#48 Fix Audit Issues

maintenance/program/src/error.rs

@@ -17,6 +17,9 @@ pub enum MaintenanceError {
     /// Wrong Authority
     #[error("Wrong Authority")]
     WrongAuthority,
+    /// Incorrect Bpf-Loader-Upgradeable Program Id
+    #[error("Incorrect Bpf-Loader-Upgradeable Program Id")]
+    IncorrectBpfLoaderProgramId,
     /// Buffer Data Offset Error
     #[error("Buffer Data Offset Error")]
     BufferDataOffsetError,

maintenance/program/src/instruction.rs

@@ -71,10 +71,12 @@ pub enum MaintenanceInstruction {
 
     /// Closes MaintenanceRecord owned by the program
     ///
-    /// 0. `[writable]` MaintenanceRecord
-    /// 1. `[]` Maintained program data account
-    /// 2. `[signer]` Authority
-    /// 3. `[writable]` Spill destination
+    /// 0. `[]` Bpf Loader Upgradeable Program Id
+    /// 1. `[writable]` MaintenanceRecord
+    /// 2. `[]` Maintained program account
+    /// 3. `[]` Maintained program data account
+    /// 4. `[signer]` Authority
+    /// 5. `[writable]` Spill destination
     CloseMaintenance { },
 }
 

maintenance/program/src/processor.rs

@@ -5,6 +5,7 @@ use borsh::{ BorshDeserialize, BorshSerialize };
 use solana_program::{
     account_info::{next_account_info, AccountInfo},
     bpf_loader_upgradeable::{
+        self,
         set_upgrade_authority,
         upgrade,
         UpgradeableLoaderState,
@@ -92,7 +93,7 @@ pub fn process_create_maintenance(
 
     let maintenance_record_data = MaintenanceRecord {
         account_type: MaintenanceAccountType::MaintenanceRecord,
-        address: *address_info.key,
+        maintained_address: *address_info.key,
         authority: *authority_info.key,
         delegate: Vec::new(),
         hashes: Vec::new(),
@@ -321,6 +322,10 @@ pub fn process_close_maintenance(
         return Err(MaintenanceError::MissingRequiredSigner.into());
     }
 
+    if !bpf_loader_upgradeable::check_id(bpf_loader_program_info.key) {
+        return Err(MaintenanceError::IncorrectBpfLoaderProgramId.into());
+    }
+
     if maintenance_record_info.key == spill_info.key {
         return Err(MaintenanceError::MaintenanceRecordAccountMatchesSpillAccount.into());
     }
@@ -329,7 +334,7 @@ pub fn process_close_maintenance(
     let maintenance_record = get_account_data::<MaintenanceRecord>(program_id, maintenance_record_info)?;
 
     if *maintained_program_data_info.key != maintained_program_data ||
-        *maintained_program_info.key != maintenance_record.address {
+        *maintained_program_info.key != maintenance_record.maintained_address {
         return Err(MaintenanceError::WrongProgramDataForMaintenanceRecord.into());
     }
 

maintenance/program/src/state.rs

@@ -19,7 +19,7 @@ pub enum MaintenanceAccountType {
 #[derive(Clone, Debug, PartialEq, BorshDeserialize, BorshSerialize, BorshSchema)]
 pub struct MaintenanceRecord {
     pub account_type: MaintenanceAccountType,
-    pub address: Pubkey,
+    pub maintained_address: Pubkey,
     pub authority: Pubkey,
     pub delegate: Vec<Pubkey>,
     pub hashes: Vec<Hash>,
@@ -49,7 +49,7 @@ mod tests {
     fn test_maintenance_record_packing() {
         let maintenance_record_source = MaintenanceRecord {
             account_type: MaintenanceAccountType::MaintenanceRecord,
-            address: Pubkey::new_unique(),
+            maintained_address: Pubkey::new_unique(),
             authority: Pubkey::new_unique(),
             delegate: Vec::new(),
             hashes: Vec::new(),