Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Pinocchio and p-token>Discussion>The invoke_signed function now enforces account order
GeneralOverview
Findings
Critical (1)
High (3)
Medium (1)
Low (3)
Informational (1)
DiscussionNew off-chain implementation of impl_sysvar_get may return different ProgramErrorMissing unsafe in validate_owner functionMissing mut in Pinocchio testsAccounting error in batched instructionsUsage of magic numbers in various locationsThe invoke_signed function now enforces account orderLess robust Pubkey definitionStatically compute max_digits in log macroMessage difference in process_initialize_immutable_ownerThe withdraw_excess_lamports function does not prevent self-transfersThe Default trait implementation for Rent sysvar differs from solana-program
Audit ResultsAssessment Results

The invoke_signed function now enforces account order

In its current implementation, the invoked_signed function does not care about the order of AccountInfo passed to it. The only requirement is that the slice of AccountInfo contains all that is required for the call to succeed.

Pinocchio's stated goal is to be a near drop-in replacement for the current program, so this change in logic is a small but potentially important difference in behavior.

The new implementation of invoke_signed does require the AccountInfo to be in the correct order, otherwise the CPI call will fail.

pub fn invoke_signed<const ACCOUNTS: usize>(
    instruction: &Instruction,
    account_infos: &[&AccountInfo; ACCOUNTS],
    signers_seeds: &[Signer],
) -> ProgramResult {
    if instruction.accounts.len() < ACCOUNTS {
        return Err(ProgramError::NotEnoughAccountKeys);
    }

    const UNINIT: MaybeUninit<Account> = MaybeUninit::<Account>::uninit();
    let mut accounts = [UNINIT; ACCOUNTS];

    for index in 0..ACCOUNTS {
!        let account_info = account_infos[index];
!        let account_meta = &instruction.accounts[index];

!        if account_info.key() != account_meta.pubkey {
            return Err(ProgramError::InvalidArgument);
        }
        ...
    }
    ...

Zellic © 2025Back to top ↑