fix(solana): require upgrade authority for lvr amm bootstrap#135
Draft
rndrntwrk wants to merge 2 commits into
Draft
fix(solana): require upgrade authority for lvr amm bootstrap#135rndrntwrk wants to merge 2 commits into
rndrntwrk wants to merge 2 commits into
Conversation
The bootstrap-authority change in `programs/lvr_amm/src/instructions/{init,init_config}.rs`
adds the `program` and `programData` accounts to the `Initialize` /
`InitializeConfig` instruction discriminators. Anchor regenerates the IDL
on every build, and the `Solana Program Build Gate` CI step requires the
regenerated IDL to be committed across every downstream consumer that
mirrors the canonical IDL.
This commit propagates the regenerated IDL into:
- packages/hyperbet-avax/keeper/src/idl
- packages/hyperbet-bsc/{app,keeper}/src/idl
- packages/hyperbet-evm/keeper/src/idl
- packages/hyperbet-ui/src/idl
- packages/market-maker-bot/src/idl
Mechanical sync only — generated by `bun run --cwd packages/hyperbet-solana/anchor build`
through the existing `sync-anchor-artifacts` script. No runtime behavior
change; the bootstrap-authority enforcement remains in
`packages/hyperbet-solana/anchor/programs/lvr_amm/src/instructions/*.rs`.
rndrntwrk
force-pushed
the
security/lvr-amm-bootstrap-authority
branch
from
7745caf to
f54ef97
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes the Solana
lvr_ammbootstrap authority gap by making the program upgrade authority the only signer that can initialize the admin/config PDAs.This is scoped to
enoomian/stagingand is intentionally separated from the dynamic-liquidity mitigation so review can evaluate the bootstrap authority change independently.Why
lvr_ammpreviously allowed first-caller-wins initialization for the admin/config accounts. That creates a staging/prod bootstrap takeover risk: any funded signer could initialize the canonical PDAs before the intended deployer and permanently set hostile treasury/authority values.The expected authority model is the same operational standard used by the other Solana programs: initialization must be tied to the deployed program's upgrade authority, not whichever wallet reaches the endpoint first.
Changes
UnauthorizedInitializerto the end ofPredictionMarketErrorto avoid shifting existing Anchor error codes.programandprogram_dataaccounts forinitializeandinitialize_config.ProgramDataaccount belongs to the activelvr_ammprogram.program_data.upgrade_authority_address.Validation
anchor buildANCHOR_MANUAL_TEST_SKIP_BUILD=1 bun run test tests/lvr_amm_security.anchor.ts tests/lvr_amm_authoritative_settlement.tsTargeted localnet result:
lvr_amm security: 8 passinglvr_amm authoritative settlement: 5 passingRollout Notes
Already-initialized deployments are not affected at runtime. Fresh deployments and migrations must pass the
programandprogramDataaccounts when callinginitialize/initialize_config.This PR should merge into
enoomian/stagingfirst for staging validation before promotion into any broader release path.