fix(escrow-native): prevent rent refund redirection by yukikm · Pull Request #533 · solana-developers/program-examples
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull request overview
This PR addresses critical security vulnerabilities related to lamport manipulation in Solana programs. The primary focus is on the escrow native program, with additional security hardening in the transfer-sol anchor example.
Changes:
- Fixed rent refund redirection vulnerability in escrow: rent from closed offer accounts now goes to the maker (initializer) instead of an arbitrary payer
- Corrected post-transfer balance assertion bug in escrow that was checking the wrong variable
- Enhanced transfer-sol/anchor with signer validation and overflow protection for direct lamport transfers
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| tokens/escrow/native/program/src/instructions/take_offer.rs | Refunds offer rent to maker instead of payer; fixes balance assertion to use correct pre-transfer variable |
| tokens/escrow/native/tests/instruction.ts | Makes maker account writable to receive rent refund |
| tokens/escrow/native/tests/test.ts | Adds comprehensive regression test proving rent cannot be redirected to attacker-controlled payer |
| basics/transfer-sol/anchor/programs/transfer-sol/src/lib.rs | Adds Signer constraint, checked arithmetic for overflow protection, and explicit balance validation |
| basics/transfer-sol/anchor/tests/test.ts | Adds required signer to match updated program constraints |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.