Skip to content

lang: Require zero accounts to be unique#3409

Merged
acheroncrypto merged 5 commits into
otter-sec:masterfrom
acheroncrypto:lang-require-zero-accounts-to-be-unique
Dec 10, 2024
Merged

lang: Require zero accounts to be unique#3409
acheroncrypto merged 5 commits into
otter-sec:masterfrom
acheroncrypto:lang-require-zero-accounts-to-be-unique

Conversation

@acheroncrypto

@acheroncrypto acheroncrypto commented Dec 6, 2024

Copy link
Copy Markdown
Collaborator

Problem

Anchor doesn't guarantee uniqueness of mutable accounts.

Requiring all mutable accounts to be unique could solve the problem, but this would also be redundant in most cases because the uniqueness of the account is usually achieved through other means, e.g. via the seeds constraint. It's not so straightforward to figure out all the cases where it makes sense to require uniqueness, especially when composite and optional accounts are involved.

A subclass of this problem is being able to pass the same account to accounts that have the zero constraint, which was reported by OtterSec during our v0.31 audit. Given it will take some time before we can solve the main problem, this specific problem can be solved in isolation in the meantime.

Summary of changes

Require all accounts that have the zero constraint to be unique.

Note: This change covers regular accounts and composite accounts, but not if they are separate. For example:

#[derive(Accounts)]
pub struct Outer<'info> {
    #[account(zero)]
    pub one: Account<'info, One>,
    #[account(zero)]
    pub two: Account<'info, Two>,
    pub inner: Inner<'info>,
}

#[derive(Accounts)]
pub struct Inner<'info> {
    #[account(zero)]
    pub one: Account<'info, One>,
    #[account(zero)]
    pub two: Account<'info, Two>,
}

In this example,

  • outer.one and outer.two
  • inner.one and inner.two

is guaranteed to be unique, but outer.one and inner.one can still be the same. This is because proc macros (#[derive(Accounts)]) only have access to the code underneath them, meaning it's not possible to get information about Inner from Outer. For this specific case, we may be able to implement a custom trait that we can call internally during try_accounts, but the potential benefits don't seem to be enough to justify the increased complexity in my opinion.

@vercel

vercel Bot commented Dec 6, 2024
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
anchor-docs ⬜️ Ignored (Inspect) Visit Preview Dec 10, 2024 4:56am

@vercel

vercel Bot commented Dec 6, 2024

Copy link
Copy Markdown

@acheroncrypto is attempting to deploy a commit to the coral-xyz Team on Vercel.

A member of the Team first needs to authorize it.

@acheroncrypto acheroncrypto added lang fix Bug fix PR labels Dec 6, 2024
@acheroncrypto acheroncrypto merged commit 955e7ea into otter-sec:master Dec 10, 2024
@acheroncrypto acheroncrypto mentioned this pull request Dec 10, 2024
Merged
Otter-0x4ka5h pushed a commit to Otter-0x4ka5h/anchor that referenced this pull request Mar 25, 2026
@acheroncrypto
lang: Require zero accounts to be unique (otter-sec#3409)
7a7d602
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

fix Bug fix PR lang

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@acheroncrypto