Changing a PDA owned token account authority fails because of privilege escalation

Question

I am getting a privilege escalation error (Hw5dRzdcUNHahscRYr1AtsS3t6KXoxyHiGaeShjF7Wq3's signer privilege escalated) when I try to change the authority of an SPL. Hw5dRzdcUNHahscRYr1AtsS3t6KXoxyHiGaeShjF7Wq3 is the address of the escrow_signer in the code below.

I can confirm the SPL token account is owned by the PDA, as I changed its authority in another transaction.

        token::set_authority(
            ctx.accounts.into(),
            AuthorityType::AccountOwner,
            Some(ctx.accounts.escrow_signer.key()),
        )?;

    pub fn terminate_escrow  (ctx: Context<Terminate>) -> ProgramResult {
        let seeds = &[
            ctx.accounts.escrow_signer.key.as_ref(),
            &[ctx.accounts.escrow_account.nonce],
        ];

        let cpi_accounts = SetAuthority {
            account_or_mint: ctx.accounts
                .initializer_lp_token_account
                .to_account_info()
                .clone(),
            current_authority: ctx.accounts.escrow_signer.clone(),
        };

        let cpi_program = ctx.accounts.token_program.clone();

        token::set_authority(
            CpiContext::new(cpi_program, cpi_accounts)
                .with_signer(&[&seeds[..]]),
            AuthorityType::AccountOwner,
            Some(ctx.accounts.initializer.key()),
        )?;
}

#[derive(Accounts)]
pub struct Terminate<'info> {
    ...
    #[account(
        seeds = [escrow_account.to_account_info().key.as_ref()],
        bump = escrow_account.nonce,
    )]
    pub escrow_signer: AccountInfo<'info>,
}

Here is how I am creating the PDA address:

        const [_escrowSigner, _nonce] = await anchor.web3.PublicKey.findProgramAddress(
            [escrowAccount.publicKey.toBuffer()],
            program.programId
        );

Thanks for helping.

Hey @motia Have you had any chance to sort this? – ppoliani Dec 23 '21 at 11:22 — ppoliani, Dec 23 '21 at 11:22

score 0 · Answer 1 · answered Oct 13 '21 at 21:56

Should your seeds actually be:

let seeds = &[
    ctx.accounts.escrow_account.key.as_ref(),
    &[ctx.accounts.escrow_account.nonce],
];

Instead of the signer?

I wonder if they were passed the wrong way around, so that escrow_signer is actually escrow_account, which is not signing this instruction, which would explain the error.

score 0 · Answer 2 · answered Mar 02 '22 at 06:06

0

Ensure seeds is correct
Ensure relevant account is marked as mutable (THIS is often overlooked)

answered Mar 02 '22 at 06:06

noooooooob

1,872
3
21
27

Changing a PDA owned token account authority fails because of privilege escalation

2 Answers2