Skip to content

fix(solana): prefunded commitment block attack#963

Draft
vaporif wants to merge 1 commit intomainfrom
vaporif/prefunded-commitment-blocks-sendpacket-issue2
Draft

fix(solana): prefunded commitment block attack#963
vaporif wants to merge 1 commit intomainfrom
vaporif/prefunded-commitment-blocks-sendpacket-issue2

Conversation

@vaporif
Copy link
Collaborator

@vaporif vaporif commented Mar 2, 2026
edited by mariuszzak
Loading

Description

refers https://github.com/zenith-security/2026-02-cosmos-labs/issues/2

Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.

  • Linked to GitHub issue with discussion and accepted design, OR link to spec that describes this work.
  • Wrote unit and integration tests.
  • Added relevant natspec and godoc comments.
  • Provide a conventional commit message to follow the repository standards.
  • Re-reviewed Files changed in the GitHub PR explorer.
  • Review SonarCloud Report in the comment section below once CI passes.

@vaporif vaporif requested a review from srdtrk as a code owner March 2, 2026 17:36
@codecov
Copy link

codecov bot commented Mar 2, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.91%. Comparing base (5cfe581) to head (90234bf).
⚠️ Report is 9 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #963   +/-   ##
=======================================
  Coverage   99.91%   99.91%           
=======================================
  Files          27       27           
  Lines        1123     1123           
=======================================
  Hits         1122     1122           
  Misses          1        1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

mariuszzak
mariuszzak reviewed Mar 3, 2026
View reviewed changes
programs/solana/programs/ics26-router/src/utils/account.rs
system_program: &AccountInfo<'info>,
owner: &Pubkey,
space: usize,
signer_seeds: &[&[&[u8]]],
Copy link
Collaborator

@mariuszzak mariuszzak Mar 3, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we have a more expressive type for signer_seeds? What do you think?

Copy link
Collaborator Author

@vaporif vaporif Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, we already have several of them everywhere but lets do it with separate PR replacing all of them

@srdtrk
Copy link
Member

srdtrk commented Mar 4, 2026

blocked by https://github.com/zenith-security/2026-02-cosmos-labs/issues/17 since fixing that might make this moot

@srdtrk srdtrk added the audit label Mar 6, 2026
@vaporif vaporif marked this pull request as draft March 10, 2026 13:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mariuszzak mariuszzak mariuszzak left review comments

@srdtrk srdtrk Awaiting requested review from srdtrk srdtrk is a code owner

Assignees

No one assigned

Labels

audit

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vaporif @srdtrk @mariuszzak