Prevent swap accounts being used as user accounts (#719)

This commit is contained in:
Justin Starry 2020-10-26 18:17:47 +08:00 committed by GitHub
parent c57018fbc2
commit a6cfc590e1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 166 additions and 22 deletions

26
Cargo.lock generated
View File

@ -623,19 +623,6 @@ dependencies = [
"subtle 2.2.3",
]
[[package]]
name = "curve25519-dalek"
version = "2.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5d85653f070353a16313d0046f173f70d1aadd5b42600a14de626f0dfb3473a5"
dependencies = [
"byteorder",
"digest 0.8.1",
"rand_core",
"subtle 2.2.3",
"zeroize",
]
[[package]]
name = "curve25519-dalek"
version = "2.1.0"
@ -650,6 +637,19 @@ dependencies = [
"zeroize",
]
[[package]]
name = "curve25519-dalek"
version = "2.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5d85653f070353a16313d0046f173f70d1aadd5b42600a14de626f0dfb3473a5"
dependencies = [
"byteorder",
"digest 0.8.1",
"rand_core",
"subtle 2.2.3",
"zeroize",
]
[[package]]
name = "derivative"
version = "2.1.1"

View File

@ -266,6 +266,12 @@ impl Processor {
if *swap_source_info.key == *swap_destination_info.key {
return Err(SwapError::InvalidInput.into());
}
if swap_source_info.key == source_info.key {
return Err(SwapError::InvalidInput.into());
}
if swap_destination_info.key == destination_info.key {
return Err(SwapError::InvalidInput.into());
}
if *pool_mint_info.key != token_swap.pool_mint {
return Err(SwapError::IncorrectPoolMint.into());
}
@ -362,6 +368,12 @@ impl Processor {
if *pool_mint_info.key != token_swap.pool_mint {
return Err(SwapError::IncorrectPoolMint.into());
}
if token_a_info.key == source_a_info.key {
return Err(SwapError::InvalidInput.into());
}
if token_b_info.key == source_b_info.key {
return Err(SwapError::InvalidInput.into());
}
let token_a = Self::unpack_token_account(&token_a_info.data.borrow())?;
let token_b = Self::unpack_token_account(&token_b_info.data.borrow())?;
@ -449,6 +461,12 @@ impl Processor {
if *pool_fee_account_info.key != token_swap.pool_fee_account {
return Err(SwapError::IncorrectFeeAccount.into());
}
if token_a_info.key == dest_token_a_info.key {
return Err(SwapError::InvalidInput.into());
}
if token_b_info.key == dest_token_b_info.key {
return Err(SwapError::InvalidInput.into());
}
let token_a = Self::unpack_token_account(&token_a_info.data.borrow())?;
let token_b = Self::unpack_token_account(&token_b_info.data.borrow())?;
@ -1071,7 +1089,7 @@ mod tests {
)
.unwrap();
// withraw token a and b correctly
// withdraw token a and b correctly
do_process_instruction(
withdraw(
&SWAP_PROGRAM_ID,
@ -2215,12 +2233,12 @@ mod tests {
Err(SwapError::ZeroTradingTokens.into()),
accounts.deposit(
&depositor_key,
&pool_key,
&mut pool_account,
&token_a_key,
&mut token_a_account,
&token_b_key,
&mut token_b_account,
&pool_key,
&mut pool_account,
1,
deposit_a,
deposit_b / 10,
@ -2228,7 +2246,7 @@ mod tests {
);
}
// slippage exceeeded
// slippage exceeded
{
let (
token_a_key,
@ -2243,12 +2261,12 @@ mod tests {
Err(SwapError::ExceededSlippage.into()),
accounts.deposit(
&depositor_key,
&pool_key,
&mut pool_account,
&token_a_key,
&mut token_a_account,
&token_b_key,
&mut token_b_account,
&pool_key,
&mut pool_account,
pool_amount,
deposit_a / 10,
deposit_b,
@ -2259,12 +2277,12 @@ mod tests {
Err(SwapError::ExceededSlippage.into()),
accounts.deposit(
&depositor_key,
&pool_key,
&mut pool_account,
&token_a_key,
&mut token_a_account,
&token_b_key,
&mut token_b_account,
&pool_key,
&mut pool_account,
pool_amount,
deposit_a,
deposit_b / 10,
@ -2272,6 +2290,37 @@ mod tests {
);
}
// invalid input: can't use swap pool tokens as source
{
let (
_token_a_key,
_token_a_account,
_token_b_key,
_token_b_account,
pool_key,
mut pool_account,
) = accounts.setup_token_accounts(&user_key, &depositor_key, deposit_a, deposit_b, 0);
let swap_token_a_key = accounts.token_a_key;
let mut swap_token_a_account = accounts.get_token_account(&swap_token_a_key).clone();
let swap_token_b_key = accounts.token_b_key;
let mut swap_token_b_account = accounts.get_token_account(&swap_token_b_key).clone();
let authority_key = accounts.authority_key;
assert_eq!(
Err(SwapError::InvalidInput.into()),
accounts.deposit(
&authority_key,
&swap_token_a_key,
&mut swap_token_a_account,
&swap_token_b_key,
&mut swap_token_b_account,
&pool_key,
&mut pool_account,
pool_amount,
deposit_a,
deposit_b,
)
);
}
// correctly deposit
{
let (
@ -2827,7 +2876,7 @@ mod tests {
);
}
// slippage exceeeded
// slippage exceeded
{
let (
token_a_key,
@ -2877,6 +2926,58 @@ mod tests {
);
}
// invalid input: can't use swap pool tokens as destination
{
let (
token_a_key,
mut token_a_account,
token_b_key,
mut token_b_account,
pool_key,
mut pool_account,
) = accounts.setup_token_accounts(
&user_key,
&withdrawer_key,
initial_a,
initial_b,
initial_pool,
);
let swap_token_a_key = accounts.token_a_key;
let mut swap_token_a_account = accounts.get_token_account(&swap_token_a_key).clone();
assert_eq!(
Err(SwapError::InvalidInput.into()),
accounts.withdraw(
&withdrawer_key,
&pool_key,
&mut pool_account,
&swap_token_a_key,
&mut swap_token_a_account,
&token_b_key,
&mut token_b_account,
withdraw_amount,
minimum_a_amount,
minimum_b_amount,
)
);
let swap_token_b_key = accounts.token_b_key;
let mut swap_token_b_account = accounts.get_token_account(&swap_token_b_key).clone();
assert_eq!(
Err(SwapError::InvalidInput.into()),
accounts.withdraw(
&withdrawer_key,
&pool_key,
&mut pool_account,
&token_a_key,
&mut token_a_account,
&swap_token_b_key,
&mut swap_token_b_account,
withdraw_amount,
minimum_a_amount,
minimum_b_amount,
)
);
}
// correct withdrawal
{
let (
@ -3603,5 +3704,48 @@ mod tests {
)
);
}
// invalid input: can't use swap pool as user source / dest
{
let (
token_a_key,
mut token_a_account,
token_b_key,
mut token_b_account,
_pool_key,
_pool_account,
) = accounts.setup_token_accounts(&user_key, &swapper_key, initial_a, initial_b, 0);
let mut swap_token_a_account = accounts.get_token_account(&swap_token_a_key).clone();
let authority_key = accounts.authority_key;
assert_eq!(
Err(SwapError::InvalidInput.into()),
accounts.swap(
&authority_key,
&swap_token_a_key,
&mut swap_token_a_account,
&swap_token_a_key,
&swap_token_b_key,
&token_b_key,
&mut token_b_account,
initial_a,
minimum_b_amount,
)
);
let mut swap_token_b_account = accounts.get_token_account(&swap_token_b_key).clone();
assert_eq!(
Err(SwapError::InvalidInput.into()),
accounts.swap(
&swapper_key,
&token_a_key,
&mut token_a_account,
&swap_token_a_key,
&swap_token_b_key,
&swap_token_b_key,
&mut swap_token_b_account,
initial_a,
minimum_b_amount,
)
);
}
}
}