fix: solana audit 3 (#1334)

* Audit 3

* Go

* Move it before sig verification

* Comment

Author: guibescos

target_chains/solana/programs/pyth-solana-receiver/src/lib.rs

@@ -38,6 +38,7 @@ use {
         state::GuardianSet,
     },
     wormhole_raw_vaas::{
+        utils::quorum,
         GuardianSetSig,
         Vaa,
     },
@@ -52,6 +53,7 @@ declare_id!(pyth_solana_receiver_state::ID);
 pub mod pyth_solana_receiver {
     use super::*;
 
+
     pub fn initialize(ctx: Context<Initialize>, initial_config: Config) -> Result<()> {
         require!(
             initial_config.minimum_signatures > 0,
@@ -71,6 +73,12 @@ pub mod pyth_solana_receiver {
         Ok(())
     }
 
+    pub fn cancel_governance_authority_transfer(ctx: Context<Governance>) -> Result<()> {
+        let config = &mut ctx.accounts.config;
+        config.target_governance_authority = None;
+        Ok(())
+    }
+
     pub fn accept_governance_authority_transfer(
         ctx: Context<AcceptGovernanceAuthorityTransfer>,
     ) -> Result<()> {
@@ -82,6 +90,7 @@ pub mod pyth_solana_receiver {
         Ok(())
     }
 
+
     pub fn set_data_sources(
         ctx: Context<Governance>,
         valid_data_sources: Vec<DataSource>,
@@ -142,11 +151,19 @@ pub mod pyth_solana_receiver {
         );
 
         let guardian_keys = &guardian_set.keys;
+        let quorum = quorum(guardian_keys.len());
         require_gte!(
             vaa.signature_count(),
             config.minimum_signatures,
             ReceiverError::InsufficientGuardianSignatures
         );
+        let verification_level = if usize::from(vaa.signature_count()) >= quorum {
+            VerificationLevel::Full
+        } else {
+            VerificationLevel::Partial {
+                num_signatures: vaa.signature_count(),
+            }
+        };
 
         // Generate the same message hash (using keccak) that the Guardians used to generate their
         // signatures. This message hash will be hashed again to produce the digest for
@@ -178,11 +195,9 @@ pub mod pyth_solana_receiver {
         let price_update_account = &mut ctx.accounts.price_update_account;
 
         let vaa_components = VaaComponents {
-            verification_level: VerificationLevel::Partial {
-                num_signatures: vaa.signature_count(),
-            },
-            emitter_address:    vaa.body().emitter_address(),
-            emitter_chain:      vaa.body().emitter_chain(),
+            verification_level,
+            emitter_address: vaa.body().emitter_address(),
+            emitter_chain: vaa.body().emitter_chain(),
         };
 
         post_price_update_from_vaa(

target_chains/solana/programs/pyth-solana-receiver/src/sdk.rs

@@ -238,6 +238,17 @@ impl instruction::RequestGovernanceAuthorityTransfer {
     }
 }
 
+impl instruction::CancelGovernanceAuthorityTransfer {
+    pub fn populate(payer: Pubkey) -> Instruction {
+        let governance_accounts = accounts::Governance::populate(payer).to_account_metas(None);
+        Instruction {
+            program_id: ID,
+            accounts:   governance_accounts,
+            data:       instruction::CancelGovernanceAuthorityTransfer.data(),
+        }
+    }
+}
+
 impl instruction::AcceptGovernanceAuthorityTransfer {
     pub fn populate(payer: Pubkey) -> Instruction {
         let governance_accounts =

target_chains/solana/programs/pyth-solana-receiver/tests/test_governance.rs

@@ -9,6 +9,7 @@ use {
         error::ReceiverError,
         instruction::{
             AcceptGovernanceAuthorityTransfer,
+            CancelGovernanceAuthorityTransfer,
             RequestGovernanceAuthorityTransfer,
             SetDataSources,
             SetFee,
@@ -372,6 +373,81 @@ async fn test_governance() {
         into_transaction_error(ReceiverError::TargetGovernanceAuthorityMismatch)
     );
 
+
+    // Undo the request
+    program_simulator
+        .process_ix_with_default_compute_limit(
+            CancelGovernanceAuthorityTransfer::populate(governance_authority.pubkey()),
+            &vec![&governance_authority],
+            None,
+        )
+        .await
+        .unwrap();
+
+    current_config = program_simulator
+        .get_anchor_account_data::<Config>(get_config_address())
+        .await
+        .unwrap();
+    assert_eq!(
+        current_config.governance_authority,
+        initial_config.governance_authority
+    );
+    assert_eq!(current_config.target_governance_authority, None);
+    assert_eq!(current_config.wormhole, new_config.wormhole);
+    assert_eq!(
+        current_config.valid_data_sources,
+        new_config.valid_data_sources
+    );
+    assert_eq!(
+        current_config.single_update_fee_in_lamports,
+        new_config.single_update_fee_in_lamports
+    );
+    assert_eq!(
+        current_config.minimum_signatures,
+        new_config.minimum_signatures
+    );
+
+
+    // Redo the request
+    program_simulator
+        .process_ix_with_default_compute_limit(
+            RequestGovernanceAuthorityTransfer::populate(
+                governance_authority.pubkey(),
+                new_governance_authority.pubkey(),
+            ),
+            &vec![&governance_authority],
+            None,
+        )
+        .await
+        .unwrap();
+
+    current_config = program_simulator
+        .get_anchor_account_data::<Config>(get_config_address())
+        .await
+        .unwrap();
+    assert_eq!(
+        current_config.governance_authority,
+        initial_config.governance_authority
+    );
+    assert_eq!(
+        current_config.target_governance_authority,
+        Some(new_governance_authority.pubkey())
+    );
+    assert_eq!(current_config.wormhole, new_config.wormhole);
+    assert_eq!(
+        current_config.valid_data_sources,
+        new_config.valid_data_sources
+    );
+    assert_eq!(
+        current_config.single_update_fee_in_lamports,
+        new_config.single_update_fee_in_lamports
+    );
+    assert_eq!(
+        current_config.minimum_signatures,
+        new_config.minimum_signatures
+    );
+
+
     // New authority can accept
     program_simulator
         .process_ix_with_default_compute_limit(

target_chains/solana/programs/pyth-solana-receiver/tests/test_post_price_update_from_vaa.rs

@@ -34,6 +34,7 @@ use {
             create_accumulator_message,
             create_dummy_price_feed_message,
             create_dummy_twap_message,
+            trim_vaa_signatures,
             DEFAULT_DATA_SOURCE,
             SECONDARY_DATA_SOURCE,
         },
@@ -348,7 +349,7 @@ async fn test_post_price_update_from_vaa() {
     assert_eq!(price_update_account.write_authority, poster.pubkey());
     assert_eq!(
         price_update_account.verification_level,
-        VerificationLevel::Partial { num_signatures: 13 }
+        VerificationLevel::Full
     );
     assert_eq!(
         Message::PriceFeedMessage(price_update_account.price_message),
@@ -366,6 +367,12 @@ async fn test_post_price_update_from_vaa() {
         .await
         .unwrap();
 
+    // Change number of signatures too
+    let vaa = serde_wormhole::to_vec(&trim_vaa_signatures(
+        serde_wormhole::from_slice(&vaa).unwrap(),
+        12,
+    ))
+    .unwrap();
 
     assert_eq!(
         program_simulator
@@ -395,14 +402,15 @@ async fn test_post_price_update_from_vaa() {
     )
     .await;
 
+    // Transaction failed, so the account should not have been updated
     price_update_account = program_simulator
         .get_anchor_account_data::<PriceUpdateV1>(price_update_keypair.pubkey())
         .await
         .unwrap();
     assert_eq!(price_update_account.write_authority, poster.pubkey());
     assert_eq!(
         price_update_account.verification_level,
-        VerificationLevel::Partial { num_signatures: 13 }
+        VerificationLevel::Full
     );
     assert_eq!(
         Message::PriceFeedMessage(price_update_account.price_message),
@@ -455,7 +463,7 @@ async fn test_post_price_update_from_vaa() {
     assert_eq!(price_update_account.write_authority, poster.pubkey());
     assert_eq!(
         price_update_account.verification_level,
-        VerificationLevel::Partial { num_signatures: 13 },
+        VerificationLevel::Partial { num_signatures: 12 }
     );
     assert_eq!(
         Message::PriceFeedMessage(price_update_account.price_message),