From ffc583b0b10b976ead6265f352c2b1c4fa6e1134 Mon Sep 17 00:00:00 2001
From: brooksjeremy7 <92278656+brooksjeremy7@users.noreply.github.com>
Date: Wed, 25 Jun 2025 07:27:27 -0700
Subject: [PATCH] fix: Added verificaiton for the token account owner to ensure
 it's the passed in authority

---
 programs/conditional_vault/src/error.rs               | 4 +++-
 programs/conditional_vault/src/instructions/common.rs | 8 +++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/programs/conditional_vault/src/error.rs b/programs/conditional_vault/src/error.rs
index e5e970e01..d7e2aad57 100644
--- a/programs/conditional_vault/src/error.rs
+++ b/programs/conditional_vault/src/error.rs
@@ -34,4 +34,6 @@ pub enum VaultError {
     QuestionAlreadyResolved,
     #[msg("Conditional token metadata already set")]
     ConditionalTokenMetadataAlreadySet,
-}
+    #[msg("Conditional token account is not owned by the authority")]
+    UnauthorizedConditionalTokenAccount,
+}
\ No newline at end of file
diff --git a/programs/conditional_vault/src/instructions/common.rs b/programs/conditional_vault/src/instructions/common.rs
index 330d1f8b4..86cb1e9bb 100644
--- a/programs/conditional_vault/src/instructions/common.rs
+++ b/programs/conditional_vault/src/instructions/common.rs
@@ -65,9 +65,15 @@ impl<'info, 'c: 'info> InteractWithVault<'info> {
                 VaultError::ConditionalTokenMintMismatch
             );
 
+            require_eq!(
+                user_conditional_token_account.owner,
+                ctx.accounts.authority.key(),
+                VaultError::UnauthorizedConditionalTokenAccount
+            );
+
             user_conditional_token_accounts.push(user_conditional_token_account);
         }
 
         Ok((conditional_token_mints, user_conditional_token_accounts))
     }
-}
+}
\ No newline at end of file