If the stake pool gives over the validator stake account to the staker,
they may keep it and make it impossible to re-add that validator in the
future.
Split the whole amount into a new stake account on removal.
* fix
* add check if new manager fee is spl token program
* Convert manager fee info check to fail only inside `Result` box
* update also checks validity of manager fee info
* clippy
* rename staking instructions
* modify DepositStake te to include manager fees and referrer, continue _stake refactor, referral fees WIP
* initialize with fees, fee application, checks
* inline functions
* temporarily substitute u8 for bool until borsh gets it's * straight
* set deposit fee
* apply deposit and referral fee to liquid deposit_sol too
* add set-deposit-fee, unify cli interface
* set-referral-fee
* full feature set for liquid deposits (?)
* add tests/set_referral_fee.rs
* fix missing serialization in process_set_referral_fee
* remove duplicated test case in tests/set_withdrawal_fee.rs
* tests WIP, numbers dont add up after non-zero deposit fee
* fix error, fix tests
* deposit_sol tests. Requires additional changes to work properly
* simplify deposit_sol tests, add referral fee tests for deposit and deposit_sol
* add `sol_deposit_authority`.
* split deposit_sol() & deposit_sol_with_authority(), cli sol_deposit --from, minor cleanup
* cli deposit-sol from argument should take keypair instead
* commands: set-sol-deposit-authority, show
* cli: pretty print stake pool struct
* chore: comments/naming
* fmt, clippy
* add args for `create-pool`
* mistake in the cli
* `system_prog` is `read_only`, require sig from `stake_deposit_auth`
* change deposit-sol-authority arg to optional acount, rename instruction::withdraw->withdraw_stake, remove unnecesary sys_prog arg for withdraw_stake
* resolve simple nits and suggestions
* cli: change default referrer to user's token receiver account instead of pool manager
* cli: remove show command, add fees to list command, rename pool -> epoch
* update tests for removed unnecessary referral fee account owner check and deposit sol
* cli changes: create ephemeral account for deposit_sol
* specify pool token type for account info name
* add check for manager fee acc in deposit_sol
* Apply suggestions from code review
Co-authored-by: Jon Cinque <jon.cinque@gmail.com>
* fix non-rebased bug
* SetDepositStakeAuthority
* refactor + tests + cli
* fmt
* clippy
* remove unnecessary comment
* ASK keyword
* unset deposit auth
* combine set fee instructions
* clippy
* applying suggestions
* apply out-of-date check only for FeeTypes that need it
* add fee + user = new tokens check
* Fix test
* Unify `SetDepositAuthority` instruction
* fmt
Co-authored-by: dhy1996 <dhy1996@live.com.sg>
Co-authored-by: Jesse Y. Cho <f8122dac91@gmail.com>
Co-authored-by: Jon Cinque <jon.cinque@gmail.com>
* stake-pool: Add ability to withdraw from transient stakes
It's possible for a very malicious pool staker to constantly increase /
decrease the stake on validators, making it impossible for people to get
their SOL out.
Update the accounting to know how much of the stake is active and how
much is transient and allow users to withdraw from transient accounts,
but only if there's no more active stake.
* Remove mut ickiness
The stake pool expects pool tokens to be delegated to the withdraw
authority before performing a withdrawal. If a user delegates too many
tokens to the withdraw authority, anyone else can take the rest of their
tokens by doing their own withdrawal.
Delegate pool tokens to an ephemeral keypair and sign with that.
* stake-pool: Add depositor key on init, required on deposit
Some stake pools need to be private, and not allow outside depositors.
Enhance the existing deposit authority in the stake pool be configurable
on initialization, and then require its signature on deposit.
The existing deposit authority is a program address, making deposits
permissionless. This allows a pool creator to set their own deposit_authority on
initialization. In a great turn of events, almost everything else works
the same way!
Here's the current workflow for deposit, where the user calls
stake_program::authorize and stake_pool::deposit in the same
transaction:
* stake_program::authorize assigns staker and withdraw authority to the
stake pool deposit authority
* stake_pool::deposit
- uses the deposit authority to assign authority on the deposited
stake account to the stake pool withdraw authority
- uses the withdraw authority to merge the deposited stake into the validator stake
The deposit authority must "sign" the transaction in order to reassign
authority to the withdraw authority. Currently, as a program address, it
can just do that. With this change, if the deposit authority is set
during initialization, then that deposit authority must sign the
instruction.
There's also a little update for ease-of-use to always do the
stake_program::authorize in the same transaction as stake_pool::deposit.
This way, in case someone tries to deposit into a forbidden stake pool, the
whole transaction will bail and their stake will stay as theirs.
* Address review feedback
* Fix rebase issues
* Add check for transient stake account activation on removal
* Add proper merging logic during update
* Format + clippy
* Add max possible validators
* Disallow removal for any transient stake state
* Reduce number of accounts for BPF instruction usage
* stake-pool: Separate manager from owner
* Add manager pubkey to stake pool
* Differentiate manager functions from owner functions
* Include a `set_manager` function to be used by the owner
* Change the term `owner` to `authority` in the CLI for clarity
* Rename manager -> staker and owner -> manager
* Split staker, manager, and token owner in CLI
* "Do not disturb the boss"
* lending: Update JS tests to solana-test-validator
* Add solana tools install
* Fix oopsie on the path
* Move where deployed programs go
* stake-pool: Add borsh support and size on creation
We can't specify the size in the instruction unfortunately, since we'd
only have 10kb max for the validator list. At roughly 50 bytes per
validator, that only gives us 200 validators.
On the flip side, using Borsh means we can allow the validator stake list
to be any size!
* Add AccountType enum
* Remove V1 everywhere
* Add max validators as parameter and get_instance_packed_len
* Add test for adding too many validators
* Clippy
* Various postponed fixes and changes to the stake pool program
* Fixed PR comments
* Fixed no-signature validator stake account add test
Co-authored-by: Yuriy Savchenko <yuriy.savchenko@gmail.com>
* Added validator stake account list storage, deprecated old tests
* Added join and leave stake pool instructions, error messages refactoring
* Stake pool tests refactoring, tests for join and leave pool added
* Added validator stake account creation instruction, join/leave pool instructions renamed, version field added
* Formatting fixes
* Added update list/pool instructions (no tests yet), updated deposit instruction logic, claim instruction removed, refactoring
* Updated deposit logic and tests, updated withdraw logic and added tests, refactoring
* Stake pool CLI updated to work with new deposit/withdraw instructions, claim usage removed
* Added validator stake account management and balance update commands to the stake pool CLI, updated dependency versions, updated devnet program address
* Merge conflicts fixed
* Removed deprecated tests
* Fixes for review comments
* Additional program id checks across the code
* Formatting errors fixed
* Changed minimum stake balance in CLI, removed deprecated tests, removed check for stake history id
* Added TODO for stake account warmup status check
* Cargo.lock conflict fix
* Formatting fixed
* Update Cargo lock file for CI
* Pin themis version of subtle
Co-authored-by: Yuriy Savchenko <yuriy.savchenko@gmail.com>
Tyera Eulberg
Jon Cinque
jon-chuang
Michael Vines
Atticlab LLC
Yuriy Savchenko