Expand description
Multi-tier validation system.
Hopper supports five validation levels:
- Account-local: owner, signer, writable, size, discriminator, layout_id
- Cross-account:
vault.mint == mint.address(), authority matches - State-transition: status enum transitions, balance bounds
- CPI composition: post-CPI invariants, no-CPI guards
- Post-mutation: balance conservation, solvency invariants (via
PostMutationValidator)
Validation can be composed with named groups (ValidationGroup), instruction-specific
rule packs (TransitionRulePack), and multi-group bundles (ValidationBundle).
Modules§
- fast
- Batched u32 header validation using a single-compare optimization.
- graph
- Composable Validation Pipeline.
- guards
- Security guard packs – safe-by-default exploit prevention.
- modifier
- Modifier-style composable account wrappers.
- trust
- Foreign-account trust profiles.
Functions§
- check_
account - Combined account check: owner + discriminator + minimum size.
- check_
accounts_ unique - Check that two accounts are unique (different addresses).
- check_
accounts_ unique_ 3 - Check that three accounts are all unique.
- check_
address - Check an account’s address matches an expected value.
- check_
discriminator - Check that the discriminator byte matches.
- check_
executable - Check that an account is executable (a program).
- check_
has_ one - Check
has_one: a stored address in account data matches another account’s address. - check_
instruction_ data_ min - Check instruction data meets minimum length.
- check_
keys_ eq - Check that two account addresses are equal.
- check_
lamports_ gte - Check that the account has at least
minlamports. - check_
no_ subsequent_ invocation - Ensure our program is not invoked after the current instruction.
- check_
not_ closed - Check that an account has not been closed (no close sentinel).
- check_
owner - Check that an account is owned by the expected program.
- check_
owner_ multi - Check that an account is owned by one of the given program IDs.
- check_
program - Check that an account is a specific program: its key matches
expected_program_idand it is flagged executable. - check_
rent_ exempt - Check that an account is rent exempt.
- check_
signer - Check that an account is a signer.
- check_
size - Check minimum data size.
- check_
system_ program - System program check.
- check_
uninitialized - Check uninitialized: account data is empty.
- check_
writable - Check that an account is writable.
- current_
instruction_ index - Read the current instruction index from the Instructions sysvar.
- detect_
flash_ loan_ bracket - Detect flash-loan bracket: same program called before AND after current.
- find_
and_ verify_ pda - Find a PDA and verify it matches the account, returning the bump.
- instruction_
count - Read the number of instructions in the current transaction.
- is_
zero_ address - Check if a 32-byte address is all zeros (the default/system address).
- keys_
eq_ fast - Fast 32-byte key equality check using 4x u64 comparisons.
- read_
program_ id_ at - Read the program_id of instruction at the given index.
- rent_
exempt_ min - Rent-exempt minimum lamports for a given data size.
- require_
top_ level - Require that the current instruction is top-level (not a CPI).
- verify_
pda - Verify a PDA with bump, using the cheap
create_program_addresspath. - verify_
pda_ cached - Verify a PDA by reading the bump from account data at a known offset.