Project 2: Poll account is not validated in InitializeCandidate instruction

[die-kreatur]

In the InitializeCandidate instruction, the poll_account field is not constrained using PDA seeds (seeds / bump).
As a result, a candidate can be created with any poll_account, it might be a wrong poll_id or non-existing one as well. Adding a PDA constraint to the poll_account would ensure that the poll exists and matches the provided poll_id.

The code:

#[derive(Accounts)]
#[instruction(poll_id: u64, candidate: String)]
pub struct InitializeCandidate<'info> {
    #[account(mut)]
    pub signer: Signer<'info>,

    pub poll_account: Account<'info, PollAccount>,

    #[account(
        init,
        payer = signer,
        space = 8 + CandidateAccount::INIT_SPACE,
        seeds = [poll_id.to_le_bytes().as_ref(), candidate.as_ref()],
        bump
    )]
    pub candidate_account: Account<'info, CandidateAccount>,

    pub system_program: Program<'info, System>,
}