From 97f2e93f8a96046cd3e0275ec1d7b939ee91a4fc Mon Sep 17 00:00:00 2001 From: jonesmarvin8 <83104039+jonesmarvin8@users.noreply.github.com> Date: Thu, 4 Dec 2025 21:55:12 -0500 Subject: [PATCH 01/20] initialize branch --- nssa/program_methods/guest/src/bin/token.rs | 89 +++++++++++++++++++++ 1 file changed, 89 insertions(+) diff --git a/nssa/program_methods/guest/src/bin/token.rs b/nssa/program_methods/guest/src/bin/token.rs index 821438a..8050d34 100644 --- a/nssa/program_methods/guest/src/bin/token.rs +++ b/nssa/program_methods/guest/src/bin/token.rs @@ -226,6 +226,54 @@ fn initialize_account(pre_states: &[AccountWithMetadata]) -> Vec { vec![definition_post, account_to_initialize_post] } +fn burn(pre_states: &[AccountWithMetadata], balance_to_burn: u128) -> Vec { + + if pre_states.len() != 2 { + panic!("Invalid number of accounts"); + } + + let definition = &pre_states[0]; + let user_holding = &pre_states[1]; + + let definition_values = + TokenDefinition::parse(&definition.account.data).expect("Definition account must be valid"); + let user_values = + TokenHolding::parse(&user_holding.account.data).expect("Token Holding account must be valid"); + + if definition.account_id != user_values.definition_id { + panic!("Mismatch token definition and token holding"); + } + + if !user_holding.is_authorized { + panic!("Authorization is missing"); + } + + if user_values.balance < balance_to_burn { + panic!("Insufficient balance to burn"); + } + + let mut post_user_holding = user_holding.account.clone(); + let mut post_definition = definition.account.clone(); + + post_user_holding.data = TokenHolding::into_data( + TokenHolding { + account_type: user_values.account_type, + definition_id: user_values.definition_id, + balance: user_values.balance - balance_to_burn, + } + ); + + post_definition.data = TokenDefinition::into_data( + TokenDefinition { + account_type: definition_values.account_type, + name: definition_values.name, + total_supply: definition_values.total_supply - balance_to_burn, + } + ); + + vec![post_definition, post_user_holding] +} + type Instruction = [u8; 23]; fn main() { @@ -273,6 +321,21 @@ fn main() { let post_states = initialize_account(&pre_states); (pre_states, post_states) } + 3 => { + let balance_to_burn = u128::from_le_bytes( + instruction[1..17] + .try_into() + .expect("Balance to burn must be 16 bytes little-endian"), + ); + let name: [u8; 6] = instruction[17..] + .try_into() + .expect("Name must be 6 bytes long"); + assert_eq!(name, [0; 6]); + + // Execute + let post_states = burn(&pre_states, balance_to_burn); + (pre_states, post_states) + } _ => panic!("Invalid instruction"), }; @@ -666,4 +729,30 @@ mod tests { ] ); } + + // TODO: create a burn test + /* + #[test] + fn test_token_burn_mismatch() { + let pre_states = vec![ + AccountWithMetadata { + account: Account { + + }, + is_authorized: false, + account_id: AccountId::new([1;32]); + }, + AccountWithMetadata { + account: Account { + account_type: + }, + is_authorized: true, + account_id: AccountId::new([2;32]); + } + ]; + } + */ + // Mismatch token types + // Insufficient balance + // Successful } From c6cde352035f8b5915099df455a9b3df2e693182 Mon Sep 17 00:00:00 2001 From: jonesmarvin8 <83104039+jonesmarvin8@users.noreply.github.com> Date: Fri, 5 Dec 2025 21:01:36 -0500 Subject: [PATCH 02/20] added burn/mint and tests --- nssa/program_methods/guest/src/bin/token.rs | 459 +++++++++++++++++++- 1 file changed, 437 insertions(+), 22 deletions(-) diff --git a/nssa/program_methods/guest/src/bin/token.rs b/nssa/program_methods/guest/src/bin/token.rs index 8050d34..830c53d 100644 --- a/nssa/program_methods/guest/src/bin/token.rs +++ b/nssa/program_methods/guest/src/bin/token.rs @@ -23,6 +23,16 @@ use nssa_core::{ // * Two accounts: [definition_account, account_to_initialize]. // * An dummy byte string of length 23, with the following layout // [0x02 || 0x00 || 0x00 || 0x00 || ... || 0x00 || 0x00]. +// 4. Burn tokens from a Toking Holding account (thus lowering total supply) +// Arguments to this function are: +// * Two accounts: [definition_account, holding_account]. +// * An instruction data byte string of length 23, indicating the balance to burn with the folloiwng layout +// [0x03 || amount (little-endian 16 bytes) || 0x00 || 0x00 || 0x00 || 0x00 || 0x00 || 0x00]. +// 5. Mint additional supply of tokens tokens to a Toking Holding account (thus increasing total supply) +// Arguments to this function are: +// * Two accounts: [definition_account, holding_account]. +// * An instruction data byte string of length 23, indicating the balance to mint with the folloiwng layout +// [0x04 || amount (little-endian 16 bytes) || 0x00 || 0x00 || 0x00 || 0x00 || 0x00 || 0x00]. const TOKEN_DEFINITION_TYPE: u8 = 0; const TOKEN_DEFINITION_DATA_SIZE: usize = 23; @@ -274,6 +284,58 @@ fn burn(pre_states: &[AccountWithMetadata], balance_to_burn: u128) -> Vec Vec { + if pre_states.len() != 2 { + panic!("Invalid number of accounts"); + } + + let definition = &pre_states[0]; + let token_holding = &pre_states[1]; + + if !definition.is_authorized { + panic!("Definition authorization is missing"); + } + + let definition_values = + TokenDefinition::parse(&definition.account.data).expect("Definition account must be valid"); + + let mut token_holding_post = token_holding.account.clone(); + + //TODO: add overflow protection + // TokenDefinition.supply_limit + amount_to_mint + + let token_holding_values: TokenHolding = if token_holding.account == Account::default() { + TokenHolding::new(&definition.account_id) + } else { TokenHolding::parse(&token_holding.account.data).expect("Holding account must be valid") }; + + if definition.account_id != token_holding_values.definition_id { + panic!("Mismatch token definition and token holding"); + } + + let mut post_definition = definition.account.clone(); + + let mut token_holding_post = token_holding.account.clone(); + + token_holding_post.data = TokenHolding::into_data( + TokenHolding { + account_type: token_holding_values.account_type, + definition_id: token_holding_values.definition_id, + balance: token_holding_values.balance + amount_to_mint, + } + ); + + post_definition.data = TokenDefinition::into_data( + TokenDefinition { + account_type: definition_values.account_type, + name: definition_values.name, + total_supply: definition_values.total_supply + amount_to_mint, + } + ); + + vec![post_definition, token_holding_post] +} + + type Instruction = [u8; 23]; fn main() { @@ -336,6 +398,21 @@ fn main() { let post_states = burn(&pre_states, balance_to_burn); (pre_states, post_states) } + 4 => { + let balance_to_mint = u128::from_le_bytes( + instruction[1..17] + .try_into() + .expect("Balance to burn must be 16 bytes little-endian"), + ); + let name: [u8; 6] = instruction[17..] + .try_into() + .expect("Name must be 6 bytes long"); + assert_eq!(name, [0; 6]); + + // Execute + let post_states = mint_additional_supply(&pre_states, balance_to_mint); + (pre_states, post_states) + } _ => panic!("Invalid instruction"), }; @@ -348,7 +425,8 @@ mod tests { use crate::{ TOKEN_DEFINITION_DATA_SIZE, TOKEN_HOLDING_DATA_SIZE, TOKEN_HOLDING_TYPE, - initialize_account, new_definition, transfer, + TOKEN_DEFINITION_TYPE, TokenDefinition, TokenHolding, + initialize_account, new_definition, transfer, burn, mint_additional_supply, }; #[should_panic(expected = "Invalid number of input accounts")] @@ -730,29 +808,366 @@ mod tests { ); } - // TODO: create a burn test - /* - #[test] - fn test_token_burn_mismatch() { - let pre_states = vec![ - AccountWithMetadata { - account: Account { + enum BalanceEnum { + init_supply, + holding_balance, + init_supply_burned, + holding_balance_burned, + burn_success, + burn_insufficient, + mint_success, + init_supply_mint, + holding_balance_mint, + } - }, - is_authorized: false, - account_id: AccountId::new([1;32]); - }, - AccountWithMetadata { + enum AccountsEnum { + definition_account_auth, + definition_account_not_auth, + holding_diff_def, + holding_same_def_auth, + holding_same_def_not_auth, + definition_account_post_burn, + holding_account_post_burn, + uninit, + init_mint, + definition_account_mint, + holding_same_def_mint, + } + + enum IdEnum { + pool_definition_id, + pool_definition_id_diff, + holding_id, + } + + fn helper_account_constructor(selection: AccountsEnum) -> AccountWithMetadata{ + match selection { + AccountsEnum::definition_account_auth => AccountWithMetadata { account: Account { - account_type: + program_owner: [5u32;8], + balance: 0u128, + data: TokenDefinition::into_data( + TokenDefinition { + account_type: TOKEN_DEFINITION_TYPE, + name: [2; 6], + total_supply: helper_balance_constructor(BalanceEnum::init_supply), + }), + nonce: 0, }, is_authorized: true, - account_id: AccountId::new([2;32]); - } - ]; + account_id: helper_id_constructor(IdEnum::pool_definition_id), + }, + AccountsEnum::definition_account_not_auth => AccountWithMetadata { + account: Account { + program_owner: [5u32; 8], + balance: 0u128, + data: TokenDefinition::into_data( + TokenDefinition { + account_type: TOKEN_DEFINITION_TYPE, + name: [2; 6], + total_supply: helper_balance_constructor(BalanceEnum::init_supply), + }), + nonce: 0, + }, + is_authorized: false, + account_id: helper_id_constructor(IdEnum::pool_definition_id), + }, + AccountsEnum::holding_diff_def => AccountWithMetadata { + account: Account { + program_owner: [5u32;8], + balance: 0u128, + data: TokenHolding::into_data( + TokenHolding { + account_type: TOKEN_HOLDING_TYPE, + definition_id: helper_id_constructor(IdEnum::pool_definition_id_diff), + balance: helper_balance_constructor(BalanceEnum::holding_balance), + } + ), + nonce: 0, + }, + is_authorized: true, + account_id: helper_id_constructor(IdEnum::holding_id), + }, + AccountsEnum::holding_same_def_auth => AccountWithMetadata { + account: Account { + program_owner: [5u32;8], + balance: 0u128, + data: TokenHolding::into_data( + TokenHolding { + account_type: TOKEN_HOLDING_TYPE, + definition_id: helper_id_constructor(IdEnum::pool_definition_id), + balance: helper_balance_constructor(BalanceEnum::holding_balance), + } + ), + nonce: 0, + }, + is_authorized: true, + account_id: helper_id_constructor(IdEnum::holding_id), + }, + AccountsEnum::holding_same_def_not_auth => AccountWithMetadata { + account: Account { + program_owner: [5u32;8], + balance: 0u128, + data: TokenHolding::into_data( + TokenHolding { + account_type: TOKEN_HOLDING_TYPE, + definition_id: helper_id_constructor(IdEnum::pool_definition_id), + balance: helper_balance_constructor(BalanceEnum::holding_balance), + } + ), + nonce: 0, + }, + is_authorized: false, + account_id: helper_id_constructor(IdEnum::holding_id), + }, + AccountsEnum::definition_account_post_burn => AccountWithMetadata { + account: Account { + program_owner: [5u32;8], + balance: 0u128, + data: TokenDefinition::into_data( + TokenDefinition { + account_type: TOKEN_DEFINITION_TYPE, + name: [2; 6], + total_supply: helper_balance_constructor(BalanceEnum::init_supply_burned), + }), + nonce: 0, + }, + is_authorized: true, + account_id: helper_id_constructor(IdEnum::pool_definition_id), + }, + AccountsEnum::holding_same_def_auth => AccountWithMetadata { + account: Account { + program_owner: [5u32;8], + balance: 0u128, + data: TokenHolding::into_data( + TokenHolding { + account_type: TOKEN_HOLDING_TYPE, + definition_id: helper_id_constructor(IdEnum::pool_definition_id), + balance: helper_balance_constructor(BalanceEnum::holding_balance), + } + ), + nonce: 0, + }, + is_authorized: true, + account_id: helper_id_constructor(IdEnum::holding_id), + }, + AccountsEnum::holding_account_post_burn => AccountWithMetadata { + account: Account { + program_owner: [5u32;8], + balance: 0u128, + data: TokenHolding::into_data( + TokenHolding { + account_type: TOKEN_HOLDING_TYPE, + definition_id: helper_id_constructor(IdEnum::pool_definition_id), + balance: helper_balance_constructor(BalanceEnum::holding_balance_burned), + } + ), + nonce: 0, + }, + is_authorized: false, + account_id: helper_id_constructor(IdEnum::holding_id), + }, + AccountsEnum::uninit => AccountWithMetadata { + account: Account::default(), + is_authorized: false, + account_id: helper_id_constructor(IdEnum::holding_id), + }, + AccountsEnum::init_mint => AccountWithMetadata { + account: Account { + program_owner: [0u32;8], + balance: 0u128, + data: TokenHolding::into_data( + TokenHolding { + account_type: TOKEN_HOLDING_TYPE, + definition_id: helper_id_constructor(IdEnum::pool_definition_id), + balance: helper_balance_constructor(BalanceEnum::mint_success), + } + ), + nonce: 0, + }, + is_authorized: false, + account_id: helper_id_constructor(IdEnum::holding_id), + }, + AccountsEnum::holding_same_def_mint => AccountWithMetadata { + account: Account { + program_owner: [5u32;8], + balance: 0u128, + data: TokenHolding::into_data( + TokenHolding { + account_type: TOKEN_HOLDING_TYPE, + definition_id: helper_id_constructor(IdEnum::pool_definition_id), + balance: helper_balance_constructor(BalanceEnum::holding_balance_mint), + } + ), + nonce: 0, + }, + is_authorized: true, + account_id: helper_id_constructor(IdEnum::pool_definition_id), + }, + AccountsEnum::definition_account_mint => AccountWithMetadata { + account: Account { + program_owner: [5u32;8], + balance: 0u128, + data: TokenDefinition::into_data( + TokenDefinition { + account_type: TOKEN_DEFINITION_TYPE, + name: [2; 6], + total_supply: helper_balance_constructor(BalanceEnum::init_supply_mint), + }), + nonce: 0, + }, + is_authorized: true, + account_id: helper_id_constructor(IdEnum::pool_definition_id), + }, + _ => panic!("Invalid selection") + } } - */ - // Mismatch token types - // Insufficient balance - // Successful -} + + fn helper_balance_constructor(selection: BalanceEnum) -> u128 { + match selection { + BalanceEnum::init_supply => 100_000, + BalanceEnum::holding_balance => 1_000, + BalanceEnum::init_supply_burned => 99_500, + BalanceEnum::holding_balance_burned => 500, + BalanceEnum::burn_success => 500, + BalanceEnum::burn_insufficient => 1_500, + BalanceEnum::mint_success => 50_000, + BalanceEnum::init_supply_mint => 150_000, + BalanceEnum::holding_balance_mint => 51_000, + _ => panic!("Invalid selection") + } + } + + fn helper_id_constructor(selection: IdEnum) -> AccountId { + match selection { + IdEnum::pool_definition_id => AccountId::new([15;32]), + IdEnum::pool_definition_id_diff => AccountId::new([16;32]), + IdEnum::holding_id => AccountId::new([17;32]), + } + } + + #[test] + #[should_panic(expected = "Invalid number of accounts")] + fn test_burn_invalid_number_of_accounts() { + let pre_states = vec![ + helper_account_constructor(AccountsEnum::definition_account_auth), + ]; + let _post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::burn_success)); + } + + #[test] + #[should_panic(expected = "Mismatch token definition and token holding")] + fn test_burn_mismatch_def() { + let pre_states = vec![ + helper_account_constructor(AccountsEnum::definition_account_auth), + helper_account_constructor(AccountsEnum::holding_diff_def), + ]; + let _post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::burn_success)); + } + + #[test] + #[should_panic(expected = "Authorization is missing")] + fn test_burn_missing_authorization() { + let pre_states = vec![ + helper_account_constructor(AccountsEnum::definition_account_auth), + helper_account_constructor(AccountsEnum::holding_same_def_not_auth), + ]; + let _post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::burn_success)); + } + + #[test] + #[should_panic(expected = "Insufficient balance to burn")] + fn test_burn_insufficient_balance() { + let pre_states = vec![ + helper_account_constructor(AccountsEnum::definition_account_auth), + helper_account_constructor(AccountsEnum::holding_same_def_auth), + ]; + let _post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::burn_insufficient)); + } + + #[test] + fn test_burn_success() { + let pre_states = vec![ + helper_account_constructor(AccountsEnum::definition_account_auth), + helper_account_constructor(AccountsEnum::holding_same_def_auth), + ]; + let post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::burn_success)); + + let def_post = post_states[0].clone(); + let holding_post = post_states[1].clone(); + + assert!(def_post == helper_account_constructor(AccountsEnum::definition_account_post_burn).account); + assert!(holding_post == helper_account_constructor(AccountsEnum::holding_account_post_burn).account); + } + + #[test] + #[should_panic(expected = "Invalid number of accounts")] + fn test_mint_invalid_number_of_accounts() { + let pre_states = vec![ + helper_account_constructor(AccountsEnum::definition_account_auth), + ]; + let _post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::mint_success)); + } + + #[test] + #[should_panic(expected = "Holding account must be valid")] + fn test_mint_not_valid_holding_account() { + let pre_states = vec![ + helper_account_constructor(AccountsEnum::definition_account_auth), + helper_account_constructor(AccountsEnum::definition_account_not_auth), + ]; + let _post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::mint_success)); + } + + #[test] + #[should_panic(expected = "Definition authorization is missing")] + fn test_mint_missing_authorization() { + let pre_states = vec![ + helper_account_constructor(AccountsEnum::definition_account_not_auth), + helper_account_constructor(AccountsEnum::holding_same_def_not_auth), + ]; + let _post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::mint_success)); + } + + #[test] + #[should_panic(expected = "Mismatch token definition and token holding")] + fn test_mint_mismatched_token_definition() { + let pre_states = vec![ + helper_account_constructor(AccountsEnum::definition_account_auth), + helper_account_constructor(AccountsEnum::holding_diff_def), + ]; + let _post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::mint_success)); + } + + #[test] + fn test_mint_success() { + let pre_states = vec![ + helper_account_constructor(AccountsEnum::definition_account_auth), + helper_account_constructor(AccountsEnum::holding_same_def_not_auth), + ]; + let post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::mint_success)); + + let def_post = post_states[0].clone(); + let holding_post = post_states[1].clone(); + + assert!(def_post == helper_account_constructor(AccountsEnum::definition_account_mint).account); + assert!(holding_post == helper_account_constructor(AccountsEnum::holding_same_def_mint).account); + } + + #[test] + fn test_mint_uninit_holding_success() { + let pre_states = vec![ + helper_account_constructor(AccountsEnum::definition_account_auth), + helper_account_constructor(AccountsEnum::uninit), + ]; + let post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::mint_success)); + + let def_post = post_states[0].clone(); + let holding_post = post_states[1].clone(); + + assert!(def_post == helper_account_constructor(AccountsEnum::definition_account_mint).account); + assert!(holding_post == helper_account_constructor(AccountsEnum::init_mint).account); + } + + +} \ No newline at end of file From 5a1d37d607bcfc6c1aa51babb908ed64da9426d9 Mon Sep 17 00:00:00 2001 From: jonesmarvin8 <83104039+jonesmarvin8@users.noreply.github.com> Date: Sun, 7 Dec 2025 20:29:25 -0500 Subject: [PATCH 03/20] update burn/mint to use AccountPostState --- nssa/program_methods/guest/src/bin/token.rs | 291 ++++++++++---------- 1 file changed, 142 insertions(+), 149 deletions(-) diff --git a/nssa/program_methods/guest/src/bin/token.rs b/nssa/program_methods/guest/src/bin/token.rs index 9884046..c229441 100644 --- a/nssa/program_methods/guest/src/bin/token.rs +++ b/nssa/program_methods/guest/src/bin/token.rs @@ -230,7 +230,7 @@ fn initialize_account(pre_states: &[AccountWithMetadata]) -> Vec Vec Vec { +fn burn(pre_states: &[AccountWithMetadata], balance_to_burn: u128) -> Vec { if pre_states.len() != 2 { panic!("Invalid number of accounts"); @@ -296,10 +296,14 @@ fn burn(pre_states: &[AccountWithMetadata], balance_to_burn: u128) -> Vec Vec { +fn mint_additional_supply(pre_states: &[AccountWithMetadata], amount_to_mint: u128) -> Vec { if pre_states.len() != 2 { panic!("Invalid number of accounts"); } @@ -314,8 +318,6 @@ fn mint_additional_supply(pre_states: &[AccountWithMetadata], amount_to_mint: u1 let definition_values = TokenDefinition::parse(&definition.account.data).expect("Definition account must be valid"); - let mut token_holding_post = token_holding.account.clone(); - //TODO: add overflow protection // TokenDefinition.supply_limit + amount_to_mint @@ -327,26 +329,35 @@ fn mint_additional_supply(pre_states: &[AccountWithMetadata], amount_to_mint: u1 panic!("Mismatch token definition and token holding"); } - let mut post_definition = definition.account.clone(); - - let mut token_holding_post = token_holding.account.clone(); - - token_holding_post.data = TokenHolding::into_data( - TokenHolding { + let token_holding_post_data = TokenHolding { account_type: token_holding_values.account_type, definition_id: token_holding_values.definition_id, balance: token_holding_values.balance + amount_to_mint, - } - ); + }; - post_definition.data = TokenDefinition::into_data( - TokenDefinition { + let post_definition_data = TokenDefinition { account_type: definition_values.account_type, name: definition_values.name, total_supply: definition_values.total_supply + amount_to_mint, - } - ); + }; + let post_definition = { + let mut this = definition.account.clone(); + this.data = post_definition_data.into_data(); + AccountPostState::new(this) + }; + + let token_holding_post = { + let mut this = token_holding.account.clone(); + this.data = token_holding_post_data.into_data(); + + // Claim the recipient account if it has default program owner + if this.program_owner == DEFAULT_PROGRAM_ID { + AccountPostState::new_claimed(this) + } else { + AccountPostState::new(this) + } + }; vec![post_definition, token_holding_post] } @@ -409,8 +420,7 @@ fn main() { assert_eq!(name, [0; 6]); // Execute - let post_states = burn(&pre_states, balance_to_burn); - (pre_states, post_states) + burn(&pre_states, balance_to_burn) } 4 => { let balance_to_mint = u128::from_le_bytes( @@ -424,8 +434,7 @@ fn main() { assert_eq!(name, [0; 6]); // Execute - let post_states = mint_additional_supply(&pre_states, balance_to_mint); - (pre_states, post_states) + mint_additional_supply(&pre_states, balance_to_mint) } _ => panic!("Invalid instruction"), }; @@ -823,40 +832,40 @@ mod tests { } enum BalanceEnum { - init_supply, - holding_balance, - init_supply_burned, - holding_balance_burned, - burn_success, - burn_insufficient, - mint_success, - init_supply_mint, - holding_balance_mint, + InitSupply, + HoldingBalance, + InitSupplyBurned, + HoldingBalanceBurned, + BurnSuccess, + BurnInsufficient, + MintSuccess, + InitSupplyMint, + HoldingBalanceMint, } enum AccountsEnum { - definition_account_auth, - definition_account_not_auth, - holding_diff_def, - holding_same_def_auth, - holding_same_def_not_auth, - definition_account_post_burn, - holding_account_post_burn, - uninit, - init_mint, - definition_account_mint, - holding_same_def_mint, + DefinitionAccountAuth, + DefinitionAccountNotAuth, + HoldingDiffDef, + HoldingSameDefAuth, + HoldingSameDefNotAuth, + DefinitionAccountPostBurn, + HoldingAccountPostBurn, + Uninit, + InitMint, + DefinitionAccountMint, + HoldingSameDefMint, } enum IdEnum { - pool_definition_id, - pool_definition_id_diff, - holding_id, + PoolDefinitionId, + PoolDefinitionIdDiff, + HoldingId, } fn helper_account_constructor(selection: AccountsEnum) -> AccountWithMetadata{ match selection { - AccountsEnum::definition_account_auth => AccountWithMetadata { + AccountsEnum::DefinitionAccountAuth => AccountWithMetadata { account: Account { program_owner: [5u32;8], balance: 0u128, @@ -864,14 +873,14 @@ mod tests { TokenDefinition { account_type: TOKEN_DEFINITION_TYPE, name: [2; 6], - total_supply: helper_balance_constructor(BalanceEnum::init_supply), + total_supply: helper_balance_constructor(BalanceEnum::InitSupply), }), nonce: 0, }, is_authorized: true, - account_id: helper_id_constructor(IdEnum::pool_definition_id), + account_id: helper_id_constructor(IdEnum::PoolDefinitionId), }, - AccountsEnum::definition_account_not_auth => AccountWithMetadata { + AccountsEnum::DefinitionAccountNotAuth => AccountWithMetadata { account: Account { program_owner: [5u32; 8], balance: 0u128, @@ -879,62 +888,62 @@ mod tests { TokenDefinition { account_type: TOKEN_DEFINITION_TYPE, name: [2; 6], - total_supply: helper_balance_constructor(BalanceEnum::init_supply), + total_supply: helper_balance_constructor(BalanceEnum::InitSupply), }), nonce: 0, }, is_authorized: false, - account_id: helper_id_constructor(IdEnum::pool_definition_id), + account_id: helper_id_constructor(IdEnum::PoolDefinitionId), }, - AccountsEnum::holding_diff_def => AccountWithMetadata { + AccountsEnum::HoldingDiffDef => AccountWithMetadata { account: Account { program_owner: [5u32;8], balance: 0u128, data: TokenHolding::into_data( TokenHolding { account_type: TOKEN_HOLDING_TYPE, - definition_id: helper_id_constructor(IdEnum::pool_definition_id_diff), - balance: helper_balance_constructor(BalanceEnum::holding_balance), + definition_id: helper_id_constructor(IdEnum::PoolDefinitionIdDiff), + balance: helper_balance_constructor(BalanceEnum::HoldingBalance), } ), nonce: 0, }, is_authorized: true, - account_id: helper_id_constructor(IdEnum::holding_id), + account_id: helper_id_constructor(IdEnum::HoldingId), }, - AccountsEnum::holding_same_def_auth => AccountWithMetadata { + AccountsEnum::HoldingSameDefAuth => AccountWithMetadata { account: Account { program_owner: [5u32;8], balance: 0u128, data: TokenHolding::into_data( TokenHolding { account_type: TOKEN_HOLDING_TYPE, - definition_id: helper_id_constructor(IdEnum::pool_definition_id), - balance: helper_balance_constructor(BalanceEnum::holding_balance), + definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), + balance: helper_balance_constructor(BalanceEnum::HoldingBalance), } ), nonce: 0, }, is_authorized: true, - account_id: helper_id_constructor(IdEnum::holding_id), + account_id: helper_id_constructor(IdEnum::HoldingId), }, - AccountsEnum::holding_same_def_not_auth => AccountWithMetadata { + AccountsEnum::HoldingSameDefNotAuth => AccountWithMetadata { account: Account { program_owner: [5u32;8], balance: 0u128, data: TokenHolding::into_data( TokenHolding { account_type: TOKEN_HOLDING_TYPE, - definition_id: helper_id_constructor(IdEnum::pool_definition_id), - balance: helper_balance_constructor(BalanceEnum::holding_balance), + definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), + balance: helper_balance_constructor(BalanceEnum::HoldingBalance), } ), nonce: 0, }, is_authorized: false, - account_id: helper_id_constructor(IdEnum::holding_id), + account_id: helper_id_constructor(IdEnum::HoldingId), }, - AccountsEnum::definition_account_post_burn => AccountWithMetadata { + AccountsEnum::DefinitionAccountPostBurn => AccountWithMetadata { account: Account { program_owner: [5u32;8], balance: 0u128, @@ -942,83 +951,67 @@ mod tests { TokenDefinition { account_type: TOKEN_DEFINITION_TYPE, name: [2; 6], - total_supply: helper_balance_constructor(BalanceEnum::init_supply_burned), + total_supply: helper_balance_constructor(BalanceEnum::InitSupplyBurned), }), nonce: 0, }, is_authorized: true, - account_id: helper_id_constructor(IdEnum::pool_definition_id), + account_id: helper_id_constructor(IdEnum::PoolDefinitionId), }, - AccountsEnum::holding_same_def_auth => AccountWithMetadata { + AccountsEnum::HoldingAccountPostBurn => AccountWithMetadata { account: Account { program_owner: [5u32;8], balance: 0u128, data: TokenHolding::into_data( TokenHolding { account_type: TOKEN_HOLDING_TYPE, - definition_id: helper_id_constructor(IdEnum::pool_definition_id), - balance: helper_balance_constructor(BalanceEnum::holding_balance), - } - ), - nonce: 0, - }, - is_authorized: true, - account_id: helper_id_constructor(IdEnum::holding_id), - }, - AccountsEnum::holding_account_post_burn => AccountWithMetadata { - account: Account { - program_owner: [5u32;8], - balance: 0u128, - data: TokenHolding::into_data( - TokenHolding { - account_type: TOKEN_HOLDING_TYPE, - definition_id: helper_id_constructor(IdEnum::pool_definition_id), - balance: helper_balance_constructor(BalanceEnum::holding_balance_burned), + definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), + balance: helper_balance_constructor(BalanceEnum::HoldingBalanceBurned), } ), nonce: 0, }, is_authorized: false, - account_id: helper_id_constructor(IdEnum::holding_id), + account_id: helper_id_constructor(IdEnum::HoldingId), }, - AccountsEnum::uninit => AccountWithMetadata { + AccountsEnum::Uninit => AccountWithMetadata { account: Account::default(), is_authorized: false, - account_id: helper_id_constructor(IdEnum::holding_id), + account_id: helper_id_constructor(IdEnum::HoldingId), }, - AccountsEnum::init_mint => AccountWithMetadata { + AccountsEnum::InitMint => AccountWithMetadata { account: Account { program_owner: [0u32;8], balance: 0u128, data: TokenHolding::into_data( TokenHolding { account_type: TOKEN_HOLDING_TYPE, - definition_id: helper_id_constructor(IdEnum::pool_definition_id), - balance: helper_balance_constructor(BalanceEnum::mint_success), + definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), + balance: helper_balance_constructor(BalanceEnum::MintSuccess), } ), nonce: 0, }, is_authorized: false, - account_id: helper_id_constructor(IdEnum::holding_id), + account_id: helper_id_constructor(IdEnum::HoldingId), }, - AccountsEnum::holding_same_def_mint => AccountWithMetadata { + AccountsEnum::HoldingSameDefMint => AccountWithMetadata { account: Account { program_owner: [5u32;8], balance: 0u128, data: TokenHolding::into_data( TokenHolding { account_type: TOKEN_HOLDING_TYPE, - definition_id: helper_id_constructor(IdEnum::pool_definition_id), - balance: helper_balance_constructor(BalanceEnum::holding_balance_mint), + definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), + balance: helper_balance_constructor(BalanceEnum::HoldingBalanceMint), } ), nonce: 0, }, is_authorized: true, - account_id: helper_id_constructor(IdEnum::pool_definition_id), + account_id: helper_id_constructor(IdEnum::PoolDefinitionId), }, - AccountsEnum::definition_account_mint => AccountWithMetadata { + AccountsEnum::DefinitionAccountMint => AccountWithMetadata { account: Account { program_owner: [5u32;8], balance: 0u128, @@ -1026,12 +1019,12 @@ mod tests { TokenDefinition { account_type: TOKEN_DEFINITION_TYPE, name: [2; 6], - total_supply: helper_balance_constructor(BalanceEnum::init_supply_mint), + total_supply: helper_balance_constructor(BalanceEnum::InitSupplyMint), }), nonce: 0, }, is_authorized: true, - account_id: helper_id_constructor(IdEnum::pool_definition_id), + account_id: helper_id_constructor(IdEnum::PoolDefinitionId), }, _ => panic!("Invalid selection") } @@ -1039,24 +1032,24 @@ mod tests { fn helper_balance_constructor(selection: BalanceEnum) -> u128 { match selection { - BalanceEnum::init_supply => 100_000, - BalanceEnum::holding_balance => 1_000, - BalanceEnum::init_supply_burned => 99_500, - BalanceEnum::holding_balance_burned => 500, - BalanceEnum::burn_success => 500, - BalanceEnum::burn_insufficient => 1_500, - BalanceEnum::mint_success => 50_000, - BalanceEnum::init_supply_mint => 150_000, - BalanceEnum::holding_balance_mint => 51_000, + BalanceEnum::InitSupply => 100_000, + BalanceEnum::HoldingBalance => 1_000, + BalanceEnum::InitSupplyBurned => 99_500, + BalanceEnum::HoldingBalanceBurned => 500, + BalanceEnum::BurnSuccess => 500, + BalanceEnum::BurnInsufficient => 1_500, + BalanceEnum::MintSuccess => 50_000, + BalanceEnum::InitSupplyMint => 150_000, + BalanceEnum::HoldingBalanceMint => 51_000, _ => panic!("Invalid selection") } } fn helper_id_constructor(selection: IdEnum) -> AccountId { match selection { - IdEnum::pool_definition_id => AccountId::new([15;32]), - IdEnum::pool_definition_id_diff => AccountId::new([16;32]), - IdEnum::holding_id => AccountId::new([17;32]), + IdEnum::PoolDefinitionId => AccountId::new([15;32]), + IdEnum::PoolDefinitionIdDiff => AccountId::new([16;32]), + IdEnum::HoldingId => AccountId::new([17;32]), } } @@ -1064,124 +1057,124 @@ mod tests { #[should_panic(expected = "Invalid number of accounts")] fn test_burn_invalid_number_of_accounts() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::definition_account_auth), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), ]; - let _post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::burn_success)); + let _post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::BurnSuccess)); } #[test] #[should_panic(expected = "Mismatch token definition and token holding")] fn test_burn_mismatch_def() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::definition_account_auth), - helper_account_constructor(AccountsEnum::holding_diff_def), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::HoldingDiffDef), ]; - let _post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::burn_success)); + let _post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::BurnSuccess)); } #[test] #[should_panic(expected = "Authorization is missing")] fn test_burn_missing_authorization() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::definition_account_auth), - helper_account_constructor(AccountsEnum::holding_same_def_not_auth), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::HoldingSameDefNotAuth), ]; - let _post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::burn_success)); + let _post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::BurnSuccess)); } #[test] #[should_panic(expected = "Insufficient balance to burn")] fn test_burn_insufficient_balance() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::definition_account_auth), - helper_account_constructor(AccountsEnum::holding_same_def_auth), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::HoldingSameDefAuth), ]; - let _post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::burn_insufficient)); + let _post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::BurnInsufficient)); } #[test] fn test_burn_success() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::definition_account_auth), - helper_account_constructor(AccountsEnum::holding_same_def_auth), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::HoldingSameDefAuth), ]; - let post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::burn_success)); + let post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::BurnSuccess)); let def_post = post_states[0].clone(); let holding_post = post_states[1].clone(); - assert!(def_post == helper_account_constructor(AccountsEnum::definition_account_post_burn).account); - assert!(holding_post == helper_account_constructor(AccountsEnum::holding_account_post_burn).account); + assert!(*def_post.account() == helper_account_constructor(AccountsEnum::DefinitionAccountPostBurn).account); + assert!(*holding_post.account() == helper_account_constructor(AccountsEnum::HoldingAccountPostBurn).account); } #[test] #[should_panic(expected = "Invalid number of accounts")] fn test_mint_invalid_number_of_accounts() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::definition_account_auth), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), ]; - let _post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::mint_success)); + let _post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::MintSuccess)); } #[test] #[should_panic(expected = "Holding account must be valid")] fn test_mint_not_valid_holding_account() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::definition_account_auth), - helper_account_constructor(AccountsEnum::definition_account_not_auth), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::DefinitionAccountNotAuth), ]; - let _post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::mint_success)); + let _post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::MintSuccess)); } #[test] #[should_panic(expected = "Definition authorization is missing")] fn test_mint_missing_authorization() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::definition_account_not_auth), - helper_account_constructor(AccountsEnum::holding_same_def_not_auth), + helper_account_constructor(AccountsEnum::DefinitionAccountNotAuth), + helper_account_constructor(AccountsEnum::HoldingSameDefNotAuth), ]; - let _post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::mint_success)); + let _post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::MintSuccess)); } #[test] #[should_panic(expected = "Mismatch token definition and token holding")] fn test_mint_mismatched_token_definition() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::definition_account_auth), - helper_account_constructor(AccountsEnum::holding_diff_def), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::HoldingDiffDef), ]; - let _post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::mint_success)); + let _post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::MintSuccess)); } #[test] fn test_mint_success() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::definition_account_auth), - helper_account_constructor(AccountsEnum::holding_same_def_not_auth), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::HoldingSameDefNotAuth), ]; - let post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::mint_success)); + let post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::MintSuccess)); let def_post = post_states[0].clone(); let holding_post = post_states[1].clone(); - assert!(def_post == helper_account_constructor(AccountsEnum::definition_account_mint).account); - assert!(holding_post == helper_account_constructor(AccountsEnum::holding_same_def_mint).account); + assert!(*def_post.account() == helper_account_constructor(AccountsEnum::DefinitionAccountMint).account); + assert!(*holding_post.account() == helper_account_constructor(AccountsEnum::HoldingSameDefMint).account); } #[test] fn test_mint_uninit_holding_success() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::definition_account_auth), - helper_account_constructor(AccountsEnum::uninit), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::Uninit), ]; - let post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::mint_success)); + let post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::MintSuccess)); let def_post = post_states[0].clone(); let holding_post = post_states[1].clone(); - assert!(def_post == helper_account_constructor(AccountsEnum::definition_account_mint).account); - assert!(holding_post == helper_account_constructor(AccountsEnum::init_mint).account); + assert!(*def_post.account() == helper_account_constructor(AccountsEnum::DefinitionAccountMint).account); + assert!(*holding_post.account() == helper_account_constructor(AccountsEnum::InitMint).account); + assert!(holding_post.requires_claim() == true); } - } \ No newline at end of file From ad7f773632738fc95c5de512ee1aa22eae7da560 Mon Sep 17 00:00:00 2001 From: fryorcraken Date: Thu, 4 Dec 2025 23:42:03 +1100 Subject: [PATCH 04/20] chore: upgrade rocksdb To avoid issues with gcc 14+ --- Cargo.toml | 2 +- README.md | 16 +--------------- 2 files changed, 2 insertions(+), 16 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index a54b91a..fc77f62 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -48,7 +48,7 @@ borsh = "1.5.7" base58 = "0.2.0" itertools = "0.14.0" -rocksdb = { version = "0.21.0", default-features = false, features = [ +rocksdb = { version = "0.24.0", default-features = false, features = [ "snappy", ] } diff --git a/README.md b/README.md index ff596b8..d3d28cd 100644 --- a/README.md +++ b/README.md @@ -74,11 +74,9 @@ apt install build-essential clang libssl-dev pkg-config Fedora ```sh -sudo dnf install clang openssl-devel pkgconf llvm +sudo dnf install clang clang-devel openssl-devel pkgconf ``` -> **Note for Fedora 41+ users:** GCC 14+ has stricter C++ standard library headers that cause build failures with the bundled RocksDB. You must set `CXXFLAGS="-include cstdint"` when running cargo commands. See the [Run tests](#run-tests) section for examples. - - On Mac ```sh xcode-select --install @@ -110,9 +108,6 @@ The NSSA repository includes both unit and integration test suites. ```bash # RISC0_DEV_MODE=1 is used to skip proof generation and reduce test runtime overhead RISC0_DEV_MODE=1 cargo test --release - -# On Fedora 41+ (GCC 14+), prefix with CXXFLAGS to fix RocksDB build: -CXXFLAGS="-include cstdint" RISC0_DEV_MODE=1 cargo test --release ``` ### Integration tests @@ -122,9 +117,6 @@ export NSSA_WALLET_HOME_DIR=$(pwd)/integration_tests/configs/debug/wallet/ cd integration_tests # RISC0_DEV_MODE=1 skips proof generation; RUST_LOG=info enables runtime logs RUST_LOG=info RISC0_DEV_MODE=1 cargo run $(pwd)/configs/debug all - -# On Fedora 41+ (GCC 14+), prefix with CXXFLAGS to fix RocksDB build: -CXXFLAGS="-include cstdint" RUST_LOG=info RISC0_DEV_MODE=1 cargo run $(pwd)/configs/debug all ``` # Run the sequencer @@ -134,9 +126,6 @@ The sequencer can be run locally: ```bash cd sequencer_runner RUST_LOG=info cargo run --release configs/debug - -# On Fedora 41+ (GCC 14+), prefix with CXXFLAGS to fix RocksDB build: -CXXFLAGS="-include cstdint" RUST_LOG=info cargo run --release configs/debug ``` If everything went well you should see an output similar to this: @@ -162,9 +151,6 @@ This repository includes a CLI for interacting with the Nescience sequencer. To ```bash cargo install --path wallet --force - -# On Fedora 41+ (GCC 14+), prefix with CXXFLAGS to fix RocksDB build: -CXXFLAGS="-include cstdint" cargo install --path wallet --force ``` Run `wallet help` to check everything went well. From beab5f9e9664797457b9b7f07c4f5b79cc95b918 Mon Sep 17 00:00:00 2001 From: fryorcraken Date: Fri, 5 Dec 2025 16:47:38 +1100 Subject: [PATCH 05/20] fix ci for rocksdb --- .github/workflows/ci.yml | 3 +++ README.md | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6ebfca7..f3644cf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,6 +22,9 @@ jobs: steps: - uses: actions/checkout@v3 + - name: Install system dependencies + run: sudo apt-get update && sudo apt-get install -y build-essential clang libclang-dev libssl-dev pkg-config + - name: Install active toolchain run: rustup install diff --git a/README.md b/README.md index d3d28cd..cb8628d 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ Install build dependencies - On Linux Ubuntu / Debian ```sh -apt install build-essential clang libssl-dev pkg-config +apt install build-essential clang libclang-dev libssl-dev pkg-config ``` Fedora From e0c6baf1ffff1b9a84d4a25c78fbcb30e1c34540 Mon Sep 17 00:00:00 2001 From: jonesmarvin8 <83104039+jonesmarvin8@users.noreply.github.com> Date: Tue, 9 Dec 2025 08:11:15 -0500 Subject: [PATCH 06/20] added mint overflow protection --- nssa/program_methods/guest/src/bin/token.rs | 24 +++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/nssa/program_methods/guest/src/bin/token.rs b/nssa/program_methods/guest/src/bin/token.rs index c229441..a5aed8b 100644 --- a/nssa/program_methods/guest/src/bin/token.rs +++ b/nssa/program_methods/guest/src/bin/token.rs @@ -318,9 +318,6 @@ fn mint_additional_supply(pre_states: &[AccountWithMetadata], amount_to_mint: u1 let definition_values = TokenDefinition::parse(&definition.account.data).expect("Definition account must be valid"); - //TODO: add overflow protection - // TokenDefinition.supply_limit + amount_to_mint - let token_holding_values: TokenHolding = if token_holding.account == Account::default() { TokenHolding::new(&definition.account_id) } else { TokenHolding::parse(&token_holding.account.data).expect("Holding account must be valid") }; @@ -335,10 +332,15 @@ fn mint_additional_supply(pre_states: &[AccountWithMetadata], amount_to_mint: u1 balance: token_holding_values.balance + amount_to_mint, }; + let post_total_supply = definition_values + .total_supply + .checked_add(amount_to_mint) + .expect("Total supply overflow."); + let post_definition_data = TokenDefinition { account_type: definition_values.account_type, name: definition_values.name, - total_supply: definition_values.total_supply + amount_to_mint, + total_supply: post_total_supply, }; let post_definition = { @@ -841,6 +843,7 @@ mod tests { MintSuccess, InitSupplyMint, HoldingBalanceMint, + MintOverflow, } enum AccountsEnum { @@ -1041,6 +1044,7 @@ mod tests { BalanceEnum::MintSuccess => 50_000, BalanceEnum::InitSupplyMint => 150_000, BalanceEnum::HoldingBalanceMint => 51_000, + BalanceEnum::MintOverflow => (2 as u128).pow(128) - 40_000, _ => panic!("Invalid selection") } } @@ -1177,4 +1181,16 @@ mod tests { assert!(holding_post.requires_claim() == true); } + #[test] + #[should_panic(expected = "Total supply overflow.")] + fn test_mint_overflow() { + let pre_states = vec![ + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::HoldingSameDefNotAuth), + ]; + let _post_states = mint_additional_supply(&pre_states, + helper_balance_constructor(BalanceEnum::MintOverflow)); + + } + } \ No newline at end of file From 17f77f9ae788946edad66184e9ee82784a1bc566 Mon Sep 17 00:00:00 2001 From: jonesmarvin8 <83104039+jonesmarvin8@users.noreply.github.com> Date: Tue, 9 Dec 2025 13:31:02 -0500 Subject: [PATCH 07/20] Update nssa/program_methods/guest/src/bin/token.rs Co-authored-by: Daniil Polyakov --- nssa/program_methods/guest/src/bin/token.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nssa/program_methods/guest/src/bin/token.rs b/nssa/program_methods/guest/src/bin/token.rs index a5aed8b..bc985cf 100644 --- a/nssa/program_methods/guest/src/bin/token.rs +++ b/nssa/program_methods/guest/src/bin/token.rs @@ -25,7 +25,7 @@ use nssa_core::{ // * Two accounts: [definition_account, account_to_initialize]. // * An dummy byte string of length 23, with the following layout // [0x02 || 0x00 || 0x00 || 0x00 || ... || 0x00 || 0x00]. -// 4. Burn tokens from a Toking Holding account (thus lowering total supply) +// 4. Burn tokens from a Token Holding account (thus lowering total supply) // Arguments to this function are: // * Two accounts: [definition_account, holding_account]. // * An instruction data byte string of length 23, indicating the balance to burn with the folloiwng layout From cf4d7ba80b04b2e3e0a2210cbd68992e44286cb5 Mon Sep 17 00:00:00 2001 From: jonesmarvin8 <83104039+jonesmarvin8@users.noreply.github.com> Date: Tue, 9 Dec 2025 13:31:13 -0500 Subject: [PATCH 08/20] Update nssa/program_methods/guest/src/bin/token.rs Co-authored-by: Daniil Polyakov --- nssa/program_methods/guest/src/bin/token.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nssa/program_methods/guest/src/bin/token.rs b/nssa/program_methods/guest/src/bin/token.rs index bc985cf..50c5d99 100644 --- a/nssa/program_methods/guest/src/bin/token.rs +++ b/nssa/program_methods/guest/src/bin/token.rs @@ -30,7 +30,7 @@ use nssa_core::{ // * Two accounts: [definition_account, holding_account]. // * An instruction data byte string of length 23, indicating the balance to burn with the folloiwng layout // [0x03 || amount (little-endian 16 bytes) || 0x00 || 0x00 || 0x00 || 0x00 || 0x00 || 0x00]. -// 5. Mint additional supply of tokens tokens to a Toking Holding account (thus increasing total supply) +// 5. Mint additional supply of tokens tokens to a Token Holding account (thus increasing total supply) // Arguments to this function are: // * Two accounts: [definition_account, holding_account]. // * An instruction data byte string of length 23, indicating the balance to mint with the folloiwng layout From 8c493a015515bfe6177bcca99f8b5d20246ecb4d Mon Sep 17 00:00:00 2001 From: jonesmarvin8 <83104039+jonesmarvin8@users.noreply.github.com> Date: Tue, 9 Dec 2025 13:31:44 -0500 Subject: [PATCH 09/20] Update nssa/program_methods/guest/src/bin/token.rs Co-authored-by: Daniil Polyakov --- nssa/program_methods/guest/src/bin/token.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nssa/program_methods/guest/src/bin/token.rs b/nssa/program_methods/guest/src/bin/token.rs index 50c5d99..2127f65 100644 --- a/nssa/program_methods/guest/src/bin/token.rs +++ b/nssa/program_methods/guest/src/bin/token.rs @@ -335,7 +335,7 @@ fn mint_additional_supply(pre_states: &[AccountWithMetadata], amount_to_mint: u1 let post_total_supply = definition_values .total_supply .checked_add(amount_to_mint) - .expect("Total supply overflow."); + .expect("Total supply overflow"); let post_definition_data = TokenDefinition { account_type: definition_values.account_type, From 70c228dbecb9f9814eebff1b736ae28f7f213a2e Mon Sep 17 00:00:00 2001 From: jonesmarvin8 <83104039+jonesmarvin8@users.noreply.github.com> Date: Tue, 9 Dec 2025 15:28:32 -0500 Subject: [PATCH 10/20] fixed formatting and added overflow/underflow --- nssa/program_methods/guest/src/bin/token.rs | 448 ++++++++++++-------- 1 file changed, 272 insertions(+), 176 deletions(-) diff --git a/nssa/program_methods/guest/src/bin/token.rs b/nssa/program_methods/guest/src/bin/token.rs index 2127f65..4914b4a 100644 --- a/nssa/program_methods/guest/src/bin/token.rs +++ b/nssa/program_methods/guest/src/bin/token.rs @@ -28,11 +28,13 @@ use nssa_core::{ // 4. Burn tokens from a Token Holding account (thus lowering total supply) // Arguments to this function are: // * Two accounts: [definition_account, holding_account]. +// * Authorization required: holding_account // * An instruction data byte string of length 23, indicating the balance to burn with the folloiwng layout // [0x03 || amount (little-endian 16 bytes) || 0x00 || 0x00 || 0x00 || 0x00 || 0x00 || 0x00]. // 5. Mint additional supply of tokens tokens to a Token Holding account (thus increasing total supply) // Arguments to this function are: // * Two accounts: [definition_account, holding_account]. +// * Authorization required: definition_account // * An instruction data byte string of length 23, indicating the balance to mint with the folloiwng layout // [0x04 || amount (little-endian 16 bytes) || 0x00 || 0x00 || 0x00 || 0x00 || 0x00 || 0x00]. @@ -155,7 +157,7 @@ fn transfer(pre_states: &[AccountWithMetadata], balance_to_move: u128) -> Vec Vec Vec { - if pre_states.len() != 2 { panic!("Invalid number of accounts"); } @@ -262,8 +263,8 @@ fn burn(pre_states: &[AccountWithMetadata], balance_to_burn: u128) -> Vec Vec Vec Vec { +fn mint_additional_supply( + pre_states: &[AccountWithMetadata], + amount_to_mint: u128, +) -> Vec { if pre_states.len() != 2 { panic!("Invalid number of accounts"); } - + let definition = &pre_states[0]; let token_holding = &pre_states[1]; @@ -320,27 +322,32 @@ fn mint_additional_supply(pre_states: &[AccountWithMetadata], amount_to_mint: u1 let token_holding_values: TokenHolding = if token_holding.account == Account::default() { TokenHolding::new(&definition.account_id) - } else { TokenHolding::parse(&token_holding.account.data).expect("Holding account must be valid") }; + } else { + TokenHolding::parse(&token_holding.account.data).expect("Holding account must be valid") + }; if definition.account_id != token_holding_values.definition_id { panic!("Mismatch token definition and token holding"); } let token_holding_post_data = TokenHolding { - account_type: token_holding_values.account_type, - definition_id: token_holding_values.definition_id, - balance: token_holding_values.balance + amount_to_mint, + account_type: token_holding_values.account_type, + definition_id: token_holding_values.definition_id, + balance: token_holding_values + .balance + .checked_add(amount_to_mint) + .expect("New balance overflow"), }; let post_total_supply = definition_values - .total_supply - .checked_add(amount_to_mint) - .expect("Total supply overflow"); + .total_supply + .checked_add(amount_to_mint) + .expect("Total supply overflow"); let post_definition_data = TokenDefinition { - account_type: definition_values.account_type, - name: definition_values.name, - total_supply: post_total_supply, + account_type: definition_values.account_type, + name: definition_values.name, + total_supply: post_total_supply, }; let post_definition = { @@ -363,7 +370,6 @@ fn mint_additional_supply(pre_states: &[AccountWithMetadata], amount_to_mint: u1 vec![post_definition, token_holding_post] } - type Instruction = [u8; 23]; fn main() { @@ -449,9 +455,9 @@ mod tests { use nssa_core::account::{Account, AccountId, AccountWithMetadata}; use crate::{ - TOKEN_DEFINITION_DATA_SIZE, TOKEN_HOLDING_DATA_SIZE, TOKEN_HOLDING_TYPE, - TOKEN_DEFINITION_TYPE, TokenDefinition, TokenHolding, - initialize_account, new_definition, transfer, burn, mint_additional_supply, + TOKEN_DEFINITION_DATA_SIZE, TOKEN_DEFINITION_TYPE, TOKEN_HOLDING_DATA_SIZE, + TOKEN_HOLDING_TYPE, TokenDefinition, TokenHolding, burn, initialize_account, + mint_additional_supply, new_definition, transfer, }; #[should_panic(expected = "Invalid number of input accounts")] @@ -852,12 +858,14 @@ mod tests { HoldingDiffDef, HoldingSameDefAuth, HoldingSameDefNotAuth, + HoldingSameDefNotAuthOverflow, DefinitionAccountPostBurn, HoldingAccountPostBurn, Uninit, InitMint, DefinitionAccountMint, HoldingSameDefMint, + HoldingSameDefAuthLargeBalance, } enum IdEnum { @@ -866,49 +874,45 @@ mod tests { HoldingId, } - fn helper_account_constructor(selection: AccountsEnum) -> AccountWithMetadata{ + fn helper_account_constructor(selection: AccountsEnum) -> AccountWithMetadata { match selection { AccountsEnum::DefinitionAccountAuth => AccountWithMetadata { account: Account { - program_owner: [5u32;8], - balance: 0u128, - data: TokenDefinition::into_data( - TokenDefinition { - account_type: TOKEN_DEFINITION_TYPE, - name: [2; 6], - total_supply: helper_balance_constructor(BalanceEnum::InitSupply), - }), - nonce: 0, + program_owner: [5u32; 8], + balance: 0u128, + data: TokenDefinition::into_data(TokenDefinition { + account_type: TOKEN_DEFINITION_TYPE, + name: [2; 6], + total_supply: helper_balance_constructor(BalanceEnum::InitSupply), + }), + nonce: 0, }, is_authorized: true, account_id: helper_id_constructor(IdEnum::PoolDefinitionId), }, AccountsEnum::DefinitionAccountNotAuth => AccountWithMetadata { account: Account { - program_owner: [5u32; 8], - balance: 0u128, - data: TokenDefinition::into_data( - TokenDefinition { - account_type: TOKEN_DEFINITION_TYPE, - name: [2; 6], - total_supply: helper_balance_constructor(BalanceEnum::InitSupply), - }), - nonce: 0, + program_owner: [5u32; 8], + balance: 0u128, + data: TokenDefinition::into_data(TokenDefinition { + account_type: TOKEN_DEFINITION_TYPE, + name: [2; 6], + total_supply: helper_balance_constructor(BalanceEnum::InitSupply), + }), + nonce: 0, }, is_authorized: false, account_id: helper_id_constructor(IdEnum::PoolDefinitionId), }, AccountsEnum::HoldingDiffDef => AccountWithMetadata { account: Account { - program_owner: [5u32;8], + program_owner: [5u32; 8], balance: 0u128, - data: TokenHolding::into_data( - TokenHolding { - account_type: TOKEN_HOLDING_TYPE, - definition_id: helper_id_constructor(IdEnum::PoolDefinitionIdDiff), - balance: helper_balance_constructor(BalanceEnum::HoldingBalance), - } - ), + data: TokenHolding::into_data(TokenHolding { + account_type: TOKEN_HOLDING_TYPE, + definition_id: helper_id_constructor(IdEnum::PoolDefinitionIdDiff), + balance: helper_balance_constructor(BalanceEnum::HoldingBalance), + }), nonce: 0, }, is_authorized: true, @@ -916,15 +920,13 @@ mod tests { }, AccountsEnum::HoldingSameDefAuth => AccountWithMetadata { account: Account { - program_owner: [5u32;8], + program_owner: [5u32; 8], balance: 0u128, - data: TokenHolding::into_data( - TokenHolding { - account_type: TOKEN_HOLDING_TYPE, - definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), - balance: helper_balance_constructor(BalanceEnum::HoldingBalance), - } - ), + data: TokenHolding::into_data(TokenHolding { + account_type: TOKEN_HOLDING_TYPE, + definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), + balance: helper_balance_constructor(BalanceEnum::HoldingBalance), + }), nonce: 0, }, is_authorized: true, @@ -932,15 +934,27 @@ mod tests { }, AccountsEnum::HoldingSameDefNotAuth => AccountWithMetadata { account: Account { - program_owner: [5u32;8], + program_owner: [5u32; 8], balance: 0u128, - data: TokenHolding::into_data( - TokenHolding { - account_type: TOKEN_HOLDING_TYPE, - definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), - balance: helper_balance_constructor(BalanceEnum::HoldingBalance), - } - ), + data: TokenHolding::into_data(TokenHolding { + account_type: TOKEN_HOLDING_TYPE, + definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), + balance: helper_balance_constructor(BalanceEnum::HoldingBalance), + }), + nonce: 0, + }, + is_authorized: false, + account_id: helper_id_constructor(IdEnum::HoldingId), + }, + AccountsEnum::HoldingSameDefNotAuthOverflow => AccountWithMetadata { + account: Account { + program_owner: [5u32; 8], + balance: 0u128, + data: TokenHolding::into_data(TokenHolding { + account_type: TOKEN_HOLDING_TYPE, + definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), + balance: helper_balance_constructor(BalanceEnum::InitSupply), + }), nonce: 0, }, is_authorized: false, @@ -948,30 +962,27 @@ mod tests { }, AccountsEnum::DefinitionAccountPostBurn => AccountWithMetadata { account: Account { - program_owner: [5u32;8], - balance: 0u128, - data: TokenDefinition::into_data( - TokenDefinition { - account_type: TOKEN_DEFINITION_TYPE, - name: [2; 6], - total_supply: helper_balance_constructor(BalanceEnum::InitSupplyBurned), - }), - nonce: 0, + program_owner: [5u32; 8], + balance: 0u128, + data: TokenDefinition::into_data(TokenDefinition { + account_type: TOKEN_DEFINITION_TYPE, + name: [2; 6], + total_supply: helper_balance_constructor(BalanceEnum::InitSupplyBurned), + }), + nonce: 0, }, is_authorized: true, account_id: helper_id_constructor(IdEnum::PoolDefinitionId), }, AccountsEnum::HoldingAccountPostBurn => AccountWithMetadata { account: Account { - program_owner: [5u32;8], + program_owner: [5u32; 8], balance: 0u128, - data: TokenHolding::into_data( - TokenHolding { - account_type: TOKEN_HOLDING_TYPE, - definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), - balance: helper_balance_constructor(BalanceEnum::HoldingBalanceBurned), - } - ), + data: TokenHolding::into_data(TokenHolding { + account_type: TOKEN_HOLDING_TYPE, + definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), + balance: helper_balance_constructor(BalanceEnum::HoldingBalanceBurned), + }), nonce: 0, }, is_authorized: false, @@ -984,15 +995,13 @@ mod tests { }, AccountsEnum::InitMint => AccountWithMetadata { account: Account { - program_owner: [0u32;8], + program_owner: [0u32; 8], balance: 0u128, - data: TokenHolding::into_data( - TokenHolding { - account_type: TOKEN_HOLDING_TYPE, - definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), - balance: helper_balance_constructor(BalanceEnum::MintSuccess), - } - ), + data: TokenHolding::into_data(TokenHolding { + account_type: TOKEN_HOLDING_TYPE, + definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), + balance: helper_balance_constructor(BalanceEnum::MintSuccess), + }), nonce: 0, }, is_authorized: false, @@ -1000,36 +1009,47 @@ mod tests { }, AccountsEnum::HoldingSameDefMint => AccountWithMetadata { account: Account { - program_owner: [5u32;8], - balance: 0u128, - data: TokenHolding::into_data( - TokenHolding { - account_type: TOKEN_HOLDING_TYPE, - definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), - balance: helper_balance_constructor(BalanceEnum::HoldingBalanceMint), - } - ), - nonce: 0, + program_owner: [5u32; 8], + balance: 0u128, + data: TokenHolding::into_data(TokenHolding { + account_type: TOKEN_HOLDING_TYPE, + definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), + balance: helper_balance_constructor(BalanceEnum::HoldingBalanceMint), + }), + nonce: 0, }, is_authorized: true, account_id: helper_id_constructor(IdEnum::PoolDefinitionId), }, AccountsEnum::DefinitionAccountMint => AccountWithMetadata { account: Account { - program_owner: [5u32;8], - balance: 0u128, - data: TokenDefinition::into_data( - TokenDefinition { - account_type: TOKEN_DEFINITION_TYPE, - name: [2; 6], - total_supply: helper_balance_constructor(BalanceEnum::InitSupplyMint), - }), - nonce: 0, + program_owner: [5u32; 8], + balance: 0u128, + data: TokenDefinition::into_data(TokenDefinition { + account_type: TOKEN_DEFINITION_TYPE, + name: [2; 6], + total_supply: helper_balance_constructor(BalanceEnum::InitSupplyMint), + }), + nonce: 0, }, is_authorized: true, account_id: helper_id_constructor(IdEnum::PoolDefinitionId), }, - _ => panic!("Invalid selection") + AccountsEnum::HoldingSameDefAuthLargeBalance => AccountWithMetadata { + account: Account { + program_owner: [5u32; 8], + balance: 0u128, + data: TokenHolding::into_data(TokenHolding { + account_type: TOKEN_HOLDING_TYPE, + definition_id: helper_id_constructor(IdEnum::PoolDefinitionId), + balance: helper_balance_constructor(BalanceEnum::MintOverflow), + }), + nonce: 0, + }, + is_authorized: true, + account_id: helper_id_constructor(IdEnum::PoolDefinitionId), + }, + _ => panic!("Invalid selection"), } } @@ -1045,152 +1065,228 @@ mod tests { BalanceEnum::InitSupplyMint => 150_000, BalanceEnum::HoldingBalanceMint => 51_000, BalanceEnum::MintOverflow => (2 as u128).pow(128) - 40_000, - _ => panic!("Invalid selection") + _ => panic!("Invalid selection"), } } fn helper_id_constructor(selection: IdEnum) -> AccountId { match selection { - IdEnum::PoolDefinitionId => AccountId::new([15;32]), - IdEnum::PoolDefinitionIdDiff => AccountId::new([16;32]), - IdEnum::HoldingId => AccountId::new([17;32]), + IdEnum::PoolDefinitionId => AccountId::new([15; 32]), + IdEnum::PoolDefinitionIdDiff => AccountId::new([16; 32]), + IdEnum::HoldingId => AccountId::new([17; 32]), } } #[test] #[should_panic(expected = "Invalid number of accounts")] fn test_burn_invalid_number_of_accounts() { - let pre_states = vec![ - helper_account_constructor(AccountsEnum::DefinitionAccountAuth), - ]; - let _post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::BurnSuccess)); + let pre_states = vec![helper_account_constructor( + AccountsEnum::DefinitionAccountAuth, + )]; + let _post_states = burn( + &pre_states, + helper_balance_constructor(BalanceEnum::BurnSuccess), + ); } #[test] #[should_panic(expected = "Mismatch token definition and token holding")] fn test_burn_mismatch_def() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::DefinitionAccountAuth), - helper_account_constructor(AccountsEnum::HoldingDiffDef), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::HoldingDiffDef), ]; - let _post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::BurnSuccess)); + let _post_states = burn( + &pre_states, + helper_balance_constructor(BalanceEnum::BurnSuccess), + ); } #[test] #[should_panic(expected = "Authorization is missing")] fn test_burn_missing_authorization() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::DefinitionAccountAuth), - helper_account_constructor(AccountsEnum::HoldingSameDefNotAuth), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::HoldingSameDefNotAuth), ]; - let _post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::BurnSuccess)); + let _post_states = burn( + &pre_states, + helper_balance_constructor(BalanceEnum::BurnSuccess), + ); } #[test] #[should_panic(expected = "Insufficient balance to burn")] fn test_burn_insufficient_balance() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::DefinitionAccountAuth), - helper_account_constructor(AccountsEnum::HoldingSameDefAuth), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::HoldingSameDefAuth), ]; - let _post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::BurnInsufficient)); + let _post_states = burn( + &pre_states, + helper_balance_constructor(BalanceEnum::BurnInsufficient), + ); + } + + #[test] + #[should_panic(expected = "Total supply underflow")] + fn test_burn_total_supply_underflow() { + let pre_states = vec![ + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::HoldingSameDefAuthLargeBalance), + ]; + let _post_states = burn( + &pre_states, + helper_balance_constructor(BalanceEnum::MintOverflow), + ); } #[test] fn test_burn_success() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::DefinitionAccountAuth), - helper_account_constructor(AccountsEnum::HoldingSameDefAuth), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::HoldingSameDefAuth), ]; - let post_states = burn(&pre_states, helper_balance_constructor(BalanceEnum::BurnSuccess)); + let post_states = burn( + &pre_states, + helper_balance_constructor(BalanceEnum::BurnSuccess), + ); let def_post = post_states[0].clone(); let holding_post = post_states[1].clone(); - assert!(*def_post.account() == helper_account_constructor(AccountsEnum::DefinitionAccountPostBurn).account); - assert!(*holding_post.account() == helper_account_constructor(AccountsEnum::HoldingAccountPostBurn).account); + assert!( + *def_post.account() + == helper_account_constructor(AccountsEnum::DefinitionAccountPostBurn).account + ); + assert!( + *holding_post.account() + == helper_account_constructor(AccountsEnum::HoldingAccountPostBurn).account + ); } #[test] #[should_panic(expected = "Invalid number of accounts")] fn test_mint_invalid_number_of_accounts() { - let pre_states = vec![ - helper_account_constructor(AccountsEnum::DefinitionAccountAuth), - ]; - let _post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::MintSuccess)); + let pre_states = vec![helper_account_constructor( + AccountsEnum::DefinitionAccountAuth, + )]; + let _post_states = mint_additional_supply( + &pre_states, + helper_balance_constructor(BalanceEnum::MintSuccess), + ); } #[test] #[should_panic(expected = "Holding account must be valid")] fn test_mint_not_valid_holding_account() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::DefinitionAccountAuth), - helper_account_constructor(AccountsEnum::DefinitionAccountNotAuth), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::DefinitionAccountNotAuth), ]; - let _post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::MintSuccess)); + let _post_states = mint_additional_supply( + &pre_states, + helper_balance_constructor(BalanceEnum::MintSuccess), + ); } #[test] #[should_panic(expected = "Definition authorization is missing")] fn test_mint_missing_authorization() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::DefinitionAccountNotAuth), - helper_account_constructor(AccountsEnum::HoldingSameDefNotAuth), + helper_account_constructor(AccountsEnum::DefinitionAccountNotAuth), + helper_account_constructor(AccountsEnum::HoldingSameDefNotAuth), ]; - let _post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::MintSuccess)); + let _post_states = mint_additional_supply( + &pre_states, + helper_balance_constructor(BalanceEnum::MintSuccess), + ); } #[test] #[should_panic(expected = "Mismatch token definition and token holding")] fn test_mint_mismatched_token_definition() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::DefinitionAccountAuth), - helper_account_constructor(AccountsEnum::HoldingDiffDef), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::HoldingDiffDef), ]; - let _post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::MintSuccess)); + let _post_states = mint_additional_supply( + &pre_states, + helper_balance_constructor(BalanceEnum::MintSuccess), + ); } #[test] fn test_mint_success() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::DefinitionAccountAuth), - helper_account_constructor(AccountsEnum::HoldingSameDefNotAuth), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::HoldingSameDefNotAuth), ]; - let post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::MintSuccess)); + let post_states = mint_additional_supply( + &pre_states, + helper_balance_constructor(BalanceEnum::MintSuccess), + ); let def_post = post_states[0].clone(); let holding_post = post_states[1].clone(); - assert!(*def_post.account() == helper_account_constructor(AccountsEnum::DefinitionAccountMint).account); - assert!(*holding_post.account() == helper_account_constructor(AccountsEnum::HoldingSameDefMint).account); + assert!( + *def_post.account() + == helper_account_constructor(AccountsEnum::DefinitionAccountMint).account + ); + assert!( + *holding_post.account() + == helper_account_constructor(AccountsEnum::HoldingSameDefMint).account + ); } #[test] fn test_mint_uninit_holding_success() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::DefinitionAccountAuth), - helper_account_constructor(AccountsEnum::Uninit), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::Uninit), ]; - let post_states = mint_additional_supply(&pre_states, helper_balance_constructor(BalanceEnum::MintSuccess)); + let post_states = mint_additional_supply( + &pre_states, + helper_balance_constructor(BalanceEnum::MintSuccess), + ); let def_post = post_states[0].clone(); let holding_post = post_states[1].clone(); - assert!(*def_post.account() == helper_account_constructor(AccountsEnum::DefinitionAccountMint).account); - assert!(*holding_post.account() == helper_account_constructor(AccountsEnum::InitMint).account); + assert!( + *def_post.account() + == helper_account_constructor(AccountsEnum::DefinitionAccountMint).account + ); + assert!( + *holding_post.account() == helper_account_constructor(AccountsEnum::InitMint).account + ); assert!(holding_post.requires_claim() == true); } #[test] - #[should_panic(expected = "Total supply overflow.")] - fn test_mint_overflow() { + #[should_panic(expected = "Total supply overflow")] + fn test_mint_total_supply_overflow() { let pre_states = vec![ - helper_account_constructor(AccountsEnum::DefinitionAccountAuth), - helper_account_constructor(AccountsEnum::HoldingSameDefNotAuth), + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::HoldingSameDefNotAuth), ]; - let _post_states = mint_additional_supply(&pre_states, - helper_balance_constructor(BalanceEnum::MintOverflow)); - + let _post_states = mint_additional_supply( + &pre_states, + helper_balance_constructor(BalanceEnum::MintOverflow), + ); } -} \ No newline at end of file + #[test] + #[should_panic(expected = "New balance overflow")] + fn test_mint_holding_account_overflow() { + let pre_states = vec![ + helper_account_constructor(AccountsEnum::DefinitionAccountAuth), + helper_account_constructor(AccountsEnum::HoldingSameDefNotAuthOverflow), + ]; + let _post_states = mint_additional_supply( + &pre_states, + helper_balance_constructor(BalanceEnum::MintOverflow), + ); + } +} From 340c9c4ce6509782d4d0341360a9ee0e6af70e43 Mon Sep 17 00:00:00 2001 From: jonesmarvin8 <83104039+jonesmarvin8@users.noreply.github.com> Date: Wed, 10 Dec 2025 08:12:17 -0500 Subject: [PATCH 11/20] redundant underflow check added --- nssa/program_methods/guest/src/bin/token.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nssa/program_methods/guest/src/bin/token.rs b/nssa/program_methods/guest/src/bin/token.rs index 4914b4a..8409d76 100644 --- a/nssa/program_methods/guest/src/bin/token.rs +++ b/nssa/program_methods/guest/src/bin/token.rs @@ -284,7 +284,10 @@ fn burn(pre_states: &[AccountWithMetadata], balance_to_burn: u128) -> Vec Date: Thu, 11 Dec 2025 08:59:28 -0500 Subject: [PATCH 12/20] nonce code shifting --- .../guest/src/bin/privacy_preserving_circuit.rs | 4 +--- nssa/src/privacy_preserving_transaction/circuit.rs | 2 +- nssa/src/state.rs | 6 ++++++ 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs b/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs index 4cbc42c..29162db 100644 --- a/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs +++ b/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs @@ -141,9 +141,7 @@ fn main() { public_pre_states.push(pre_states[i].clone()); let mut post = state_diff.get(&pre_states[i].account_id).unwrap().clone(); - if pre_states[i].is_authorized { - post.nonce += 1; - } + if post.program_owner == DEFAULT_PROGRAM_ID { // Claim account post.program_owner = program_id; diff --git a/nssa/src/privacy_preserving_transaction/circuit.rs b/nssa/src/privacy_preserving_transaction/circuit.rs index d6fc2c9..95933a3 100644 --- a/nssa/src/privacy_preserving_transaction/circuit.rs +++ b/nssa/src/privacy_preserving_transaction/circuit.rs @@ -195,7 +195,7 @@ mod tests { let expected_sender_post = Account { program_owner: program.id(), balance: 100 - balance_to_move, - nonce: 1, + nonce: 0, data: Data::default(), }; diff --git a/nssa/src/state.rs b/nssa/src/state.rs index c3bbc3d..86df3a5 100644 --- a/nssa/src/state.rs +++ b/nssa/src/state.rs @@ -154,6 +154,12 @@ impl V02State { *current_account = post; } + // 5. Increment nonces for public signers + for account_id in tx.signer_account_ids() { + let current_account = self.get_account_by_id_mut(account_id); + current_account.nonce += 1; + } + Ok(()) } From d019c2657890686320691982905593616805857a Mon Sep 17 00:00:00 2001 From: Daniil Polyakov Date: Tue, 9 Dec 2025 22:51:29 +0300 Subject: [PATCH 13/20] feat: deploy with ci --- .github/workflows/deploy.yml | 23 ++++++++++ ci_scripts/deploy.sh | 84 ++++++++++++++++++++++++++++++++++++ 2 files changed, 107 insertions(+) create mode 100644 .github/workflows/deploy.yml create mode 100644 ci_scripts/deploy.sh diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..6dc622d --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,23 @@ +name: Deploy Sequencer + +on: + workflow_dispatch: + +jobs: + deploy: + runs-on: ubuntu-latest + permissions: + contents: read + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Deploy to server + uses: appleboy/ssh-action@v1.2.4 + with: + host: ${{ secrets.DEPLOY_SSH_HOST }} + username: ${{ secrets.DEPLOY_SSH_USERNAME }} + key: ${{ secrets.DEPLOY_SSH_KEY }} + envs: GITHUB_ACTOR + script_path: ci_scripts/deploy.sh diff --git a/ci_scripts/deploy.sh b/ci_scripts/deploy.sh new file mode 100644 index 0000000..7615df0 --- /dev/null +++ b/ci_scripts/deploy.sh @@ -0,0 +1,84 @@ +#!/usr/bin/env bash +set -e + +# Base directory for deployment +LSSA_DIR="/home/arjentix/test_deploy/lssa" + +# Expect GITHUB_ACTOR to be passed as first argument or environment variable +GITHUB_ACTOR="${1:-${GITHUB_ACTOR:-unknown}}" + +# Function to log messages with timestamp +log_deploy() { + echo "[$(date '+%Y-%m-%d %H:%M:%S %Z')] $1" >> "${LSSA_DIR}/deploy.log" +} + +# Error handler +handle_error() { + echo "โœ— Deployment failed by: ${GITHUB_ACTOR}" + log_deploy "Deployment failed by: ${GITHUB_ACTOR}" + exit 1 +} + +find_sequencer_runner_pids() { + pgrep -f "sequencer_runner" | grep -v $$ +} + +# Set trap to catch any errors +trap 'handle_error' ERR + +# Log deployment info +log_deploy "Deployment initiated by: ${GITHUB_ACTOR}" + +# Navigate to code directory +if [ ! -d "${LSSA_DIR}/code" ]; then + mkdir -p "${LSSA_DIR}/code" +fi +cd "${LSSA_DIR}/code" + +# Stop current sequencer if running +if find_sequencer_runner_pids > /dev/null; then + echo "Stopping current sequencer..." + find_sequencer_runner_pids | xargs -r kill -SIGINT || true + sleep 2 + # Force kill if still running + find_sequencer_runner_pids | grep -v $$ | xargs -r kill -9 || true +fi + +# Clone or update repository +if [ -d ".git" ]; then + echo "Updating existing repository..." + git fetch origin + git checkout main + git reset --hard origin/main +else + echo "Cloning repository..." + git clone https://github.com/vacp2p/nescience-testnet.git . + git checkout main +fi + +# Build sequencer_runner and wallet in release mode +echo "Building sequencer_runner" +# That could be just `cargo build --release --bin sequencer_runner --bin wallet` +# but we have `no_docker` feature bug, see issue #179 +cd sequencer_runner +cargo build --release +cd ../wallet +cargo build --release +cd .. + +# Run sequencer_runner with config +echo "Starting sequencer_runner..." +export RUST_LOG=info +nohup ./target/release/sequencer_runner "${LSSA_DIR}/configs/sequencer" > "${LSSA_DIR}/sequencer.log" 2>&1 & + +# Wait 5 seconds and check health using wallet +sleep 5 +if ./target/release/wallet check-health; then + echo "โœ“ Sequencer started successfully and is healthy" + log_deploy "Deployment completed successfully by: ${GITHUB_ACTOR}" + exit 0 +else + echo "โœ— Sequencer failed health check" + tail -n 50 "${LSSA_DIR}/sequencer.log" + handle_error +fi From 31405af1439e23ba2f4d5965ac7206c0cc9f0b52 Mon Sep 17 00:00:00 2001 From: Pravdyvy Date: Fri, 12 Dec 2025 14:49:24 +0200 Subject: [PATCH 14/20] fix: template update --- .github/pull_request_template.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index c29c281..1e6516f 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -10,10 +10,10 @@ TO COMPLETE TO COMPLETE -[ ] Change ... -[ ] Add ... -[ ] Fix ... -[ ] ... +- [] Change ... +- [] Add ... +- [] Fix ... +- [] ... ## ๐Ÿงช How to Test @@ -37,7 +37,7 @@ TO COMPLETE IF APPLICABLE *Mark only completed items. A complete PR should have all boxes ticked.* -[ ] Complete PR description -[ ] Implement the core functionality -[ ] Add/update tests -[ ] Add/update documentation and inline comments +- [] Complete PR description +- [] Implement the core functionality +- [] Add/update tests +- [] Add/update documentation and inline comments From ae50ff65fac9f3f7ed717d4bf377b60312eba919 Mon Sep 17 00:00:00 2001 From: jonesmarvin8 <83104039+jonesmarvin8@users.noreply.github.com> Date: Fri, 12 Dec 2025 16:27:27 -0500 Subject: [PATCH 15/20] fixed conflicts with token rs from main --- nssa/program_methods/guest/src/bin/token.rs | 98 +++++++++++++-------- 1 file changed, 62 insertions(+), 36 deletions(-) diff --git a/nssa/program_methods/guest/src/bin/token.rs b/nssa/program_methods/guest/src/bin/token.rs index 8409d76..739295b 100644 --- a/nssa/program_methods/guest/src/bin/token.rs +++ b/nssa/program_methods/guest/src/bin/token.rs @@ -57,12 +57,15 @@ struct TokenHolding { } impl TokenDefinition { - fn into_data(self) -> Vec { + fn into_data(self) -> Data { let mut bytes = [0; TOKEN_DEFINITION_DATA_SIZE]; bytes[0] = self.account_type; bytes[1..7].copy_from_slice(&self.name); bytes[7..].copy_from_slice(&self.total_supply.to_le_bytes()); - bytes.into() + bytes + .to_vec() + .try_into() + .expect("23 bytes should fit into Data") } fn parse(data: &[u8]) -> Option { @@ -122,7 +125,10 @@ impl TokenHolding { bytes[0] = self.account_type; bytes[1..33].copy_from_slice(&self.definition_id.to_bytes()); bytes[33..].copy_from_slice(&self.balance.to_le_bytes()); - bytes.into() + bytes + .to_vec() + .try_into() + .expect("33 bytes should fit into Data") } } @@ -376,10 +382,13 @@ fn mint_additional_supply( type Instruction = [u8; 23]; fn main() { - let ProgramInput { - pre_states, - instruction, - } = read_nssa_inputs::(); + let ( + ProgramInput { + pre_states, + instruction, + }, + instruction_words, + ) = read_nssa_inputs::(); let post_states = match instruction[0] { 0 => { @@ -450,7 +459,7 @@ fn main() { _ => panic!("Invalid instruction"), }; - write_nssa_outputs(pre_states, post_states); + write_nssa_outputs(instruction_words, pre_states, post_states); } #[cfg(test)] @@ -562,15 +571,15 @@ mod tests { let post_states = new_definition(&pre_states, [0xca, 0xfe, 0xca, 0xfe, 0xca, 0xfe], 10); let [definition_account, holding_account] = post_states.try_into().ok().unwrap(); assert_eq!( - definition_account.account().data, - vec![ + definition_account.account().data.as_ref(), + &[ 0, 0xca, 0xfe, 0xca, 0xfe, 0xca, 0xfe, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ] ); assert_eq!( - holding_account.account().data, - vec![ + holding_account.account().data.as_ref(), + &[ 1, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 @@ -620,7 +629,9 @@ mod tests { AccountWithMetadata { account: Account { // First byte should be `TOKEN_HOLDING_TYPE` for token holding accounts - data: vec![invalid_type; TOKEN_HOLDING_DATA_SIZE], + data: vec![invalid_type; TOKEN_HOLDING_DATA_SIZE] + .try_into() + .unwrap(), ..Account::default() }, is_authorized: true, @@ -642,7 +653,7 @@ mod tests { AccountWithMetadata { account: Account { // Data must be of exact length `TOKEN_HOLDING_DATA_SIZE` - data: vec![1; TOKEN_HOLDING_DATA_SIZE - 1], + data: vec![1; TOKEN_HOLDING_DATA_SIZE - 1].try_into().unwrap(), ..Account::default() }, is_authorized: true, @@ -664,7 +675,7 @@ mod tests { AccountWithMetadata { account: Account { // Data must be of exact length `TOKEN_HOLDING_DATA_SIZE` - data: vec![1; TOKEN_HOLDING_DATA_SIZE + 1], + data: vec![1; TOKEN_HOLDING_DATA_SIZE + 1].try_into().unwrap(), ..Account::default() }, is_authorized: true, @@ -685,7 +696,7 @@ mod tests { let pre_states = vec![ AccountWithMetadata { account: Account { - data: vec![1; TOKEN_HOLDING_DATA_SIZE], + data: vec![1; TOKEN_HOLDING_DATA_SIZE].try_into().unwrap(), ..Account::default() }, is_authorized: true, @@ -693,10 +704,12 @@ mod tests { }, AccountWithMetadata { account: Account { - data: vec![1] + data: [1] .into_iter() .chain(vec![2; TOKEN_HOLDING_DATA_SIZE - 1]) - .collect(), + .collect::>() + .try_into() + .unwrap(), ..Account::default() }, is_authorized: true, @@ -713,10 +726,12 @@ mod tests { AccountWithMetadata { account: Account { // Account with balance 37 - data: vec![1; TOKEN_HOLDING_DATA_SIZE - 16] + data: [1; TOKEN_HOLDING_DATA_SIZE - 16] .into_iter() .chain(u128::to_le_bytes(37)) - .collect(), + .collect::>() + .try_into() + .unwrap(), ..Account::default() }, is_authorized: true, @@ -724,7 +739,7 @@ mod tests { }, AccountWithMetadata { account: Account { - data: vec![1; TOKEN_HOLDING_DATA_SIZE], + data: vec![1; TOKEN_HOLDING_DATA_SIZE].try_into().unwrap(), ..Account::default() }, is_authorized: true, @@ -742,10 +757,12 @@ mod tests { AccountWithMetadata { account: Account { // Account with balance 37 - data: vec![1; TOKEN_HOLDING_DATA_SIZE - 16] + data: [1; TOKEN_HOLDING_DATA_SIZE - 16] .into_iter() .chain(u128::to_le_bytes(37)) - .collect(), + .collect::>() + .try_into() + .unwrap(), ..Account::default() }, is_authorized: false, @@ -753,7 +770,7 @@ mod tests { }, AccountWithMetadata { account: Account { - data: vec![1; TOKEN_HOLDING_DATA_SIZE], + data: vec![1; TOKEN_HOLDING_DATA_SIZE].try_into().unwrap(), ..Account::default() }, is_authorized: true, @@ -769,10 +786,12 @@ mod tests { AccountWithMetadata { account: Account { // Account with balance 37 - data: vec![1; TOKEN_HOLDING_DATA_SIZE - 16] + data: [1; TOKEN_HOLDING_DATA_SIZE - 16] .into_iter() .chain(u128::to_le_bytes(37)) - .collect(), + .collect::>() + .try_into() + .unwrap(), ..Account::default() }, is_authorized: true, @@ -781,10 +800,12 @@ mod tests { AccountWithMetadata { account: Account { // Account with balance 255 - data: vec![1; TOKEN_HOLDING_DATA_SIZE - 16] + data: [1; TOKEN_HOLDING_DATA_SIZE - 16] .into_iter() .chain(u128::to_le_bytes(255)) - .collect(), + .collect::>() + .try_into() + .unwrap(), ..Account::default() }, is_authorized: true, @@ -794,15 +815,15 @@ mod tests { let post_states = transfer(&pre_states, 11); let [sender_post, recipient_post] = post_states.try_into().ok().unwrap(); assert_eq!( - sender_post.account().data, - vec![ + sender_post.account().data.as_ref(), + [ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 26, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ] ); assert_eq!( - recipient_post.account().data, - vec![ + recipient_post.account().data.as_ref(), + [ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 10, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ] @@ -818,7 +839,9 @@ mod tests { data: [0; TOKEN_DEFINITION_DATA_SIZE - 16] .into_iter() .chain(u128::to_le_bytes(1000)) - .collect(), + .collect::>() + .try_into() + .unwrap(), ..Account::default() }, is_authorized: false, @@ -832,10 +855,13 @@ mod tests { ]; let post_states = initialize_account(&pre_states); let [definition, holding] = post_states.try_into().ok().unwrap(); - assert_eq!(definition.account().data, pre_states[0].account.data); assert_eq!( - holding.account().data, - vec![ + definition.account().data.as_ref(), + pre_states[0].account.data.as_ref() + ); + assert_eq!( + holding.account().data.as_ref(), + [ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ] From 4389364b554511d1f6b58592c89b7fb414a3c587 Mon Sep 17 00:00:00 2001 From: Pravdyvy Date: Mon, 15 Dec 2025 15:39:26 +0200 Subject: [PATCH 16/20] fix: last md update --- .github/pull_request_template.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 1e6516f..18064c6 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -10,10 +10,10 @@ TO COMPLETE TO COMPLETE -- [] Change ... -- [] Add ... -- [] Fix ... -- [] ... +- [ ] Change ... +- [ ] Add ... +- [ ] Fix ... +- [ ] ... ## ๐Ÿงช How to Test @@ -37,7 +37,7 @@ TO COMPLETE IF APPLICABLE *Mark only completed items. A complete PR should have all boxes ticked.* -- [] Complete PR description -- [] Implement the core functionality -- [] Add/update tests -- [] Add/update documentation and inline comments +- [ ] Complete PR description +- [ ] Implement the core functionality +- [ ] Add/update tests +- [ ] Add/update documentation and inline comments From bbc02f0cf3ac3eb7a7c6612f3b06696e45ae87a7 Mon Sep 17 00:00:00 2001 From: Daniil Polyakov Date: Wed, 17 Dec 2025 01:10:25 +0300 Subject: [PATCH 17/20] fix: add `bindgen-runtime` feature of rocksdb --- Cargo.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/Cargo.toml b/Cargo.toml index 06458c0..9b773b8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -52,6 +52,7 @@ itertools = "0.14.0" rocksdb = { version = "0.24.0", default-features = false, features = [ "snappy", + "bindgen-runtime", ] } [workspace.dependencies.rand] From 2975d9d878b89b7b52cf5646c69976b3af32506c Mon Sep 17 00:00:00 2001 From: Daniil Polyakov Date: Fri, 12 Dec 2025 03:14:58 +0300 Subject: [PATCH 18/20] chore: make more clear error messages in authenticated_transfer --- .../program_methods/guest/src/bin/authenticated_transfer.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nssa/program_methods/guest/src/bin/authenticated_transfer.rs b/nssa/program_methods/guest/src/bin/authenticated_transfer.rs index fe02d06..8a13173 100644 --- a/nssa/program_methods/guest/src/bin/authenticated_transfer.rs +++ b/nssa/program_methods/guest/src/bin/authenticated_transfer.rs @@ -17,7 +17,7 @@ fn initialize_account(pre_state: AccountWithMetadata) -> AccountPostState { // Continue only if the owner authorized this operation if !is_authorized { - panic!("Invalid input"); + panic!("Account must be authorized"); } account_to_claim @@ -31,12 +31,12 @@ fn transfer( ) -> Vec { // Continue only if the sender has authorized this operation if !sender.is_authorized { - panic!("Invalid input"); + panic!("Sender must be authorized"); } // Continue only if the sender has enough balance if sender.account.balance < balance_to_move { - panic!("Invalid input"); + panic!("Sender has insufficient balance"); } // Create accounts post states, with updated balances From ef97fade99f69e4219bd8171cad90f151726b730 Mon Sep 17 00:00:00 2001 From: Sergio Chouhy Date: Fri, 14 Nov 2025 01:28:34 -0300 Subject: [PATCH 19/20] feat: unzip init proofs from nsk --- integration_tests/src/tps_test_utils.rs | 3 +- nssa/core/src/circuit_io.rs | 3 +- .../src/bin/privacy_preserving_circuit.rs | 28 +++-- .../privacy_preserving_transaction/circuit.rs | 14 +-- nssa/src/state.rs | 100 ++++++++++-------- wallet/src/lib.rs | 3 +- wallet/src/pinata_interactions.rs | 4 +- wallet/src/privacy_preserving_tx.rs | 16 ++- 8 files changed, 105 insertions(+), 66 deletions(-) diff --git a/integration_tests/src/tps_test_utils.rs b/integration_tests/src/tps_test_utils.rs index 6f597e2..e9e7a82 100644 --- a/integration_tests/src/tps_test_utils.rs +++ b/integration_tests/src/tps_test_utils.rs @@ -167,7 +167,8 @@ fn build_privacy_transaction() -> PrivacyPreservingTransaction { (sender_npk.clone(), sender_ss), (recipient_npk.clone(), recipient_ss), ], - &[(sender_nsk, proof)], + &[sender_nsk], + &[proof], &program.into(), ) .unwrap(); diff --git a/nssa/core/src/circuit_io.rs b/nssa/core/src/circuit_io.rs index 848fe3e..2abf7b5 100644 --- a/nssa/core/src/circuit_io.rs +++ b/nssa/core/src/circuit_io.rs @@ -14,7 +14,8 @@ pub struct PrivacyPreservingCircuitInput { pub visibility_mask: Vec, pub private_account_nonces: Vec, pub private_account_keys: Vec<(NullifierPublicKey, SharedSecretKey)>, - pub private_account_auth: Vec<(NullifierSecretKey, MembershipProof)>, + pub private_account_nsks: Vec, + pub private_account_membership_proofs: Vec, pub program_id: ProgramId, } diff --git a/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs b/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs index 29162db..289d271 100644 --- a/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs +++ b/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs @@ -16,7 +16,8 @@ fn main() { visibility_mask, private_account_nonces, private_account_keys, - private_account_auth, + private_account_nsks, + private_account_membership_proofs, mut program_id, } = env::read(); @@ -63,7 +64,8 @@ fn main() { for (i, program_output) in program_outputs.iter().enumerate() { let mut program_output = program_output.clone(); - // Check that `program_output` is consistent with the execution of the corresponding program. + // Check that `program_output` is consistent with the execution of the corresponding + // program. let program_output_words = &to_vec(&program_output).expect("program_output must be serializable"); env::verify(program_id, program_output_words) @@ -131,7 +133,8 @@ fn main() { let mut private_nonces_iter = private_account_nonces.iter(); let mut private_keys_iter = private_account_keys.iter(); - let mut private_auth_iter = private_account_auth.iter(); + let mut private_nsks_iter = private_account_nsks.iter(); + let mut private_membership_proofs_iter = private_account_membership_proofs.iter(); let mut output_index = 0; for i in 0..n_accounts { @@ -158,8 +161,11 @@ fn main() { if visibility_mask[i] == 1 { // Private account with authentication - let (nsk, membership_proof) = - private_auth_iter.next().expect("Missing private auth"); + let nsk = private_nsks_iter.next().expect("Missing nsk"); + + let membership_proof = private_membership_proofs_iter + .next() + .expect("Missing membership proof"); // Verify the nullifier public key let expected_npk = NullifierPublicKey::from(nsk); @@ -223,15 +229,19 @@ fn main() { } if private_nonces_iter.next().is_some() { - panic!("Too many nonces."); + panic!("Too many nonces"); } if private_keys_iter.next().is_some() { - panic!("Too many private account keys."); + panic!("Too many private account keys"); } - if private_auth_iter.next().is_some() { - panic!("Too many private account authentication keys."); + if private_nsks_iter.next().is_some() { + panic!("Too many private account authentication keys"); + } + + if private_membership_proofs_iter.next().is_some() { + panic!("Too many private account membership proofs"); } let output = PrivacyPreservingCircuitOutput { diff --git a/nssa/src/privacy_preserving_transaction/circuit.rs b/nssa/src/privacy_preserving_transaction/circuit.rs index 95933a3..b45f17c 100644 --- a/nssa/src/privacy_preserving_transaction/circuit.rs +++ b/nssa/src/privacy_preserving_transaction/circuit.rs @@ -44,13 +44,15 @@ impl From for ProgramWithDependencies { /// Generates a proof of the execution of a NSSA program inside the privacy preserving execution /// circuit +#[expect(clippy::too_many_arguments, reason = "TODO: fix later")] pub fn execute_and_prove( pre_states: &[AccountWithMetadata], instruction_data: &InstructionData, visibility_mask: &[u8], private_account_nonces: &[u128], private_account_keys: &[(NullifierPublicKey, SharedSecretKey)], - private_account_auth: &[(NullifierSecretKey, MembershipProof)], + private_account_nsks: &[NullifierSecretKey], + private_account_membership_proofs: &[MembershipProof], program_with_dependencies: &ProgramWithDependencies, ) -> Result<(PrivacyPreservingCircuitOutput, Proof), NssaError> { let mut program = &program_with_dependencies.program; @@ -105,7 +107,8 @@ pub fn execute_and_prove( visibility_mask: visibility_mask.to_vec(), private_account_nonces: private_account_nonces.to_vec(), private_account_keys: private_account_keys.to_vec(), - private_account_auth: private_account_auth.to_vec(), + private_account_nsks: private_account_nsks.to_vec(), + private_account_membership_proofs: private_account_membership_proofs.to_vec(), program_id: program_with_dependencies.program.id(), }; @@ -218,6 +221,7 @@ mod tests { &[0xdeadbeef], &[(recipient_keys.npk(), shared_secret.clone())], &[], + &[], &Program::authenticated_transfer_program().into(), ) .unwrap(); @@ -315,10 +319,8 @@ mod tests { (sender_keys.npk(), shared_secret_1.clone()), (recipient_keys.npk(), shared_secret_2.clone()), ], - &[( - sender_keys.nsk, - commitment_set.get_proof_for(&commitment_sender).unwrap(), - )], + &[sender_keys.nsk], + &[commitment_set.get_proof_for(&commitment_sender).unwrap()], &program.into(), ) .unwrap(); diff --git a/nssa/src/state.rs b/nssa/src/state.rs index 86df3a5..408b7e9 100644 --- a/nssa/src/state.rs +++ b/nssa/src/state.rs @@ -868,6 +868,7 @@ pub mod tests { &[0xdeadbeef], &[(recipient_keys.npk(), shared_secret)], &[], + &[], &Program::authenticated_transfer_program().into(), ) .unwrap(); @@ -916,10 +917,8 @@ pub mod tests { (sender_keys.npk(), shared_secret_1), (recipient_keys.npk(), shared_secret_2), ], - &[( - sender_keys.nsk, - state.get_proof_for_commitment(&sender_commitment).unwrap(), - )], + &[sender_keys.nsk], + &[state.get_proof_for_commitment(&sender_commitment).unwrap()], &program.into(), ) .unwrap(); @@ -968,10 +967,8 @@ pub mod tests { &[1, 0], &[new_nonce], &[(sender_keys.npk(), shared_secret)], - &[( - sender_keys.nsk, - state.get_proof_for_commitment(&sender_commitment).unwrap(), - )], + &[sender_keys.nsk], + &[state.get_proof_for_commitment(&sender_commitment).unwrap()], &program.into(), ) .unwrap(); @@ -1185,6 +1182,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1211,6 +1209,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1237,6 +1236,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1263,6 +1263,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1291,6 +1292,7 @@ pub mod tests { &[], &[], &[], + &[], &program.to_owned().into(), ); @@ -1317,6 +1319,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1352,6 +1355,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1378,6 +1382,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1413,6 +1418,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1450,6 +1456,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1490,7 +1497,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[(0, vec![])], &program.into(), ); @@ -1524,7 +1532,8 @@ pub mod tests { &[1, 2], &[0xdeadbeef1, 0xdeadbeef2], &private_account_keys, - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[(0, vec![])], &program.into(), ); @@ -1549,7 +1558,7 @@ pub mod tests { AccountWithMetadata::new(Account::default(), false, &recipient_keys.npk()); // Setting no auth key for an execution with one non default private accounts. - let private_account_auth = []; + let private_account_nsks = []; let result = execute_and_prove( &[private_account_1, private_account_2], &Program::serialize_instruction(10u128).unwrap(), @@ -1565,7 +1574,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &private_account_auth, + &private_account_nsks, + &[], &program.into(), ); @@ -1601,19 +1611,20 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ]; - let private_account_auth = [ - // Setting the recipient key to authorize the sender. - // This should be set to the sender private account in - // a normal circumstance. The recipient can't authorize this. - (recipient_keys.nsk, (0, vec![])), - ]; + + // Setting the recipient key to authorize the sender. + // This should be set to the sender private account in + // a normal circumstance. The recipient can't authorize this. + let private_account_nsks = [recipient_keys.nsk]; + let private_account_membership_proofs = [(0, vec![])]; let result = execute_and_prove( &[private_account_1, private_account_2], &Program::serialize_instruction(10u128).unwrap(), &[1, 2], &[0xdeadbeef1, 0xdeadbeef2], &private_account_keys, - &private_account_auth, + &private_account_nsks, + &private_account_membership_proofs, &program.into(), ); @@ -1659,7 +1670,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[(0, vec![])], &program.into(), ); @@ -1706,7 +1718,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[(0, vec![])], &program.into(), ); @@ -1752,7 +1765,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[(0, vec![])], &program.into(), ); @@ -1798,7 +1812,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[(0, vec![])], &program.into(), ); @@ -1842,7 +1857,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[(0, vec![])], &program.into(), ); @@ -1872,6 +1888,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1913,7 +1930,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[(0, vec![])], &program.into(), ); @@ -1959,7 +1977,8 @@ pub mod tests { &[1, 2], &[0xdeadbeef1, 0xdeadbeef2], &private_account_keys, - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[(0, vec![])], &program.into(), ); @@ -1986,10 +2005,8 @@ pub mod tests { // Setting two private account keys for a circuit execution with only one non default // private account (visibility mask equal to 1 means that auth keys are expected). let visibility_mask = [1, 2]; - let private_account_auth = [ - (sender_keys.nsk, (0, vec![])), - (recipient_keys.nsk, (1, vec![])), - ]; + let private_account_nsks = [sender_keys.nsk, recipient_keys.nsk]; + let private_account_membership_proofs = [(0, vec![]), (1, vec![])]; let result = execute_and_prove( &[private_account_1, private_account_2], &Program::serialize_instruction(10u128).unwrap(), @@ -2005,7 +2022,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &private_account_auth, + &private_account_nsks, + &private_account_membership_proofs, &program.into(), ); @@ -2082,10 +2100,8 @@ pub mod tests { ); let visibility_mask = [1, 1]; - let private_account_auth = [ - (sender_keys.nsk, (1, vec![])), - (sender_keys.nsk, (1, vec![])), - ]; + let private_account_nsks = [sender_keys.nsk, sender_keys.nsk]; + let private_account_membership_proofs = [(1, vec![]), (1, vec![])]; let shared_secret = SharedSecretKey::new(&[55; 32], &sender_keys.ivk()); let result = execute_and_prove( &[private_account_1.clone(), private_account_1], @@ -2096,7 +2112,8 @@ pub mod tests { (sender_keys.npk(), shared_secret.clone()), (sender_keys.npk(), shared_secret), ], - &private_account_auth, + &private_account_nsks, + &private_account_membership_proofs, &program.into(), ); @@ -2397,15 +2414,10 @@ pub mod tests { &[1, 1], &[from_new_nonce, to_new_nonce], &[(from_keys.npk(), to_ss), (to_keys.npk(), from_ss)], + &[from_keys.nsk, to_keys.nsk], &[ - ( - from_keys.nsk, - state.get_proof_for_commitment(&from_commitment).unwrap(), - ), - ( - to_keys.nsk, - state.get_proof_for_commitment(&to_commitment).unwrap(), - ), + state.get_proof_for_commitment(&from_commitment).unwrap(), + state.get_proof_for_commitment(&to_commitment).unwrap(), ], &program_with_deps, ) diff --git a/wallet/src/lib.rs b/wallet/src/lib.rs index bc28311..237b2f2 100644 --- a/wallet/src/lib.rs +++ b/wallet/src/lib.rs @@ -283,6 +283,7 @@ impl WalletCore { .map(|keys| (keys.npk.clone(), keys.ssk.clone())) .collect::>(), &acc_manager.private_account_auth(), + &acc_manager.private_account_membership_proofs(), &program.to_owned().into(), ) .unwrap(); @@ -303,7 +304,7 @@ impl WalletCore { nssa::privacy_preserving_transaction::witness_set::WitnessSet::for_message( &message, proof, - &acc_manager.witness_signing_keys(), + &acc_manager.public_account_auth(), ); let tx = PrivacyPreservingTransaction::new(message, witness_set); diff --git a/wallet/src/pinata_interactions.rs b/wallet/src/pinata_interactions.rs index 65a67b7..5804768 100644 --- a/wallet/src/pinata_interactions.rs +++ b/wallet/src/pinata_interactions.rs @@ -58,7 +58,8 @@ impl WalletCore { &[0, 1], &produce_random_nonces(1), &[(winner_npk.clone(), shared_secret_winner.clone())], - &[(winner_nsk.unwrap(), winner_proof)], + &[(winner_nsk.unwrap())], + &[winner_proof], &program.into(), ) .unwrap(); @@ -125,6 +126,7 @@ impl WalletCore { &produce_random_nonces(1), &[(winner_npk.clone(), shared_secret_winner.clone())], &[], + &[] &program.into(), ) .unwrap(); diff --git a/wallet/src/privacy_preserving_tx.rs b/wallet/src/privacy_preserving_tx.rs index e79bbac..4ddf5e6 100644 --- a/wallet/src/privacy_preserving_tx.rs +++ b/wallet/src/privacy_preserving_tx.rs @@ -133,11 +133,21 @@ impl AccountManager { .collect() } - pub fn private_account_auth(&self) -> Vec<(NullifierSecretKey, MembershipProof)> { + pub fn private_account_auth(&self) -> Vec { self.states .iter() .filter_map(|state| match state { - State::Private(pre) => Some((pre.nsk?, pre.proof.clone()?)), + State::Private(pre) => pre.nsk, + _ => None, + }) + .collect() + } + + pub fn private_account_membership_proofs(&self) -> Vec { + self.states + .iter() + .filter_map(|state| match state { + State::Private(pre) => pre.proof.clone(), _ => None, }) .collect() @@ -153,7 +163,7 @@ impl AccountManager { .collect() } - pub fn witness_signing_keys(&self) -> Vec<&PrivateKey> { + pub fn public_account_auth(&self) -> Vec<&PrivateKey> { self.states .iter() .filter_map(|state| match state { From f729072fae5642b15129985eced07cd89d3aee4d Mon Sep 17 00:00:00 2001 From: Daniil Polyakov Date: Fri, 12 Dec 2025 16:53:30 +0300 Subject: [PATCH 20/20] feat: allow private authorized uninitialized accounts --- integration_tests/src/test_suite_map.rs | 43 ++++ integration_tests/src/tps_test_utils.rs | 2 +- nssa/core/src/circuit_io.rs | 13 +- .../src/bin/privacy_preserving_circuit.rs | 43 +++- .../privacy_preserving_transaction/circuit.rs | 6 +- nssa/src/program.rs | 9 + nssa/src/state.rs | 215 ++++++++++++++++-- .../guest/src/bin/noop.rs | 12 + wallet/src/privacy_preserving_tx.rs | 16 +- 9 files changed, 317 insertions(+), 42 deletions(-) create mode 100644 nssa/test_program_methods/guest/src/bin/noop.rs diff --git a/integration_tests/src/test_suite_map.rs b/integration_tests/src/test_suite_map.rs index 8012e17..8e42640 100644 --- a/integration_tests/src/test_suite_map.rs +++ b/integration_tests/src/test_suite_map.rs @@ -1681,6 +1681,49 @@ pub fn prepare_function_map() -> HashMap { info!("Success!"); } + #[nssa_integration_test] + pub async fn test_authenticated_transfer_initialize_function_private() { + info!("########## test initialize private account for authenticated transfer ##########"); + let command = + Command::Account(AccountSubcommand::New(NewSubcommand::Private { cci: None })); + let SubcommandReturnValue::RegisterAccount { account_id } = + wallet::cli::execute_subcommand(command).await.unwrap() + else { + panic!("Error creating account"); + }; + + let command = Command::AuthTransfer(AuthTransferSubcommand::Init { + account_id: make_private_account_input_from_str(&account_id.to_string()), + }); + wallet::cli::execute_subcommand(command).await.unwrap(); + + tokio::time::sleep(Duration::from_secs(TIME_TO_WAIT_FOR_BLOCK_SECONDS)).await; + + info!("Checking correct execution"); + let command = Command::Account(AccountSubcommand::SyncPrivate {}); + wallet::cli::execute_subcommand(command).await.unwrap(); + + let wallet_config = fetch_config().await.unwrap(); + let seq_client = SequencerClient::new(wallet_config.sequencer_addr.clone()).unwrap(); + let wallet_storage = WalletCore::start_from_config_update_chain(wallet_config) + .await + .unwrap(); + + let new_commitment1 = wallet_storage + .get_private_account_commitment(&account_id) + .unwrap(); + assert!(verify_commitment_is_in_state(new_commitment1, &seq_client).await); + + let account = wallet_storage.get_account_private(&account_id).unwrap(); + + let expected_program_owner = Program::authenticated_transfer_program().id(); + let expected_balance = 0; + + assert_eq!(account.program_owner, expected_program_owner); + assert_eq!(account.balance, expected_balance); + assert!(account.data.is_empty()); + } + #[nssa_integration_test] pub async fn test_pinata_private_receiver() { info!("########## test_pinata_private_receiver ##########"); diff --git a/integration_tests/src/tps_test_utils.rs b/integration_tests/src/tps_test_utils.rs index e9e7a82..154253c 100644 --- a/integration_tests/src/tps_test_utils.rs +++ b/integration_tests/src/tps_test_utils.rs @@ -168,7 +168,7 @@ fn build_privacy_transaction() -> PrivacyPreservingTransaction { (recipient_npk.clone(), recipient_ss), ], &[sender_nsk], - &[proof], + &[Some(proof)], &program.into(), ) .unwrap(); diff --git a/nssa/core/src/circuit_io.rs b/nssa/core/src/circuit_io.rs index 2abf7b5..dedcf78 100644 --- a/nssa/core/src/circuit_io.rs +++ b/nssa/core/src/circuit_io.rs @@ -10,12 +10,23 @@ use crate::{ #[derive(Serialize, Deserialize)] pub struct PrivacyPreservingCircuitInput { + /// Outputs of the program execution. pub program_outputs: Vec, + /// Visibility mask for accounts. + /// + /// - `0` - public account + /// - `1` - private account with authentication + /// - `2` - private account without authentication pub visibility_mask: Vec, + /// Nonces of private accounts. pub private_account_nonces: Vec, + /// Public keys of private accounts. pub private_account_keys: Vec<(NullifierPublicKey, SharedSecretKey)>, + /// Nullifier secret keys for authorized private accounts. pub private_account_nsks: Vec, - pub private_account_membership_proofs: Vec, + /// Membership proofs for private accounts. Can be [`None`] for uninitialized accounts. + pub private_account_membership_proofs: Vec>, + /// Program ID. pub program_id: ProgramId, } diff --git a/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs b/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs index 289d271..8d1688a 100644 --- a/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs +++ b/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs @@ -163,29 +163,44 @@ fn main() { // Private account with authentication let nsk = private_nsks_iter.next().expect("Missing nsk"); - let membership_proof = private_membership_proofs_iter - .next() - .expect("Missing membership proof"); - // Verify the nullifier public key let expected_npk = NullifierPublicKey::from(nsk); if &expected_npk != npk { panic!("Nullifier public key mismatch"); } - // Compute commitment set digest associated with provided auth path - let commitment_pre = Commitment::new(npk, &pre_states[i].account); - let set_digest = compute_digest_for_path(&commitment_pre, membership_proof); - // Check pre_state authorization if !pre_states[i].is_authorized { panic!("Pre-state not authorized"); } - // Compute update nullifier - let nullifier = Nullifier::for_account_update(&commitment_pre, nsk); + let membership_proof_opt = private_membership_proofs_iter + .next() + .expect("Missing membership proof"); + let (nullifier, set_digest) = membership_proof_opt + .as_ref() + .map(|membership_proof| { + // Compute commitment set digest associated with provided auth path + let commitment_pre = Commitment::new(npk, &pre_states[i].account); + let set_digest = + compute_digest_for_path(&commitment_pre, membership_proof); + + // Compute update nullifier + let nullifier = Nullifier::for_account_update(&commitment_pre, nsk); + (nullifier, set_digest) + }) + .unwrap_or_else(|| { + if pre_states[i].account != Account::default() { + panic!("Found new private account with non default values."); + } + + // Compute initialization nullifier + let nullifier = Nullifier::for_account_initialization(npk); + (nullifier, DUMMY_COMMITMENT_HASH) + }); new_nullifiers.push((nullifier, set_digest)); } else { + // Private account without authentication if pre_states[i].account != Account::default() { panic!("Found new private account with non default values."); } @@ -194,7 +209,13 @@ fn main() { panic!("Found new private account marked as authorized."); } - // Compute initialization nullifier + let membership_proof_opt = private_membership_proofs_iter + .next() + .expect("Missing membership proof"); + assert!( + membership_proof_opt.is_none(), + "Membership proof must be None for unauthorized accounts" + ); let nullifier = Nullifier::for_account_initialization(npk); new_nullifiers.push((nullifier, DUMMY_COMMITMENT_HASH)); } diff --git a/nssa/src/privacy_preserving_transaction/circuit.rs b/nssa/src/privacy_preserving_transaction/circuit.rs index b45f17c..c698b1b 100644 --- a/nssa/src/privacy_preserving_transaction/circuit.rs +++ b/nssa/src/privacy_preserving_transaction/circuit.rs @@ -52,7 +52,7 @@ pub fn execute_and_prove( private_account_nonces: &[u128], private_account_keys: &[(NullifierPublicKey, SharedSecretKey)], private_account_nsks: &[NullifierSecretKey], - private_account_membership_proofs: &[MembershipProof], + private_account_membership_proofs: &[Option], program_with_dependencies: &ProgramWithDependencies, ) -> Result<(PrivacyPreservingCircuitOutput, Proof), NssaError> { let mut program = &program_with_dependencies.program; @@ -221,7 +221,7 @@ mod tests { &[0xdeadbeef], &[(recipient_keys.npk(), shared_secret.clone())], &[], - &[], + &[None], &Program::authenticated_transfer_program().into(), ) .unwrap(); @@ -320,7 +320,7 @@ mod tests { (recipient_keys.npk(), shared_secret_2.clone()), ], &[sender_keys.nsk], - &[commitment_set.get_proof_for(&commitment_sender).unwrap()], + &[commitment_set.get_proof_for(&commitment_sender), None], &program.into(), ) .unwrap(); diff --git a/nssa/src/program.rs b/nssa/src/program.rs index 1865248..335bcb5 100644 --- a/nssa/src/program.rs +++ b/nssa/src/program.rs @@ -222,6 +222,15 @@ mod tests { } } + pub fn noop() -> Self { + use test_program_methods::{NOOP_ELF, NOOP_ID}; + + Program { + id: NOOP_ID, + elf: NOOP_ELF.to_vec(), + } + } + pub fn modified_transfer_program() -> Self { use test_program_methods::MODIFIED_TRANSFER_ELF; // This unwrap won't panic since the `MODIFIED_TRANSFER_ELF` comes from risc0 build of diff --git a/nssa/src/state.rs b/nssa/src/state.rs index 408b7e9..d5c138d 100644 --- a/nssa/src/state.rs +++ b/nssa/src/state.rs @@ -868,7 +868,7 @@ pub mod tests { &[0xdeadbeef], &[(recipient_keys.npk(), shared_secret)], &[], - &[], + &[None], &Program::authenticated_transfer_program().into(), ) .unwrap(); @@ -918,7 +918,7 @@ pub mod tests { (recipient_keys.npk(), shared_secret_2), ], &[sender_keys.nsk], - &[state.get_proof_for_commitment(&sender_commitment).unwrap()], + &[state.get_proof_for_commitment(&sender_commitment), None], &program.into(), ) .unwrap(); @@ -968,7 +968,7 @@ pub mod tests { &[new_nonce], &[(sender_keys.npk(), shared_secret)], &[sender_keys.nsk], - &[state.get_proof_for_commitment(&sender_commitment).unwrap()], + &[state.get_proof_for_commitment(&sender_commitment)], &program.into(), ) .unwrap(); @@ -1498,7 +1498,7 @@ pub mod tests { ), ], &[sender_keys.nsk], - &[(0, vec![])], + &[Some((0, vec![]))], &program.into(), ); @@ -1533,7 +1533,49 @@ pub mod tests { &[0xdeadbeef1, 0xdeadbeef2], &private_account_keys, &[sender_keys.nsk], - &[(0, vec![])], + &[Some((0, vec![]))], + &program.into(), + ); + + assert!(matches!(result, Err(NssaError::CircuitProvingError(_)))); + } + + #[test] + fn test_circuit_fails_if_insufficient_commitment_proofs_are_provided() { + let program = Program::simple_balance_transfer(); + let sender_keys = test_private_account_keys_1(); + let recipient_keys = test_private_account_keys_2(); + let private_account_1 = AccountWithMetadata::new( + Account { + program_owner: program.id(), + balance: 100, + ..Account::default() + }, + true, + &sender_keys.npk(), + ); + let private_account_2 = + AccountWithMetadata::new(Account::default(), false, &recipient_keys.npk()); + + // Setting no second commitment proof. + let private_account_membership_proofs = [Some((0, vec![]))]; + let result = execute_and_prove( + &[private_account_1, private_account_2], + &Program::serialize_instruction(10u128).unwrap(), + &[1, 2], + &[0xdeadbeef1, 0xdeadbeef2], + &[ + ( + sender_keys.npk(), + SharedSecretKey::new(&[55; 32], &sender_keys.ivk()), + ), + ( + recipient_keys.npk(), + SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), + ), + ], + &[sender_keys.nsk], + &private_account_membership_proofs, &program.into(), ); @@ -1616,7 +1658,7 @@ pub mod tests { // This should be set to the sender private account in // a normal circumstance. The recipient can't authorize this. let private_account_nsks = [recipient_keys.nsk]; - let private_account_membership_proofs = [(0, vec![])]; + let private_account_membership_proofs = [Some((0, vec![]))]; let result = execute_and_prove( &[private_account_1, private_account_2], &Program::serialize_instruction(10u128).unwrap(), @@ -1671,7 +1713,7 @@ pub mod tests { ), ], &[sender_keys.nsk], - &[(0, vec![])], + &[Some((0, vec![]))], &program.into(), ); @@ -1719,7 +1761,7 @@ pub mod tests { ), ], &[sender_keys.nsk], - &[(0, vec![])], + &[Some((0, vec![]))], &program.into(), ); @@ -1766,7 +1808,7 @@ pub mod tests { ), ], &[sender_keys.nsk], - &[(0, vec![])], + &[Some((0, vec![]))], &program.into(), ); @@ -1813,7 +1855,7 @@ pub mod tests { ), ], &[sender_keys.nsk], - &[(0, vec![])], + &[Some((0, vec![]))], &program.into(), ); @@ -1858,7 +1900,7 @@ pub mod tests { ), ], &[sender_keys.nsk], - &[(0, vec![])], + &[Some((0, vec![]))], &program.into(), ); @@ -1931,7 +1973,7 @@ pub mod tests { ), ], &[sender_keys.nsk], - &[(0, vec![])], + &[Some((0, vec![]))], &program.into(), ); @@ -1978,7 +2020,7 @@ pub mod tests { &[0xdeadbeef1, 0xdeadbeef2], &private_account_keys, &[sender_keys.nsk], - &[(0, vec![])], + &[Some((0, vec![]))], &program.into(), ); @@ -2006,7 +2048,7 @@ pub mod tests { // private account (visibility mask equal to 1 means that auth keys are expected). let visibility_mask = [1, 2]; let private_account_nsks = [sender_keys.nsk, recipient_keys.nsk]; - let private_account_membership_proofs = [(0, vec![]), (1, vec![])]; + let private_account_membership_proofs = [Some((0, vec![])), Some((1, vec![]))]; let result = execute_and_prove( &[private_account_1, private_account_2], &Program::serialize_instruction(10u128).unwrap(), @@ -2101,7 +2143,7 @@ pub mod tests { let visibility_mask = [1, 1]; let private_account_nsks = [sender_keys.nsk, sender_keys.nsk]; - let private_account_membership_proofs = [(1, vec![]), (1, vec![])]; + let private_account_membership_proofs = [Some((1, vec![])), Some((1, vec![]))]; let shared_secret = SharedSecretKey::new(&[55; 32], &sender_keys.ivk()); let result = execute_and_prove( &[private_account_1.clone(), private_account_1], @@ -2416,8 +2458,8 @@ pub mod tests { &[(from_keys.npk(), to_ss), (to_keys.npk(), from_ss)], &[from_keys.nsk, to_keys.nsk], &[ - state.get_proof_for_commitment(&from_commitment).unwrap(), - state.get_proof_for_commitment(&to_commitment).unwrap(), + state.get_proof_for_commitment(&from_commitment), + state.get_proof_for_commitment(&to_commitment), ], &program_with_deps, ) @@ -2624,4 +2666,143 @@ pub mod tests { assert!(expected_sender_post == sender_post); assert!(expected_recipient_post == recipient_post); } + + #[test] + fn test_private_authorized_uninitialized_account() { + let mut state = V02State::new_with_genesis_accounts(&[], &[]); + + // Set up keys for the authorized private account + let private_keys = test_private_account_keys_1(); + + // Create an authorized private account with default values (new account being initialized) + let authorized_account = + AccountWithMetadata::new(Account::default(), true, &private_keys.npk()); + + let program = Program::authenticated_transfer_program(); + + // Set up parameters for the new account + let esk = [3; 32]; + let shared_secret = SharedSecretKey::new(&esk, &private_keys.ivk()); + let epk = EphemeralPublicKey::from_scalar(esk); + + // Balance to initialize the account with (0 for a new account) + let balance: u128 = 0; + + let nonce = 0xdeadbeef1; + + // Execute and prove the circuit with the authorized account but no commitment proof + let (output, proof) = execute_and_prove( + std::slice::from_ref(&authorized_account), + &Program::serialize_instruction(balance).unwrap(), + &[1], + &[nonce], + &[(private_keys.npk(), shared_secret)], + &[private_keys.nsk], + &[None], + &program.into(), + ) + .unwrap(); + + // Create message from circuit output + let message = Message::try_from_circuit_output( + vec![], + vec![], + vec![(private_keys.npk(), private_keys.ivk(), epk)], + output, + ) + .unwrap(); + + let witness_set = WitnessSet::for_message(&message, proof, &[]); + + let tx = PrivacyPreservingTransaction::new(message, witness_set); + let result = state.transition_from_privacy_preserving_transaction(&tx); + assert!(result.is_ok()); + + let nullifier = Nullifier::for_account_initialization(&private_keys.npk()); + assert!(state.private_state.1.contains(&nullifier)); + } + + #[test] + fn test_private_account_claimed_then_used_without_init_flag_should_fail() { + let mut state = V02State::new_with_genesis_accounts(&[], &[]).with_test_programs(); + + // Set up keys for the private account + let private_keys = test_private_account_keys_1(); + + // Step 1: Create a new private account with authorization + let authorized_account = + AccountWithMetadata::new(Account::default(), true, &private_keys.npk()); + + let claimer_program = Program::claimer(); + + // Set up parameters for claiming the new account + let esk = [3; 32]; + let shared_secret = SharedSecretKey::new(&esk, &private_keys.ivk()); + let epk = EphemeralPublicKey::from_scalar(esk); + + let balance: u128 = 0; + let nonce = 0xdeadbeef1; + + // Step 2: Execute claimer program to claim the account with authentication + let (output, proof) = execute_and_prove( + std::slice::from_ref(&authorized_account), + &Program::serialize_instruction(balance).unwrap(), + &[1], + &[nonce], + &[(private_keys.npk(), shared_secret)], + &[private_keys.nsk], + &[None], + &claimer_program.into(), + ) + .unwrap(); + + let message = Message::try_from_circuit_output( + vec![], + vec![], + vec![(private_keys.npk(), private_keys.ivk(), epk)], + output, + ) + .unwrap(); + + let witness_set = WitnessSet::for_message(&message, proof, &[]); + let tx = PrivacyPreservingTransaction::new(message, witness_set); + + // Claim should succeed + assert!( + state + .transition_from_privacy_preserving_transaction(&tx) + .is_ok() + ); + + // Verify the account is now initialized (nullifier exists) + let nullifier = Nullifier::for_account_initialization(&private_keys.npk()); + assert!(state.private_state.1.contains(&nullifier)); + + // Prepare new state of account + let account_metadata = { + let mut acc = authorized_account.clone(); + acc.account.program_owner = Program::claimer().id(); + acc + }; + + let noop_program = Program::noop(); + let esk2 = [4; 32]; + let shared_secret2 = SharedSecretKey::new(&esk2, &private_keys.ivk()); + + let nonce2 = 0xdeadbeef2; + + // Step 3: Try to execute noop program with authentication but without initialization + let res = execute_and_prove( + std::slice::from_ref(&account_metadata), + &Program::serialize_instruction(()).unwrap(), + &[1], + &[nonce2], + &[(private_keys.npk(), shared_secret2)], + &[private_keys.nsk], + &[None], + &noop_program.into(), + ); + + assert!(matches!(res, Err(NssaError::CircuitProvingError(_)))); + } } diff --git a/nssa/test_program_methods/guest/src/bin/noop.rs b/nssa/test_program_methods/guest/src/bin/noop.rs new file mode 100644 index 0000000..fb02389 --- /dev/null +++ b/nssa/test_program_methods/guest/src/bin/noop.rs @@ -0,0 +1,12 @@ +use nssa_core::program::{read_nssa_inputs, write_nssa_outputs, ProgramInput, AccountPostState}; + +type Instruction = (); + +fn main() { + let (ProgramInput { pre_states, .. }, instruction_words) = read_nssa_inputs::(); + + let post_states = pre_states.iter().map(|account| { + AccountPostState::new(account.account.clone()) + }).collect(); + write_nssa_outputs(instruction_words, pre_states, post_states); +} diff --git a/wallet/src/privacy_preserving_tx.rs b/wallet/src/privacy_preserving_tx.rs index 4ddf5e6..3bd0c4c 100644 --- a/wallet/src/privacy_preserving_tx.rs +++ b/wallet/src/privacy_preserving_tx.rs @@ -143,11 +143,11 @@ impl AccountManager { .collect() } - pub fn private_account_membership_proofs(&self) -> Vec { + pub fn private_account_membership_proofs(&self) -> Vec> { self.states .iter() .filter_map(|state| match state { - State::Private(pre) => pre.proof.clone(), + State::Private(pre) => Some(pre.proof.clone()), _ => None, }) .collect() @@ -195,7 +195,7 @@ async fn private_acc_preparation( return Err(ExecutionFailureKind::KeyNotFoundError); }; - let mut nsk = Some(from_keys.private_key_holder.nullifier_secret_key); + let nsk = from_keys.private_key_holder.nullifier_secret_key; let from_npk = from_keys.nullifer_public_key; let from_ipk = from_keys.incoming_viewing_public_key; @@ -206,14 +206,12 @@ async fn private_acc_preparation( .await .unwrap(); - if proof.is_none() { - nsk = None; - } - - let sender_pre = AccountWithMetadata::new(from_acc.clone(), proof.is_some(), &from_npk); + // TODO: Technically we could allow unauthorized owned accounts, but currently we don't have + // support from that in the wallet. + let sender_pre = AccountWithMetadata::new(from_acc.clone(), true, &from_npk); Ok(AccountPreparedData { - nsk, + nsk: Some(nsk), npk: from_npk, ipk: from_ipk, pre_state: sender_pre,