Permissioned mint-authority (#328)

* permissioned mint-authority * take mint authority on create mint manager * update tests * fix build
solana-nft-programs · Oct 19, 2022 · b477f1e · b477f1e
1 parent 6ec9cd1
commit b477f1e
Show file tree

Hide file tree

Showing 35 changed files with 426 additions and 439 deletions.
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@cardinal/token-manager",
-  "version": "1.7.2",
+  "version": "1.7.2-beta.2",
   "description": "Cardinal token manager SDK",
   "keywords": [
     "solana",

diff --git a/programs/cardinal-token-manager/src/errors.rs b/programs/cardinal-token-manager/src/errors.rs
@@ -70,4 +70,6 @@ pub enum ErrorCode {
     InstructionsDisallowed,
     #[msg("Invalidation type is not allowed with this token manager kind")]
     InvalidInvalidationTypeKindMatch,
+    #[msg("Invalid Mint Authority")]
+    InvalidMintAuthority,
 }
diff --git a/programs/cardinal-token-manager/src/instructions/create_mint_manager.rs b/programs/cardinal-token-manager/src/instructions/create_mint_manager.rs
@@ -39,5 +39,19 @@ pub fn handler(ctx: Context<CreateMintManagerCtx>) -> Result<()> {
     let cpi_program = ctx.accounts.token_program.to_account_info();
     let cpi_context = CpiContext::new(cpi_program, cpi_accounts);
     token::set_authority(cpi_context, AuthorityType::FreezeAccount, Some(ctx.accounts.mint_manager.key()))?;
+
+    if ctx.accounts.mint.mint_authority.is_none() || ctx.accounts.mint.mint_authority.unwrap() != ctx.accounts.freeze_authority.key() {
+        return Err(error!(ErrorCode::InvalidMintAuthority));
+    }
+
+    // set freeze authority of mint to mint manager
+    let cpi_accounts = SetAuthority {
+        account_or_mint: ctx.accounts.mint.to_account_info(),
+        current_authority: ctx.accounts.freeze_authority.to_account_info(),
+    };
+    let cpi_program = ctx.accounts.token_program.to_account_info();
+    let cpi_context = CpiContext::new(cpi_program, cpi_accounts);
+    token::set_authority(cpi_context, AuthorityType::MintTokens, Some(ctx.accounts.mint_manager.key()))?;
+
     Ok(())
 }
diff --git a/programs/cardinal-token-manager/src/instructions/init.rs b/programs/cardinal-token-manager/src/instructions/init.rs
@@ -72,6 +72,19 @@ pub fn handler(ctx: Context<InitCtx>, ix: InitIx) -> Result<()> {
         return Err(error!(ErrorCode::InvalidInvalidationType));
     }
 
+    if ix.kind == TokenManagerKind::Permissioned as u8 {
+        let mint = &ctx.accounts.mint;
+        let mint_key = mint.key();
+        let path = &[MINT_MANAGER_SEED.as_bytes(), mint_key.as_ref()];
+        let (mint_manager_key, _bump) = Pubkey::find_program_address(path, ctx.program_id);
+        if mint.mint_authority.is_none() || mint.mint_authority.unwrap() != mint_manager_key {
+            return Err(error!(ErrorCode::InvalidMintAuthority));
+        }
+        if mint.freeze_authority.is_none() || mint.freeze_authority.unwrap() != mint_manager_key {
+            return Err(error!(ErrorCode::InvalidFreezeAuthority));
+        }
+    }
+
     // Unamanged must use invalidate
     if ix.kind == TokenManagerKind::Unmanaged as u8 && ix.invalidation_type != InvalidationType::Invalidate as u8 {
         return Err(error!(ErrorCode::InvalidInvalidationType));

diff --git a/src/idl/cardinal_token_manager.ts b/src/idl/cardinal_token_manager.ts
@@ -1220,6 +1220,11 @@ export type CardinalTokenManager = {
       code: 6033;
       name: "InvalidInvalidationTypeKindMatch";
       msg: "Invalidation type is not allowed with this token manager kind";
+    },
+    {
+      code: 6034;
+      name: "InvalidMintAuthority";
+      msg: "Invalid Mint Authority";
     }
   ];
 };
@@ -2447,5 +2452,10 @@ export const IDL: CardinalTokenManager = {
       name: "InvalidInvalidationTypeKindMatch",
       msg: "Invalidation type is not allowed with this token manager kind",
     },
+    {
+      code: 6034,
+      name: "InvalidMintAuthority",
+      msg: "Invalid Mint Authority",
+    },
   ],
 };
diff --git a/src/transaction.ts b/src/transaction.ts
@@ -92,6 +92,27 @@ export const withIssueToken = async (
   }: IssueParameters,
   payer = wallet.publicKey
 ): Promise<[Transaction, PublicKey, Keypair | undefined]> => {
+  // create mint manager
+  if (
+    kind === TokenManagerKind.Managed ||
+    kind === TokenManagerKind.Permissioned
+  ) {
+    const [mintManagerIx, mintManagerId] =
+      await tokenManager.instruction.creatMintManager(
+        connection,
+        wallet,
+        mint,
+        payer
+      );
+
+    const mintManagerData = await tryGetAccount(() =>
+      tokenManager.accounts.getMintManager(connection, mintManagerId)
+    );
+    if (!mintManagerData) {
+      transaction.add(mintManagerIx);
+    }
+  }
+
   // init token manager
   const numInvalidator =
     (customInvalidators ? customInvalidators.length : 0) +
@@ -289,26 +310,6 @@ export const withIssueToken = async (
     }
   }
 
-  if (
-    kind === TokenManagerKind.Managed ||
-    kind === TokenManagerKind.Permissioned
-  ) {
-    const [mintManagerIx, mintManagerId] =
-      await tokenManager.instruction.creatMintManager(
-        connection,
-        wallet,
-        mint,
-        payer
-      );
-
-    const mintManagerData = await tryGetAccount(() =>
-      tokenManager.accounts.getMintManager(connection, mintManagerId)
-    );
-    if (!mintManagerData) {
-      transaction.add(mintManagerIx);
-    }
-  }
-
   // issuer
   const tokenManagerTokenAccountId = await withFindOrInitAssociatedTokenAccount(
     transaction,

diff --git a/tests/claimLinks.spec.ts b/tests/claimLinks.spec.ts
@@ -32,7 +32,7 @@ import { getProvider } from "./workspace";
 
 describe("Claim links", () => {
   const recipient = Keypair.generate();
-  const tokenCreator = Keypair.generate();
+  const user = Keypair.generate();
   let issuerTokenAccountId: PublicKey;
   let rentalMint: Token;
   let claimLink: string;
@@ -41,7 +41,7 @@ describe("Claim links", () => {
   before(async () => {
     const provider = getProvider();
     const airdropCreator = await provider.connection.requestAirdrop(
-      tokenCreator.publicKey,
+      user.publicKey,
       LAMPORTS_PER_SOL
     );
     await provider.connection.confirmTransaction(airdropCreator);
@@ -55,10 +55,10 @@ describe("Claim links", () => {
     // create rental mint
     [issuerTokenAccountId, rentalMint] = await createMint(
       provider.connection,
-      tokenCreator,
-      provider.wallet.publicKey,
+      user,
+      user.publicKey,
       1,
-      provider.wallet.publicKey
+      user.publicKey
     );
   });
 
@@ -67,7 +67,7 @@ describe("Claim links", () => {
     const [transaction, tokenManagerId, otp] = await withIssueToken(
       new Transaction(),
       provider.connection,
-      provider.wallet,
+      new SignerWallet(user),
       {
         mint: rentalMint.publicKey,
         issuerTokenAccountId,
@@ -80,7 +80,7 @@ describe("Claim links", () => {
     const txEnvelope = new TransactionEnvelope(
       SolanaProvider.init({
         connection: provider.connection,
-        wallet: provider.wallet,
+        wallet: new SignerWallet(user),
         opts: provider.opts,
       }),
       [...transaction.instructions]
@@ -100,9 +100,7 @@ describe("Claim links", () => {
     expect(tokenManagerData.parsed.amount.toNumber()).to.eq(1);
     expect(tokenManagerData.parsed.mint).to.eqAddress(rentalMint.publicKey);
     expect(tokenManagerData.parsed.invalidators).length.greaterThanOrEqual(0);
-    expect(tokenManagerData.parsed.issuer).to.eqAddress(
-      provider.wallet.publicKey
-    );
+    expect(tokenManagerData.parsed.issuer).to.eqAddress(user.publicKey);
     expect(tokenManagerData.parsed.claimApprover).to.eqAddress(otp!.publicKey);
 
     const checkIssuerTokenAccount = await rentalMint.getAccountInfo(

diff --git a/tests/claimLinksInvalidate.spec.ts b/tests/claimLinksInvalidate.spec.ts
@@ -27,7 +27,7 @@ import { getProvider } from "./workspace";
 
 describe("Claim links invalidate", () => {
   const recipient = Keypair.generate();
-  const tokenCreator = Keypair.generate();
+  const user = Keypair.generate();
   let issuerTokenAccountId: PublicKey;
   let rentalMint: Token;
   let claimLink: string;
@@ -36,7 +36,7 @@ describe("Claim links invalidate", () => {
   before(async () => {
     const provider = getProvider();
     const airdropCreator = await provider.connection.requestAirdrop(
-      tokenCreator.publicKey,
+      user.publicKey,
       LAMPORTS_PER_SOL
     );
     await provider.connection.confirmTransaction(airdropCreator);
@@ -50,18 +50,18 @@ describe("Claim links invalidate", () => {
     // create rental mint
     [issuerTokenAccountId, rentalMint] = await createMint(
       provider.connection,
-      tokenCreator,
-      provider.wallet.publicKey,
+      user,
+      user.publicKey,
       1,
-      provider.wallet.publicKey
+      user.publicKey
     );
   });
 
   it("Create link", async () => {
     const provider = getProvider();
     const [transaction, tokenManagerId, otp] = await claimLinks.issueToken(
       provider.connection,
-      provider.wallet,
+      new SignerWallet(user),
       {
         mint: rentalMint.publicKey,
         issuerTokenAccountId,
@@ -74,7 +74,7 @@ describe("Claim links invalidate", () => {
     const txEnvelope = new TransactionEnvelope(
       SolanaProvider.init({
         connection: provider.connection,
-        wallet: provider.wallet,
+        wallet: new SignerWallet(user),
         opts: provider.opts,
       }),
       [...transaction.instructions]
@@ -94,9 +94,7 @@ describe("Claim links invalidate", () => {
     expect(tokenManagerData.parsed.amount.toNumber()).to.eq(1);
     expect(tokenManagerData.parsed.mint).to.eqAddress(rentalMint.publicKey);
     expect(tokenManagerData.parsed.invalidators).length.greaterThanOrEqual(0);
-    expect(tokenManagerData.parsed.issuer).to.eqAddress(
-      provider.wallet.publicKey
-    );
+    expect(tokenManagerData.parsed.issuer).to.eqAddress(user.publicKey);
     expect(tokenManagerData.parsed.claimApprover).to.eqAddress(otp.publicKey);
 
     const checkIssuerTokenAccount = await rentalMint.getAccountInfo(

diff --git a/tests/createAndExtendPartialRental.spec.ts b/tests/createAndExtendPartialRental.spec.ts
@@ -22,7 +22,7 @@ describe("Create and Extend Rental", () => {
   const EXTENSION_DURATION = 1000;
   const RENTAL_PAYMENT_AMONT = 10;
   const recipient = Keypair.generate();
-  const tokenCreator = Keypair.generate();
+  const user = Keypair.generate();
   let recipientPaymentTokenAccountId: PublicKey;
   let issuerTokenAccountId: PublicKey;
   let paymentMint: Token;
@@ -32,7 +32,7 @@ describe("Create and Extend Rental", () => {
   before(async () => {
     const provider = getProvider();
     const airdropCreator = await provider.connection.requestAirdrop(
-      tokenCreator.publicKey,
+      user.publicKey,
       LAMPORTS_PER_SOL
     );
     await provider.connection.confirmTransaction(airdropCreator);
@@ -46,26 +46,26 @@ describe("Create and Extend Rental", () => {
     // create payment mint
     [recipientPaymentTokenAccountId, paymentMint] = await createMint(
       provider.connection,
-      tokenCreator,
+      user,
       recipient.publicKey,
       RECIPIENT_START_PAYMENT_AMOUNT
     );
 
     // create rental mint
     [issuerTokenAccountId, rentalMint] = await createMint(
       provider.connection,
-      tokenCreator,
-      provider.wallet.publicKey,
+      user,
+      user.publicKey,
       1,
-      provider.wallet.publicKey
+      user.publicKey
     );
   });
 
   it("Create rental", async () => {
     const provider = getProvider();
     const [transaction, tokenManagerId] = await rentals.createRental(
       provider.connection,
-      provider.wallet,
+      new SignerWallet(user),
       {
         claimPayment: {
           paymentAmount: RENTAL_PAYMENT_AMONT,
@@ -88,7 +88,7 @@ describe("Create and Extend Rental", () => {
     const txEnvelope = new TransactionEnvelope(
       SolanaProvider.init({
         connection: provider.connection,
-        wallet: provider.wallet,
+        wallet: new SignerWallet(user),
         opts: provider.opts,
       }),
       [...transaction.instructions]
@@ -106,9 +106,7 @@ describe("Create and Extend Rental", () => {
     expect(tokenManagerData.parsed.amount.toNumber()).to.eq(1);
     expect(tokenManagerData.parsed.mint).to.eqAddress(rentalMint.publicKey);
     expect(tokenManagerData.parsed.invalidators).length.greaterThanOrEqual(1);
-    expect(tokenManagerData.parsed.issuer).to.eqAddress(
-      provider.wallet.publicKey
-    );
+    expect(tokenManagerData.parsed.issuer).to.eqAddress(user.publicKey);
 
     const checkIssuerTokenAccount = await rentalMint.getAccountInfo(
       issuerTokenAccountId
@@ -118,7 +116,7 @@ describe("Create and Extend Rental", () => {
     // check receipt-index
     const tokenManagers = await tokenManager.accounts.getTokenManagersForIssuer(
       provider.connection,
-      provider.wallet.publicKey
+      user.publicKey
     );
     expect(tokenManagers.map((i) => i.pubkey.toString())).to.include(
       tokenManagerId.toString()