Add stateless signer program#7
Open
grod220 wants to merge 1 commit into
Open
Conversation
grod220
commented
Jun 11, 2026
| solana_instruction::{AccountMeta, Instruction}, | ||
| solana_sdk_ids::sysvar::slot_hashes, | ||
| spl_ed25519_programmatic_signer_interface::instruction::ProgrammaticSignerInstruction, | ||
| spl_ed25519_programmatic_signer_legacy_interface::instruction::ProgrammaticSignerInstruction, |
Member
Author
There was a problem hiding this comment.
Keeping this old crates here until I can get Initialize code moved to the new program in the next PR
grod220
commented
Jun 11, 2026
Comment on lines
+43
to
+44
| # TODO: pinned to mollusk's `4.1-beta` branch for a friendlier dep graph resolution w/ the new no-std crates | ||
| mollusk-svm = { git = "https://github.com/anza-xyz/mollusk", branch = "4.1-beta" } |
Member
Author
There was a problem hiding this comment.
Found this to solve all of my no-std crate issues given the latest updates. Think acceptable for now and can go back to stable mollusk version when ready.
grod220
force-pushed
the
executor-pt-1
branch
2 times, most recently
from
534687c to
b4dabef
Compare
grod220
commented
Jun 11, 2026
Comment on lines
+27
to
+32
| /// Trust assumptions: | ||
| /// - This program guarantees only that the authorities signed the payload. What the | ||
| /// payload does is entirely up to the executor it names. | ||
| /// - Signatures cover only the payload, never the accounts. The executor must validate them | ||
| /// against its instruction data. | ||
| /// - This program is stateless. Replay protection belongs to the executor. |
Member
Author
There was a problem hiding this comment.
Important change in this design
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements the first step of the executor-model decomposition proposed in #4. This new program has a single ix
Submitwhich simply verifies authority ed25519 signatures over an opaque payload, then CPIs the executor program the payload names, promoting each authority'sProgrammaticSignerPDA to a signer.The executor program (in the next PR) is responsible for nonce advancing, parsing the message bytes, and replaying the instructions.
This new signer program is simple and stateless, so the objective is to make this immutable.