Merge pull request #49 from lazor-kit/fix/audit-hardening

fix: audit hardening — RevokeSession, signed expiry, checked arithmetic

Author: onspeedhp

.gitignore

@@ -1,3 +1,6 @@
+# Claude Code
+.claude/
+
 # Build outputs
 ts-sdk/dist
 target

CHANGELOG.md

@@ -25,6 +25,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 - ExecuteDeferred instruction (disc=7): TX2 verifies hashes and executes via CPI with vault signing
 - ReclaimDeferred instruction (disc=8): closes expired DeferredExec accounts, refunds rent to original payer
 - DeferredExecAccount (176 bytes): stores instruction/account hashes, wallet, authority, payer, expiry
+- RevokeSession instruction (disc=9): Owner/Admin can close session accounts early, refunding rent to specified destination
+- Error code 3019 (InvalidSessionAccount) for invalid session PDA during revocation
 - Devnet smoke test (`tests-sdk/tests/devnet-smoke.ts`): exercises all 9 instructions across Ed25519/Secp256r1/Session auth types and Owner/Admin/Spender roles, reporting CU/TX size/rent
 - Deferred execution benchmarks (CU + tx size measurements for TX1/TX2)
 - Error codes 3014-3018 for deferred execution (expired, hash mismatch, invalid expiry, unauthorized reclaim)
@@ -69,6 +71,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
 ### Fixed
 
+- Authorize signed payload now includes `expiry_offset` (66 bytes total), preventing relayers from modifying the expiry window
+- `sol_assert_bytes_eq` now uses the `len` parameter instead of `left.len()` (latent OOB read on-chain)
+- `reclaim_deferred` uses `checked_add` for lamports (consistent with `execute_deferred` and `manage_authority`)
 - `PublicKey.default` collision with `SystemProgram.programId` in SDK execute methods: both are 32 zero bytes, causing `buildCompactLayout` to map SystemProgram to the sysvar slot (index 4) instead of adding it as a remaining account. Replaced with `SYSVAR_INSTRUCTIONS_PUBKEY`.
 - Synced passkey lockout: WebAuthn hardware counter=0 no longer causes rejection
 - 17/17 audit issues resolved (Accretion audit)

README.md

@@ -10,7 +10,7 @@ A high-performance smart wallet program on Solana with passkey (WebAuthn/Secp256
 
 - **Multi-Protocol Authentication**: Ed25519 (native Solana) + Secp256r1 (WebAuthn/Passkeys/Apple Secure Enclave)
 - **Role-Based Access Control**: Owner / Admin / Spender with strict permission hierarchy
-- **Ephemeral Session Keys**: Time-bound keys with absolute slot-based expiry (max 30 days)
+- **Ephemeral Session Keys**: Time-bound keys with absolute slot-based expiry (max 30 days), revocable by Owner/Admin
 - **Odometer Replay Protection**: Monotonic u32 counter per authority — works reliably with synced passkeys (iCloud, Google)
 - **Clock-Based Slot Freshness**: 150-slot window via `Clock::get()` — no SlotHashes sysvar needed
 - **Zero-Copy Serialization**: Raw byte casting via pinocchio, no Borsh overhead

assertions/src/lib.rs

@@ -24,7 +24,7 @@ pub fn sol_assert_bytes_eq(left: &[u8], right: &[u8], len: usize) -> bool {
         sol_memcmp_(
             left.as_ptr(),
             right.as_ptr(),
-            left.len() as u64,
+            len as u64,
             result.as_mut_ptr() as *mut i32,
         );
         result.assume_init() == 0
@@ -33,7 +33,7 @@ pub fn sol_assert_bytes_eq(left: &[u8], right: &[u8], len: usize) -> bool {
 
 #[cfg(not(target_os = "solana"))]
 pub fn sol_assert_bytes_eq(left: &[u8], right: &[u8], len: usize) -> bool {
-    (left.len() == len || right.len() != len) && right == left
+    left.len() >= len && right.len() >= len && left[..len] == right[..len]
 }
 
 macro_rules! sol_assert {

docs/Architecture.md

@@ -168,7 +168,7 @@ Since each authority is a separate PDA, Solana's scheduler sees no writable over
 
 This enables high-throughput wallets where multiple authorized parties (e.g., an admin managing permissions while a spender sends payments, or multiple session keys operating concurrently) never block each other. The per-authority odometer counter provides replay protection without creating a shared bottleneck.
 
-## 5. Instructions (9 total)
+## 5. Instructions (10 total)
 
 ### CreateWallet (discriminator: 0)
 
@@ -212,7 +212,7 @@ This enables high-throughput wallets where multiple authorized parties (e.g., an
 
 - Creates a DeferredExec PDA storing pre-authorized instruction/account hashes.
 - Only Secp256r1 Owner/Admin can authorize (not Ed25519, not Spender).
-- Signed payload: `instructions_hash || accounts_hash` (64 bytes).
+- Signed payload: `instructions_hash || accounts_hash || expiry_offset` (66 bytes).
 - Expiry offset bounded to 10-9,000 slots (~4 seconds to ~1 hour).
 - Uses the authority's odometer counter (post-increment) as PDA seed nonce.
 - Instruction data: `[instructions_hash(32)][accounts_hash(32)][expiry_offset(2)][auth_payload(variable)]`.
@@ -237,6 +237,14 @@ This enables high-throughput wallets where multiple authorized parties (e.g., an
 - No instruction data (discriminator only).
 - Accounts: payer, deferred_exec, refund_destination.
 
+### RevokeSession (discriminator: 9)
+
+- Closes a session account early (before expiry), refunding rent.
+- Only Owner or Admin can revoke (Spender cannot).
+- Session can be revoked regardless of whether it is expired or active.
+- Signature bound to specific session PDA + refund destination (prevents replay).
+- Accounts: payer, wallet, admin_authority, session, refund_destination [+ auth_extra].
+
 ## 6. CompactInstructions Format
 
 Binary format for packing multiple instructions into Execute:

program/idl.json

@@ -644,6 +644,65 @@
         "type": "u8",
         "value": 8
       }
+    },
+    {
+      "name": "RevokeSession",
+      "accounts": [
+        {
+          "name": "payer",
+          "isMut": false,
+          "isSigner": true,
+          "docs": [
+            "Transaction payer"
+          ]
+        },
+        {
+          "name": "wallet",
+          "isMut": false,
+          "isSigner": false,
+          "docs": [
+            "Wallet PDA"
+          ]
+        },
+        {
+          "name": "adminAuthority",
+          "isMut": true,
+          "isSigner": false,
+          "docs": [
+            "Owner/Admin authority PDA (counter incremented for Secp256r1)"
+          ]
+        },
+        {
+          "name": "session",
+          "isMut": true,
+          "isSigner": false,
+          "docs": [
+            "Session PDA to revoke"
+          ]
+        },
+        {
+          "name": "refundDestination",
+          "isMut": true,
+          "isSigner": false,
+          "docs": [
+            "Account to receive rent refund"
+          ]
+        },
+        {
+          "name": "authExtra",
+          "isMut": false,
+          "isSigner": false,
+          "isOptional": true,
+          "docs": [
+            "Ed25519: signer keypair | Secp256r1: sysvar_instructions"
+          ]
+        }
+      ],
+      "args": [],
+      "discriminant": {
+        "type": "u8",
+        "value": 9
+      }
     }
   ],
   "metadata": {

program/src/entrypoint.rs

@@ -5,7 +5,7 @@ use pinocchio::{
 
 use crate::processor::{
     authorize, create_session, create_wallet, execute, execute_deferred, manage_authority,
-    reclaim_deferred, transfer_ownership,
+    reclaim_deferred, revoke_session, transfer_ownership,
 };
 
 entrypoint!(process_instruction);
@@ -31,6 +31,7 @@ pub fn process_instruction(
         6 => authorize::process(program_id, accounts, data),
         7 => execute_deferred::process(program_id, accounts, data),
         8 => reclaim_deferred::process(program_id, accounts, data),
+        9 => revoke_session::process(program_id, accounts, data),
         _ => Err(ProgramError::InvalidInstructionData),
     }
 }

program/src/error.rs

@@ -21,6 +21,7 @@ pub enum AuthError {
     InvalidExpiryWindow = 3016,
     UnauthorizedReclaim = 3017,
     DeferredAuthorizationNotExpired = 3018,
+    InvalidSessionAccount = 3019,
 }
 
 impl From<AuthError> for ProgramError {

program/src/instruction.rs

@@ -249,6 +249,46 @@ pub enum ProgramIx {
         desc = "Account to receive rent refund"
     )]
     ReclaimDeferred,
+
+    /// Revoke a session key early (before expiry)
+    ///
+    /// Only Owner or Admin can revoke. Closes the session account and refunds rent.
+    #[account(
+        0,
+        signer,
+        name = "payer",
+        desc = "Transaction payer"
+    )]
+    #[account(
+        1,
+        name = "wallet",
+        desc = "Wallet PDA"
+    )]
+    #[account(
+        2,
+        writable,
+        name = "admin_authority",
+        desc = "Owner/Admin authority PDA (counter incremented for Secp256r1)"
+    )]
+    #[account(
+        3,
+        writable,
+        name = "session",
+        desc = "Session PDA to revoke"
+    )]
+    #[account(
+        4,
+        writable,
+        name = "refund_destination",
+        desc = "Account to receive rent refund"
+    )]
+    #[account(
+        5,
+        optional,
+        name = "auth_extra",
+        desc = "Ed25519: signer keypair | Secp256r1: sysvar_instructions"
+    )]
+    RevokeSession,
 }
 
 #[repr(C)]

program/src/processor/authorize.rs

@@ -128,10 +128,11 @@ pub fn process(
         return Err(AuthError::PermissionDenied.into());
     }
 
-    // The signed_payload for Authorize is: instructions_hash || accounts_hash
-    let mut signed_payload = Vec::with_capacity(64);
+    // The signed_payload for Authorize is: instructions_hash || accounts_hash || expiry_offset
+    let mut signed_payload = Vec::with_capacity(66);
     signed_payload.extend_from_slice(&instructions_hash);
     signed_payload.extend_from_slice(&accounts_hash);
+    signed_payload.extend_from_slice(&expiry_offset.to_le_bytes());
 
     // Authenticate — this verifies the Secp256r1 signature and increments the counter
     Secp256r1Authenticator.authenticate(