LayerZero-Labs · ziming-zung · Oct 17, 2024 · Oct 16, 2024 · Oct 17, 2024
diff --git a/packages/layerzero-v2/solana/programs/programs/executor/src/errors.rs b/packages/layerzero-v2/solana/programs/programs/executor/src/errors.rs
@@ -19,4 +19,5 @@ pub enum ExecutorError {
     InsufficientBalance,
     EidNotSupported,
     ExecutorIsAdmin,
+    InvalidOwner,
 }
diff --git a/packages/layerzero-v2/solana/programs/programs/executor/src/instructions/compose.rs b/packages/layerzero-v2/solana/programs/programs/executor/src/instructions/compose.rs
@@ -1,5 +1,5 @@
 use crate::*;
-use anchor_lang::solana_program::{instruction::Instruction, program::invoke};
+use anchor_lang::solana_program::{instruction::Instruction, program::invoke, system_program};
 use oapp::{
     endpoint::{
         self, cpi::accounts::LzComposeAlert, instructions::LzComposeAlertParams, program::Endpoint,
@@ -73,6 +73,11 @@ impl Compose<'_> {
                 ExecutorError::InsufficientBalance
             );
         }
+        require!(
+            ctx.accounts.executor.owner.key() == system_program::ID,
+            ExecutorError::InvalidOwner
+        );
+        require!(ctx.accounts.executor.data_is_empty(), ExecutorError::InvalidSize);
         Ok(())
     }
 }

diff --git a/packages/layerzero-v2/solana/programs/programs/executor/src/instructions/execute.rs b/packages/layerzero-v2/solana/programs/programs/executor/src/instructions/execute.rs
@@ -1,5 +1,5 @@
 use crate::*;
-use anchor_lang::solana_program::{instruction::Instruction, program::invoke};
+use anchor_lang::solana_program::{instruction::Instruction, program::invoke, system_program};
 use oapp::{
     endpoint::{
         self, cpi::accounts::LzReceiveAlert, instructions::LzReceiveAlertParams, program::Endpoint,
@@ -74,6 +74,11 @@ impl Execute<'_> {
                 ExecutorError::InsufficientBalance
             );
         }
+        require!(
+            ctx.accounts.executor.owner.key() == system_program::ID,
+            ExecutorError::InvalidOwner
+        );
+        require!(ctx.accounts.executor.data_is_empty(), ExecutorError::InvalidSize);
         Ok(())
     }
 }

diff --git a/packages/layerzero-v2/solana/programs/verify-contracts.md b/packages/layerzero-v2/solana/programs/verify-contracts.md
@@ -163,7 +163,21 @@ avm install 0.29.0
 avm use 0.29.0
 ```
 
-### Step 2.9: Install Repository Dependencies
+### Step 2.9: Install solana-verify
+
+`solana-verify` is a tool used to verify that the hash of the on-chain program matches the hash of the locally compiled program. By default, `solana-verify` removes any trailing zeros from the program executable and computes its hash using the `sha256` algorithm. You can install `solana-verify` using the following command:
+
+```bash
+cargo install solana-verify
+```
+
+**Note:** Starting from Solana version 1.18, new program deployments will use the exact program size.
+
+> By default, new program deployments use the exact size of the program rather than doubling the size. If a program needs more space for an upgrade, the program account must be extended using `solana program extend` before upgrading.
+
+If a program was deployed using Solana versions earlier than 1.18, the size of the file generated by `solana program dump` may differ from the locally built program size.
+
+### Step 2.10: Install Repository Dependencies
 
 Before building the program, navigate to the cloned LayerZero-v2 repository and install the necessary dependencies using `yarn`:
 
@@ -185,40 +199,32 @@ cd ~/Desktop/layerzero/monorepo/packages/layerzero-v2/solana/programs
 anchor build
 ```
 
-Once the build is complete, generate the SHA256 checksum for the compiled Solana program:
+Once the build is complete, generate the program hash for the compiled Solana program:
 
 ```bash
-sha256sum ./target/deploy/endpoint.so
+solana-verify get-executable-hash ./target/deploy/endpoint.so
 ```
 
 ### Step 3.2: Download and Verify Program Data
 
-To verify the bytecode deployed on the Solana network, download the program data using the Solana CLI, and compare its checksum with the one you generated.
-
-Download the program data and save it to `/tmp/endpoint.so`:
+To verify the bytecode deployed on the Solana network, generate the program hash for the program.
 
 ```bash
-solana program dump 76y77prsiCMvXMjuoZ5VRrhG5qYBrUMYTE5WgHqgjEn6 /tmp/endpoint.so
+solana-verify get-program-hash -u  https://api.mainnet-beta.solana.com 76y77prsiCMvXMjuoZ5VRrhG5qYBrUMYTE5WgHqgjEn6
 ```
 
-Generate the checksum for the downloaded program:
-
-```bash
-sha256sum /tmp/endpoint.so
-```
-
-### Step 3.3: Compare the Results <a id="program-hash"></a>
-
-Now, compare the checksums of the built program and the downloaded program. They should match if the deployed bytecode is identical to your local build.
+### Step 3.3: Compare the Results
 
-| Program            | Address                                      | Commit      | SHA256                                                           |
-| ------------------ | -------------------------------------------- | ------------ | ---------------------------------------------------------------- |
-| blocked-messagelib | 2XrYqmhBMPJgDsb4SVbjV1PnJBprurd5bzRCkHwiFCJB | 37c598b | f92e599beb2fdfa53e7061ce4421f91b561c2d927a722ec3399f13a42edbe125 |
-| dvn                | HtEYV4xB4wvsj5fgTkcfuChYpvGYzgzwvNhgDZQNh7wW | 37c598b | b241d72e5b7fca532db12f22e128824c9316a887edbecc97f1f76fb0113e9127 |
-| endpoint           | 76y77prsiCMvXMjuoZ5VRrhG5qYBrUMYTE5WgHqgjEn6 | 37c598b | caa868d80b000c488e60e99828e366e773dde877ccc92b67f81df03b608639d4 |
-| oft                | HRPXLCqspQocTjfcX4rvAPaY9q6Gwb1rrD3xXWrfJWdW | 37c598b | cd470fa5a7d287b4145068a546da32d5e21c71b3406d094280583e32644255b7 |
-| pricefeed          | 8ahPGPjEbpgGaZx2NV1iG5Shj7TDwvsjkEDcGWjt94TP | 37c598b | e7349c171c43c971044ea0ddc4c6f75b7b1395afde2b3d9243c5e2dce7ba9459 |
-| uln                | 7a4WjyR8VZ7yZz5XJAKm39BUGn5iT9CKcv2pmG9tdXVH | 7aebbd7 | 3f5e4b54a281804aade7d24efd7957b30663e2f9a1f5e88ca4a6d539848f6e06 |     |
+Now, compare the program hash of the built program and the on-chain program. They should match if the deployed bytecode is identical to your local build.
 
+| Program            | Address                                      | Commit  | Platform             | Program Hash                                                     |
+| ------------------ | -------------------------------------------- | ------- | -------------------- | ---------------------------------------------------------------- |
+| blocked-messagelib | 2XrYqmhBMPJgDsb4SVbjV1PnJBprurd5bzRCkHwiFCJB | 37c598b | aarch64-apple-darwin | e8f5412527e5138f626299c9b78a2e2f859d306f4c744472d7a2fde34988f3b1 |
+| dvn                | HtEYV4xB4wvsj5fgTkcfuChYpvGYzgzwvNhgDZQNh7wW | 37c598b | aarch64-apple-darwin | 98c89ebdd94b2563d3aabba118ce012965c344e98c70600f66365dae2d66de39 |
+| endpoint           | 76y77prsiCMvXMjuoZ5VRrhG5qYBrUMYTE5WgHqgjEn6 | 37c598b | aarch64-apple-darwin | 9012552d8a15d230791e2582e6320eff872a651fb110d2198020ed12e5547e74 |
+| executor           | 6doghB248px58JSSwG4qejQ46kFMW4AMj7vzJnWZHNZn | 02f5bef | aarch64-apple-darwin | b17a413d00a54e8c666cf57797884504702ac032e8022fb0fa9c84516ef534f1 |
+| oft                | HRPXLCqspQocTjfcX4rvAPaY9q6Gwb1rrD3xXWrfJWdW | 37c598b | aarch64-apple-darwin | b4feeed20ca0ff9be4398b5478c10ba7fd06746605d5f57552d36bc73f5ecc20 |
+| pricefeed          | 8ahPGPjEbpgGaZx2NV1iG5Shj7TDwvsjkEDcGWjt94TP | 37c598b | aarch64-apple-darwin | 5209029bd51341cc70af6d1d82d182dae6dd90076265c7300434d0c5b6e8f2d6 |
+| uln                | 7a4WjyR8VZ7yZz5XJAKm39BUGn5iT9CKcv2pmG9tdXVH | 7aebbd7 | aarch64-apple-darwin | 325085140b5d375d2250732a231120076f45ca8a582caf56b54fc9c33319d9af |
 
 If the checksums match, the verification is successful.