solana-foundation · dev-jodee · Sep 23, 2025 · Sep 23, 2025 · Sep 23, 2025
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -113,7 +113,7 @@ make test-integration
 - Tests: Payment address validation and wrong destination rejection
 
 **Multi-Signer Tests**
-- Config: `tests/src/common/fixtures/multi-signers.toml`
+- Config: `tests/src/common/fixtures/signers-multi.toml`
 - Tests: Multiple signer configurations
 
 **TypeScript Tests**

diff --git a/crates/lib/src/validator/transaction_validator.rs b/crates/lib/src/validator/transaction_validator.rs
@@ -175,11 +175,11 @@ impl TransactionValidator {
     ) -> Result<(), KoraError> {
         let system_instructions = transaction_resolved.get_or_parse_system_instructions()?;
 
-        let check_if_allowed = |address: &Pubkey, policy_allowed: bool| {
+        let check_if_allowed = |address: &Pubkey, policy_allowed: bool, instruction_type: &str| {
             if *address == self.fee_payer_pubkey && !policy_allowed {
-                return Err(KoraError::InvalidTransaction(
-                    "Fee payer cannot be used as source account".to_string(),
-                ));
+                return Err(KoraError::InvalidTransaction(format!(
+                    "Fee payer cannot be used for '{instruction_type}'",
+                )));
             }
             Ok(())
         };
@@ -189,15 +189,19 @@ impl TransactionValidator {
             system_instructions.get(&ParsedSystemInstructionType::SystemTransfer).unwrap_or(&vec![])
         {
             if let ParsedSystemInstructionData::SystemTransfer { sender, .. } = instruction {
-                check_if_allowed(sender, self.fee_payer_policy.allow_sol_transfers)?;
+                check_if_allowed(
+                    sender,
+                    self.fee_payer_policy.allow_sol_transfers,
+                    "System Transfer",
+                )?;
             }
         }
 
         for instruction in
             system_instructions.get(&ParsedSystemInstructionType::SystemAssign).unwrap_or(&vec![])
         {
             if let ParsedSystemInstructionData::SystemAssign { authority } = instruction {
-                check_if_allowed(authority, self.fee_payer_policy.allow_assign)?;
+                check_if_allowed(authority, self.fee_payer_policy.allow_assign, "System Assign")?;
             }
         }
 
@@ -209,9 +213,17 @@ impl TransactionValidator {
         {
             if let ParsedSPLInstructionData::SplTokenTransfer { owner, is_2022, .. } = instruction {
                 if *is_2022 {
-                    check_if_allowed(owner, self.fee_payer_policy.allow_token2022_transfers)?;
+                    check_if_allowed(
+                        owner,
+                        self.fee_payer_policy.allow_token2022_transfers,
+                        "Token2022 Token Transfer",
+                    )?;
                 } else {
-                    check_if_allowed(owner, self.fee_payer_policy.allow_spl_transfers)?;
+                    check_if_allowed(
+                        owner,
+                        self.fee_payer_policy.allow_spl_transfers,
+                        "SPL Token Transfer",
+                    )?;
                 }
             }
         }
@@ -220,23 +232,27 @@ impl TransactionValidator {
             spl_instructions.get(&ParsedSPLInstructionType::SplTokenApprove).unwrap_or(&vec![])
         {
             if let ParsedSPLInstructionData::SplTokenApprove { owner, .. } = instruction {
-                check_if_allowed(owner, self.fee_payer_policy.allow_approve)?;
+                check_if_allowed(owner, self.fee_payer_policy.allow_approve, "SPL Token Approve")?;
             }
         }
 
         for instruction in
             spl_instructions.get(&ParsedSPLInstructionType::SplTokenBurn).unwrap_or(&vec![])
         {
             if let ParsedSPLInstructionData::SplTokenBurn { owner, .. } = instruction {
-                check_if_allowed(owner, self.fee_payer_policy.allow_burn)?;
+                check_if_allowed(owner, self.fee_payer_policy.allow_burn, "SPL Token Burn")?;
             }
         }
 
         for instruction in
             spl_instructions.get(&ParsedSPLInstructionType::SplTokenCloseAccount).unwrap_or(&vec![])
         {
             if let ParsedSPLInstructionData::SplTokenCloseAccount { owner, .. } = instruction {
-                check_if_allowed(owner, self.fee_payer_policy.allow_close_account)?;
+                check_if_allowed(
+                    owner,
+                    self.fee_payer_policy.allow_close_account,
+                    "SPL Token Close Account",
+                )?;
             }
         }
 

diff --git a/tests/Cargo.toml b/tests/Cargo.toml
@@ -20,6 +20,14 @@ path = "tokens/main.rs"
 name = "auth"
 path = "auth/main.rs"
 
+[[test]]
+name = "adversarial"
+path = "adversarial/main.rs"
+
+[[test]]
+name = "fee_payer_policy"
+path = "fee_payer_policy/main.rs"
+
 [[test]]
 name = "multi_signer"
 path = "multi_signer/main.rs"

diff --git a/tests/adversarial/fee_payer_exploitation.rs b/tests/adversarial/fee_payer_exploitation.rs
@@ -0,0 +1,100 @@
+use crate::common::{assertions::RpcErrorAssertions, *};
+use jsonrpsee::rpc_params;
+use solana_sdk::{signer::Signer, transaction::Transaction};
+use solana_system_interface::instruction::transfer;
+use spl_associated_token_account::get_associated_token_address;
+use spl_token::instruction as token_instruction;
+
+#[tokio::test]
+async fn test_fee_payer_as_sol_transfer_source() {
+    let ctx = TestContext::new().await.expect("Failed to create test context");
+    let setup = TestAccountSetup::new().await;
+
+    let fee_payer_pubkey = FeePayerTestHelper::get_fee_payer_pubkey();
+
+    let large_sol_transfer = transfer(
+        &fee_payer_pubkey,
+        &setup.sender_keypair.pubkey(),
+        1_000_000, // 0.001 SOL in lamports
+    );
+
+    let malicious_tx = ctx
+        .transaction_builder()
+        .with_fee_payer(fee_payer_pubkey)
+        .with_spl_payment(
+            &setup.usdc_mint.pubkey(),
+            &setup.sender_keypair.pubkey(),
+            &fee_payer_pubkey,
+            10, // Small payment: 0.00001 USDC tokens (much less than 0.001 SOL value)
+        )
+        .with_instruction(large_sol_transfer)
+        .build()
+        .await
+        .expect("Failed to create transaction with fee payer as SOL source");
+
+    let result = ctx
+        .rpc_call::<serde_json::Value, _>("signTransactionIfPaid", rpc_params![malicious_tx])
+        .await;
+
+    match result {
+        Err(error) => {
+            error.assert_contains_message("Insufficient token payment");
+        }
+        Ok(_) => panic!("Expected error for fee payer as SOL transfer source"),
+    }
+}
+
+#[tokio::test]
+async fn test_fee_payer_as_spl_transfer_source() {
+    let ctx = TestContext::new().await.expect("Failed to create test context");
+    let setup = TestAccountSetup::new().await;
+
+    let fee_payer_pubkey = FeePayerTestHelper::get_fee_payer_pubkey();
+
+    let fee_payer_token_account =
+        get_associated_token_address(&fee_payer_pubkey, &setup.usdc_mint.pubkey());
+    let sender_token_account =
+        get_associated_token_address(&setup.sender_keypair.pubkey(), &setup.usdc_mint.pubkey());
+
+    // Mint tokens for the fee payer
+    setup
+        .mint_tokens_to_account(&fee_payer_token_account, 100_000)
+        .await
+        .expect("Failed to mint tokens");
+
+    // Run the test transaction
+    let large_token_transfer = token_instruction::transfer(
+        &spl_token::id(),
+        &fee_payer_token_account,
+        &sender_token_account,
+        &fee_payer_pubkey,
+        &[&fee_payer_pubkey],
+        100_000,
+    )
+    .expect("Failed to create token transfer instruction");
+
+    let malicious_tx = ctx
+        .transaction_builder()
+        .with_fee_payer(fee_payer_pubkey)
+        .with_spl_payment(
+            &setup.usdc_mint.pubkey(),
+            &setup.sender_keypair.pubkey(),
+            &fee_payer_pubkey,
+            1_000, // Smaller than the 100,000 USDC transfer
+        )
+        .with_instruction(large_token_transfer)
+        .build()
+        .await
+        .expect("Failed to create transaction with fee payer as USDC source");
+
+    let result = ctx
+        .rpc_call::<serde_json::Value, _>("signTransactionIfPaid", rpc_params![malicious_tx])
+        .await;
+
+    match result {
+        Err(error) => {
+            error.assert_contains_message("Insufficient token payment");
+        }
+        Ok(_) => panic!("Expected error for fee payer as USDC transfer source"),
+    }
+}
diff --git a/tests/adversarial/main.rs b/tests/adversarial/main.rs
@@ -0,0 +1,15 @@
+// Adversarial Basic Tests
+//
+// CONFIG: Uses tests/src/common/fixtures/kora-test.toml (permissive policies)
+// TESTS: Security and robustness testing with normal configuration
+//        - Program validation attacks (disallowed programs)
+//        - Invalid token states (frozen)
+//        - Fee payer exploitation
+
+mod fee_payer_exploitation;
+mod program_validation;
+mod token_states;
+
+// Make common utilities available
+#[path = "../src/common/mod.rs"]
+mod common;
diff --git a/tests/adversarial/program_validation.rs b/tests/adversarial/program_validation.rs
@@ -0,0 +1,64 @@
+use crate::common::{assertions::RpcErrorAssertions, *};
+use jsonrpsee::rpc_params;
+use solana_sdk::{instruction::Instruction, pubkey::Pubkey};
+use std::str::FromStr;
+
+#[tokio::test]
+async fn test_disallowed_memo_program() {
+    let ctx = TestContext::new().await.expect("Failed to create test context");
+
+    let disallowed_program_id = Pubkey::from_str("MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr")
+        .expect("Failed to parse SPL Memo program ID");
+
+    let malicious_instruction = Instruction::new_with_bincode(disallowed_program_id, &(), vec![]);
+
+    let malicious_tx = ctx
+        .transaction_builder()
+        .with_fee_payer(FeePayerTestHelper::get_fee_payer_pubkey())
+        .with_instruction(malicious_instruction)
+        .build()
+        .await
+        .expect("Failed to create transaction with disallowed program");
+
+    let result =
+        ctx.rpc_call::<serde_json::Value, _>("signTransaction", rpc_params![malicious_tx]).await;
+
+    match result {
+        Err(error) => {
+            let expected_message =
+                format!("Program {disallowed_program_id} is not in the allowed list");
+            error.assert_error_type_and_message("Invalid transaction", &expected_message);
+        }
+        Ok(_) => panic!("Expected error for transaction with disallowed program"),
+    }
+}
+
+#[tokio::test]
+async fn test_disallowed_program_v0_transaction() {
+    let ctx = TestContext::new().await.expect("Failed to create test context");
+
+    let disallowed_program_id = Pubkey::from_str("MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr")
+        .expect("Failed to parse BPF Loader Upgradeable program ID");
+
+    let malicious_instruction = Instruction::new_with_bincode(disallowed_program_id, &(), vec![]);
+
+    let malicious_tx = ctx
+        .v0_transaction_builder()
+        .with_fee_payer(FeePayerTestHelper::get_fee_payer_pubkey())
+        .with_instruction(malicious_instruction)
+        .build()
+        .await
+        .expect("Failed to create V0 transaction with disallowed program");
+
+    let result =
+        ctx.rpc_call::<serde_json::Value, _>("signTransaction", rpc_params![malicious_tx]).await;
+
+    match result {
+        Err(error) => {
+            let expected_message =
+                format!("Program {disallowed_program_id} is not in the allowed list");
+            error.assert_error_type_and_message("Invalid transaction", &expected_message);
+        }
+        Ok(_) => panic!("Expected error for V0 transaction with disallowed program"),
+    }
+}
diff --git a/tests/adversarial/token_states.rs b/tests/adversarial/token_states.rs
@@ -0,0 +1,98 @@
+use crate::common::{assertions::RpcErrorAssertions, *};
+use jsonrpsee::rpc_params;
+use solana_sdk::{
+    program_pack::Pack, signature::Keypair, signer::Signer, transaction::Transaction,
+};
+use solana_system_interface::instruction::create_account;
+use spl_associated_token_account::get_associated_token_address;
+use spl_token::instruction as token_instruction;
+
+#[tokio::test]
+async fn test_frozen_token_account_as_fee_payment() {
+    let ctx = TestContext::new().await.expect("Failed to create test context");
+    let setup = TestAccountSetup::new().await;
+
+    let frozen_token_account_keypair = Keypair::new();
+
+    let rent = setup
+        .rpc_client
+        .get_minimum_balance_for_rent_exemption(spl_token::state::Account::LEN)
+        .await
+        .expect("Failed to get rent exemption");
+
+    let create_account_ix = create_account(
+        &setup.sender_keypair.pubkey(),
+        &frozen_token_account_keypair.pubkey(),
+        rent,
+        spl_token::state::Account::LEN as u64,
+        &spl_token::id(),
+    );
+
+    let create_frozen_token_account_ix = spl_token::instruction::initialize_account(
+        &spl_token::id(),
+        &frozen_token_account_keypair.pubkey(),
+        &setup.usdc_mint.pubkey(),
+        &setup.sender_keypair.pubkey(),
+    )
+    .expect("Failed to create initialize account instruction");
+
+    let mint_tokens_ix = token_instruction::mint_to(
+        &spl_token::id(),
+        &setup.usdc_mint.pubkey(),
+        &frozen_token_account_keypair.pubkey(),
+        &setup.sender_keypair.pubkey(),
+        &[&setup.sender_keypair.pubkey()],
+        100_000,
+    )
+    .expect("Failed to create mint instruction");
+
+    let freeze_instruction = token_instruction::freeze_account(
+        &spl_token::id(),
+        &frozen_token_account_keypair.pubkey(),
+        &setup.usdc_mint.pubkey(),
+        &setup.sender_keypair.pubkey(),
+        &[&setup.sender_keypair.pubkey()],
+    )
+    .expect("Failed to create freeze instruction");
+
+    let recent_blockhash = setup.rpc_client.get_latest_blockhash().await.unwrap();
+    let setup_tx = Transaction::new_signed_with_payer(
+        &[create_account_ix, create_frozen_token_account_ix, mint_tokens_ix, freeze_instruction],
+        Some(&setup.sender_keypair.pubkey()),
+        &[&setup.sender_keypair, &frozen_token_account_keypair],
+        recent_blockhash,
+    );
+
+    setup
+        .rpc_client
+        .send_and_confirm_transaction(&setup_tx)
+        .await
+        .expect("Failed to setup and freeze token account");
+
+    let malicious_tx = ctx
+        .transaction_builder()
+        .with_fee_payer(FeePayerTestHelper::get_fee_payer_pubkey())
+        .with_spl_payment_with_accounts(
+            &frozen_token_account_keypair.pubkey(),
+            &get_associated_token_address(
+                &FeePayerTestHelper::get_fee_payer_pubkey(),
+                &setup.usdc_mint.pubkey(),
+            ),
+            &setup.sender_keypair.pubkey(),
+            50_000,
+        )
+        .build()
+        .await
+        .expect("Failed to create transaction with frozen fee payer token account");
+
+    let result =
+        ctx.rpc_call::<serde_json::Value, _>("signTransaction", rpc_params![malicious_tx]).await;
+
+    match result {
+        // 0x11: Frozen token account
+        Err(error) => {
+            error.assert_contains_message("custom program error: 0x11");
+        }
+        Ok(_) => panic!("Expected error for transaction with frozen fee payment account"),
+    }
+}