More checks on amount and fees

Change-Id: If5a7f43faa0ea39e99138c0856756bad19a4b410

solana/bridge/program/src/api/verify_signature.rs

@@ -36,7 +36,8 @@ pub struct VerifySignatures<'b> {
     pub instruction_acc: Info<'b>,
 }
 
-impl<'b> InstructionContext<'b> for VerifySignatures<'b> {}
+impl<'b> InstructionContext<'b> for VerifySignatures<'b> {
+}
 
 impl From<&VerifySignatures<'_>> for GuardianSetDerivationData {
     fn from(data: &VerifySignatures<'_>) -> Self {
@@ -66,7 +67,6 @@ struct SecpInstructionPart<'a> {
     msg_size: u16,
 }
 
-
 pub fn verify_signatures(
     ctx: &ExecutionContext,
     accs: &mut VerifySignatures,
@@ -104,7 +104,7 @@ pub fn verify_signatures(
         secp_ix_index as usize,
         &accs.instruction_acc.try_borrow_mut_data()?,
     )
-        .map_err(|_| ProgramError::InvalidAccountData)?;
+    .map_err(|_| ProgramError::InvalidAccountData)?;
 
     // Check that the instruction is actually for the secp program
     if secp_ix.program_id != solana_program::secp256k1_program::id() {

solana/modules/token_bridge/program/src/api/complete_transfer.rs

@@ -142,7 +142,7 @@ pub fn complete_native(
         accs.to.info().key,
         accs.custody_signer.key,
         &[],
-        amount - fee,
+        amount.checked_sub(fee).unwrap(),
     )?;
     invoke_seeded(&transfer_ix, ctx, &accs.custody_signer, None)?;
 
@@ -248,7 +248,11 @@ pub fn complete_wrapped(
         accs.to.info().key,
         accs.mint_authority.key,
         &[],
-        accs.vaa.amount.as_u64() - accs.vaa.fee.as_u64(),
+        accs.vaa
+            .amount
+            .as_u64()
+            .checked_sub(accs.vaa.fee.as_u64())
+            .unwrap(),
     )?;
     invoke_seeded(&mint_ix, ctx, &accs.mint_authority, None)?;
 

solana/modules/token_bridge/program/src/api/transfer.rs

@@ -16,7 +16,10 @@ use crate::{
     messages::PayloadTransfer,
     types::*,
     TokenBridgeError,
-    TokenBridgeError::WrongAccountOwner,
+    TokenBridgeError::{
+        InvalidFee,
+        WrongAccountOwner,
+    },
 };
 use bridge::{
     accounts::Bridge,
@@ -134,6 +137,11 @@ pub fn transfer_native(
         return Err(TokenBridgeError::InvalidMint.into());
     }
 
+    // Fee must be less than amount
+    if data.fee > data.amount {
+        return Err(InvalidFee.into());
+    }
+
     // Verify that the token is not a wrapped token
     if let COption::Some(mint_authority) = accs.mint.mint_authority {
         if mint_authority == MintSigner::key(None, ctx.program_id) {
@@ -292,6 +300,11 @@ pub fn transfer_wrapped(
         return Err(TokenBridgeError::InvalidMint.into());
     }
 
+    // Fee must be less than amount
+    if data.fee > data.amount {
+        return Err(InvalidFee.into());
+    }
+
     // Verify that meta is correct
     let derivation_data: WrappedMetaDerivationData = (&*accs).into();
     accs.wrapped_meta

solana/modules/token_bridge/program/src/lib.rs

@@ -63,6 +63,7 @@ pub enum TokenBridgeError {
     TokenNotNative,
     UninitializedMint,
     WrongAccountOwner,
+    InvalidFee,
 }
 
 impl From<TokenBridgeError> for SolitaireError {