blockworks-foundation
/
solana-with-rpc-optimizations
mirror of https://github.com/blockworks-foundation/solana-with-rpc-optimizations.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Document how to validate account pubkey (#11821)

This commit is contained in:
Ryo Onodera 2020-08-26 01:13:12 +09:00 committed by GitHub
parent 2395e57f45
commit 2c5366f259
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 71 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
docs/src/integrations/exchange.md
View File

@ -100,6 +100,77 @@ greater security. If so, you will need to move SOL to hot accounts using our
When a user wants to deposit SOL into your exchange, instruct them to send a When a user wants to deposit SOL into your exchange, instruct them to send a
transfer to the appropriate deposit address. transfer to the appropriate deposit address.
## Validating User-supplied Account Addresses for Withdrawals in SOL
As withdrawals are irreversible, it may be a good practice to validate the
account address before authorizing withdrawals into user-supplied accounts
to prevent accidental user's fund loss.
For a normal account in Solana, its address is simply a Base58-encoded
actual 256-bit public key of ed25519. Because not all bit pattern is a valid
public key for the ed25519, it's possible to make sure user-supplied
account addresses are at least something that may be a correct ed25519 public
key.
### Java
You can check Solana's normal account address validity by first decoding
Base58 string and ensuring the decoded bytes are valid ed25519 public keys
like this:
The following code sample assumes you're using the Maven.
`pom.xml`:
```xml
<repositories>
...
<repository>
<id>spring</id>
<url>https://repo.spring.io/libs-release/</url>
</repository>
</repositories>
...
<dependencies>
...
<dependency>
<groupId>io.github.novacrypto</groupId>
<artifactId>Base58</artifactId>
<version>0.1.3</version>
</dependency>
<dependency>
<groupId>cafe.cryptography</groupId>
<artifactId>curve25519-elisabeth</artifactId>
<version>0.1.0</version>
</dependency>
<dependencies>
```
```java
import io.github.novacrypto.base58.Base58;
import cafe.cryptography.curve25519.CompressedEdwardsY;
public class PubkeyValidator
{
public static boolean verifyPubkey(String userProvidedPubkey)
{
try {
return _verifyPubkeyInternal(userProvidedPubkey);
} catch (Exception e) {
return false;
}
}
public static boolean _verifyPubkeyInternal(String maybePubkey) throws Exception
{
byte[] bytes = Base58.base58Decode(maybePubkey);
return !(new CompressedEdwardsY(bytes)).decompress().isSmallOrder();
}
}
```
### Poll for Blocks ### Poll for Blocks
The easiest way to track all the deposit accounts for your exchange is to poll The easiest way to track all the deposit accounts for your exchange is to poll