Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add: allow withdraw SOL to PDA #37

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

add: allow withdraw SOL to PDA #37

wants to merge 12 commits into from
+3 −11

Conversation

brewmaster012
Copy link
Contributor

@brewmaster012 brewmaster012 commented Oct 3, 2024
edited
Loading

closes #28

tested by anchor test

@codecov-commenter
Copy link

codecov-commenter commented Oct 3, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 8.60%. Comparing base (98bd5c3) to head (7ca038b).

Additional details and impacted files 
@@          Coverage Diff          @@
##            main     #37   +/-   ##
=====================================
  Coverage   8.60%   8.60%           
=====================================
  Files          1       1           
  Lines        244     244           
=====================================
  Hits          21      21           
  Misses       223     223

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@brewmaster012 brewmaster012 marked this pull request as ready for review October 3, 2024 22:03
skosito
skosito approved these changes Oct 3, 2024
View reviewed changes
tests/protocol-contracts-solana.ts Outdated Show resolved Hide resolved
programs/protocol-contracts-solana/src/lib.rs
@@ -350,8 +350,9 @@ pub struct Withdraw<'info> {

#[account(mut)]
pub pda: Account<'info, Pda>,
/// CHECK: to account is not read so it's not dangerous
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a way to expand this comment a bit? account is still marked as mutable, and writing to unchecked accounts (which doesnt check owner of account) seems more dangerous than reading

maybe we can add explanation why writing to it is not dangerous, but up to you if it makes sense

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i'll keep it simple in the comment, but expand here:

Account<'info, T> is an Anchor convenient struct that automatically does "ownership" check, which UncheckedAccount explicitly does not.

Ownership is usually critical because these accounts are completely supplied by user (tx builder) and
could be anything. The onwership validation makes sure the user supplied the correct account.
For example, in the above pub pda: Account<'info, Pda>, Anchor does ownership check
Account. info. owner == T::owner(), which checks whether the supplied PDA account is in fact
owned by the current program (i.e. created by the current program). This is crucial otherwise
the program would be directed to read any user supplied potential malicious PDA account.

For the to field, obviously we don't care who its owner is because we don't read it. Whatever
tx builder tells us to send to, we happily send to. In this case Anchor requires program to explicit
exempt ownership checking by the UncheckedAccount struct and also the comment ///CHECK.

lumtis
lumtis reviewed Oct 4, 2024
View reviewed changes
Copy link
Member

@lumtis lumtis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree on adding more context in the comment as well

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lumtis lumtis lumtis left review comments

@fbac fbac fbac approved these changes

@skosito skosito skosito approved these changes

@ws4charlie ws4charlie Awaiting requested review from ws4charlie ws4charlie is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

add: withdraw SOL to contract/program PDA
5 participants
@brewmaster012 @codecov-commenter @lumtis @fbac @skosito