fix: Compute the hash of input accounts on-chain

Lightprotocol · Aug 9, 2024 · 7d0f247 · 7d0f247
1 parent 7d7bccb
commit 7d0f247
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 9 deletions.
diff --git a/examples/name-service/programs/name-service/src/lib.rs b/examples/name-service/programs/name-service/src/lib.rs
@@ -78,7 +78,7 @@ pub mod name_service {
         rdata: RData,
         cpi_context: Option<CompressedCpiContext>,
     ) -> Result<()> {
-        signer_check(&ctx, &compressed_account)?;
+        signer_and_hash_check(&ctx, &compressed_account)?;
 
         let record = NameRecord {
             owner: ctx.accounts.signer.key(),
@@ -114,7 +114,7 @@ pub mod name_service {
         proof: CompressedProof,
         cpi_context: Option<CompressedCpiContext>,
     ) -> Result<()> {
-        signer_check(&ctx, &compressed_account)?;
+        signer_and_hash_check(&ctx, &compressed_account)?;
 
         let signer_seed = b"cpi_signer".as_slice();
         let bump = Pubkey::find_program_address(&[signer_seed], &ctx.accounts.self_program.key()).1;
@@ -160,6 +160,8 @@ pub enum CustomError {
     Unauthorized,
     #[msg("Record account has no data")]
     NoData,
+    #[msg("Provided data hash does not match the computed hash")]
+    InvalidDataHash,
 }
 
 #[light_accounts]
@@ -184,10 +186,16 @@ impl light_hasher::DataHasher for NameRecord {
     }
 }
 
-fn signer_check(
+fn signer_and_hash_check(
     ctx: &Context<'_, '_, '_, '_, NameService<'_>>,
     compressed_account: &PackedCompressedAccountWithMerkleContext,
 ) -> Result<()> {
+    let compressed_account_data = compressed_account
+        .compressed_account
+        .data
+        .as_ref()
+        .ok_or(CustomError::Unauthorized)?;
+
     let record = NameRecord::deserialize(
         &mut compressed_account
             .compressed_account
@@ -197,11 +205,16 @@ fn signer_check(
             .data
             .as_slice(),
     )?;
-    if ctx.accounts.signer.key() == record.owner {
-        Ok(())
-    } else {
-        err!(CustomError::Unauthorized)
+    if ctx.accounts.signer.key() != record.owner {
+        return err!(CustomError::Unauthorized);
     }
+
+    let hash = record.hash::<Poseidon>().map_err(ProgramError::from)?;
+    if compressed_account_data.data_hash != hash {
+        return err!(CustomError::InvalidDataHash);
+    }
+
+    Ok(())
 }
 
 fn create_compressed_account(

diff --git a/examples/name-service/programs/name-service/tests/test.rs b/examples/name-service/programs/name-service/tests/test.rs
@@ -6,12 +6,11 @@ use std::net::{Ipv4Addr, Ipv6Addr};
 use anchor_lang::solana_program::hash;
 use anchor_lang::{AnchorDeserialize, InstructionData, ToAccountMetas};
 use light_compressed_token::process_transfer::transfer_sdk::to_account_metas;
-use light_system_program::sdk::address::{derive_address, pack_new_address_params};
+use light_system_program::sdk::address::derive_address;
 use light_system_program::sdk::compressed_account::{
     CompressedAccountWithMerkleContext, PackedCompressedAccountWithMerkleContext,
     PackedMerkleContext,
 };
-use light_system_program::NewAddressParams;
 use light_test_utils::indexer::{test_indexer::TestIndexer, Indexer};
 use light_test_utils::rpc::rpc_connection::RpcConnection;
 use light_test_utils::rpc::ProgramTestRpcConnection;