feat: add validator whitelisting (#39)

* feat: add validator whitelisting

* chore: code refactoring

* chore: code refactoring

Author: GabrielePicco

README.md

@@ -58,3 +58,9 @@ or:
 ```
 cd tests/integration && anchor test
 ```
+
+## Build for Mainnet
+
+```
+RUSTFLAGS="--cfg mainnet" cargo build-sbf
+```

src/consts_whitelist.rs

@@ -0,0 +1,43 @@
+/// Whitelisted identities
+/// TODO: Hardcoded for now, should use a dynamic list
+use solana_program::pubkey;
+use solana_program::pubkey::Pubkey;
+
+use std::collections::HashMap;
+
+#[cfg(not(mainnet))]
+const WHITELISTED_IDENTITIES: &[(Pubkey, Vec<Pubkey>)] = &[
+    (
+        pubkey!("mAGicPQYBMvcYveUZA5F5UNNwyHvfYh5xkLS2Fr1mev"),
+        vec![],
+    ),
+    (
+        pubkey!("zbitnhqG6MLu3E6XBJGEd7WarnKDeqzriB14hr74Fjb"),
+        vec![],
+    ),
+    (
+        pubkey!("sups7xRrKcWsVoGEsuoYp7o4dAdwDPEMpHH1sxYKEm4"),
+        vec![],
+    ),
+    (
+        pubkey!("tEsT3eV6RFCWs1BZ7AXTzasHqTtMnMLCB2tjQ42TDXD"),
+        vec![],
+    ),
+];
+
+#[cfg(mainnet)]
+const WHITELISTED_IDENTITIES: &[(Pubkey, Vec<Pubkey>)] = &[
+    (
+        pubkey!("zbitnhqG6MLu3E6XBJGEd7WarnKDeqzriB14hr74Fjb"),
+        vec![],
+    ),
+    (
+        pubkey!("sups7xRrKcWsVoGEsuoYp7o4dAdwDPEMpHH1sxYKEm4"),
+        vec![],
+    ),
+];
+
+/// Get the whitelisted identities
+pub fn get_whitelisted_identities() -> HashMap<Pubkey, Vec<Pubkey>> {
+    WHITELISTED_IDENTITIES.iter().cloned().collect()
+}

src/error.rs

@@ -11,6 +11,12 @@ pub enum DlpError {
         "Account cannot be undelegated, is_delegatable is false and valid_until isn't reached"
     )]
     Undelegatable = 1,
+    #[error("Invalid Authority for the current target program")]
+    InvalidAuthorityForProgram = 2,
+    #[error("Delegated account does not match the expected account")]
+    InvalidDelegatedAccount = 3,
+    #[error("Reimbursement account does not match the expected account")]
+    InvalidReimbursementAccount = 4,
 }
 
 impl From<DlpError> for ProgramError {

src/lib.rs

@@ -7,6 +7,7 @@ use instruction::*;
 use processor::*;
 
 pub mod consts;
+pub mod consts_whitelist;
 pub mod error;
 pub mod instruction;
 mod loaders;
@@ -15,6 +16,7 @@ mod processor;
 pub mod state;
 pub mod utils;
 pub mod utils_account;
+pub mod verify_commitment;
 pub mod verify_state;
 
 declare_id!("DELeGGvXpWV2fqJUhqcF5ZSYMS4JTLjteaAMARRSaeSh");

src/processor/commit_state.rs

@@ -5,17 +5,17 @@ use solana_program::program_error::ProgramError;
 use solana_program::{
     account_info::AccountInfo,
     entrypoint::ProgramResult,
-    msg,
     pubkey::Pubkey,
     {self},
 };
 
 use crate::consts::{COMMIT_RECORD, COMMIT_STATE, DELEGATION_METADATA, DELEGATION_RECORD};
 use crate::instruction::CommitAccountArgs;
 use crate::loaders::{load_initialized_pda, load_owned_pda, load_signer, load_uninitialized_pda};
-use crate::state::{CommitRecord, DelegationMetadata};
+use crate::state::{CommitRecord, DelegationMetadata, DelegationRecord};
 use crate::utils::create_pda;
 use crate::utils_account::{AccountDeserialize, Discriminator};
+use crate::verify_commitment::verify_commitment;
 
 /// Commit a new state of a delegated Pda
 ///
@@ -30,7 +30,6 @@ pub fn process_commit_state(
     accounts: &[AccountInfo],
     data: &[u8],
 ) -> ProgramResult {
-    msg!("Processing CommitState");
     let args = CommitAccountArgs::try_from_slice(data)?;
     let data: &[u8] = args.data.as_ref();
 
@@ -57,6 +56,11 @@ pub fn process_commit_state(
         &crate::id(),
         true,
     )?;
+
+    // Load delegation record
+    let mut delegation_data = delegation_record.try_borrow_mut_data()?;
+    let delegation = DelegationRecord::try_from_bytes_mut(&mut delegation_data)?;
+
     let mut delegation_metadata_data = delegation_metadata.try_borrow_mut_data()?;
     let mut delegation_metadata = DelegationMetadata::try_from_slice(&delegation_metadata_data)?;
 
@@ -114,5 +118,7 @@ pub fn process_commit_state(
     let mut buffer_data = commit_state_account.try_borrow_mut_data()?;
     (*buffer_data).copy_from_slice(data);
 
+    verify_commitment(authority, delegation, commit_record, commit_state_account)?;
+
     Ok(())
 }

src/processor/finalize.rs

@@ -1,11 +1,11 @@
+use crate::error::DlpError;
 use borsh::{BorshDeserialize, BorshSerialize};
 use solana_program::program_error::ProgramError;
 use solana_program::rent::Rent;
 use solana_program::sysvar::Sysvar;
 use solana_program::{
     account_info::AccountInfo,
     entrypoint::ProgramResult,
-    msg,
     pubkey::Pubkey,
     system_program, {self},
 };
@@ -30,13 +30,13 @@ pub fn process_finalize(
     accounts: &[AccountInfo],
     _data: &[u8],
 ) -> ProgramResult {
-    let [payer, delegated_account, committed_state_account, committed_state_record, delegation_record, delegation_metadata, reimbursement, system_program] =
+    let [authority, delegated_account, committed_state_account, committed_state_record, delegation_record, delegation_metadata, reimbursement, system_program] =
         accounts
     else {
         return Err(ProgramError::NotEnoughAccountKeys);
     };
 
-    load_signer(payer)?;
+    load_signer(authority)?;
     load_owned_pda(delegated_account, &crate::id())?;
     load_owned_pda(committed_state_account, &crate::id())?;
     load_owned_pda(committed_state_record, &crate::id())?;
@@ -56,16 +56,19 @@ pub fn process_finalize(
     let commit_record_data = committed_state_record.try_borrow_data()?;
     let commit_record = CommitRecord::try_from_bytes(&commit_record_data)?;
 
-    verify_state(delegation, commit_record, committed_state_account)?;
+    verify_state(
+        authority,
+        delegation,
+        commit_record,
+        committed_state_account,
+    )?;
 
     if !commit_record.account.eq(delegated_account.key) {
-        msg!("Delegated account does not match the expected account");
-        return Err(ProgramError::InvalidAccountData);
+        return Err(DlpError::InvalidDelegatedAccount.into());
     }
 
     if !commit_record.identity.eq(reimbursement.key) {
-        msg!("Reimbursement account does not match the expected account");
-        return Err(ProgramError::InvalidAccountData);
+        return Err(DlpError::InvalidReimbursementAccount.into());
     }
 
     let new_data = committed_state_account.try_borrow_data()?;

src/processor/undelegate.rs

@@ -15,6 +15,7 @@ use crate::loaders::{load_owned_pda, load_program, load_signer, load_uninitializ
 use crate::state::{CommitRecord, DelegationMetadata, DelegationRecord};
 use crate::utils::{close_pda, create_pda, ValidateEdwards};
 use crate::utils_account::AccountDeserialize;
+use crate::verify_state::verify_state;
 use solana_program::sysvar::Sysvar;
 
 /// Undelegate a delegated Pda
@@ -38,13 +39,13 @@ pub fn process_undelegate(
     accounts: &[AccountInfo],
     _data: &[u8],
 ) -> ProgramResult {
-    let [payer, delegated_account, owner_program, buffer, committed_state_account, committed_state_record, delegation_record, delegation_metadata, reimbursement, system_program] =
+    let [authority, delegated_account, owner_program, buffer, committed_state_account, committed_state_record, delegation_record, delegation_metadata, reimbursement, system_program] =
         accounts
     else {
         return Err(ProgramError::NotEnoughAccountKeys);
     };
 
-    load_signer(payer)?;
+    load_signer(authority)?;
     load_owned_pda(delegated_account, &crate::id())?;
     load_owned_pda(delegation_record, &crate::id())?;
     load_owned_pda(delegation_metadata, &crate::id())?;
@@ -83,6 +84,16 @@ pub fn process_undelegate(
         None
     };
 
+    // If there is a committed state, verify the state
+    if commit_record.is_some() {
+        verify_state(
+            authority,
+            delegation,
+            commit_record.unwrap(),
+            committed_state_account,
+        )?;
+    }
+
     // Load delegated account metadata
     let metadata = DelegationMetadata::deserialize(&mut &**delegation_metadata.data.borrow())?;
 
@@ -108,7 +119,7 @@ pub fn process_undelegate(
         },
         &[BUFFER, &delegated_account.key.to_bytes(), &[buffer_bump]],
         system_program,
-        payer,
+        authority,
     )?;
 
     if !delegation.owner.eq(owner_program.key) {
@@ -146,7 +157,7 @@ pub fn process_undelegate(
         let signer_seeds: &[&[&[u8]]] =
             &[&[BUFFER, &delegated_account.key.to_bytes(), &[buffer_bump]]];
         cpi_external_undelegate(
-            payer,
+            authority,
             delegated_account,
             buffer,
             system_program,
@@ -171,7 +182,7 @@ pub fn process_undelegate(
     close_pda(committed_state_record, reimbursement)?;
     close_pda(delegation_record, reimbursement)?;
     close_pda(committed_state_account, reimbursement)?;
-    close_pda(buffer, payer)?;
+    close_pda(buffer, authority)?;
     Ok(())
 }
 

src/verify_commitment.rs

@@ -0,0 +1,20 @@
+use solana_program::account_info::AccountInfo;
+use solana_program::entrypoint::ProgramResult;
+
+use crate::state::{CommitRecord, DelegationRecord};
+use crate::verify_state::verify_state;
+
+/// Verify the committed state
+pub(crate) fn verify_commitment(
+    authority: &AccountInfo,
+    delegation_record: &DelegationRecord,
+    committed_record: &CommitRecord,
+    committed_state: &AccountInfo,
+) -> ProgramResult {
+    verify_state(
+        authority,
+        delegation_record,
+        committed_record,
+        committed_state,
+    )
+}

src/verify_state.rs

@@ -1,14 +1,26 @@
+// TODO: Temporary whitelist check. Add the logic to check the state diff, Authority and/or Fraud proofs
+
+use crate::consts_whitelist::get_whitelisted_identities;
+use crate::error::DlpError;
 use crate::state::{CommitRecord, DelegationRecord};
 use solana_program::account_info::AccountInfo;
 use solana_program::entrypoint::ProgramResult;
+use solana_program::pubkey::Pubkey;
 
 /// Verify the committed state
 #[inline(always)]
 pub(crate) fn verify_state(
-    _delegation_record: &DelegationRecord,
-    _committed_state: &CommitRecord,
-    _new_state: &AccountInfo,
+    authority: &AccountInfo,
+    delegation_record: &DelegationRecord,
+    _committed_record: &CommitRecord,
+    _committed_state: &AccountInfo,
 ) -> ProgramResult {
-    // TODO: Add the logic to check the state diff, Authority and/or Fraud proofs
+    let whitelisted_identities = get_whitelisted_identities();
+    let allowed_programs: &Vec<Pubkey> = whitelisted_identities
+        .get(authority.key)
+        .ok_or(DlpError::InvalidAuthority)?;
+    if !allowed_programs.is_empty() && !allowed_programs.contains(&delegation_record.owner) {
+        return Err(DlpError::InvalidAuthorityForProgram.into());
+    }
     Ok(())
 }

tests/fixtures/accounts.rs

@@ -70,3 +70,11 @@ pub const ON_CURVE_ACCOUNT_BYTES: [u8; 64] = [
     241, 163, 185, 198, 228, 172, 200, 220, 225, 192, 149, 94, 106, 209, 65, 79, 210, 54, 191, 49,
     115, 159,
 ];
+
+#[allow(dead_code)]
+pub const TEST_AUTHORITY: [u8; 64] = [
+    251, 62, 129, 184, 107, 49, 62, 184, 1, 147, 178, 128, 185, 157, 247, 92, 56, 158, 145, 53, 51,
+    226, 202, 96, 178, 248, 195, 133, 133, 237, 237, 146, 13, 32, 77, 204, 244, 56, 166, 172, 66,
+    113, 150, 218, 112, 42, 110, 181, 98, 158, 222, 194, 130, 93, 175, 100, 190, 106, 9, 69, 156,
+    80, 96, 72,
+];

tests/integration/Anchor.toml

@@ -12,7 +12,7 @@ url = "https://api.apr.dev"
 
 [provider]
 cluster = "Localnet"
-wallet = "~/.config/solana/id.json"
+wallet = "./tests/fixtures/provider.json"
 
 [workspace]
 members = ["programs/*"]

tests/integration/tests/fixtures/provider.json

@@ -0,0 +1 @@
+[251,62,129,184,107,49,62,184,1,147,178,128,185,157,247,92,56,158,145,53,51,226,202,96,178,248,195,133,133,237,237,146,13,32,77,204,244,56,166,172,66,113,150,218,112,42,110,181,98,158,222,194,130,93,175,100,190,106,9,69,156,80,96,72]