Security Considerations for CPIs
Cross-Program Invocations (CPIs)
Chapter 3: Security Considerations for CPIs
CPIs can introduce risks—security is paramount.
Key Points:
Validate account ownership and data.
Use Anchor constraints for safety.
Watch out for mutable accounts.
Code Example:
#[derive(Accounts)]
pub struct SecureCPI<'info> {
#[account(mut, constraint = my_account.owner == program_id)]
pub my_account: Account<'info, MyAccount>,
// Other accounts
}Interactivity: Take a quiz to spot security flaws in sample CPI code.
Last updated