From 5f4313a0014aabe568f988f01a30d56aa402a5b7 Mon Sep 17 00:00:00 2001 From: Charlotte McGinn Date: Thu, 21 Apr 2022 15:27:09 -0400 Subject: [PATCH] check that the wallet calling execute_transaction is an owner --- programs/multisig/src/lib.rs | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/programs/multisig/src/lib.rs b/programs/multisig/src/lib.rs index c25e286..8e87094 100644 --- a/programs/multisig/src/lib.rs +++ b/programs/multisig/src/lib.rs @@ -154,6 +154,16 @@ pub mod serum_multisig { return Err(ErrorCode::AlreadyExecuted.into()); } + // Is this wallet a owner of the multisig? + ctx + .accounts + .multisig + .owners + .iter() + .position(|a| a == ctx.accounts.owner.key) + .ok_or(ErrorCode::InvalidOwner)?; + + // Do we have enough signers. let sig_count = ctx .accounts @@ -239,6 +249,8 @@ pub struct ExecuteTransaction<'info> { multisig_signer: UncheckedAccount<'info>, #[account(mut, has_one = multisig)] transaction: Box>, + // One of the multisig owners. Checked in the handler. + owner: Signer<'info>, } #[account]