mirror of
https://github.com/logos-blockchain/lez-programs.git
synced 2026-07-03 21:49:28 +00:00
Second review round on PR #125 (LP-0013): - set_authority now rejects foreign-owned definitions. It takes the ProgramContext and asserts definition_account.program_owner == self_program_id, matching mint and initialize_account. Without this a foreign-owned account with token-shaped data could have its authority field rewritten. Added test_set_authority_rejects_foreign_owned_definition. - demo-full-flow.sh now calls instruction and flag names that exist in the regenerated token IDL: new-fungible-definition (was the nonexistent new-fungible-definition-with-authority), --total-supply (was --initial-supply), and drops --authority-account for the self-authority mint/set-authority path (the rest account is --authority-accounts and is empty when the definition is its own authority). - Stripped a trailing-space lint nit in docs/LP-0013-README.md.
76 lines
2.9 KiB
Rust
76 lines
2.9 KiB
Rust
use lez_authority::Ownable;
|
|
use nssa_core::{
|
|
account::{AccountId, AccountWithMetadata, Data},
|
|
program::{AccountPostState, ProgramId},
|
|
};
|
|
use token_core::TokenDefinition;
|
|
|
|
pub fn set_authority(
|
|
definition_account: AccountWithMetadata,
|
|
new_authority: Option<AccountId>,
|
|
authority_accounts: Vec<AccountWithMetadata>,
|
|
token_program_id: ProgramId,
|
|
) -> Vec<AccountPostState> {
|
|
assert_eq!(
|
|
definition_account.account.program_owner, token_program_id,
|
|
"Token definition must be owned by token program"
|
|
);
|
|
|
|
let mut definition = TokenDefinition::try_from(&definition_account.account.data)
|
|
.expect("Token Definition account must be valid");
|
|
|
|
match &mut definition {
|
|
TokenDefinition::Fungible { .. } => {
|
|
// The current mint authority must authorize this transaction. As in
|
|
// `mint`, the proof is either the definition account itself (empty
|
|
// `authority_accounts`, self/PDA authority) or an explicit external
|
|
// authority account (one entry), so a rotated authority can act.
|
|
let authority = authority_accounts.first().unwrap_or(&definition_account);
|
|
assert!(
|
|
authority.is_authorized,
|
|
"Mint authority must authorize the transaction"
|
|
);
|
|
let signer: [u8; 32] = authority
|
|
.account_id
|
|
.as_ref()
|
|
.try_into()
|
|
.expect("AccountId is always 32 bytes");
|
|
|
|
match new_authority {
|
|
Some(new) => {
|
|
let new_key: [u8; 32] = new
|
|
.as_ref()
|
|
.try_into()
|
|
.expect("AccountId is always 32 bytes");
|
|
assert!(
|
|
new_key != [0u8; 32],
|
|
"New mint authority must be a valid non-zero account ID"
|
|
);
|
|
definition
|
|
.transfer_ownership(signer, new_key)
|
|
.expect("SetAuthority failed");
|
|
}
|
|
None => {
|
|
definition
|
|
.renounce_ownership(signer)
|
|
.expect("SetAuthority failed");
|
|
}
|
|
}
|
|
}
|
|
TokenDefinition::NonFungible { .. } => {
|
|
panic!("SetAuthority is not supported for Non-Fungible Tokens");
|
|
}
|
|
}
|
|
|
|
let mut definition_post = definition_account.account;
|
|
definition_post.data = Data::from(&definition);
|
|
|
|
// Post-states match pre-state order/count: [definition, ...authority_accounts].
|
|
let mut post_states = Vec::with_capacity(authority_accounts.len().saturating_add(1));
|
|
post_states.push(AccountPostState::new(definition_post));
|
|
for authority in authority_accounts {
|
|
post_states.push(AccountPostState::new(authority.account));
|
|
}
|
|
post_states
|
|
}
|