Skip to content

Validate genesis account authority matches asset signer PDA#10

Draft
nhanphan wants to merge 5 commits intomainfrom
claude/enforce-agent-wallet-authority-uq5Kb
Draft

Validate genesis account authority matches asset signer PDA#10
nhanphan wants to merge 5 commits intomainfrom
claude/enforce-agent-wallet-authority-uq5Kb

Conversation

@nhanphan
Copy link
Copy Markdown
Contributor

@nhanphan nhanphan commented Apr 9, 2026

Summary

This PR adds validation to ensure that the genesis account authority matches the asset signer PDA when setting an agent token. This prevents unauthorized parties from using genesis accounts with mismatched authorities.

Key Changes

  • New Error Type: Added GenesisAuthorityMismatch error (code 0xC) to indicate when a genesis account's authority doesn't match the expected asset signer PDA

    • Updated error definitions in Rust, TypeScript, and IDL files

  • Validation Logic: Added authority check in set_agent_token_v1 processor

    • Reads the authority field from the genesis account data at offset 8
    • Compares it against the asset signer PDA
    • Returns GenesisAuthorityMismatch error if they don't match

  • Test Updates: Updated test suite to properly set genesis account authorities

    • Modified create_genesis_account helper to accept an authority parameter
    • Updated Rust tests to derive and pass the correct asset signer PDA when creating genesis accounts via Execute CPI
    • Added new test cannot_set_agent_token_with_wrong_genesis_authority to verify the validation works
    • Updated TypeScript tests with new createGenesisAccountViaExecute helper that creates genesis accounts with the asset signer as authority

Implementation Details

  • Genesis account authority is stored at offset 8 (32 bytes) in the account data
  • The validation occurs after confirming the caller is the asset signer, ensuring only authorized signers can set agent tokens
  • Tests now distinguish between genesis accounts created directly (with payer authority) vs. via Execute CPI (with asset signer authority)

https://claude.ai/code/session_018YKqGETfvvpdvHm8tVc85j

@claude
Enforce genesis account authority matches agent wallet in SetAgentTok…
862e42b 
…enV1

The SetAgentTokenV1 instruction now verifies that the authority field
stored in the genesis account matches the asset signer PDA (the agent's
core execute wallet). This ensures only the agent that launched the
token can claim it.

https://claude.ai/code/session_018YKqGETfvvpdvHm8tVc85j
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 9, 2026
edited
Loading

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6afa1308-65f4-4ae1-8448-c161af335b4d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/enforce-agent-wallet-authority-uq5Kb

Comment @coderabbitai help to get the list of available commands and usage tips.

@nhanphan nhanphan requested a review from blockiosaurus April 9, 2026 21:25
claude added 3 commits April 9, 2026 22:10
@claude
Fix JS test: propagate inner signers through mpl-core execute() wrapper
6edc5ab 
The mpl-core execute() helper doesn't propagate signers from inner
TransactionBuilder items. This caused "Transaction signature verification
failure" when wrapping initializeV2 in execute() because baseMint's
Signer object was lost. Fix by manually extracting inner signers and
adding them to the execute builder items.

https://claude.ai/code/session_018YKqGETfvvpdvHm8tVc85j
@claude
Allow pre-existing clippy lints from generated code in rust-identity …
0962658 
…client

The generated Rust client code triggers non_local_definitions (from
num_derive's FromPrimitive), clippy::new_without_default, and
unexpected_cfgs lints. These are pre-existing issues not caused by
our changes.

https://claude.ai/code/session_018YKqGETfvvpdvHm8tVc85j
@claude
Fix borrow checker errors in Rust client tests
d598c28 
Extract context.payer.pubkey() into a local variable before passing
&mut context to avoid simultaneous mutable and immutable borrows,
which fails on Rust 1.88.0 used in CI.

https://claude.ai/code/session_018YKqGETfvvpdvHm8tVc85j
nhanphan
nhanphan commented Apr 10, 2026
View reviewed changes
Comment thread clients/rust-identity/src/lib.rs Outdated
// Allow lints from generated code (num_derive, kinobi codegen).
#![allow(non_local_definitions)]
#![allow(clippy::new_without_default)]
#![allow(unexpected_cfgs)]
Copy link
Copy Markdown
Contributor Author

@nhanphan nhanphan Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why was this added

@claude
Revert unnecessary clippy allows in rust-identity lib.rs
67283b2 
CI runs clippy without -D warnings so these lints are just warnings,
not errors. The actual CI failure was the borrow checker error fixed
in the previous commit.

https://claude.ai/code/session_018YKqGETfvvpdvHm8tVc85j
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@blockiosaurus blockiosaurus Awaiting requested review from blockiosaurus

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nhanphan @claude