solana-lints icon indicating copy to clipboard operation
solana-lints copied to clipboard
verified publisher icon crytic

Lint 10: sysvar-address-check

Open oslfmt opened this issue 3 years ago • 1 comments

Short and sweet lint that addresses this issue by flagging any calls to bincode::deserialize() (resolving to a type implementing Sysvar trait) and advising user to use from_account_info() instead (the way they should do it).

There could be another variation of this lint that performs a key check. This variation has the trade-off that it will avoid false positives, but if the key check is not robust enough, it will leave out some cases we want to catch.

There are many ways to perform a key check. Referencing the key field directly, calling key() (from anchor), unsigned_key(), to name a few. Then there could be != or == checks. With this in mind, I think it's difficult to implement a good key check, and better to just recommend using from_account_info().

oslfmt avatar Jul 27 '22 19:07 oslfmt

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

CLAassistant avatar Dec 30 '22 21:12 CLAassistant