fix(execute_transaction): SQU-682 Prevent execution of internal execu…

…te functions
Squads-Protocol · Jan 25, 2023 · 0947040 · 0947040
1 parent 7ef3ed2
commit 0947040
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/programs/squads-mpl/src/lib.rs b/programs/squads-mpl/src/lib.rs
@@ -406,6 +406,13 @@ pub mod squads_mpl {
                     if &ix.program_id != ctx.program_id {
                         return err!(MsError::InvalidAuthorityIndex);
                     }
+                    // Prevent recursive call on execute_transaction/instruction that could create issues
+                    let execute_transaction = Vec::from_hex("e7ad315beb184413").unwrap();
+                    let execute_instruction = Vec::from_hex("301228284b4a936e").unwrap();
+                    if Some(execute_transaction.as_slice()) == ix.data.get(0..8) ||
+                        Some(execute_instruction.as_slice()) == ix.data.get(0..8) {
+                        return err!(MsError::InvalidAuthorityIndex);
+                    }
                     // since the add member may need to pay realloc, switch the payer
                     if Some(add_member_discriminator.as_slice()) == ix.data.get(0..8) ||
                     Some(add_member_and_change_threshold_discriminator.as_slice()) == ix.data.get(0..8) {