refactor: check system program account ownership at resize, check account state is zeroed pre initialization

[ananas-block]

Summary by CodeRabbit

• Bug Fixes
  • Strengthened validation to prevent token accounts from being re-initialized, improving account state consistency.
  • Enhanced data integrity checks during token account creation to ensure proper initialization state.

[coderabbitai]

📝 Walkthrough

Walkthrough

Two account initialization functions have been enhanced with stricter validation: create_pda_account now verifies the account isn't already initialized by checking system program ownership before proceeding, while initialize_ctoken_account replaces zero-initialization logic with a comprehensive data validation check that rejects any non-zero bytes.

Changes

Cohort / File(s)	Summary
Account Initialization Validation programs/compressed-token/program/src/shared/create_pda_account.rs, programs/compressed-token/program/src/shared/initialize_ctoken_account.rs	First file adds an early ownership check against system program in the cold path to prevent re-initialization. Second file replaces explicit zeroing with complete byte-level verification of existing data; now rejects any non-zero bytes and changes error type from InvalidAccountData to AccountAlreadyInitialized.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• fix: robust account creation #2097 — Directly modifies the same cold-path ownership validation logic in create_pda_account that was introduced/changed in this PR.

Suggested labels

ai-review

Suggested reviewers

• sergeytimoshin
• SwenSchaeferjohann

Poem

🔒 Guard clauses stand tall, with verification strong,
Rejecting the initialized accounts, where they don't belong,
Zero bytes must reign, not a whisper of stray data here,
Your accounts now safer—initialization crystal clear! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes both main changes: adding system program ownership checks during account resize and verifying zeroed account state before initialization.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 70.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch jorrit/fix-add-additional-account-creation-checks

---

No actionable comments were generated in the recent review. 🎉

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}