Extra checks in load checked

Author: guibescos

program/rust/src/deserialize.rs

@@ -5,6 +5,8 @@ use bytemuck::{
     try_from_bytes_mut,
     Pod,
 };
+use solana_program::pubkey::Pubkey;
+use solana_program::rent::Rent;
 
 use crate::c_oracle_header::{
     AccountHeader,
@@ -46,6 +48,7 @@ pub fn load_mut<T: Pod>(data: &mut [u8]) -> Result<&mut T, OracleError> {
 }
 
 /// Get the data stored in `account` as a value of type `T`
+/// /// Warning: DON'T USE THIS UNCHECKED FUNCTION
 pub fn load_account_as<'a, T: Pod>(account: &'a AccountInfo) -> Result<Ref<'a, T>, ProgramError> {
     let data = account.try_borrow_data()?;
 
@@ -69,7 +72,22 @@ pub fn load_account_as_mut<'a, T: Pod>(
 pub fn load_checked<'a, T: PythAccount>(
     account: &'a AccountInfo,
     version: u32,
+    program_id: &Pubkey,
 ) -> Result<RefMut<'a, T>, ProgramError> {
+    // Check size and rent
+    pyth_assert(
+        account.data_len() >= T::minimum_size()
+            && Rent::default().is_exempt(account.lamports(), account.data_len()),
+        OracleError::SmallSizeOrNotEnoughRent.into(),
+    )?;
+
+    // Check owner
+    pyth_assert(
+        account.owner == program_id,
+        OracleError::SmallSizeOrNotEnoughRent.into(),
+    )?;
+
+
     {
         let account_header = load_account_as::<AccountHeader>(account)?;
         pyth_assert(

program/rust/src/error.rs

@@ -32,6 +32,10 @@ pub enum OracleError {
     InstructionDataTooShort        = 610,
     #[error("InstructionDataSliceMisaligned")]
     InstructionDataSliceMisaligned = 611,
+    #[error("SmallSizeOrNotEnoughRent")]
+    SmallSizeOrNotEnoughRent       = 612,
+    #[error("AccountNotOwnerByOracle")]
+    AccountNotOwnerByOracle        = 613,
 }
 
 impl From<OracleError> for ProgramError {

program/rust/src/rust_oracle.rs

@@ -109,49 +109,49 @@ pub fn resize_price_account(
     accounts: &[AccountInfo],
     _instruction_data: &[u8],
 ) -> ProgramResult {
-    let [funding_account_info, price_account_info, system_program] = match accounts {
+    let [funding_account_info, price_account, system_program] = match accounts {
         [x, y, z] => Ok([x, y, z]),
         _ => Err(ProgramError::InvalidArgument),
     }?;
 
     check_valid_funding_account(funding_account_info)?;
-    check_valid_signable_account(program_id, price_account_info, size_of::<PriceAccount>())?;
+    check_valid_signable_account(program_id, price_account, size_of::<PriceAccount>())?;
     pyth_assert(
         check_id(system_program.key),
         OracleError::InvalidSystemAccount.into(),
     )?;
     // Check that it is a valid initialized price account
     {
-        load_checked::<PriceAccount>(price_account_info, PC_VERSION)?;
+        load_checked::<PriceAccount>(price_account, PC_VERSION, program_id)?;
     }
-    let account_len = price_account_info.try_data_len()?;
+    let account_len = price_account.try_data_len()?;
     match account_len {
         PRICE_T_SIZE => {
             // Ensure account is still rent exempt after resizing
             let rent: Rent = Default::default();
             let lamports_needed: u64 = rent
                 .minimum_balance(size_of::<PriceAccountWrapper>())
-                .saturating_sub(price_account_info.lamports());
+                .saturating_sub(price_account.lamports());
             if lamports_needed > 0 {
                 send_lamports(
                     funding_account_info,
-                    price_account_info,
+                    price_account,
                     system_program,
                     lamports_needed,
                 )?;
             }
             // We do not need to zero allocate because we won't access the data in the same
             // instruction
-            price_account_info.realloc(size_of::<PriceAccountWrapper>(), false)?;
+            price_account.realloc(size_of::<PriceAccountWrapper>(), false)?;
 
             // Check that everything is ok
             check_valid_signable_account(
                 program_id,
-                price_account_info,
+                price_account,
                 size_of::<PriceAccountWrapper>(),
             )?;
             let mut price_account =
-                load_checked::<PriceAccountWrapper>(price_account_info, PC_VERSION)?;
+                load_checked::<PriceAccountWrapper>(price_account, PC_VERSION, program_id)?;
             // Initialize Time Machine
             price_account.initialize_time_machine()?;
             Ok(())
@@ -206,7 +206,7 @@ pub fn add_mapping(
     check_valid_fresh_account(next_mapping)?;
 
     let hdr = load::<CommandHeader>(instruction_data)?;
-    let mut cur_mapping = load_checked::<MappingAccount>(cur_mapping, hdr.version)?;
+    let mut cur_mapping = load_checked::<MappingAccount>(cur_mapping, hdr.version, program_id)?;
     pyth_assert(
         cur_mapping.num_ == PC_MAP_TABLE_SIZE && pubkey_is_zero(&cur_mapping.next_),
         ProgramError::InvalidArgument,
@@ -244,7 +244,8 @@ pub fn upd_price(
     let latest_aggregate_price: PriceInfo;
     {
         // Verify that symbol account is initialized
-        let price_data = load_checked::<PriceAccount>(price_account, cmd_args.header.version)?;
+        let price_data =
+            load_checked::<PriceAccount>(price_account, cmd_args.header.version, program_id)?;
 
         // Verify that publisher is authorized
         while publisher_index < price_data.num_ as usize {
@@ -306,7 +307,7 @@ pub fn upd_price(
 
         {
             let mut price_data =
-                load_checked::<PriceAccount>(price_account, cmd_args.header.version)?;
+                load_checked::<PriceAccount>(price_account, cmd_args.header.version, program_id)?;
             let publisher_price = &mut price_data.comp_[publisher_index].latest_;
             publisher_price.price_ = cmd_args.price;
             publisher_price.conf_ = cmd_args.confidence;
@@ -359,7 +360,7 @@ pub fn add_price(
     check_valid_fresh_account(price_account)?;
 
     let mut product_data =
-        load_checked::<ProductAccount>(product_account, cmd_args.header.version)?;
+        load_checked::<ProductAccount>(product_account, cmd_args.header.version, program_id)?;
 
     let mut price_data =
         initialize_pyth_account_checked::<PriceAccount>(price_account, cmd_args.header.version)?;
@@ -395,8 +396,9 @@ pub fn del_price(
 
     {
         let cmd_args = load::<CommandHeader>(instruction_data)?;
-        let mut product_data = load_checked::<ProductAccount>(product_account, cmd_args.version)?;
-        let price_data = load_checked::<PriceAccount>(price_account, cmd_args.version)?;
+        let mut product_data =
+            load_checked::<ProductAccount>(product_account, cmd_args.version, program_id)?;
+        let price_data = load_checked::<PriceAccount>(price_account, cmd_args.version, program_id)?;
         pyth_assert(
             pubkey_equal(&product_data.px_acc_, &price_account.key.to_bytes()),
             ProgramError::InvalidArgument,
@@ -437,7 +439,8 @@ pub fn init_price(
     check_valid_funding_account(funding_account)?;
     check_valid_signable_account(program_id, price_account, size_of::<PriceAccount>())?;
 
-    let mut price_data = load_checked::<PriceAccount>(price_account, cmd_args.header.version)?;
+    let mut price_data =
+        load_checked::<PriceAccount>(price_account, cmd_args.header.version, program_id)?;
     pyth_assert(
         price_data.ptype_ == cmd_args.price_type,
         ProgramError::InvalidArgument,
@@ -507,7 +510,8 @@ pub fn add_publisher(
     check_valid_funding_account(funding_account)?;
     check_valid_signable_account(program_id, price_account, size_of::<PriceAccount>())?;
 
-    let mut price_data = load_checked::<PriceAccount>(price_account, cmd_args.header.version)?;
+    let mut price_data =
+        load_checked::<PriceAccount>(price_account, cmd_args.header.version, program_id)?;
 
     if price_data.num_ >= PC_COMP_SIZE {
         return Err(ProgramError::InvalidArgument);
@@ -560,7 +564,8 @@ pub fn del_publisher(
     check_valid_funding_account(funding_account)?;
     check_valid_signable_account(program_id, price_account, size_of::<PriceAccount>())?;
 
-    let mut price_data = load_checked::<PriceAccount>(price_account, cmd_args.header.version)?;
+    let mut price_data =
+        load_checked::<PriceAccount>(price_account, cmd_args.header.version, program_id)?;
 
     for i in 0..(price_data.num_ as usize) {
         if pubkey_equal(&cmd_args.publisher, bytes_of(&price_data.comp_[i].pub_)) {
@@ -603,7 +608,8 @@ pub fn add_product(
     check_valid_fresh_account(new_product_account)?;
 
     let hdr = load::<CommandHeader>(instruction_data)?;
-    let mut mapping_data = load_checked::<MappingAccount>(tail_mapping_account, hdr.version)?;
+    let mut mapping_data =
+        load_checked::<MappingAccount>(tail_mapping_account, hdr.version, program_id)?;
     // The mapping account must have free space to add the product account
     pyth_assert(
         mapping_data.num_ < PC_MAP_TABLE_SIZE,
@@ -643,7 +649,8 @@ pub fn upd_product(
     let hdr = load::<CommandHeader>(instruction_data)?;
     {
         // Validate that product_account contains the appropriate account header
-        let mut _product_data = load_checked::<ProductAccount>(product_account, hdr.version)?;
+        let mut _product_data =
+            load_checked::<ProductAccount>(product_account, hdr.version, program_id)?;
     }
 
     pyth_assert(
@@ -679,7 +686,8 @@ pub fn upd_product(
         );
     }
 
-    let mut product_data = load_checked::<ProductAccount>(product_account, hdr.version)?;
+    let mut product_data =
+        load_checked::<ProductAccount>(product_account, hdr.version, program_id)?;
     product_data.size_ = try_convert(size_of::<ProductAccount>() + new_data.len())?;
 
     Ok(())
@@ -705,7 +713,8 @@ pub fn set_min_pub(
     check_valid_funding_account(funding_account)?;
     check_valid_signable_account(program_id, price_account, size_of::<PriceAccount>())?;
 
-    let mut price_account_data = load_checked::<PriceAccount>(price_account, cmd.header.version)?;
+    let mut price_account_data =
+        load_checked::<PriceAccount>(price_account, cmd.header.version, program_id)?;
     price_account_data.min_pub_ = cmd.minimum_publishers;
 
     Ok(())
@@ -734,8 +743,10 @@ pub fn del_product(
 
     {
         let cmd_args = load::<CommandHeader>(instruction_data)?;
-        let mut mapping_data = load_checked::<MappingAccount>(mapping_account, cmd_args.version)?;
-        let product_data = load_checked::<ProductAccount>(product_account, cmd_args.version)?;
+        let mut mapping_data =
+            load_checked::<MappingAccount>(mapping_account, cmd_args.version, program_id)?;
+        let product_data =
+            load_checked::<ProductAccount>(product_account, cmd_args.version, program_id)?;
 
         // This assertion is just to make the subtractions below simpler
         pyth_assert(mapping_data.num_ >= 1, ProgramError::InvalidArgument)?;

program/rust/src/tests/test_add_mapping.rs

@@ -6,7 +6,6 @@ use crate::c_oracle_header::{
 };
 use crate::deserialize::{
     initialize_pyth_account_checked,
-    load_account_as_mut,
     load_checked,
 };
 use crate::instruction::{
@@ -44,7 +43,7 @@ fn test_add_mapping() {
 
     {
         let mut cur_mapping_data =
-            load_checked::<MappingAccount>(&cur_mapping, PC_VERSION).unwrap();
+            load_checked::<MappingAccount>(&cur_mapping, PC_VERSION, &program_id).unwrap();
         cur_mapping_data.num_ = PC_MAP_TABLE_SIZE;
     }
 
@@ -60,9 +59,10 @@ fn test_add_mapping() {
     .is_ok());
 
     {
-        let next_mapping_data = load_checked::<MappingAccount>(&next_mapping, PC_VERSION).unwrap();
+        let next_mapping_data =
+            load_checked::<MappingAccount>(&next_mapping, PC_VERSION, &program_id).unwrap();
         let mut cur_mapping_data =
-            load_checked::<MappingAccount>(&cur_mapping, PC_VERSION).unwrap();
+            load_checked::<MappingAccount>(&cur_mapping, PC_VERSION, &program_id).unwrap();
 
         assert!(pubkey_equal(
             &cur_mapping_data.next_,
@@ -90,7 +90,7 @@ fn test_add_mapping() {
 
     {
         let mut cur_mapping_data =
-            load_checked::<MappingAccount>(&cur_mapping, PC_VERSION).unwrap();
+            load_checked::<MappingAccount>(&cur_mapping, PC_VERSION, &program_id).unwrap();
         assert!(pubkey_is_zero(&cur_mapping_data.next_));
         cur_mapping_data.num_ = PC_MAP_TABLE_SIZE;
         cur_mapping_data.magic_ = 0;
@@ -110,7 +110,8 @@ fn test_add_mapping() {
     );
 
     {
-        let mut cur_mapping_data = load_account_as_mut::<MappingAccount>(&cur_mapping).unwrap();
+        let mut cur_mapping_data =
+            load_checked::<MappingAccount>(&cur_mapping, PC_VERSION, &program_id).unwrap();
         cur_mapping_data.magic_ = PC_MAGIC;
     }
 

program/rust/src/tests/test_add_price.rs

@@ -78,8 +78,10 @@ fn test_add_price() {
     .is_ok());
 
     {
-        let price_data = load_checked::<PriceAccount>(&price_account, PC_VERSION).unwrap();
-        let product_data = load_checked::<ProductAccount>(&product_account, PC_VERSION).unwrap();
+        let price_data =
+            load_checked::<PriceAccount>(&price_account, PC_VERSION, &program_id).unwrap();
+        let product_data =
+            load_checked::<ProductAccount>(&product_account, PC_VERSION, &program_id).unwrap();
         assert_eq!(price_data.expo_, 1);
         assert_eq!(price_data.ptype_, 1);
         assert!(pubkey_equal(
@@ -105,8 +107,10 @@ fn test_add_price() {
     .is_ok());
 
     {
-        let price_data_2 = load_checked::<PriceAccount>(&price_account_2, PC_VERSION).unwrap();
-        let product_data = load_checked::<ProductAccount>(&product_account, PC_VERSION).unwrap();
+        let price_data_2 =
+            load_checked::<PriceAccount>(&price_account_2, PC_VERSION, &program_id).unwrap();
+        let product_data =
+            load_checked::<ProductAccount>(&product_account, PC_VERSION, &program_id).unwrap();
         assert_eq!(price_data_2.expo_, 1);
         assert_eq!(price_data_2.ptype_, 1);
         assert!(pubkey_equal(

program/rust/src/tests/test_add_product.rs

@@ -12,7 +12,6 @@ use crate::c_oracle_header::{
 };
 use crate::deserialize::{
     initialize_pyth_account_checked,
-    load_account_as,
     load_checked,
 };
 use crate::error::OracleError;
@@ -66,8 +65,10 @@ fn test_add_product() {
     .is_ok());
 
     {
-        let product_data = load_account_as::<ProductAccount>(&product_account).unwrap();
-        let mapping_data = load_checked::<MappingAccount>(&mapping_account, PC_VERSION).unwrap();
+        let product_data =
+            load_checked::<ProductAccount>(&product_account, PC_VERSION, &program_id).unwrap();
+        let mapping_data =
+            load_checked::<MappingAccount>(&mapping_account, PC_VERSION, &program_id).unwrap();
 
         assert_eq!(product_data.magic_, PC_MAGIC);
         assert_eq!(product_data.ver_, PC_VERSION);
@@ -92,7 +93,8 @@ fn test_add_product() {
     )
     .is_ok());
     {
-        let mapping_data = load_checked::<MappingAccount>(&mapping_account, PC_VERSION).unwrap();
+        let mapping_data =
+            load_checked::<MappingAccount>(&mapping_account, PC_VERSION, &program_id).unwrap();
         assert_eq!(mapping_data.num_, 2);
         assert_eq!(mapping_data.size_, (MappingAccount::INITIAL_SIZE + 2 * 32));
         assert!(pubkey_equal(
@@ -145,7 +147,8 @@ fn test_add_product() {
             instruction_data
         )
         .is_ok());
-        let mapping_data = load_checked::<MappingAccount>(&mapping_account, PC_VERSION).unwrap();
+        let mapping_data =
+            load_checked::<MappingAccount>(&mapping_account, PC_VERSION, &program_id).unwrap();
         assert_eq!(
             mapping_data.size_,
             MappingAccount::INITIAL_SIZE + (i + 1) * 32
@@ -168,6 +171,7 @@ fn test_add_product() {
         Err(ProgramError::InvalidArgument)
     );
 
-    let mapping_data = load_checked::<MappingAccount>(&mapping_account, PC_VERSION).unwrap();
+    let mapping_data =
+        load_checked::<MappingAccount>(&mapping_account, PC_VERSION, &program_id).unwrap();
     assert_eq!(mapping_data.num_, PC_MAP_TABLE_SIZE);
 }

program/rust/src/tests/test_add_publisher.rs

@@ -71,7 +71,8 @@ fn test_add_publisher() {
     .is_ok());
 
     {
-        let price_data = load_checked::<PriceAccount>(&price_account, PC_VERSION).unwrap();
+        let price_data =
+            load_checked::<PriceAccount>(&price_account, PC_VERSION, &program_id).unwrap();
         assert_eq!(price_data.num_, 1);
         assert_eq!(
             price_data.size_,
@@ -120,7 +121,8 @@ fn test_add_publisher() {
 
 
         {
-            let price_data = load_checked::<PriceAccount>(&price_account, PC_VERSION).unwrap();
+            let price_data =
+                load_checked::<PriceAccount>(&price_account, PC_VERSION, &program_id).unwrap();
             assert_eq!(price_data.num_, i + 1);
             assert!(pubkey_equal(
                 &price_data.comp_[i as usize].pub_,