diff --git a/programs/stake/src/stake_instruction.rs b/programs/stake/src/stake_instruction.rs index 5e3b450181515b..49c89cce9b7d6b 100644 --- a/programs/stake/src/stake_instruction.rs +++ b/programs/stake/src/stake_instruction.rs @@ -139,6 +139,7 @@ pub fn process_instruction( me.initialize(&authorized, &lockup, &rent) } StakeInstruction::Authorize(authorized_pubkey, stake_authorize) => { + instruction_context.check_number_of_instruction_accounts(3)?; let require_custodian_for_locked_stake_authorize = invoke_context .feature_set .is_active(&feature_set::require_custodian_for_locked_stake_authorize::id()); @@ -1501,6 +1502,11 @@ mod tests { is_signer: false, is_writable: false, }, + AccountMeta { + pubkey: authority_address, + is_signer: false, + is_writable: false, + }, ]; // should fail, uninit @@ -1567,11 +1573,7 @@ mod tests { // Test a second authorization by the new authority_address instruction_accounts[0].is_signer = false; - instruction_accounts.push(AccountMeta { - pubkey: authority_address, - is_signer: true, - is_writable: false, - }); + instruction_accounts[2].is_signer = true; let accounts = process_instruction( &serialize(&StakeInstruction::Authorize( authority_address_2, @@ -1666,6 +1668,11 @@ mod tests { is_signer: false, is_writable: false, }, + AccountMeta { + pubkey: authority_address, + is_signer: false, + is_writable: false, + }, ]; // Authorize a staker pubkey and move the withdrawer key into cold storage. @@ -1683,11 +1690,7 @@ mod tests { // Attack! The stake key (a hot key) is stolen and used to authorize a new staker. instruction_accounts[0].is_signer = false; - instruction_accounts.push(AccountMeta { - pubkey: authority_address, - is_signer: true, - is_writable: false, - }); + instruction_accounts[2].is_signer = true; let accounts = process_instruction( &serialize(&StakeInstruction::Authorize( mallory_address, @@ -1714,7 +1717,7 @@ mod tests { // Verify the withdrawer (pulled from cold storage) can save the day. instruction_accounts[0].is_signer = true; - instruction_accounts.pop(); + instruction_accounts[2].is_signer = false; let accounts = process_instruction( &serialize(&StakeInstruction::Authorize( authority_address, @@ -1729,11 +1732,11 @@ mod tests { // Attack! Verify the staker cannot be used to authorize a withdraw. instruction_accounts[0].is_signer = false; - instruction_accounts.push(AccountMeta { + instruction_accounts[2] = AccountMeta { pubkey: mallory_address, is_signer: true, is_writable: false, - }); + }; process_instruction( &serialize(&StakeInstruction::Authorize( authority_address, @@ -1973,6 +1976,11 @@ mod tests { is_signer: false, is_writable: false, }, + AccountMeta { + pubkey: authority_address, + is_signer: false, + is_writable: false, + }, ], Ok(()), ); @@ -3571,6 +3579,11 @@ mod tests { is_signer: false, is_writable: false, }, + AccountMeta { + pubkey: authorized_address, + is_signer: false, + is_writable: false, + }, ], Ok(()), );