lez-programs/programs/stablecoin/src/withdraw_collateral.rs

use nssa_core::{
    account::{Account, AccountWithMetadata, Data},
    program::{AccountPostState, ChainedCall, ProgramId},
};
use stablecoin_core::{verify_position_and_get_seed, verify_position_vault_and_get_seed, Position};
use token_core::TokenHolding;

/// Withdraw `amount` collateral tokens from `position`'s vault back to `destination`.
///
/// Decreases `Position.collateral_amount` by `amount` and emits a single chained
/// `Token::Transfer` from the vault to `destination`, authorized by the vault
/// PDA seed. The position post-state uses plain [`AccountPostState::new`] —
/// the initial PDA claim already happened in
/// [`crate::open_position::open_position`].
///
/// Until issues #95 / #96 / #97 land (redemption price, price feed, stability
/// fee accrual), this instruction hard-asserts `Position.debt_amount == 0`.
/// When those land, this guard is replaced by real fee accrual + a
/// collateralization-ratio check against the post-withdrawal collateral.
///
/// # Panics
/// - `owner` is not authorized.
/// - `position` is uninitialized, not owned by `stablecoin_program_id`, holds data that does not
///   decode as a [`Position`], or sits at an address that does not match
///   `compute_position_pda(stablecoin_program_id, owner, Position.collateral_definition_id)`.
/// - `vault` sits at an address that does not match
///   `compute_position_vault_pda(stablecoin_program_id, position_id)`, or holds a [`TokenHolding`]
///   whose `definition_id` does not match the position's collateral definition.
/// - `destination` is uninitialized, owned by a different Token Program than the vault, or holds a
///   [`TokenHolding`] whose `definition_id` does not match the position's collateral definition.
/// - `Position.debt_amount` is non-zero.
/// - `amount > Position.collateral_amount`.
pub fn withdraw_collateral(
    owner: AccountWithMetadata,
    position: AccountWithMetadata,
    vault: AccountWithMetadata,
    destination: AccountWithMetadata,
    stablecoin_program_id: ProgramId,
    amount: u128,
) -> (Vec<AccountPostState>, Vec<ChainedCall>) {
    assert!(owner.is_authorized, "Owner authorization is missing");
    assert_ne!(
        position.account,
        Account::default(),
        "Position account must be initialized"
    );
    assert_eq!(
        position.account.program_owner, stablecoin_program_id,
        "Position is not owned by this stablecoin program"
    );

    let position_data = Position::try_from(&position.account.data)
        .expect("Position account must hold valid Position state");
    // `verify_position_and_get_seed` asserts the position address matches the
    // (owner, collateral_definition) PDA derivation. We do not use the seed
    // downstream — the position is already PDA-claimed.
    let _position_seed = verify_position_and_get_seed(
        &position,
        &owner,
        position_data.collateral_definition_id,
        stablecoin_program_id,
    );
    let vault_seed =
        verify_position_vault_and_get_seed(&vault, position.account_id, stablecoin_program_id);

    let vault_holding = TokenHolding::try_from(&vault.account.data)
        .expect("Vault account must hold a valid TokenHolding");
    assert_eq!(
        vault_holding.definition_id(),
        position_data.collateral_definition_id,
        "Vault token holding is not for the position's collateral definition"
    );

    let token_program_id = vault.account.program_owner;
    assert_ne!(
        destination.account,
        Account::default(),
        "Destination must be initialized"
    );
    assert_eq!(
        destination.account.program_owner, token_program_id,
        "Destination must be owned by the same Token Program as the vault"
    );
    let destination_holding = TokenHolding::try_from(&destination.account.data)
        .expect("Destination account must hold a valid TokenHolding");
    assert_eq!(
        destination_holding.definition_id(),
        position_data.collateral_definition_id,
        "Destination token definition does not match the position's collateral definition"
    );

    assert_eq!(
        position_data.debt_amount, 0,
        "withdraw_collateral with debt is not supported yet — stability fee accrual and collateralization check land with #97/#96"
    );
    let new_collateral = position_data
        .collateral_amount
        .checked_sub(amount)
        .expect("Withdrawal amount exceeds position collateral");

    let updated_position = Position {
        collateral_vault_id: position_data.collateral_vault_id,
        collateral_definition_id: position_data.collateral_definition_id,
        collateral_amount: new_collateral,
        debt_amount: position_data.debt_amount,
    };
    let mut position_post = position.account.clone();
    position_post.data = Data::from(&updated_position);

    let post_states = vec![
        AccountPostState::new(owner.account),
        AccountPostState::new(position_post),
        AccountPostState::new(vault.account.clone()),
        AccountPostState::new(destination.account.clone()),
    ];

    let mut vault_authorized = vault.clone();
    vault_authorized.is_authorized = true;
    let transfer_call = ChainedCall::new(
        token_program_id,
        vec![vault_authorized, destination],
        &token_core::Instruction::Transfer {
            amount_to_transfer: amount,
        },
    )
    .with_pda_seeds(vec![vault_seed]);

    (post_states, vec![transfer_call])
}
feat(stablecoin): implement `withdraw_collateral` closes #92 2026-05-19 15:59:10 +02:00			`use nssa_core::{`
			`account::{Account, AccountWithMetadata, Data},`
			`program::{AccountPostState, ChainedCall, ProgramId},`
			`};`
			`use stablecoin_core::{verify_position_and_get_seed, verify_position_vault_and_get_seed, Position};`
			`use token_core::TokenHolding;`

			/// Withdraw `amount` collateral tokens from `position`'s vault back to `destination`.
			`///`
			/// Decreases `Position.collateral_amount` by `amount` and emits a single chained
			/// `Token::Transfer` from the vault to `destination`, authorized by the vault
			/// PDA seed. The position post-state uses plain [`AccountPostState::new`] —
			`/// the initial PDA claim already happened in`
			/// [`crate::open_position::open_position`].
			`///`
			`/// Until issues #95 / #96 / #97 land (redemption price, price feed, stability`
			/// fee accrual), this instruction hard-asserts `Position.debt_amount == 0`.
			`/// When those land, this guard is replaced by real fee accrual + a`
			`/// collateralization-ratio check against the post-withdrawal collateral.`
			`///`
			`/// # Panics`
			/// - `owner` is not authorized.
			/// - `position` is uninitialized, not owned by `stablecoin_program_id`, holds data that does not
			/// decode as a [`Position`], or sits at an address that does not match
			/// `compute_position_pda(stablecoin_program_id, owner, Position.collateral_definition_id)`.
			/// - `vault` sits at an address that does not match
			/// `compute_position_vault_pda(stablecoin_program_id, position_id)`, or holds a [`TokenHolding`]
			/// whose `definition_id` does not match the position's collateral definition.
			/// - `destination` is uninitialized, owned by a different Token Program than the vault, or holds a
			/// [`TokenHolding`] whose `definition_id` does not match the position's collateral definition.
			/// - `Position.debt_amount` is non-zero.
			/// - `amount > Position.collateral_amount`.
			`pub fn withdraw_collateral(`
			`owner: AccountWithMetadata,`
			`position: AccountWithMetadata,`
			`vault: AccountWithMetadata,`
			`destination: AccountWithMetadata,`
			`stablecoin_program_id: ProgramId,`
			`amount: u128,`
			`) -> (Vec<AccountPostState>, Vec<ChainedCall>) {`
			`assert!(owner.is_authorized, "Owner authorization is missing");`
			`assert_ne!(`
			`position.account,`
			`Account::default(),`
			`"Position account must be initialized"`
			`);`
			`assert_eq!(`
			`position.account.program_owner, stablecoin_program_id,`
			`"Position is not owned by this stablecoin program"`
			`);`

			`let position_data = Position::try_from(&position.account.data)`
			`.expect("Position account must hold valid Position state");`
			// `verify_position_and_get_seed` asserts the position address matches the
			`// (owner, collateral_definition) PDA derivation. We do not use the seed`
			`// downstream — the position is already PDA-claimed.`
			`let _position_seed = verify_position_and_get_seed(`
			`&position,`
			`&owner,`
			`position_data.collateral_definition_id,`
			`stablecoin_program_id,`
			`);`
			`let vault_seed =`
			`verify_position_vault_and_get_seed(&vault, position.account_id, stablecoin_program_id);`

			`let vault_holding = TokenHolding::try_from(&vault.account.data)`
			`.expect("Vault account must hold a valid TokenHolding");`
			`assert_eq!(`
			`vault_holding.definition_id(),`
			`position_data.collateral_definition_id,`
			`"Vault token holding is not for the position's collateral definition"`
			`);`

			`let token_program_id = vault.account.program_owner;`
			`assert_ne!(`
			`destination.account,`
			`Account::default(),`
			`"Destination must be initialized"`
			`);`
			`assert_eq!(`
			`destination.account.program_owner, token_program_id,`
			`"Destination must be owned by the same Token Program as the vault"`
			`);`
			`let destination_holding = TokenHolding::try_from(&destination.account.data)`
			`.expect("Destination account must hold a valid TokenHolding");`
			`assert_eq!(`
			`destination_holding.definition_id(),`
			`position_data.collateral_definition_id,`
			`"Destination token definition does not match the position's collateral definition"`
			`);`

			`assert_eq!(`
			`position_data.debt_amount, 0,`
			`"withdraw_collateral with debt is not supported yet — stability fee accrual and collateralization check land with #97/#96"`
			`);`
			`let new_collateral = position_data`
			`.collateral_amount`
			`.checked_sub(amount)`
			`.expect("Withdrawal amount exceeds position collateral");`

			`let updated_position = Position {`
			`collateral_vault_id: position_data.collateral_vault_id,`
			`collateral_definition_id: position_data.collateral_definition_id,`
			`collateral_amount: new_collateral,`
			`debt_amount: position_data.debt_amount,`
			`};`
			`let mut position_post = position.account.clone();`
			`position_post.data = Data::from(&updated_position);`

			`let post_states = vec![`
			`AccountPostState::new(owner.account),`
			`AccountPostState::new(position_post),`
			`AccountPostState::new(vault.account.clone()),`
			`AccountPostState::new(destination.account.clone()),`
			`];`

			`let mut vault_authorized = vault.clone();`
			`vault_authorized.is_authorized = true;`
			`let transfer_call = ChainedCall::new(`
			`token_program_id,`
			`vec![vault_authorized, destination],`
			`&token_core::Instruction::Transfer {`
			`amount_to_transfer: amount,`
			`},`
			`)`
			`.with_pda_seeds(vec![vault_seed]);`

			`(post_states, vec![transfer_call])`
			`}`