Readonly CPI Write Bypass Remediation
How to fix readonly account write bypass via CPI.
Readonly CPI Write Bypass Remediation
Overview
Related Detector: Readonly CPI Write Bypass
Readonly accounts can be modified by CPI target programs that own them. The fix is to either require writable for accounts forwarded to CPI, or reload and re-validate account data after CPI returns.
Recommended Fix
// Option 1: Require writable
require!(account.is_writable, InvalidArgument);
invoke(&ix, &[account.clone()])?;
// Option 2: Re-validate after CPI
invoke(&ix, &[account.clone()])?;
ctx.accounts.my_account.reload()?;
validate_invariants(&ctx.accounts.my_account)?;Common Mistakes
Mistake: Trusting Pre-CPI State
let balance = account.lamports();
invoke(&external_ix, &[account.clone()])?;
// WRONG: balance may have changed
require!(balance >= minimum, Insufficient);Always re-read account state after CPI.