Skip to content

fix: address subscription audit findings#132

Merged
dev-jodee merged 16 commits into
mainfrom
fix/security-audit-findings
May 26, 2026
Merged

fix: address subscription audit findings#132
dev-jodee merged 16 commits into
mainfrom
fix/security-audit-findings

Conversation

@dev-jodee
Copy link
Copy Markdown
Collaborator

@dev-jodee dev-jodee commented May 26, 2026
edited
Loading

Summary

  • Bind marketplace subscription pricing and confirmation copy to each plan actual configured token instead of hardcoded USDC.
  • Stop collect-all retry splitting after ambiguous send failures to avoid replaying payment batches across billing periods.
  • Bind signed subscribe approvals to the current SubscriptionAuthority generation and update client/webapp call sites.
  • Bind fixed and recurring direct-delegation creation approvals to the current SubscriptionAuthority generation and update IDL/client/webapp call sites.

Test Plan

  • just build-program
  • cargo test -p tests-subscriptions test_create_fixed_delegation -- --nocapture
  • cargo test -p tests-subscriptions test_create_recurring_delegation -- --nocapture
  • cargo test -p tests-subscriptions test_subscribe
  • pnpm --filter @solana/subscriptions build
  • pnpm --filter webapp test
  • pnpm --filter webapp build
  • pnpm run lint
  • just check-generated

Breaking Changes

  • Subscribe instruction data/IDL now includes expectedSubscriptionAuthorityInitId. Clients must use regenerated bindings or pass the current SubscriptionAuthority initId when constructing subscribe instructions.
  • CreateFixedDelegation and CreateRecurringDelegation instruction data/IDL now include expectedSubscriptionAuthorityInitId. Clients must use regenerated bindings or pass the current SubscriptionAuthority initId when constructing direct-delegation creation instructions.

dev-jodee added 3 commits May 26, 2026 09:03
@dev-jodee
fix(webapp): bind marketplace pricing to plan mint
4db0b8f 
Display subscription plan amounts with the configured symbol and decimals for the plan mint, expose the mint in marketplace confirmation, and disable marketplace subscription actions for unsupported mints.

Finding: MULT-31
@dev-jodee
fix(webapp): avoid replaying ambiguous payment batches
172f34d 
Only split and retry collection batches after pre-broadcast simulation failures. Treat ambiguous send errors as unknown batch status so the same subscription pulls are not replayed across billing boundaries.

Finding: MULT-28
@dev-jodee
fix(subscription): bind subscribe to authority generation
ad4c0b8
@vercel
Copy link
Copy Markdown

vercel Bot commented May 26, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
solana-subscriptions-program Ready Ready Preview, Comment May 26, 2026 5:34pm

Request Review

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 26, 2026
edited
Loading

Compute Unit Report

Instruction Samples Min CUs Max CUs Avg CUs Est Cost (Low) [SOL] Est Cost (Med) [SOL] Est Cost (High) [SOL]
cancel_subscription 22 1720 2030 1919 0.000005000 0.000005076 0.000005959
close_subscription_authority 10 1803 1833 1806 0.000005000 0.000005072 0.000005903
create_fixed_delegation 38 3522 12522 4811 0.000005001 0.000005192 0.000007405
create_plan 97 3436 12449 4970 0.000005001 0.000005198 0.000007485
create_recurring_delegation 27 3553 9555 4834 0.000005001 0.000005193 0.000007417
delete_plan 9 359 359 359 0.000005000 0.000005014 0.000005179
init_subscription_authority 159 6226 24226 8981 0.000005002 0.000005359 0.000009490
resume_subscription 3 1723 1723 1723 0.000005000 0.000005068 0.000005861
revoke_delegation 19 255 519 353 0.000005000 0.000005014 0.000005176
subscribe 32 6485 13985 7898 0.000005002 0.000005315 0.000008949
transfer_fixed 6 5208 14211 7710 0.000005002 0.000005308 0.000008855
transfer_recurring 17 5323 11416 7478 0.000005002 0.000005299 0.000008739
transfer_subscription 10 5572 13072 8877 0.000005002 0.000005355 0.000009438
update_plan 22 424 503 477 0.000005000 0.000005019 0.000005238

Generated: 2026-05-26

dev-jodee added 2 commits May 26, 2026 13:26
@dev-jodee
fix(webapp): use configured token decimals in delegation dialog
1b40c3d 
Replace hardcoded USDC_MULTIPLIER and "USDC" labels with token-config
lookup via resolvePlanTokenDisplay + parseTokenAmount. Disable submit
when the mint is unconfigured for the selected network. Mirrors the
plan-creation dialog and removes a latent mispricing path for non-
6-decimal mints.
@dev-jodee
fix(scripts): bracket IPv6 host in api health check
a0d14b4 
When API_HOST is an IPv6 literal (e.g. ::1), the health-check URL must
wrap the host in brackets. Without this, wait_for_http builds an
unparseable URL and the start script fails before the API server is
probed.
@dev-jodee dev-jodee merged commit 3c4881f into main May 26, 2026
13 checks passed
@dev-jodee dev-jodee deleted the fix/security-audit-findings branch May 26, 2026 17:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dev-jodee