Full Report
Anchor is a common framework for building Solana contracts. Compared to vanilla Solana contracts, it adds many safety features and makes it easier to write secure code. Frameworks that compile your code do have the drawback of not being fully understood by the programmer, though. The author starts with a Solana smart contract written in Anchor with only a single instruction - initialize(). By default, Anchor adds seven extra instructions to the contract, which have to do with the IDL (Interface Description Language) storage. It is mostly just account management (create, resize, close), though. There are also buffer accounts that can be stored prior to storing information in the main account. The instruction IdlCreateAccount is permissionless but can only be called once. It creates the IDL program snd assigns the IDL authority. This means that if an attacker finds a program without this set or frontruns the call, they are able to specify a malicious IDL file. Since this is used to call the program, an attacker could abuse this in sophisticated phishing campaigns. This is a known issue. Additionally, I'm guessing that most Anchor programs, when deployed, will upload their IDL file at the same time. Multiple instructions can be executed in a single transaction too, so I'm unsure if this is vulnerable to frontrunning. IdlCreateBuffer enables a beautiful primitive for a Solana-specific vulnerability called type cosplay aka type confusion. Solana accounts should have a discriminator on them - bytes at the beginning of the account (data structure) to define the type. If this isn't checked, then havoc can occur. This instruction allows nearly arbitrary data to be stored in the account. As a result, this creates a great data store primitive for exploiting type cosplay issues. To remediate the issue, you can upgrade the contract with a custom instruction to swap the IDL's authority back to the intended party. Or you can just disable the IDL instructions. There is a fix on the way; I'm guessing that it just sets the IDL's authority to be the same as the program's, preventing this altogether. This is a pretty interesting bug because so much fraud occurs in crypto. I personally like the type-cosplay primitive the most of the two things! Overall, great post and I look forward to reading about more Solana things!
Analysis Summary
# Vulnerability: Unauthorized Anchor IDL Takeover and Type Cosplay Primitive
## CVE Details
- **CVE ID**: Not yet assigned (Discovered as a design flaw in Anchor framework)
- **CVSS Score**: N/A (Estimated Medium-High depending on coupled vulnerabilities)
- **CWE**: CWE-284: Improper Access Control; CWE-843: Access of Resource Using Incompatible Type (Type Confusion)
## Affected Systems
- **Products**: Solana programs built using the Anchor framework.
- **Versions**: All versions prior to v0.31.0.
- **Configurations**: Programs where the IDL (Interface Description Language) upload feature is enabled (default behavior) and the `IdlCreateAccount` instruction has not yet been executed by the legitimate owner.
## Vulnerability Description
Anchor automatically injects seven "hidden" instructions into smart contracts to manage on-chain IDL storage. The flaw exists in two specific instructions:
1. **Permissionless IDL Initialization**: The `IdlCreateAccount` instruction, which sets the IDL authority, is permissionless. Because it can only be called once, an attacker can "squat" or frontrun the initialization to set themselves as the IDL authority. This allows them to upload malicious IDL files.
2. **Arbitrary Data Primitive**: The `IdlCreateBuffer` instruction allows anyone to create an `IdlAccount` buffer. Because these accounts have a specific Anchor discriminator but allow nearly arbitrary data length and content, they serve as a perfect "primitive" for exploiting **Type Cosplay** (Type Confusion). An attacker can populate an IDL buffer with data that mimics a legitimate domain-specific account (e.g., a "Vault" or "User" account) to bypass insufficient type checks in other program instructions.
## Exploitation
- **Status**: PoC described; known design issue; likely exploited for phishing/misinformation.
- **Complexity**: Low (requires only a single transaction to claim authority).
- **Attack Vector**: Network (Solana RPC/Mainnet).
## Impact
- **Confidentiality**: Low (IDL data is public).
- **Integrity**: High (Attackers can modify the metadata that explorers and front-ends use to interpret transactions, leading to phishing or "rugged" UI).
- **Availability**: Medium (Prevents legitimate developers from uploading/updating their IDL).
## Remediation
### Patches
- **Anchor v0.31.0**: The framework is expected to restrict `IdlCreateAccount` to the program authority or set the authority during compilation.
### Workarounds
- **Claim Authority**: Immediately call `IdlCreateAccount` upon program deployment to lock the authority to a trusted wallet.
- **Disable IDL**: Disable the on-chain IDL feature entirely in the Anchor configuration if it is not required.
- **Manual Recovery**: If already compromised, developers must upgrade the program with a custom, temporary instruction designed to force-transfer the IDL authority back to the correct address.
## Detection
- **Indicators of Compromise**: Monitor the `anchor:idl` PDA (Program Derived Address) for your program. If the authority listed in the `IdlAccount` structure does not match the program upgrade authority or developer cold wallet, the IDL is compromised.
- **Detection Methods**: Use Solana explorers (e.g., Solscan) to inspect instruction logs for unauthorized `IdlCreateAccount` or `IdlSetBuffer` calls.
## References
- **Original Research**: hxxps://accretionxyz[.]substack[.]com/p/hidden-idl-instructions-and-how-to
- **GitHub Issue**: hxxps://github[.]com/coral-xyz/anchor/issues/444