FV-ANC-3-CL12 Not validating a set address

Bad

pub fn handler(ctx: Context<MyContext>) -> Result<()> {
    ctx.accounts.x = new_address; // No validation
    Ok(())
}

Good

pub fn handler(ctx: Context<MyContext>) -> Result<()> {
    // prevent system program address
    // prevent pda or program address
    // verify address exists and can receive tokens
    // only then dot he update
    ctx.accounts.x = new_address;
    Ok(())
}

PreviousFV-ANC-3-CL11 No reload after account mutation NextFV-ANC-4 PDA Security

Last updated 4 months ago

Was this helpful?