Update program upgrade authority check to use PDA (#313)

* Update authority check to use PDA

* Format

* Update comments

Author: guibescos

program/rust/src/processor/upd_permissions.rs

@@ -39,21 +39,16 @@ pub fn upd_permissions(
     accounts: &[AccountInfo],
     instruction_data: &[u8],
 ) -> ProgramResult {
-    let [funding_account, program_account, programdata_account, permissions_account, system_program] =
-        match accounts {
-            [v, w, x, y, z] => Ok([v, w, x, y, z]),
-            _ => Err(OracleError::InvalidNumberOfAccounts),
-        }?;
+    let [funding_account, programdata_account, permissions_account, system_program] = match accounts
+    {
+        [w, x, y, z] => Ok([w, x, y, z]),
+        _ => Err(OracleError::InvalidNumberOfAccounts),
+    }?;
 
     let cmd_args = load::<UpdPermissionsArgs>(instruction_data)?;
 
     check_valid_funding_account(funding_account)?;
-    check_is_upgrade_authority_for_program(
-        funding_account,
-        program_account,
-        programdata_account,
-        program_id,
-    )?;
+    check_is_upgrade_authority_for_program(funding_account, programdata_account, program_id)?;
 
     let (permission_pda_address, bump_seed) =
         Pubkey::find_program_address(&[PERMISSIONS_SEED.as_bytes()], program_id);

program/rust/src/tests/pyth_simulator.rs

@@ -86,7 +86,10 @@ impl PythSimulator {
 
         let mut program_test = ProgramTest::default();
         let program_key = Pubkey::new_unique();
-        let programdata_key = Pubkey::new_unique();
+        // This PDA is the actual address in the real world
+        // https://docs.rs/solana-program/1.6.4/solana_program/bpf_loader_upgradeable/index.html
+        let (programdata_key, _) =
+            Pubkey::find_program_address(&[&program_key.to_bytes()], &bpf_loader_upgradeable::id());
 
         let upgrade_authority_keypair = Keypair::new();
 
@@ -368,7 +371,6 @@ impl PythSimulator {
             bytes_of(&cmd_args),
             vec![
                 AccountMeta::new(payer.pubkey(), true),
-                AccountMeta::new_readonly(self.program_id, false),
                 AccountMeta::new_readonly(self.programdata_id, false),
                 AccountMeta::new(permissions_pubkey, false),
                 AccountMeta::new_readonly(system_program::id(), false),

program/rust/src/utils.rs

@@ -20,7 +20,10 @@ use {
     num_traits::FromPrimitive,
     solana_program::{
         account_info::AccountInfo,
-        bpf_loader_upgradeable::UpgradeableLoaderState,
+        bpf_loader_upgradeable::{
+            self,
+            UpgradeableLoaderState,
+        },
         program::invoke,
         program_error::ProgramError,
         pubkey::Pubkey,
@@ -208,45 +211,28 @@ pub fn is_component_update(cmd_args: &UpdPriceArgs) -> Result<bool, OracleError>
 }
 
 
-/// These 3 accounts need to get passed to make sure that the upgrade authority is signing the
-/// transaction
-/// - `program_account` is the program at address `program_id`. It just contains a pointer to the
-///   `programdata_account`
-/// - `programdata_account` has an `upgrade_authority_address` field that needs to match
-///   `upgrade_authority.key`
+/// Check that `programdata_account` is actually the buffer for `program_id`.
+/// Check that the authority in `programdata_account` matches `upgrade_authority_account`.
 pub fn check_is_upgrade_authority_for_program(
     upgrade_authority_account: &AccountInfo,
-    program_account: &AccountInfo,
     programdata_account: &AccountInfo,
     program_id: &Pubkey,
 ) -> Result<(), ProgramError> {
-    let program_deserialized: UpgradeableLoaderState =
-        bincode::deserialize(&program_account.try_borrow_data()?)
-            .map_err(|_| OracleError::DeserializationError)?;
     let programdata_deserialized: UpgradeableLoaderState =
         bincode::deserialize(&programdata_account.try_borrow_data()?)
             .map_err(|_| OracleError::DeserializationError)?;
 
-    // 1. program_account is actually this program's account
+    // 1. programdata_account is actually this program's buffer
+    let (programdata_address, _) =
+        Pubkey::find_program_address(&[&program_id.to_bytes()], &bpf_loader_upgradeable::id());
+
     pyth_assert(
-        program_account.key.eq(program_id) && program_account.executable,
+        programdata_address.eq(programdata_account.key),
         OracleError::InvalidUpgradeAuthority.into(),
     )?;
 
-    // 2. programdata_account is actually this program's buffer
-    if let UpgradeableLoaderState::Program {
-        programdata_address,
-    } = program_deserialized
-    {
-        pyth_assert(
-            programdata_address.eq(programdata_account.key),
-            OracleError::InvalidUpgradeAuthority.into(),
-        )?;
-    } else {
-        return Err(OracleError::InvalidUpgradeAuthority.into());
-    }
 
-    // 3. upgrade_authority_account is actually the authority inside programdata_account
+    // 2. upgrade_authority_account is actually the authority inside programdata_account
     if let UpgradeableLoaderState::ProgramData {
         slot: _,
         upgrade_authority_address: Some(upgrade_authority_key),