Assessment reportsPublic findings
Back to Zellic site
Assessment reports>BPF Stake Program>Threat Model>Instruction: Authorize
GeneralOverview
DiscussionTest suite
Threat ModelWhat are threat models?
solana-stake-programInstruction: AuthorizeCheckedWithSeedInstruction: AuthorizeCheckedInstruction: AuthorizeWithSeedInstruction: AuthorizeInstruction: DeactivateDelinquentInstruction: DeactivateInstruction: DelegateStakeInstruction: GetMinimumDelegationInstruction: InitializeCheckedInstruction: InitializeInstruction: MergeInstruction: MoveLamportsInstruction: MoveStakeInstruction: RedelegateInstruction: SetLockupCheckedInstruction: SetLockupInstruction: SplitInstruction: Withdraw
Audit ResultsAssessment Results

Instruction: Authorize

This instruction updates the stake or withdraw authority of a stake account who manages stake or withdrawal.

Input structure

pub enum StakeAuthorize { Staker, Withdrawer, } pub enum StakeInstruction { /// # Account references /// 0. `[WRITE]` Stake account to be updated /// 1. `[]` Clock sysvar /// 2. `[SIGNER]` The stake or withdraw authority /// 3. Optional: `[SIGNER]` Lockup authority, if updating StakeAuthorize::Withdrawer before /// lockup expiration Authorize(Pubkey, StakeAuthorize), } fn process_authorize( accounts: &[AccountInfo], new_authority: Pubkey, authority_type: StakeAuthorize, ) -> ProgramResult {

Parameters

  • new_authority: The new authority to update.

  • authority_type: The type of authority to update.

Accounts

  • stake_account: The stake account to be updated.

    • Signer: No.

    • Init: No.

    • PDA: No.

    • Writable: Yes.

    • Rent checks: None.

    • Ownership checks: The account must be owned by the program.

    • Address checks: None.

  • clock: The account must be a clock sysvar.

  • stake_or_withdraw_authority: Unused.

  • option_lockup_authority (optional): The lockup authority account, if updating StakeAuthorize::Withdrawer before lockup expiration.

    • Signer: Yes.

    • Init: No.

    • PDA: No.

    • Writable: No.

    • Rent checks: None.

    • Ownership checks: None.

    • Address checks: None.

Additional checks and behavior

  • lockup_authority must be a signer if provided.

  • When updating the staker, either the current staker or the withdrawer of the stake account must be a signer.

  • When updating the withdrawer, the current withdrawer of the stake account must be a signer.

  • When updating the withdrawer, the lockup must not be in force or the custodian must be a signer.

  • The stake account authority is updated with the provided new_authorized key.

Zellic © 2025Back to top ↑