Seedling

Seedling is a staking program that creates per-user vault PDAs for deposited tokens. Stake, wait, unstake — simple enough. The program runs, tests pass, and the math checks out.

But look closely at how accounts are derived. There might be a way to access something you shouldn't.

Program Derived Addresses are the backbone of account ownership in Solana. The seeds used to derive a PDA determine who can access what. If the derivation is too loose, accounts that should be isolated may not be.

This challenge requires you to think about account identity and what makes a PDA truly unique to a user.