How to verify accounts in a Solana program
Since programs in Solana are stateless, we as a program creator have to make sure the accounts passed are validated as much as possible to avoid any malicious account entry. The basic checks one can do are
- Check if the expected signer account has actually signed
- Check if the expected state account's have been checked as writable
- Check if the expected state account's owner is the called program id
- If initializing the state for the first time, check if the account's already been initialized or not.
- Check if any cross program ids passed (whenever needed) are as expected.
A basic instruction which initializes a hero state account, but with the above mentioned checks is defined below