anchor: lang: Disallow duplicate accounts by default

Anchor programs should error when duplicate accounts are given to a program. We can have some type of attribute to override this check and allow the duplicate, e.g., #[account(dup)] or something else.

Suggested by @jstarry.

About this issue

  • Original URL
  • State: open
  • Created 3 years ago
  • Comments: 25 (24 by maintainers)

Most upvoted comments

One default which I haven’t seen proposed: I think in a large amount of cases you can do automated checks on a program to see if it is vulnerable to duplicate account cases. So perhaps anchor build could include this audit. You can automatically check if I have multiple mutable refs of the same type and no no_dup flag on them, no constraints on their addresses that would preclude them from being duplicates, etc.

+1
asktree on May 26, 2022

I’ll leave the decision to @armaniferrante but my perspective is that simple and safe is a great starting point. Adding more complex knobs can come later when devs need them.

+1
jstarry on Nov 16, 2021

we should also decide what to do with remaining_accounts. Add another annotation(where?) that allows remaining_accounts to contain duplicates of previous accounts? or just not have the dup check for remaining_accounts?

Remaining accounts doesn’t provide any validation guarantees and the api is the same as regular solana. So I think it’s ok to have no checks there, since if you’re using it, you know you’re already doing unsafe things (relatively speaking).

+1
armaniferrante on Nov 5, 2021
Read more comments on GitHub
← anchor: devnet deploy error: unrecognized signer source
anchor: npm: Invalid anchor version →