account-data-matching and bump-seed-canonicalization lesson updates #353
Conversation
Up-to date compatibility and clean format
prettier --write "/Users/shaan.s.patel/Desktop/SF Bounty/account-data-matching-updated.md"
Checked formatting... All matched files use Prettier code style!
|
Thanks @Epistetechnician ! This looks good, expect a full review tomorrow NY time. |
There was a problem hiding this comment.
An excellent start! I'm going to get a colleague to take a longer look (he's more experienced than Rust than I am) but this looks good,. There's a few small bits, also you need to update the linked unboxed-software repo. See the comments. But this looks good and I'm very confident we can get in. Feel free to explore the rest of the lessons in the program-security - you can see them live at https://solana.com/developers/courses/program-security (the content is hidden from the normal UI until we get all these updates done).
| Anchor provides a more declarative way to implement these checks using | ||
| constraints: |
There was a problem hiding this comment.
| Anchor provides a more declarative way to implement these checks using | |
| constraints: | |
| Anchor provides a more declarative way to implement these checks using | |
| [account constraints](https://www.anchor-lang.com/docs/account-constraints): |
| expect(balance.value.uiAmount).to.eq(0) | ||
| }) | ||
| }) | ||
| it("Insecure withdraw allows unauthorized access", async () => { |
There was a problem hiding this comment.
This is very minor, but you're combining TSS/BDD style in your tests. It's super common everyone does it. it is supposed to read a little like a sentence, where it is the thing in the describe block, that's why it displays that way on the command line.
You should either make this test("Insecure withdraw allows unauthorized access" ... (probably simplest) or describe('insecure withdraw) ....it("allows unauthorized access" ...
Do that for all the tests.
| [guide to installing node in WSL2](https://learn.microsoft.com/en-us/windows/dev-environment/javascript/nodejs-on-wsl) | ||
| to install node. | ||
| [guide to installing node in WSL2](https://learn.microsoft.com/en-us/windows/dev-environment/javascript/nodejs-on-wsl) to | ||
| install node. |
There was a problem hiding this comment.
Does this do anything? Might want to get rid of it.
docs/programs/examples.md
Outdated
| example programs within them: | ||
| Within | ||
| the repo you will find the following subfolder, each with assorted example | ||
| programs within them: |
There was a problem hiding this comment.
Does this do anything? Might want to get rid of it.
Resolving comments made by @mikemaccana
# Changes Made to arbitrary-cpi.md 1. **Line Length**: Adjusted lines exceeding 80 characters for improved readability and adherence to contributing guidelines. 2. **Consistency**: Ensured consistent capitalization in headers and throughout the document. 3. **Code Snippets**: Updated Rust code snippets for compatibility with Anchor 0.29.0: - Used `Result<()>` instead of `ProgramResult` for return types - Applied `to_account_info()` method instead of `clone()` for account info - Utilized `key()` method instead of `key` for public keys 4. **Explanations**: Enhanced clarity in explanations, particularly for arbitrary CPIs and program checks concepts. 5. **Lab Instructions**: Refined step-by-step instructions in the lab section for clarity and ease of following. 6. **Links**: Added and reviewed cross-references, ensuring inclusion of all necessary links (e.g., link to previous Anchor CPIs lesson). 7. **Formatting**: Verified proper Markdown formatting throughout, including correct use of code blocks with language specifications. 8. **Content Structure**: Confirmed overall lesson structure (Summary, Lesson, Lab, Challenge) adheres to contributing guidelines. 9. **Callouts**: Verified presence of final callout encouraging user feedback on the lesson.
Epistetechnician
changed the title
ran yarn prettier --write "arbitrary.md"
| evaluates to true. Alternatively, you can use `has_one` to check that a target | ||
| account field stored on the account matches the key of an account in the | ||
| `Accounts` struct. | ||
| - Use Anchor constraints to simplify the process: |
There was a problem hiding this comment.
| - Use Anchor constraints to simplify the process: | |
| - Use [Anchor constraints](https://www.anchor-lang.com/docs/account-constraints) to simplify the process: |
docs/programs/examples.md
Outdated
| @@ -38,7 +38,8 @@ examples are self-contained and are available in native Rust (ie, with no | |||
| framework), [Anchor](https://www.anchor-lang.com/docs/installation), | |||
| [Seahorse](https://seahorse-lang.org/) and it also contains a list of examples | |||
| that we would love to | |||
| [see as contributions](https://github.com/solana-developers/program-examples?tab=readme-ov-file#examples-wed-love-to-see). | |||
| [see as contributions](https://github.com/solana-developers/program-examples?tab=readme-ov-file#examples-wed-love-to-see). | |||
There was a problem hiding this comment.
Likewise I'd remove these changes from this PR.
| pub mod account_data_matching { | ||
| use super::*; | ||
| Clone the starter code from the `starter` branch of | ||
| [this repository](https://github.com/Unboxed-Software/solana-account-data-matching). |
There was a problem hiding this comment.
I've cloned the repo to https://github.com/solana-developers/solana-account-data-matching and invited you as a contributor. Please update the repo then once complete we can get this PR in!
Updated hyperlinks
resolve merge conflicts with abritrary.cpi by reverting to original and fix links in others
mikemaccana
changed the title
|
@Epistetechnician I just updated the title to reflect the files this PR is modifying, but then I also realised #407 modified the same files. Can you please not suggest changes to the same file in multiple PRs? This makes the review process very complicated as the conversation is split between two different PRs. |
|
This pull request has been automatically marked as stale because it has not had recent activity. Remove stale label or comment or this will be closed in 7 days. |
Summary of Changes
Title and Objectives
Summary Section
Lesson Section
update_admininstruction is restructured for clarity.Example: Insecure Admin Update
data_validationtoinsecure_admin.new_adminaccount is marked asUncheckedAccountwith aCHECKcomment to indicate it is not read or written in the instruction.Implementing Data Validation Checks
has_oneandconstraintattributes in Anchor.MyErrorfor better error handling.Lab Section
insecure_withdrawinstruction.insecure_withdrawinstruction is updated to demonstrate the vulnerability more clearly.Implementing Secure Withdraw Instruction
has_oneconstraints in theSecureWithdrawstruct to ensure proper validation.Testing Secure Withdraw Instruction
secure_withdrawinstruction, demonstrating both unauthorized and authorized access scenarios.Conclusion
Callout Sections