FV-ANC-3-CL3 Usage of UncheckedAccount without manual ownership check

Bad

#[account]
pub external_account: UncheckedAccount<'info>; // No validation.

Good

#[account]
pub external_account: UncheckedAccount<'info>;

// When using UncheckedAccount, manually validate the same constraints Anchor enforces automatically.
if external_account.owner != &expected_owner_program_id {
    return Err(ProgramError::IllegalOwner);
}

PreviousFV-ANC-3-CL2 Trying to access account data without ownership checks NextFV-ANC-3-CL4 Usage of UncheckedAccount without manual signer check

Last updated 5 months ago

Was this helpful?