Skip to content

security: validate Solana transaction instructions before co-signing#14

Merged
rawgroundbeef merged 3 commits intomainfrom
security/solana-instruction-validation
Mar 10, 2026
Merged

security: validate Solana transaction instructions before co-signing#14
rawgroundbeef merged 3 commits intomainfrom
security/solana-instruction-validation

Conversation

@rawgroundbeef
Copy link
Copy Markdown
Owner

@rawgroundbeef rawgroundbeef commented Mar 10, 2026

Add 4-layer instruction validation to prevent malicious instructions from being bundled into facilitator-signed Solana transactions:

  1. Program ID allowlist (SPL Token, Token-2022, ATA, ComputeBudget only)
  2. Token instruction type allowlist (Transfer and TransferChecked only)
  3. Fee payer isolation (facilitator can't be source/authority)
  4. Payment requirements verification (amount, mint, destination ATA)

Blocks all 5 attack vectors from the security audit: SOL theft, token theft, account reallocation, governance hijack, token delegation.

Includes integration tests against mainnet for all attack vectors.

rawgroundbeef and others added 2 commits March 10, 2026 16:27
@rawgroundbeef @claude
security: validate Solana transaction instructions before co-signing
68c3bda 
Add 4-layer instruction validation to prevent malicious instructions
from being bundled into facilitator-signed Solana transactions:

1. Program ID allowlist (SPL Token, Token-2022, ATA, ComputeBudget only)
2. Token instruction type allowlist (Transfer and TransferChecked only)
3. Fee payer isolation (facilitator can't be source/authority)
4. Payment requirements verification (amount, mint, destination ATA)

Blocks all 5 attack vectors from the security audit: SOL theft,
token theft, account reallocation, governance hijack, token delegation.

Includes integration tests against mainnet for all attack vectors.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@rawgroundbeef @claude
chore: make test endpoint configurable via TEST_ENDPOINT env var
04a25da 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel Bot commented Mar 10, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
openfacilitator-dashboard Ready Ready Preview, Comment Mar 10, 2026 8:49pm

Request Review

@railway-app railway-app Bot temporarily deployed to valiant-charm / solana-instruction-validation March 10, 2026 20:36 Inactive
@rawgroundbeef @claude
fix: derive Solana fee payer from transaction instead of ownerAddress
b751dcf 
ownerAddress may be an EVM hex address for multi-chain facilitators.
Extract the facilitator's Solana public key from the transaction's
fee payer (index 0) which is always the correct Solana address.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@rawgroundbeef rawgroundbeef merged commit 5239f5c into main Mar 10, 2026
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rawgroundbeef