[Feature]: Support empty accounts as valid PDAs
Closed this issue · 2 comments
Which package is this feature request for?
program
Feature
Currently all the PDAs validated in ProgramOwned rules are required to be non-empty and non-zeroed in order to be considered valid PDAs. There are 4 rules affected
That is an assumption that can impact valid implementations using empty accounts as PDAs, preventing protocols from being able to use mpl-token-auth-rules.
It is the case of FloppyLabs: we can't fully integrate our protocol due to that restriction. Here is an example of a valid empty PDA in use: 2m8HyhmYbxM5wfCMXDRQyQVcnD4W5tTUfuZz34rDUwRq (mainnet).
I could open the PR but I'd rather understand and discuss the reason behind the restriction.
Ideal solution or implementation
Removal of the 4 occurences of
if is_zeroed(&data)
check in program/src/state/rules.rs
Alternative solutions or implementations
No response
Other context
No response
Empty PDAs are a security issue because they can be assigned ownership to any program which prevents us from being able to use them in reliably in the ProgramOwnedList rule. We combined the ProgramOwnedList rule with PDAMatch previously, but that increases compute and the rule set size so requiring PDAs to have at least one non-zero byte is a cleaner solution that reduces precious compute usage.
Makes total sense. Thanks for the detailed answer.
Closing the feature request.