F-2026-0004·instruction-introspection

Missing signature instruction index validation in Ed25519 verification pattern

Fixedsolanavaulted25519
TL;DR

The Ed25519 verification pattern validates pubkey and message instruction indices but skips the signature_ix_index field, leaving an incomplete inline-mode validation.

Severity
LOW
Impact
LOW
Likelihood
LOW
Method
MManual review
CAT.
Complexity
MEDIUM
Exploitability
LOW
02Section · Description

Description

The Ed25519 signature verification implementation validates that public key and message data are read inline (pubkey_ix_index and msg_ix_index both equal 0xFFFF) but does not validate the signature_ix_index field. According to industry best practices for Ed25519 verification via instruction introspection, all three instruction index fields must be validated to ensure complete inline mode operation.

The Ed25519 instruction header structure contains three instruction index fields at bytes 4-5 (signature_ix_index), 8-9 (pubkey_ix_index), and 14-15 (msg_ix_index). When these fields equal 0xFFFF, it indicates the data should be read from the current Ed25519 instruction itself (inline mode) rather than from other instructions in the transaction.

Current implementation at lines 101-120:

rust
// Read offsets and instruction indices from header
let pubkey_offset = u16::from_le_bytes([data[6], data[7]]) as usize;
let pubkey_ix_index = u16::from_le_bytes([data[8], data[9]]);


let msg_offset = u16::from_le_bytes([data[10], data[11]]) as usize;
let msg_size = u16::from_le_bytes([data[12], data[13]]) as usize;
let msg_ix_index = u16::from_le_bytes([data[14], data[15]]);


// CRITICAL SECURITY CHECK (Prevents Offset Attack):
const CURRENT_IX_INDEX_SENTINEL: u16 = u16::MAX;
require!(
    pubkey_ix_index == CURRENT_IX_INDEX_SENTINEL,
    ErrorCode::InvalidEd25519InstructionData
);
require!(
    msg_ix_index == CURRENT_IX_INDEX_SENTINEL,
    ErrorCode::InvalidEd25519InstructionData
);

The signature_ix_index field at bytes 4-5 is never read or validated. The validation gap represents an incomplete implementation of the recommended Ed25519 verification security pattern. It is recommended to validate all three instruction index fields to ensure the verification instruction operates in a fully constrained inline mode.

03Section · Recommendation

Recommendation

Add the signature instruction index validation after line 103. Read the signature_ix_index field and validate it matches the CURRENT_IX_INDEX_SENTINEL value:

rust
let sig_ix_index = u16::from_le_bytes([data[4], data[5]]);
require!(
    sig_ix_index == CURRENT_IX_INDEX_SENTINEL,
    ErrorCode::InvalidEd25519InstructionData
);

This completes the inline mode validation pattern by ensuring the signature, public key, and message are all read from the same Ed25519 instruction.

04Section · Resolution

Resolution

Fair Casino: Fixed.

Zealynx: Verified.

Status
Fixed
ZEALYNX SECURITY · published 2026-01-19
F-2026-0004

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2026 Zealynx