Multi-Hop CPI Remediation
How to fix dangerous multi-hop CPI chain issues.
Multi-Hop CPI Remediation
Overview
Related Detector: Multi-Hop CPI
Deep CPI chains increase attack surface and risk depth limit violations. The fix is to minimize CPI depth, validate program IDs at each hop, and re-validate state between CPI calls.
Recommended Fix
// Validate program ID before CPI
require!(target.key() == EXPECTED_PROGRAM, InvalidProgram);
invoke(&ix, accounts)?;
// Re-validate state after CPI
ctx.accounts.state.reload()?;
validate_invariants(&ctx.accounts.state)?;Common Mistakes
Mistake: No Validation Between CPI Calls
invoke_a()?;
invoke_b()?; // State may have been corrupted by invoke_aAlways reload and validate state between sequential CPI calls.