// Signer validation missing entirely
if authority.key != expected_authority_key {
return Err(ProgramError::MissingRequiredSignature);
}
// Explicitly ensure the signer has signed
if !ctx.accounts.authority.is_signer {
return Err(ProgramError::MissingRequiredSignature);
}