Zellic - Audit Reports

`verify_message`

This instruction can be used to verify the legitimacy of a price feed update.

The instruction handler collects the required fee amount specified by the single_update_fee_in_lamports of the storage account, transferring it from the payer account to the treasury account.

It then verifies that the message data was correctly signed by ensuring that the transaction contains an instruction invoking the ed25519 system program which ensures a price feed update was validly signed by one of the currently active trusted signers.

Verification of the ed25519 instruction requires several checks, including:

ensuring that the instruction indices used to retrieve the signature, public key, and signed message by the ed25519 instruction refer to the current verify_message instruction
ensuring that the ed25519 instruction index is lower than the current verify_message instruction
(implicitly) ensuring that at least one signature is present
ensuring that the signed data starts with the magic value SOLANA_FORMAT_MAGIC_LE (2182742457) to disambiguate messages that may have been signed for other purposes
ensuring the signer pubkey appears in the set of trusted signers
ensuring the signer trust has not expired
ensuring that the offsets for the signature, signer pubkey, and payload provided to the ed25519 instruction are consistent with the offsets used by verify_message
ensuring that the payload length is consistent

Note that the offset checks are implemented incorrectly, allowing a complete bypass of the signature verification checks. Refer to finding ref↗ for a more in-depth discussion of the issue.

Arguments

message_data: signed message that is being verified
ed25519_instruction_index: index of the ed25519_program instruction within the transaction. This instruction must precede the current instruction
signature_index: index of the signature within the inputs to the ed25519_program
message_offset: offset of the signed message within the input data for the current instruction

Accounts

payer: account paying for the price feed verification fees
- Anchor flags: signer, mut
storage: account storing Lazer configuration
- Seed: STORAGE_SEED (fixed constant)
- Notes: the storage account must have been migrated, deserialization would fail for a legacy-layout account due to mismatching size
treasury: Treasury token account used to collect fees
- Checks: Must match the treasury field of the storage account
instructions_sysvar: Sysvar account used for instruction introspection
- Notes: this is taken as a raw AccountInfo; the account ID is checked by the Solana SDK functions that receive it as an argument

Tests

Positive cases

Allows to verify a payload signed by an authorized signer

Negative cases

Rejects payloads with an invalid signature (invocation of a program different than ec25519)

Rejects payloads with an invalid signature (not originating from a trusted signer)

Rejects payloads with an invalid signature (originating from an expired trusted signer)

Rejects invalid payloads (not starting with the correct magic)

Rejects all combinations of invalid offsets

Note: this test was added as part of the remediations