fix: system program add signer mut account check (#1808)

* fix: system program add signer mut account check

* chore: simplify check_account_info_mut

* fix tests

Author: ananas-block

program-libs/account-checks/src/checks.rs

@@ -24,9 +24,7 @@ pub fn check_account_info_mut<T: Discriminator, A: AccountInfoTrait>(
     program_id: &[u8; 32],
     account_info: &A,
 ) -> Result<(), AccountError> {
-    if !account_info.is_writable() {
-        return Err(AccountError::AccountMutable);
-    }
+    check_mut(account_info)?;
     check_account_info::<T, A>(program_id, account_info)
 }
 
@@ -39,7 +37,6 @@ pub fn check_account_info_non_mut<T: Discriminator, A: AccountInfoTrait>(
     account_info: &A,
 ) -> Result<(), AccountError> {
     check_non_mut(account_info)?;
-
     check_account_info::<T, A>(program_id, account_info)
 }
 
@@ -121,6 +118,13 @@ pub fn check_signer<A: AccountInfoTrait>(account_info: &A) -> Result<(), Account
     Ok(())
 }
 
+pub fn check_mut<A: AccountInfoTrait>(account_info: &A) -> Result<(), AccountError> {
+    if !account_info.is_writable() {
+        return Err(AccountError::AccountNotMutable);
+    }
+    Ok(())
+}
+
 pub fn check_owner<A: AccountInfoTrait>(
     owner: &[u8; 32],
     account_info: &A,

program-libs/account-checks/tests/tests.rs

@@ -170,7 +170,7 @@ fn test_check_account_info_mut() {
         set_discriminator::<TestStruct>(&mut account.data).unwrap();
         assert_eq!(
             check_account_info_mut::<TestStruct, _>(&owner.to_bytes(), &account.get_account_info()),
-            Err(AccountError::AccountMutable)
+            Err(AccountError::AccountNotMutable)
         );
     }
 
@@ -193,7 +193,7 @@ fn test_check_account_info_mut() {
         account_info_init::<TestStruct, _>(&account).unwrap();
         assert_eq!(
             check_account_info_mut::<TestStruct, _>(&owner, &account),
-            Err(AccountError::AccountMutable)
+            Err(AccountError::AccountNotMutable)
         );
     }
 }
@@ -298,6 +298,49 @@ fn test_check_non_mut() {
     }
 }
 
+// 4.5. check_mut tests - 4 tests total
+#[test]
+fn test_check_mut() {
+    // Solana success case
+    #[cfg(feature = "solana")]
+    {
+        let key = create_pubkey();
+        let owner = create_pubkey();
+        let mut account = create_test_account_solana(key, owner, 16, true);
+        assert!(check_mut(&account.get_account_info()).is_ok());
+    }
+
+    // Solana failure case (not writable)
+    #[cfg(feature = "solana")]
+    {
+        let key = create_pubkey();
+        let owner = create_pubkey();
+        let mut account = create_test_account_solana(key, owner, 16, false);
+        assert_eq!(
+            check_mut(&account.get_account_info()),
+            Err(AccountError::AccountNotMutable)
+        );
+    }
+
+    // Pinocchio success case
+    #[cfg(feature = "pinocchio")]
+    {
+        let key = [1u8; 32];
+        let owner = [2u8; 32];
+        let account = create_test_account_pinocchio(key, owner, 16, true, false, false);
+        assert!(check_mut(&account).is_ok());
+    }
+
+    // Pinocchio failure case (not writable)
+    #[cfg(feature = "pinocchio")]
+    {
+        let key = [1u8; 32];
+        let owner = [2u8; 32];
+        let account = create_test_account_pinocchio(key, owner, 16, false, false, false);
+        assert_eq!(check_mut(&account), Err(AccountError::AccountNotMutable));
+    }
+}
+
 // 5. check_account_info tests - 6 tests total
 #[test]
 fn test_check_account_info() {

programs/system/src/accounts/account_checks.rs

@@ -1,6 +1,6 @@
 use light_account_checks::checks::{
-    check_discriminator, check_non_mut, check_owner, check_pda_seeds, check_pda_seeds_with_bump,
-    check_program, check_signer,
+    check_discriminator, check_mut, check_non_mut, check_owner, check_pda_seeds,
+    check_pda_seeds_with_bump, check_program, check_signer,
 };
 use light_compressed_account::{
     constants::ACCOUNT_COMPRESSION_PROGRAM_ID, instruction_data::traits::AccountOptions,
@@ -16,6 +16,7 @@ use crate::{
 pub fn check_fee_payer(fee_payer: Option<&AccountInfo>) -> Result<&AccountInfo> {
     let fee_payer = fee_payer.ok_or(ProgramError::NotEnoughAccountKeys)?;
     check_signer(fee_payer).map_err(ProgramError::from)?;
+    check_mut(fee_payer).map_err(ProgramError::from)?;
     Ok(fee_payer)
 }
 

programs/system/src/invoke/instruction.rs

@@ -1,3 +1,4 @@
+use light_account_checks::checks::check_signer;
 use pinocchio::{account_info::AccountInfo, program_error::ProgramError};
 
 use crate::{
@@ -46,7 +47,8 @@ impl<'info> InvokeInstruction<'info> {
         let fee_payer = check_fee_payer(accounts.next())?;
 
         // Fee payer and authority can be the same account in case of invoke.
-        let authority = check_fee_payer(accounts.next())?;
+        let authority = accounts.next().ok_or(ProgramError::NotEnoughAccountKeys)?;
+        check_signer(authority).map_err(ProgramError::from)?;
 
         let registered_program_pda = check_non_mut_account_info(accounts.next())?;