Solana Anchor How to test different Signers interacting with program functions

Question

How can I test in Solana Anchor if a hacker can call or invoke certain program functions?

Is it by changing the first element inside the signers array:

await program.rpc.initializeProgram(
 arg1, arg2, ... {
 accounts: {...}
 signers: [keypair1, keypair2, ... keypairN],
)

But in some tutorial cases, this signers array are omitted... Where in Anchor can I set the caller's keypair that is used to sign the transaction?

See example Anchor codes from https://project-serum.github.io/anchor/tutorials/tutorial-1

keywords: smart contract, security test

Answer 1

For your anchor tests, it will use the provider.wallet as the payer and thus automatically use the provider.wallet as the signer.

You can also add signers to your javascript calls through the signers array field incase your program requires them to be signers.

Tutorial 1 is not a realistic example here, since anyone can come in and modify the accounts.

By default the anchor tests use the provider.wallet as the payer and signer for transactions. If you want to use another wallet, you would have to create another anchor program instance, follow the function below.

import * as anchor from '@project-serum/anchor';
import { provider, program } from '../config';

export function programPaidBy(payer: anchor.web3.Keypair): anchor.Program {
  const newProvider = new anchor.Provider(provider.connection, new anchor.Wallet(payer), {});

  return new anchor.Program(program.idl as anchor.Idl, program.programId, newProvider)
}

Answer 2

If you want to change feePayer instead of using this:

   let tx = await program.methods.initializeProgram().rpc() 

you can use this:

let tx = await program.methods.initializeProgram().transaction();      
tx.feePayer = user.publicKey;
const txID = await connection.sendTransaction(tx,[user , admin ]);
await connection.confirmTransaction(txID);