FV-ANC-4-CL1 Using create_program_address

Bad

let (pda, _) = Pubkey::create_program_address(&[seed, &[bump]], ctx.program_id);
// No validation to ensure PDA is derived correctly

Good

// Verify PDA derivation using `find_program_address`
let (expected_pda, expected_bump) = Pubkey::find_program_address(&[seed], ctx.program_id);
if ctx.accounts.pda.key() != expected_pda || bump != expected_bump {
    return Err(ProgramError::InvalidArgument);
}

Last updated