lez-programs/programs/token/src/set_authority.rs
bristinWild 686a7d066a fix(token): owner-guard set_authority; align demo script to token IDL
Second review round on PR #125 (LP-0013):

- set_authority now rejects foreign-owned definitions. It takes the
  ProgramContext and asserts definition_account.program_owner ==
  self_program_id, matching mint and initialize_account. Without this a
  foreign-owned account with token-shaped data could have its authority
  field rewritten. Added test_set_authority_rejects_foreign_owned_definition.

- demo-full-flow.sh now calls instruction and flag names that exist in
  the regenerated token IDL: new-fungible-definition (was the nonexistent
  new-fungible-definition-with-authority), --total-supply (was
  --initial-supply), and drops --authority-account for the self-authority
  mint/set-authority path (the rest account is --authority-accounts and is
  empty when the definition is its own authority).

- Stripped a trailing-space lint nit in docs/LP-0013-README.md.
2026-07-02 01:20:32 +05:30

76 lines
2.9 KiB
Rust

use lez_authority::Ownable;
use nssa_core::{
account::{AccountId, AccountWithMetadata, Data},
program::{AccountPostState, ProgramId},
};
use token_core::TokenDefinition;
pub fn set_authority(
definition_account: AccountWithMetadata,
new_authority: Option<AccountId>,
authority_accounts: Vec<AccountWithMetadata>,
token_program_id: ProgramId,
) -> Vec<AccountPostState> {
assert_eq!(
definition_account.account.program_owner, token_program_id,
"Token definition must be owned by token program"
);
let mut definition = TokenDefinition::try_from(&definition_account.account.data)
.expect("Token Definition account must be valid");
match &mut definition {
TokenDefinition::Fungible { .. } => {
// The current mint authority must authorize this transaction. As in
// `mint`, the proof is either the definition account itself (empty
// `authority_accounts`, self/PDA authority) or an explicit external
// authority account (one entry), so a rotated authority can act.
let authority = authority_accounts.first().unwrap_or(&definition_account);
assert!(
authority.is_authorized,
"Mint authority must authorize the transaction"
);
let signer: [u8; 32] = authority
.account_id
.as_ref()
.try_into()
.expect("AccountId is always 32 bytes");
match new_authority {
Some(new) => {
let new_key: [u8; 32] = new
.as_ref()
.try_into()
.expect("AccountId is always 32 bytes");
assert!(
new_key != [0u8; 32],
"New mint authority must be a valid non-zero account ID"
);
definition
.transfer_ownership(signer, new_key)
.expect("SetAuthority failed");
}
None => {
definition
.renounce_ownership(signer)
.expect("SetAuthority failed");
}
}
}
TokenDefinition::NonFungible { .. } => {
panic!("SetAuthority is not supported for Non-Fungible Tokens");
}
}
let mut definition_post = definition_account.account;
definition_post.data = Data::from(&definition);
// Post-states match pre-state order/count: [definition, ...authority_accounts].
let mut post_states = Vec::with_capacity(authority_accounts.len().saturating_add(1));
post_states.push(AccountPostState::new(definition_post));
for authority in authority_accounts {
post_states.push(AccountPostState::new(authority.account));
}
post_states
}