Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lang: fix missing ATA owner check #1240

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ incremented for features.

### Fixes

* lang: Add missing owner check when `associated_token::authority` is used ([#1240](https://github.com/project-serum/anchor/pull/1240)).
* ts: Add type declarations for conditional `workspace` and `Wallet` exports ([#1137](https://github.com/project-serum/anchor/pull/1137)).
* ts: Change commitment message `recent` to `processed` and `max` to `finalized` ([#1128](https://github.com/project-serum/anchor/pull/1128))
* ts: fix `translateAddress` which currently leads to failing browser code. Now uses `PublicKey` constructor instead of prototype chain constructor name checking which doesn't work in the presence of code minifying/mangling([#1138](https://github.com/project-serum/anchor/pull/1138))
Expand Down
3 changes: 3 additions & 0 deletions lang/syn/src/codegen/accounts/constraints.rs
Original file line number Diff line number Diff line change
Expand Up @@ -395,6 +395,9 @@ fn generate_constraint_associated_token(
let wallet_address = &c.wallet;
let spl_token_mint_address = &c.mint;
quote! {
if #name.owner != #wallet_address.key() {
return Err(anchor_lang::__private::ErrorCode::ConstraintTokenOwner.into());
}
let __associated_token_address = anchor_spl::associated_token::get_associated_token_address(&#wallet_address.key(), &#spl_token_mint_address.key());
if #name.to_account_info().key != &__associated_token_address {
return Err(anchor_lang::__private::ErrorCode::ConstraintAssociated.into());
Expand Down
158 changes: 105 additions & 53 deletions tests/misc/tests/misc.js
Original file line number Diff line number Diff line change
Expand Up @@ -614,65 +614,117 @@ describe("misc", () => {
assert.equal(account2.idata, 3);
});

let associatedToken = null;

it("Can create an associated token account", async () => {
associatedToken = await Token.getAssociatedTokenAddress(
ASSOCIATED_TOKEN_PROGRAM_ID,
TOKEN_PROGRAM_ID,
mint.publicKey,
program.provider.wallet.publicKey
describe("associated_token constraints", () => {
let associatedToken = null;
// apparently cannot await here so doing it in the 'it' statements
let client = Token.createMint(
program.provider.connection,
program.provider.wallet.payer,
program.provider.wallet.publicKey,
program.provider.wallet.publicKey,
9,
TOKEN_PROGRAM_ID
);

await program.rpc.testInitAssociatedToken({
accounts: {
token: associatedToken,
mint: mint.publicKey,
payer: program.provider.wallet.publicKey,
rent: anchor.web3.SYSVAR_RENT_PUBKEY,
systemProgram: anchor.web3.SystemProgram.programId,
tokenProgram: TOKEN_PROGRAM_ID,
associatedTokenProgram: ASSOCIATED_TOKEN_PROGRAM_ID,
},
it("Can create an associated token account", async () => {
const localClient = await client;
associatedToken = await Token.getAssociatedTokenAddress(
ASSOCIATED_TOKEN_PROGRAM_ID,
TOKEN_PROGRAM_ID,
localClient.publicKey,
program.provider.wallet.publicKey
);

await program.rpc.testInitAssociatedToken({
accounts: {
token: associatedToken,
mint: localClient.publicKey,
payer: program.provider.wallet.publicKey,
rent: anchor.web3.SYSVAR_RENT_PUBKEY,
systemProgram: anchor.web3.SystemProgram.programId,
tokenProgram: TOKEN_PROGRAM_ID,
associatedTokenProgram: ASSOCIATED_TOKEN_PROGRAM_ID,
},
});

const account = await localClient.getAccountInfo(associatedToken);
assert.ok(account.state === 1);
assert.ok(account.amount.toNumber() === 0);
assert.ok(account.isInitialized);
assert.ok(account.owner.equals(program.provider.wallet.publicKey));
assert.ok(account.mint.equals(localClient.publicKey));
});
const client = new Token(
program.provider.connection,
mint.publicKey,
TOKEN_PROGRAM_ID,
program.provider.wallet.payer
);
const account = await client.getAccountInfo(associatedToken);
assert.ok(account.state === 1);
assert.ok(account.amount.toNumber() === 0);
assert.ok(account.isInitialized);
assert.ok(account.owner.equals(program.provider.wallet.publicKey));
assert.ok(account.mint.equals(mint.publicKey));
});

it("Can validate associated_token constraints", async () => {
await program.rpc.testValidateAssociatedToken({
accounts: {
token: associatedToken,
mint: mint.publicKey,
wallet: program.provider.wallet.publicKey,
},
it("Can validate associated_token constraints", async () => {
const localClient = await client;
await program.rpc.testValidateAssociatedToken({
accounts: {
token: associatedToken,
mint: localClient.publicKey,
wallet: program.provider.wallet.publicKey,
},
});

let otherMint = await Token.createMint(
program.provider.connection,
program.provider.wallet.payer,
program.provider.wallet.publicKey,
program.provider.wallet.publicKey,
9,
TOKEN_PROGRAM_ID
);

await assert.rejects(
async () => {
await program.rpc.testValidateAssociatedToken({
accounts: {
token: associatedToken,
mint: otherMint.publicKey,
wallet: program.provider.wallet.publicKey,
},
});
},
(err) => {
assert.equal(err.code, 2009);
return true;
}
);
});

await assert.rejects(
async () => {
await program.rpc.testValidateAssociatedToken({
accounts: {
token: associatedToken,
mint: mint.publicKey,
wallet: anchor.web3.Keypair.generate().publicKey,
},
});
},
(err) => {
assert.equal(err.code, 2009);
return true;
}
);
it("associated_token constraints check do not allow authority change", async () => {
const localClient = await client;
await program.rpc.testValidateAssociatedToken({
accounts: {
token: associatedToken,
mint: localClient.publicKey,
wallet: program.provider.wallet.publicKey,
},
});

await localClient.setAuthority(
associatedToken,
anchor.web3.Keypair.generate().publicKey,
"AccountOwner",
program.provider.wallet.payer,
[]
);

await assert.rejects(
async () => {
await program.rpc.testValidateAssociatedToken({
accounts: {
token: associatedToken,
mint: localClient.publicKey,
wallet: program.provider.wallet.publicKey,
},
});
},
(err) => {
assert.equal(err.code, 2015);
return true;
}
);
});
});

it("Can fetch all accounts of a given type", async () => {
Expand Down