blockworks-foundation
/
solana
mirror of https://github.com/blockworks-foundation/solana.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Unbreak 'Listening for Deposits' section (#12338)

This commit is contained in:
Tyera Eulberg 2020-09-18 15:05:13 -06:00 committed by GitHub
parent 1211d8118c
commit 06906413ef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 69 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
docs/src/integrations/exchange.md
View File

@ -130,77 +130,6 @@ greater security. If so, you will need to move SOL to hot accounts using our
When a user wants to deposit SOL into your exchange, instruct them to send a When a user wants to deposit SOL into your exchange, instruct them to send a
transfer to the appropriate deposit address. transfer to the appropriate deposit address.
## Validating User-supplied Account Addresses for Withdrawals in SOL
As withdrawals are irreversible, it may be a good practice to validate the
account address before authorizing withdrawals into user-supplied accounts
to prevent accidental user's fund loss.
For a normal account in Solana, its address is simply a Base58-encoded
actual 256-bit public key of ed25519. Because not all bit pattern is a valid
public key for the ed25519, it's possible to make sure user-supplied
account addresses are at least something that may be a correct ed25519 public
key.
### Java
You can check Solana's normal account address validity by first decoding
Base58 string and ensuring the decoded bytes are valid ed25519 public keys
like this:
The following code sample assumes you're using the Maven.
`pom.xml`:
```xml
<repositories>
...
<repository>
<id>spring</id>
<url>https://repo.spring.io/libs-release/</url>
</repository>
</repositories>
...
<dependencies>
...
<dependency>
<groupId>io.github.novacrypto</groupId>
<artifactId>Base58</artifactId>
<version>0.1.3</version>
</dependency>
<dependency>
<groupId>cafe.cryptography</groupId>
<artifactId>curve25519-elisabeth</artifactId>
<version>0.1.0</version>
</dependency>
<dependencies>
```
```java
import io.github.novacrypto.base58.Base58;
import cafe.cryptography.curve25519.CompressedEdwardsY;
public class PubkeyValidator
{
public static boolean verifyPubkey(String userProvidedPubkey)
{
try {
return _verifyPubkeyInternal(userProvidedPubkey);
} catch (Exception e) {
return false;
}
}
public static boolean _verifyPubkeyInternal(String maybePubkey) throws Exception
{
byte[] bytes = Base58.base58Decode(maybePubkey);
return !(new CompressedEdwardsY(bytes)).decompress().isSmallOrder();
}
}
```
### Poll for Blocks ### Poll for Blocks
The easiest way to track all the deposit accounts for your exchange is to poll The easiest way to track all the deposit accounts for your exchange is to poll
@ -488,6 +417,75 @@ You can also doublecheck whether a particular blockhash is still valid by sendin
request with the blockhash as a parameter. If the response value is null, the request with the blockhash as a parameter. If the response value is null, the
blockhash is expired, and the withdrawal transaction should never succeed. blockhash is expired, and the withdrawal transaction should never succeed.
### Validating User-supplied Account Addresses for Withdrawals
As withdrawals are irreversible, it may be a good practice to validate a
user-supplied account address before authorizing a withdrawal in order to
prevent accidental loss of user funds.
The address of a normal account in Solana is a Base58-encoded string of a
256-bit ed25519 public key. Not all bit patterns are valid public keys for the
ed25519 curve, so it is possible to ensure user-supplied account addresses are
at least correct ed25519 public keys.
#### Java
Here is a Java example of validating a user-supplied address as a valid ed25519
public key:
The following code sample assumes you're using the Maven.
`pom.xml`:
```xml
<repositories>
...
<repository>
<id>spring</id>
<url>https://repo.spring.io/libs-release/</url>
</repository>
</repositories>
...
<dependencies>
...
<dependency>
<groupId>io.github.novacrypto</groupId>
<artifactId>Base58</artifactId>
<version>0.1.3</version>
</dependency>
<dependency>
<groupId>cafe.cryptography</groupId>
<artifactId>curve25519-elisabeth</artifactId>
<version>0.1.0</version>
</dependency>
<dependencies>
```
```java
import io.github.novacrypto.base58.Base58;
import cafe.cryptography.curve25519.CompressedEdwardsY;
public class PubkeyValidator
{
public static boolean verifyPubkey(String userProvidedPubkey)
{
try {
return _verifyPubkeyInternal(userProvidedPubkey);
} catch (Exception e) {
return false;
}
}
public static boolean _verifyPubkeyInternal(String maybePubkey) throws Exception
{
byte[] bytes = Base58.base58Decode(maybePubkey);
return !(new CompressedEdwardsY(bytes)).decompress().isSmallOrder();
}
}
```
## Testing the Integration ## Testing the Integration
Be sure to test your complete workflow on Solana devnet and testnet Be sure to test your complete workflow on Solana devnet and testnet