Skip to content

chore:(PRO-259) Add additional Validation Checks #209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dev-jodee merged 11 commits into from
Sep 2, 2025
Merged

chore:(PRO-259) Add additional Validation Checks #209

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
c1450ab
chore/Warn when 'All' is used for allowed_spl_paid_tokens
amilz Aug 29, 2025
06c0dc6
Update coverage badge [skip ci]
invalid-email-address Aug 29, 2025
4ac366c
wip: Add signers config validation to CLI and core
amilz Aug 29, 2025
9ce42cc
Merge branch 'main' into chore/all-token-warning
amilz Aug 29, 2025
7f76b49
Update coverage badge [skip ci]
invalid-email-address Aug 29, 2025
c73b609
refactor
amilz Aug 29, 2025
789ccb7
Merge branch 'main' into chore/all-token-warning
amilz Aug 29, 2025
2eeba02
Update coverage badge [skip ci]
invalid-email-address Aug 29, 2025
69b883a
chore: Increase test setup timeout to 90 seconds
amilz Aug 29, 2025
4c4d9f6
Merge branch 'chore/all-token-warning' of https://github.com/solana-f…
amilz Aug 29, 2025
d76922c
chore: add strategy display impl
amilz Sep 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion crates/lib/src/signer/utils.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ use std::env;
use crate::KoraError;

pub fn hex_to_bytes(hex: &str) -> Result<Vec<u8>, anyhow::Error> {
if hex.len() % 2 != 0 {
if !hex.len().is_multiple_of(2) {
return Err(anyhow::anyhow!("Hex string must have even length"));
}

Expand Down
17 changes: 15 additions & 2 deletions crates/lib/src/validator/config_validator.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ use std::str::FromStr;

use crate::{
admin::token_util::find_missing_atas,
config::Token2022Config,
config::{SplTokenConfig, Token2022Config},
fee::price::PriceModel,
oracle::PriceSource,
state::get_config,
Expand Down Expand Up @@ -119,6 +119,15 @@ impl ConfigValidator {
errors.push(format!("Invalid spl paid token address: {e}"));
}

// Warn if using "All" for allowed_spl_paid_tokens
if matches!(config.validation.allowed_spl_paid_tokens, SplTokenConfig::All) {
warnings.push(
"⚠️ Using 'All' for allowed_spl_paid_tokens - this accepts ANY SPL token for payment. \
Consider using an explicit allowlist to reduce volatility risk and protect against \
potentially malicious or worthless tokens being used for fees.".to_string()
);
}

// Validate disallowed accounts
if let Err(e) = TokenUtil::check_valid_tokens(&config.validation.disallowed_accounts) {
errors.push(format!("Invalid disallowed account address: {e}"));
Expand Down Expand Up @@ -680,11 +689,15 @@ mod tests {

let _ = update_config(config);

let mock_account = create_mock_program_account();
let rpc_client = RpcMockBuilder::new().build();

let result = ConfigValidator::validate_with_result(&rpc_client, true).await;
assert!(result.is_ok());

// Check that it warns about using "All" for allowed_spl_paid_tokens
let warnings = result.unwrap();
assert!(warnings.iter().any(|w| w.contains("Using 'All' for allowed_spl_paid_tokens")));
assert!(warnings.iter().any(|w| w.contains("volatility risk")));
}

#[tokio::test]
Expand Down
Loading