solve the problem, but this would also be redundant in most cases because the uniqueness of the account is usually achieved through other means, e.g. via the seeds constraint. It's not so straightforward to figure out all the cases where it makes sense to require uniqueness, especially when composite and optional accounts are involved.

A subclass of this problem is being able to pass the same account to accounts that have the zero constraint, which was reported by OtterSec during our v0.31 audit. Given it will take some time before we can solve the main problem, this specific problem can be solved in isolation in the meantime.

Summary of changes

Require all accounts that have the zero constraint to be unique.

Note: This change covers regular accounts and composite accounts, but not if they are separate. For example:

#[derive(Accounts)]
pub struct Outer<'info> {
    #[account(zero)]
    pub one: Account<'info, One>,
    #[account(zero)]
    pub two: Account<'info, Two>,
    pub inner: Inner<'info>,
}

#[derive(Accounts)]
pub struct Inner<'info> {
    #[account(zero)]
    pub one: Account<'info, One>,
    #[account(zero)]
    pub two: Account<'info, Two>,
}

In this example,

  • outer.one and outer.two
  • inner.one and inner.two

is guaranteed to be unique, but outer.one and inner.one can still be the same. This is because proc macros (#[derive(Accounts)]) only have access to the code underneath them, meaning it's not possible to get information about Inner from Outer. For this specific case, we may be able to implement a custom trait that we can call internally during try_accounts, but the potential benefits don't seem to be enough to justify the increased complexity in my opinion.

@vercel Vercel
Copy link

vercel bot commented Dec 6, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
anchor-docs ⬜️ Ignored (Inspect) Visit Preview Dec 10, 2024 4:56am

@vercel Vercel
Copy link

vercel bot commented Dec 6, 2024

@acheroncrypto is attempting to deploy a commit to the coral-xyz Team on Vercel.

A member of the Team first needs to authorize it.

@acheroncrypto acheroncrypto added lang fix Bug fix PR labels Dec 6, 2024
@acheroncrypto acheroncrypto merged commit 955e7ea into coral-xyz:master Dec 10, 2024
54 checks passed
@acheroncrypto acheroncrypto mentioned this pull request Dec 10, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
fix Bug fix PR lang
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@acheroncrypto