Summary
This release improves consistency with updated OSec API behavior to avoid "griefing" attack disclosed by security firm Accretion. The OSec API previously allowed anyone to override a program's verification info with a clone of the program's repository, which could mislead users about protocol information.
This has now been patched, but now the API requires that all program verifications be written to a PDA onchain first, before remote verification starts. Verification status of programs is now tagged with the address of the key that uploaded the verification information, under /status-all/<program-id> (for example kGYz2q2WUYCXhKpgUF4AMR3seDA9eg8sbirP5dhbyhy).
Explorers and other applications can now decide which verification is "canonical" based on the address of the uploader. We recommend that applications trust PDAs uploaded by the program's authority and PDAs uploaded by OtterSec's signer 9VWiUUhgNoRwTH5NVehYJEDwcotwYX3VgW4MChiHPAqU.
Changelog
- changed
solana-verify verify-from-repo --remoteto skip local build first, and go straight to writing the verification data onchain, then submitting a job to the OSec API - added compute unit fees globally, used to achieve better landing rates (
solana-verify verify-from-repo --compute-unit-price) - added
solana-verify remote submit-job --program-id <program id> --uploader <uploader>now submits a remote job for using only the PDA written by the uploader - added
solana-verify remote get-job --job-id <job-id>gets the job status of a given job id - added
solana-verify remote get-status --program-id <program id>gets the verification statuses by signer for a program ID - added
solana-verify export-pda-tx --encoding base58/base64 --compute-unit-price 0will now give you a base58/base64 transaction that you can use to write verification PDA from squads multisig - improved error messages for
solana-verify verify-from-repo --remoteto encourage multisig users to usesolana-verify submit-jobwhen they need to verify a specific uploader's verification arguments.