Skip to content

fix: verify mint and owner in idempotent ATA early return#2255

Closed
ananas-block wants to merge 3 commits intomainfrom
fix/audit-issue-4-idempotent-ata-checks
Closed

fix: verify mint and owner in idempotent ATA early return#2255
ananas-block wants to merge 3 commits intomainfrom
fix/audit-issue-4-idempotent-ata-checks

Conversation

@ananas-block
Copy link
Contributor

@ananas-block ananas-block commented Feb 6, 2026
edited by coderabbitai bot
Loading

Summary

  • Add mint and owner validation in the idempotent ATA early return path so that an existing account for a different mint/owner is not silently accepted.

Summary by CodeRabbit

Bug Fixes

  • Implemented validation checks during token account creation to verify that stored mint and owner values align with requested values. Detects and prevents mismatches, reporting failures clearly to maintain data integrity and ensure correct token account configurations.

@ananas-block
fix: verify mint and owner in idempotent ATA early return
f40e048 
Audit issue #4 (LOW): The idempotent ATA path returned Ok() when the
account was already owned by the program without verifying the stored
mint and owner matched the requested values. Add Token deserialization
and field checks before the early return.
@ananas-block
chore: format
331d3a9
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 6, 2026
edited
Loading

📝 Walkthrough

Walkthrough

This change adds runtime verification to the idempotent ATA creation path by validating that stored mint and owner match requested values. If either field mismatches, a specific error is emitted; if both match, execution continues as before.

Changes

Cohort / File(s) Summary
ATA Creation Validation
programs/compressed-token/program/src/ctoken/create_ata.rs		 Added pubkey_eq import and runtime verification logic in the idempotent path to compare stored mint and owner against requested values, emitting "MintMismatch" or "OwnerMismatch" errors on failure.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Suggested labels

ai-review

Suggested reviewers

  • sergeytimoshin
  • SwenSchaeferjohann

Poem

🔐 A token's identity now stands guard,
Idempotent paths less scarred,
Mint and owner locked in place—
No silent mismatches win this race! ✨

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: adding verification of mint and owner values in the idempotent ATA early return path, which is the core security fix addressed in the changeset.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 70.00%.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/audit-issue-4-idempotent-ata-checks

No actionable comments were generated in the recent review. 🎉

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@ananas-block ananas-block mentioned this pull request Feb 9, 2026
Merged
@ananas-block
Copy link
Contributor Author

ananas-block commented Feb 9, 2026

Superseded by #2249 which combines issues #3, #4, and #15.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ananas-block