From df7593019137e78d91f4b636cca58588df15f870 Mon Sep 17 00:00:00 2001
From: Jack Chuma <jack.chuma@coinbase.com>
Date: Mon, 5 Jan 2026 10:37:04 -0500
Subject: [PATCH 1/2] add warning for base -> solana relaying

---
 docs/base-chain/quickstart/base-solana-bridge.mdx | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/base-chain/quickstart/base-solana-bridge.mdx b/docs/base-chain/quickstart/base-solana-bridge.mdx
index bcc6e1cc..b9e2af7d 100644
--- a/docs/base-chain/quickstart/base-solana-bridge.mdx
+++ b/docs/base-chain/quickstart/base-solana-bridge.mdx
@@ -151,6 +151,16 @@ await client.writeContract({
 Burn wrapped tokens on Base, wait for the message to become provable, then execute the proof on
 Solana to unlock the native asset. This path offers full custody and requires a prover.
 
+<Warning>
+If you operate a relayer that signs and submits Solana transactions for users in the **Base → Solana**
+direction, do **not** sign transactions that require your relayer pubkey as a signer.
+
+A malicious user can encode a transaction that includes your relayer pubkey as a required signer; if
+you sign and submit it, you may unintentionally authorize arbitrary instructions (including ones
+that can steal relayer funds). As a baseline mitigation, ignore any transaction that specifies your
+pubkey as a signer.
+</Warning>
+
 <GithubRepoCard title="Base → Solana Example" githubUrl="https://github.com/base/bridge/blob/main/scripts/src/internal/sol/base.ts" />
 
 ```typescript bridgeSolFromBaseToSolana/index.ts expandable

From bdf1c8e6895db71b22d7ad0a12774357d9feb51e Mon Sep 17 00:00:00 2001
From: Jack Chuma <jack.chuma@coinbase.com>
Date: Mon, 5 Jan 2026 10:51:19 -0500
Subject: [PATCH 2/2] adjust warning location

---
 .../quickstart/base-solana-bridge.mdx         | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/base-chain/quickstart/base-solana-bridge.mdx b/docs/base-chain/quickstart/base-solana-bridge.mdx
index b9e2af7d..244e7739 100644
--- a/docs/base-chain/quickstart/base-solana-bridge.mdx
+++ b/docs/base-chain/quickstart/base-solana-bridge.mdx
@@ -151,16 +151,6 @@ await client.writeContract({
 Burn wrapped tokens on Base, wait for the message to become provable, then execute the proof on
 Solana to unlock the native asset. This path offers full custody and requires a prover.
 
-<Warning>
-If you operate a relayer that signs and submits Solana transactions for users in the **Base → Solana**
-direction, do **not** sign transactions that require your relayer pubkey as a signer.
-
-A malicious user can encode a transaction that includes your relayer pubkey as a required signer; if
-you sign and submit it, you may unintentionally authorize arbitrary instructions (including ones
-that can steal relayer funds). As a baseline mitigation, ignore any transaction that specifies your
-pubkey as a signer.
-</Warning>
-
 <GithubRepoCard title="Base → Solana Example" githubUrl="https://github.com/base/bridge/blob/main/scripts/src/internal/sol/base.ts" />
 
 ```typescript bridgeSolFromBaseToSolana/index.ts expandable
@@ -198,6 +188,16 @@ const relayIx = getRelayMessageInstruction({ message: messagePda });
 await buildAndSendTransaction(SOLANA_RPC_URL, [proveIx, relayIx], payer);
 ```
 
+<Warning>
+If you operate a relayer that signs and submits Solana transactions for users in the **Base → Solana**
+direction, do **not** sign transactions that require your relayer pubkey as a signer.
+
+A malicious user can encode a transaction that includes your relayer pubkey as a required signer; if
+you sign and submit it, you may unintentionally authorize arbitrary instructions (including ones
+that can steal relayer funds). As a baseline mitigation, ignore any transaction that specifies your
+pubkey as a signer.
+</Warning>
+
 ## Utilities
 
 The repository includes utilities for converting between Solana and Base address formats,