-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add: allow withdraw SOL to PDA #37
base: main
Are you sure you want to change the base?
Conversation
so that it matches deposit instruction.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #37 +/- ##
=====================================
Coverage 8.60% 8.60%
=====================================
Files 1 1
Lines 244 244
=====================================
Hits 21 21
Misses 223 223 ☔ View full report in Codecov by Sentry. |
81ffb7c
to
0d81e93
Compare
@@ -350,8 +350,9 @@ pub struct Withdraw<'info> { | |||
|
|||
#[account(mut)] | |||
pub pda: Account<'info, Pda>, | |||
/// CHECK: to account is not read so it's not dangerous |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there a way to expand this comment a bit? account is still marked as mutable, and writing to unchecked accounts (which doesnt check owner of account) seems more dangerous than reading
maybe we can add explanation why writing to it is not dangerous, but up to you if it makes sense
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i'll keep it simple in the comment, but expand here:
Account<'info, T>
is an Anchor convenient struct that automatically does "ownership" check, which UncheckedAccount
explicitly does not.
Ownership is usually critical because these accounts are completely supplied by user (tx builder) and
could be anything. The onwership validation makes sure the user supplied the correct account.
For example, in the above pub pda: Account<'info, Pda>
, Anchor does ownership check
Account. info. owner == T::owner()
, which checks whether the supplied PDA account is in fact
owned by the current program (i.e. created by the current program). This is crucial otherwise
the program would be directed to read any user supplied potential malicious PDA account.
For the to
field, obviously we don't care who its owner is because we don't read it. Whatever
tx builder tells us to send to, we happily send to. In this case Anchor requires program to explicit
exempt ownership checking by the UncheckedAccount
struct and also the comment ///CHECK
.
Co-authored-by: skosito <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree on adding more context in the comment as well
closes #28
tested by
anchor test