SPL Token Compliance Remediation
How to fix SPL Token standard compliance violations.
SPL Token Compliance Remediation
Overview
Related Detector: SPL Token Compliance
SPL Token standard violations cause wallet and exchange integration failures. The fix is to validate token program IDs, use Anchor’s typed account wrappers, and follow standard token account ownership patterns.
Recommended Fix
#[derive(Accounts)]
pub struct TokenTransfer<'info> {
#[account(mut, token::authority = authority)]
pub source: Account<'info, TokenAccount>,
#[account(mut)]
pub destination: Account<'info, TokenAccount>,
pub authority: Signer<'info>,
pub token_program: Program<'info, Token>, // Enforces correct program ID
}Alternative Mitigations
Manual Program ID Check
For native programs, explicitly validate:
require!(
*token_program.key == spl_token::id(),
ProgramError::IncorrectProgramId
);Common Mistakes
Mistake: Accepting Any Program as Token Program
// WRONG: attacker can substitute a malicious program
invoke(&transfer_ix, &[source, dest, authority, any_program])?;Always validate the token program key matches spl_token::id() or spl_token_2022::id().