Token-2022 Immutable Owner Remediation
How to fix Token-2022 Immutable Owner extension issues.
Token-2022 Immutable Owner Remediation
Overview
Related Detector: Token-2022 Immutable Owner
Missing Immutable Owner extension allows unauthorized ownership transfers. The fix is to initialize the extension before account creation for all protocol-controlled token accounts.
Recommended Fix
// Initialize immutable owner BEFORE account initialization
token_2022::initialize_immutable_owner(token_program, vault)?;
token_2022::initialize_account3(token_program, vault, mint, authority)?;Common Mistakes
Mistake: Initializing Extension After Account
// WRONG: extension must be set before account initialization
token_2022::initialize_account3(...)?;
token_2022::initialize_immutable_owner(...)?; // Too lateExtension initialization must occur before account initialization.