Open
Description
The missing signer check lint will warn on the from account despite being implicitly checked by the system's transfer instruction (It creates an instruction with AccountMeta:new(from, is_signer:true)). We can check if accounts are used in instructions for which they are required to be signers to improve the precision.
Example false positive:
pub fn my_transfer_func<'a>(
from: &AccountInfo<'a>,
to: &AccountInfo<'a>,
system_program: &AccountInfo<'a>,
amount: u64,
) -> Result<(), ProgramError> {
let instruction = transfer(from.key, to.key, amount);
// [...]
invoke(
&instruction,
&[from.clone(), to.clone(), system_program.clone()],
)?;
Ok(())
}