feat(validation): block compute-only transactions#421
Merged
Conversation
Reject transactions that contain only ComputeBudget instructions while still allowing ComputeBudget instructions when combined with real program instructions.\nAdd validator tests for both reject and allow paths.\n\nRefs: PRO-1090
📊 TypeScript Coverage ReportCoverage: 33.9% View detailed reportCoverage artifacts have been uploaded to this workflow run. |
Contributor
Greptile SummaryAdds a Confidence Score: 5/5Safe to merge — the change is a narrow, well-tested validation addition with no breaking side-effects. Logic is correct (empty-instructions guard fires before the new check, so .any() on an empty iterator cannot produce a misleading error), tests cover both the rejection and pass-through paths, and no existing behavior is altered for valid transactions. No files require special attention.
|
| Filename | Overview |
|---|---|
| crates/lib/src/validator/transaction_validator.rs | Adds validate_has_non_compute_instruction guard and two new tests; logic and ordering are correct. |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[validate_transaction called] --> B{all_instructions empty?}
B -- Yes --> C[Error: no instructions]
B -- No --> D{Any non-ComputeBudget instruction?}
D -- No --> E[Error: only ComputeBudget instructions]
D -- Yes --> F{all_account_keys empty?}
F -- Yes --> G[Error: no account keys]
F -- No --> H[validate_signatures]
H --> I[validate_programs]
I --> J[validate_transfer_amounts]
J --> K[validate_disallowed_accounts]
K --> L[validate_fee_payer_usage]
L --> M[Ok]
Reviews (1): Last reviewed commit: "feat(validation): block compute-only tra..." | Re-trigger Greptile
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
dev-jodee
added a commit
that referenced
this pull request
Apr 8, 2026
…call_programs Keep must_call_programs focused on required-program matching only. Compute-only transaction rejection belongs to the dedicated compute-only validation flow (PR #421), not this rule. - Remove ComputeBudget filtering from must_call_programs runtime check - Remove compute-budget-only config rejection for must_call_programs - Update docs/comments and adjust config validator test expectations Refs: PRO-1089
amilz
approved these changes
Apr 8, 2026
Contributor
amilz
reviewed
Apr 8, 2026
|
Great job :D |
dev-jodee
added a commit
that referenced
this pull request
Apr 9, 2026
* feat(validation): add must_call_programs validation rule Adds a new optional config field `must_call_programs` to `ValidationConfig`. When non-empty, transactions must call at least one of the listed programs. Transactions containing only ComputeBudget instructions are also rejected. Refs: PRO-1089 * fix(validation): validate must_call_programs config constraints Add startup config checks for must_call_programs to fail fast on invalid or unsatisfiable policy values. - Validate must_call_programs entries are valid pubkeys - Require each must_call_programs entry to also exist in allowed_programs - Reject compute-budget-only must_call_programs policy - Add config-validator tests for these scenarios - Update config docs/comments to reflect constraints Refs: PRO-1089 * refactor(validation): remove compute-budget special-casing from must_call_programs Keep must_call_programs focused on required-program matching only. Compute-only transaction rejection belongs to the dedicated compute-only validation flow (PR #421), not this rule. - Remove ComputeBudget filtering from must_call_programs runtime check - Remove compute-budget-only config rejection for must_call_programs - Update docs/comments and adjust config validator test expectations Refs: PRO-1089 --------- Co-authored-by: Jo D <dev-jodee@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Test Plan (if applicable)
cargo test -p kora-lib test_reject_compute_budget_only_transaction -- --nocapturecargo test -p kora-lib test_allow_transaction_with_compute_budget_and_non_compute_instruction -- --nocapturecargo test -p kora-lib test_empty_transaction -- --nocapturecargo test -p kora-lib test_validate_programs -- --nocaptureCloses PRO-1090
📊 Unit Test Coverage
Unit Test Coverage: 84.8%
View Detailed Coverage Report