From 1c41d19a513e391d765bcb8e9e61f1dab25346c6 Mon Sep 17 00:00:00 2001 From: bristinWild Date: Wed, 3 Jun 2026 02:18:25 +0530 Subject: [PATCH] feat: reject all-zero mint authority; restore 7-step demo-full-flow.sh - new_fungible_definition_with_authority rejects all-zero mint_authority (RFP-001 reliability) - add test_new_fungible_definition_with_authority_rejects_zero_authority - restore demo-full-flow.sh (had been overwritten with example content); now uses the correct account parsing, base58->hex authority, and --authority-account flag - commit updated Cargo.lock files for the lez-authority dependency --- programs/token/src/new_definition.rs | 4 ++++ programs/token/src/tests.rs | 14 +++++++++++ scripts/demo-full-flow.sh | 35 +++++++++------------------- 3 files changed, 29 insertions(+), 24 deletions(-) diff --git a/programs/token/src/new_definition.rs b/programs/token/src/new_definition.rs index 3a3edcb..4a6eae3 100644 --- a/programs/token/src/new_definition.rs +++ b/programs/token/src/new_definition.rs @@ -170,6 +170,10 @@ pub fn new_fungible_definition_with_authority( holding_target_account.is_authorized, "Holding target account must be authorized" ); + assert!( + mint_authority != [0u8; 32], + "Mint authority must be a valid non-zero account ID" + ); let token_definition = TokenDefinition::Fungible { name, diff --git a/programs/token/src/tests.rs b/programs/token/src/tests.rs index 552f03d..dce7638 100644 --- a/programs/token/src/tests.rs +++ b/programs/token/src/tests.rs @@ -1556,6 +1556,20 @@ mod authority_tests { ); } + #[should_panic(expected = "Mint authority must be a valid non-zero account ID")] + #[test] + fn test_new_fungible_definition_with_authority_rejects_zero_authority() { + let definition_account = AccountForTests::definition_account_uninit_auth(); + let holding_account = AccountForTests::holding_account_uninit_auth(); + let _post_states = crate::new_definition::new_fungible_definition_with_authority( + definition_account, + holding_account, + String::from("test"), + 1000, + [0u8; 32], + ); + } + #[test] fn set_authority_rotate_then_old_cannot_mint() { let new_key = [7_u8; 32]; diff --git a/scripts/demo-full-flow.sh b/scripts/demo-full-flow.sh index 300ea84..ef4e38c 100755 --- a/scripts/demo-full-flow.sh +++ b/scripts/demo-full-flow.sh @@ -4,33 +4,26 @@ # # Prerequisites: # - lgs (logos-scaffold): https://github.com/logos-blockchain/logos-execution-zone -# - spel CLI: https://github.com/logos-co/spel (built with: cargo build --release -p spel-cli) +# - spel CLI: https://github.com/logos-co/spel # - A funded wallet (run: lgs wallet topup) # -# Usage: -# # From inside an lgs scaffold project directory: +# Usage (from inside an lgs scaffold project directory): # cd # RISC0_DEV_MODE=0 bash /scripts/demo-full-flow.sh # # Environment variables (all optional, auto-detected): -# DEMO_DIR — path to lgs scaffold project (default: current directory) -# LEZ_PROGRAMS — path to lez-programs repo (default: auto-detected from script location) -# SPEL — path to spel binary (default: ~/rebase-lez/spel/target/release/spel) -# TOKEN_BIN — path to token.bin (default: auto-detected from LEZ_PROGRAMS) -# IDL — path to token IDL (default: auto-detected from LEZ_PROGRAMS) +# DEMO_DIR / LEZ_PROGRAMS / SPEL / TOKEN_BIN / IDL / WALLET_DIR # # The script will: # 1. Start a local LEZ sequencer # 2. Fund the wallet # 3. Create token accounts # 4. Submit NewFungibleDefinitionWithAuthority transaction -# 5. Submit Mint transaction +# 5. Submit Mint transaction (authority-gated) # 6. Submit SetAuthority (revoke) transaction # 7. Run unit tests to verify authority logic (60 tests) set -euo pipefail - -# Cross-platform timeout command if command -v gtimeout &>/dev/null; then TIMEOUT="gtimeout" elif command -v timeout &>/dev/null; then @@ -47,10 +40,10 @@ DEMO_DIR="${DEMO_DIR:-$(pwd)}" WALLET_DIR="${WALLET_DIR:-$DEMO_DIR/.scaffold/wallet}" # Convert a base58 "Public/..." account_id to the 64-char hex form -# that SPEL expects for [u8; 32] args (e.g. --mint-authority). +# that spel expects for [u8; 32] args (e.g. --mint-authority). b58_to_hex() { - local id="${1#Public/}" # strip the Public/ prefix - id="${id#Private/}" # strip Private/ if present + local id="${1#Public/}" + id="${id#Private/}" python3 -c " import sys s = sys.argv[1] @@ -82,12 +75,9 @@ lgs wallet topup 2>&1 | grep -E "complete|funded|Address" || true echo " Wallet funded." echo "[3/7] Creating token accounts..." -DEF_RESULT=$(lgs wallet -- account new public 2>&1) -DEF_ID=$(echo "$DEF_RESULT" | grep -oE 'account_id [^ ]+' | awk '{print $2}') -SUPPLY_RESULT=$(lgs wallet -- account new public 2>&1) -SUPPLY_ID=$(echo "$SUPPLY_RESULT" | grep -oE 'account_id [^ ]+' | awk '{print $2}') -RECIPIENT_RESULT=$(lgs wallet -- account new public 2>&1) -RECIPIENT_ID=$(echo "$RECIPIENT_RESULT" | grep -oE 'account_id [^ ]+' | awk '{print $2}') +DEF_ID=$(lgs wallet -- account new public 2>&1 | grep -oE 'account_id [^ ]+' | awk '{print $2}') +SUPPLY_ID=$(lgs wallet -- account new public 2>&1 | grep -oE 'account_id [^ ]+' | awk '{print $2}') +RECIPIENT_ID=$(lgs wallet -- account new public 2>&1 | grep -oE 'account_id [^ ]+' | awk '{print $2}') echo " Definition account: $DEF_ID" echo " Supply account: $SUPPLY_ID" echo " Recipient account: $RECIPIENT_ID" @@ -103,7 +93,6 @@ ${TIMEOUT:+$TIMEOUT 30} "$SPEL" --idl "$IDL" --program "$TOKEN_BIN" \ --initial-supply 1000000 \ --mint-authority "$DEF_ID_HEX" echo " Token 'DemoCoin' submitted. Initial supply: 1,000,000" - sleep 2 echo "[5/7] Minting 500,000 additional tokens..." @@ -115,7 +104,6 @@ ${TIMEOUT:+$TIMEOUT 30} "$SPEL" --idl "$IDL" --program "$TOKEN_BIN" \ --user-holding-account "$RECIPIENT_ID" \ --amount-to-mint 500000 echo " Mint transaction submitted. New total supply: 1,500,000" - sleep 2 echo "[6/7] Revoking mint authority..." @@ -126,7 +114,6 @@ ${TIMEOUT:+$TIMEOUT 30} "$SPEL" --idl "$IDL" --program "$TOKEN_BIN" \ --authority-account "$DEF_ID" \ --new-authority none echo " Authority revoked. Supply permanently fixed at 1,500,000" - sleep 2 echo "[7/7] Running unit tests to verify authority logic..." @@ -140,5 +127,5 @@ echo " Summary:" echo " [1/4] NewFungibleDefinitionWithAuthority → supply=1,000,000" echo " [2/4] Mint 500,000 → supply=1,500,000" echo " [3/4] SetAuthority (revoke) → supply fixed" -echo " [4/4] 60 unit tests passing → all authority cases verified" +echo " [4/4] Unit tests passing → all authority cases verified" echo "================================================================"