(window.webpackJsonp=window.webpackJsonp||[]).push([[19],{412:function(t,a,s){"use strict";s.r(a);varn=s(29),e=Object(n.a)({},(function(){vart=this,a=t.$createElement,s=t._self._c||a;returns("ContentSlotsDistributor",{attrs:{"slot-key":t.$parent.slotKey}},[s("h1",{attrs:{id:"account-constraints-and-access-control"}},[s("a",{staticClass:"header-anchor",attrs:{href:"#account-constraints-and-access-control"}},[t._v("#")]),t._v(" Account Constraints and Access Control")]),t._v(" "),s("p",[t._v("This tutorial covers how to specify constraints and access control on accounts, a problem\nsomewhat unique to the parallel nature of Solana.")]),t._v(" "),s("p",[t._v("On Solana, a transaction must specify all accounts required for execution. And because an untrusted client specifies those accounts, a program must responsibly validate all such accounts are what the client claims they are--in addition to any instruction specific access control the program needs to do.")]),t._v(" "),s("p",[t._v("For example, you could imagine easily writing a faulty token program that forgets to check if the "),s("strong",[t._v("signer")]),t._v(" of a transaction claiming to be the "),s("strong",[t._v("owner")]),t._v(" of a Token "),s("code",[t._v("Account")]),t._v(" actually matches the "),s("strong",[t._v("owner")]),t._v(" on that account. Furthermore, imagine what might happen if the program expects a "),s("code",[t._v("Mint")]),t._v(" account but a malicious user gives a token "),s("code",[t._v("Account")]),t._v(".")]),t._v(" "),s("p",[t._v("To address these problems, Anchor provides several types, traits, and macros. It's easiest to understand by seeing how they're used in an example, but a couple include")]),t._v(" "),s("ul",[s("li",[s("a",{attrs:{href:"https://docs.rs/anchor-lang/latest/anchor_lang/derive.Accounts.html",target:"_blank",rel:"noopener noreferrer"}},[t._v("Accounts"),s("OutboundLink")],1),t._v(": derive macro implementing the "),s("code",[t._v("Accounts")]),t._v(" "),s("a",{attrs:{href:"https://docs.rs/anchor-lang/latest/anchor_lang/trait.Accounts.html",target:"_blank",rel:"noopener noreferrer"}},[t._v("trait"),s("OutboundLink")],1),t._v(", allowing a struct to transform\nfrom the untrusted "),s("code",[t._v("&[AccountInfo]")]),t._v(" slice given to a Solana program into a validated struct\nof deserialized account types.")]),t._v(" "),s("li",[s("a",{attrs:{href:"https://docs.rs/anchor-lang/latest/anchor_lang/attr.account.html",target:"_blank",rel:"noopener noreferrer"}},[t._v("#[account]"),s("OutboundLink")],1),t._v(": attribute macro implementing "),s("a",{attrs:{href:"https://docs.rs/anchor-lang/latest/anchor_lang/trait.AccountSerialize.html",target:"_blank",rel:"noopener noreferrer"}},[t._v("AccountSerialize"),s("OutboundLink")],1),t._v(" and "),s("a",{attrs:{href:"https://docs.rs/anchor-lang/latest/anchor_lang/trait.AnchorDeserialize.html",target:"_blank",rel:"noopener noreferrer"}},[t._v("AccountDeserialize"),s("OutboundLink")],1),t._v(", automatically prepending a unique 8 byte discriminator to the account array. The discriminator is defined by the first 8 bytes of the "),s("code",[t._v("Sha256")]),t._v(" hash of the account's Rust identifier--i.e., the struct type name--and ensures no account can be substituted for another.")]),t._v(" "),s("li",[s("a",{attrs:{href:"https://docs.rs/anchor-lang/latest/anchor_lang/accounts/account/struct.Account.html",target:"_blank",rel:"noopener noreferrer"}},[t._v("Account"),s("OutboundLink")],1),t._v(": a wrapper type for a deserialized account implementing "),s("code",[t._v("AccountDeserialize")]),t._v(". Using this type within an "),s("code",[t._v("Accounts")]),t._v(" struct will ensure the account is "),s("strong",[t._v("owned")]),t._v(" by the address defined by "),s("code",[t._v("declare_id!")]),t._v(" where the inner account was defined.")])]),t._v(" "),s("p",[t._v("With the above, we can define preconditions for any instruction handler expecting a certain set of\naccounts, allowing us to more easily reason about the security of our programs.")]),t._v(" "),s("h2",{attrs:{id:"clone-
