bristinWild fe4c7a96da feat(token): add mint authority model to token program
Add an optional mint authority to fungible tokens for controlled supply:
create with a designated minter, mint additional supply, rotate the
authority to a new key, or permanently revoke it to fix the supply.

The authority is stored inline on `TokenDefinition::Fungible` as
`authority: Option<AccountId>` (`Some(id)` = mintable by `id`, `None` =
fixed supply). Keeping it a plain `Option<AccountId>` rather than a custom
wrapper type leaves account state decodable by `spel inspect`; the
require/rotate/revoke guard logic lives inline in the handlers.

LEZ rejects a transaction that lists the same account id twice, so one
instruction cannot statically express both "the definition account is the
authority and signs" (self/PDA authority) and "a distinct rotated account
signs" (external authority) — they need opposite signer markers. Each
privileged operation is therefore split into a self and an external
variant:

- `Mint` / `SetAuthority` — the definition account is the signer.
- `MintWithAuthority` / `SetAuthorityWithAuthority` — a distinct authority
  account is the signer; the definition account does not sign.

Creation via `NewFungibleDefinition { mint_authority, .. }`; an all-zero
authority id is rejected. The AMM's LP token uses self/PDA authority — its
stored authority is the LP definition PDA, minted only by the pool via
chained calls.

Covered by token unit tests and zkVM integration tests: creation with and
without an authority, self- and external-authority mint, rotation, and
external rotate/revoke. IDLs regenerated.
2026-07-02 19:19:23 +02:00

106 lines
3.1 KiB
Rust

use nssa_core::{
account::{AccountWithMetadata, Data},
program::AccountPostState,
};
use token_core::{TokenDefinition, TokenHolding};
pub fn burn(
definition_account: AccountWithMetadata,
user_holding_account: AccountWithMetadata,
amount_to_burn: u128,
) -> Vec<AccountPostState> {
assert!(
user_holding_account.is_authorized,
"Authorization is missing"
);
let mut definition = TokenDefinition::try_from(&definition_account.account.data)
.expect("Token Definition account must be valid");
let mut holding = TokenHolding::try_from(&user_holding_account.account.data)
.expect("Token Holding account must be valid");
assert_eq!(
definition_account.account_id,
holding.definition_id(),
"Mismatch Token Definition and Token Holding"
);
match (&mut definition, &mut holding) {
(
TokenDefinition::Fungible {
name: _,
metadata_id: _,
total_supply,
authority: _,
},
TokenHolding::Fungible {
definition_id: _,
balance,
},
) => {
*balance = balance
.checked_sub(amount_to_burn)
.expect("Insufficient balance to burn");
*total_supply = total_supply
.checked_sub(amount_to_burn)
.expect("Total supply underflow");
}
(
TokenDefinition::NonFungible {
name: _,
printable_supply,
metadata_id: _,
},
TokenHolding::NftMaster {
definition_id: _,
print_balance,
},
) => {
*printable_supply = printable_supply
.checked_sub(amount_to_burn)
.expect("Printable supply underflow");
*print_balance = print_balance
.checked_sub(amount_to_burn)
.expect("Insufficient balance to burn");
}
(
TokenDefinition::NonFungible {
name: _,
printable_supply,
metadata_id: _,
},
TokenHolding::NftPrintedCopy {
definition_id: _,
owned,
},
) => {
assert_eq!(
amount_to_burn, 1,
"Invalid balance to burn for NFT Printed Copy"
);
assert!(*owned, "Cannot burn unowned NFT Printed Copy");
*printable_supply = printable_supply
.checked_sub(1)
.expect("Printable supply underflow");
*owned = false;
}
_ => panic!("Mismatched Token Definition and Token Holding types"),
}
let mut definition_post = definition_account.account;
definition_post.data = Data::from(&definition);
let mut holding_post = user_holding_account.account;
holding_post.data = Data::from(&holding);
vec![
AccountPostState::new(definition_post),
AccountPostState::new(holding_post),
]
}