CPI Guard

Miten CpiGuardExtension otetaan käyttöön

CpiGuardExtension suojaa token-tilejä odottamattomilta siirroilta Cross Program Invocation (CPI) -kutsujen kautta. Kun tämä laajennus on käytössä, tokeneita voidaan siirtää vain suorilla kutsuilla Token Extensions Program -ohjelman siirtofunktioon, estäen kaikkia muita ohjelmia siirtämästä tokeneita CPI:n kautta.

Typescript

import { getCreateAccountInstruction } from "@solana-program/system";
import {
  AccountState,
  extension,
  getEnableCpiGuardInstruction,
  getInitializeAccountInstruction,
  getInitializeMintInstruction,
  getMintSize,
  getTokenSize,
  TOKEN_2022_PROGRAM_ADDRESS
} from "@solana-program/token-2022";
import {
  airdropFactory,
  appendTransactionMessageInstructions,
  createSolanaRpc,
  createSolanaRpcSubscriptions,
  createTransactionMessage,
  generateKeyPairSigner,
  getSignatureFromTransaction,
  lamports,
  pipe,
  sendAndConfirmTransactionFactory,
  setTransactionMessageFeePayerSigner,
  setTransactionMessageLifetimeUsingBlockhash,
  signTransactionMessageWithSigners
} from "@solana/kit";

// Create Connection, local validator in this example
const rpc = createSolanaRpc("http://localhost:8899");
const rpcSubscriptions = createSolanaRpcSubscriptions("ws://localhost:8900");

// Generate the authority for the mint (also acts as fee payer)
const authority = await generateKeyPairSigner();

// Fund authority/fee payer
await airdropFactory({ rpc, rpcSubscriptions })({
  recipientAddress: authority.address,
  lamports: lamports(5_000_000_000n), // 5 SOL
  commitment: "confirmed"
});

// Generate keypair to use as address of mint
const mint = await generateKeyPairSigner();

// Get default mint account size (in bytes),
const space = BigInt(getMintSize());

// Get minimum balance for rent exemption
const rent = await rpc.getMinimumBalanceForRentExemption(space).send();

// Get latest blockhash to include in transaction
const { value: latestBlockhash } = await rpc.getLatestBlockhash().send();

// Instruction to create new account for mint (token program)
// Invokes the system program
const createMintAccountInstruction = getCreateAccountInstruction({
  payer: authority,
  newAccount: mint,
  lamports: rent,
  space,
  programAddress: TOKEN_2022_PROGRAM_ADDRESS
});

// cpi guard extension extension
const cpiGuardExtension = extension("CpiGuard", {
  lockCpi: true
});

// Generate keypair to use as address of token account
const tokenAccount = await generateKeyPairSigner();

// get token account size with extension enabled
const tokenAccountLen = BigInt(getTokenSize([cpiGuardExtension]));

// Get minimum balance for rent exemption
const tokenAccountRent = await rpc
  .getMinimumBalanceForRentExemption(tokenAccountLen)
  .send();

// Instruction to create new account for the token account
// Invokes the system program
const createTokenAccountInstruction = getCreateAccountInstruction({
  payer: authority,
  newAccount: tokenAccount,
  lamports: tokenAccountRent,
  space: tokenAccountLen,
  programAddress: TOKEN_2022_PROGRAM_ADDRESS
});

// Instruction to initialize the created token account
const initializeTokenAccountInstruction = getInitializeAccountInstruction({
  account: tokenAccount.address,
  mint: mint.address,
  owner: authority.address
});

// Instruction to enable the cpi guard on initialized token account
let initializeCpiGuardExtension = getEnableCpiGuardInstruction({
  token: tokenAccount.address,
  owner: authority.address
});

// Instruction to initialize mint account data
// Invokes the token22 program
const initializeMintInstruction = getInitializeMintInstruction({
  mint: mint.address,
  decimals: 9,
  mintAuthority: authority.address,
  freezeAuthority: authority.address
});

const instructions = [
  createMintAccountInstruction,
  initializeMintInstruction,
  createTokenAccountInstruction,
  initializeTokenAccountInstruction,
  initializeCpiGuardExtension
];

// Create transaction message
const transactionMessage = pipe(
  createTransactionMessage({ version: 0 }),
  (tx) => setTransactionMessageFeePayerSigner(authority, tx),
  (tx) => setTransactionMessageLifetimeUsingBlockhash(latestBlockhash, tx),
  (tx) => appendTransactionMessageInstructions(instructions, tx)
);

// Sign transaction message with all required signers
const signedTransaction =
  await signTransactionMessageWithSigners(transactionMessage);

// Send and confirm transaction
await sendAndConfirmTransactionFactory({ rpc, rpcSubscriptions })(
  signedTransaction,
  { commitment: "confirmed", skipPreflight: true }
);

// Get transaction signature
const transactionSignature = getSignatureFromTransaction(signedTransaction);

console.log("Mint Address:", mint.address.toString());
console.log(
  "Token account with CPI guard enabled:",
  tokenAccount.address.toString()
);
console.log("Transaction Signature:", transactionSignature);

Console

Click to execute the code.

import { getCreateAccountInstruction } from "@solana-program/system";
import {
  AccountState,
  extension,
  getEnableCpiGuardInstruction,
  getInitializeAccountInstruction,
  getInitializeMintInstruction,
  getMintSize,
  getTokenSize,
  TOKEN_2022_PROGRAM_ADDRESS
} from "@solana-program/token-2022";
import {
  airdropFactory,
  appendTransactionMessageInstructions,
  createSolanaRpc,
  createSolanaRpcSubscriptions,
  createTransactionMessage,
  generateKeyPairSigner,
  getSignatureFromTransaction,
  lamports,
  pipe,
  sendAndConfirmTransactionFactory,
  setTransactionMessageFeePayerSigner,
  setTransactionMessageLifetimeUsingBlockhash,
  signTransactionMessageWithSigners
} from "@solana/kit";

// Create Connection, local validator in this example
const rpc = createSolanaRpc("http://localhost:8899");
const rpcSubscriptions = createSolanaRpcSubscriptions("ws://localhost:8900");

// Generate the authority for the mint (also acts as fee payer)
const authority = await generateKeyPairSigner();

// Fund authority/fee payer
await airdropFactory({ rpc, rpcSubscriptions })({
  recipientAddress: authority.address,
  lamports: lamports(5_000_000_000n), // 5 SOL
  commitment: "confirmed"
});

// Generate keypair to use as address of mint
const mint = await generateKeyPairSigner();

// Get default mint account size (in bytes),
const space = BigInt(getMintSize());

// Get minimum balance for rent exemption
const rent = await rpc.getMinimumBalanceForRentExemption(space).send();

// Get latest blockhash to include in transaction
const { value: latestBlockhash } = await rpc.getLatestBlockhash().send();

// Instruction to create new account for mint (token program)
// Invokes the system program
const createMintAccountInstruction = getCreateAccountInstruction({
  payer: authority,
  newAccount: mint,
  lamports: rent,
  space,
  programAddress: TOKEN_2022_PROGRAM_ADDRESS
});

// cpi guard extension extension
const cpiGuardExtension = extension("CpiGuard", {
  lockCpi: true
});

// Generate keypair to use as address of token account
const tokenAccount = await generateKeyPairSigner();

// get token account size with extension enabled
const tokenAccountLen = BigInt(getTokenSize([cpiGuardExtension]));

// Get minimum balance for rent exemption
const tokenAccountRent = await rpc
  .getMinimumBalanceForRentExemption(tokenAccountLen)
  .send();

// Instruction to create new account for the token account
// Invokes the system program
const createTokenAccountInstruction = getCreateAccountInstruction({
  payer: authority,
  newAccount: tokenAccount,
  lamports: tokenAccountRent,
  space: tokenAccountLen,
  programAddress: TOKEN_2022_PROGRAM_ADDRESS
});

// Instruction to initialize the created token account
const initializeTokenAccountInstruction = getInitializeAccountInstruction({
  account: tokenAccount.address,
  mint: mint.address,
  owner: authority.address
});

// Instruction to enable the cpi guard on initialized token account
let initializeCpiGuardExtension = getEnableCpiGuardInstruction({
  token: tokenAccount.address,
  owner: authority.address
});

// Instruction to initialize mint account data
// Invokes the token22 program
const initializeMintInstruction = getInitializeMintInstruction({
  mint: mint.address,
  decimals: 9,
  mintAuthority: authority.address,
  freezeAuthority: authority.address
});

const instructions = [
  createMintAccountInstruction,
  initializeMintInstruction,
  createTokenAccountInstruction,
  initializeTokenAccountInstruction,
  initializeCpiGuardExtension
];

// Create transaction message
const transactionMessage = pipe(
  createTransactionMessage({ version: 0 }),
  (tx) => setTransactionMessageFeePayerSigner(authority, tx),
  (tx) => setTransactionMessageLifetimeUsingBlockhash(latestBlockhash, tx),
  (tx) => appendTransactionMessageInstructions(instructions, tx)
);

// Sign transaction message with all required signers
const signedTransaction =
  await signTransactionMessageWithSigners(transactionMessage);

// Send and confirm transaction
await sendAndConfirmTransactionFactory({ rpc, rpcSubscriptions })(
  signedTransaction,
  { commitment: "confirmed", skipPreflight: true }
);

// Get transaction signature
const transactionSignature = getSignatureFromTransaction(signedTransaction);

console.log("Mint Address:", mint.address.toString());
console.log(
  "Token account with CPI guard enabled:",
  tokenAccount.address.toString()
);
console.log("Transaction Signature:", transactionSignature);

Console

Click to execute the code.

Rust

use anyhow::Result;
use solana_client::nonblocking::rpc_client::RpcClient;
use solana_commitment_config::CommitmentConfig;
use solana_sdk::{
    program_pack::Pack,
    signature::{Keypair, Signer},
    transaction::Transaction,
};
use solana_system_interface::instruction::create_account;
use spl_token_2022_interface::{
    extension::{
        cpi_guard::{instruction::enable_cpi_guard, CpiGuard},
        BaseStateWithExtensions, ExtensionType, StateWithExtensions,
    },
    instruction::{initialize_account, initialize_mint},
    state::{Account, Mint},
    ID as TOKEN_2022_PROGRAM_ID,
};

#[tokio::main]
async fn main() -> Result<()> {
    // Create connection to local validator
    let client = RpcClient::new_with_commitment(
        String::from("http://localhost:8899"),
        CommitmentConfig::confirmed(),
    );
    let latest_blockhash = client.get_latest_blockhash().await?;

    // Generate a new keypair for the fee payer
    let fee_payer = Keypair::new();

    // Airdrop 5 SOL to fee payer
    let airdrop_signature = client
        .request_airdrop(&fee_payer.pubkey(), 5_000_000_000)
        .await?;

    loop {
        let confirmed = client.confirm_transaction(&airdrop_signature).await?;
        if confirmed {
            break;
        }
    }

    // Generate keypair to use as address of mint
    let mint = Keypair::new();

    // Get default mint account size (in bytes), no extensions enabled
    let mint_space = Mint::LEN;
    let mint_rent = client
        .get_minimum_balance_for_rent_exemption(mint_space)
        .await?;

    // Instruction to create new account for mint (token22)
    let create_mint_account_instruction = create_account(
        &fee_payer.pubkey(),    // payer
        &mint.pubkey(),         // new account (mint)
        mint_rent,              // lamports
        mint_space as u64,      // space
        &TOKEN_2022_PROGRAM_ID, // program id
    );

    // Instruction to initialize mint account data
    let initialize_mint_instruction = initialize_mint(
        &TOKEN_2022_PROGRAM_ID,    // program id
        &mint.pubkey(),            // mint
        &fee_payer.pubkey(),       // mint authority
        Some(&fee_payer.pubkey()), // freeze authority
        9,                         // decimals
    )?;

    // Generate keypair to use as address of token account
    let token_account = Keypair::new();

    // Get default token account size (in bytes),
    //  with cpi guard extension enabled
    let token_account_space =
        ExtensionType::try_calculate_account_len::<Account>(&[ExtensionType::CpiGuard])?;

    let token_account_rent = client
        .get_minimum_balance_for_rent_exemption(token_account_space)
        .await?;

    // Instruction to create new account for token account (token22)
    let create_token_account_instruction = create_account(
        &fee_payer.pubkey(),        // payer
        &token_account.pubkey(),    // new account (token account)
        token_account_rent,         // rent
        token_account_space as u64, // space
        &TOKEN_2022_PROGRAM_ID,     // program id
    );

    // initialize token account
    let initialize_token_account = initialize_account(
        &TOKEN_2022_PROGRAM_ID,  // program_id
        &token_account.pubkey(), // token account
        &mint.pubkey(),          //  mint
        &fee_payer.pubkey(),     // authority
    )?;

    let enable_cpi_guard_instruction = enable_cpi_guard(
        &TOKEN_2022_PROGRAM_ID,
        &token_account.pubkey(),
        &fee_payer.pubkey(),
        &[&fee_payer.pubkey()],
    )?;

    // Construct transaction with previous instructions
    let transaction = Transaction::new_signed_with_payer(
        &[
            create_mint_account_instruction,
            initialize_mint_instruction,
            create_token_account_instruction,
            initialize_token_account,
            enable_cpi_guard_instruction,
        ],
        Some(&fee_payer.pubkey()),
        &[&fee_payer, &mint, &token_account],
        latest_blockhash,
    );

    // Send and confirm transaction
    client.send_and_confirm_transaction(&transaction).await?;

    println!("Token Account Address: {}", token_account.pubkey());

    // Fetch token account
    let token_account_data = client.get_account(&token_account.pubkey()).await?;
    // Deserialize the token account with extensions
    let token_account_state = StateWithExtensions::<Account>::unpack(&token_account_data.data)?;

    // Get all extension types enabled on this token account
    let token_extension_types = token_account_state.get_extension_types()?;
    println!(
        "\nToken Account extensions enabled: {:?}",
        token_extension_types
    );

    // Deserialize the CpiGuard extension data
    let cpi_guard = token_account_state.get_extension::<CpiGuard>()?;
    println!("\n{:#?}", cpi_guard);

    Ok(())
}

Console

Click to execute the code.

Rust

use anyhow::Result;
use solana_client::nonblocking::rpc_client::RpcClient;
use solana_commitment_config::CommitmentConfig;
use solana_sdk::{
    program_pack::Pack,
    signature::{Keypair, Signer},
    transaction::Transaction,
};
use solana_system_interface::instruction::create_account;
use spl_token_2022_interface::{
    extension::{
        cpi_guard::{instruction::enable_cpi_guard, CpiGuard},
        BaseStateWithExtensions, ExtensionType, StateWithExtensions,
    },
    instruction::{initialize_account, initialize_mint},
    state::{Account, Mint},
    ID as TOKEN_2022_PROGRAM_ID,
};

#[tokio::main]
async fn main() -> Result<()> {
    // Create connection to local validator
    let client = RpcClient::new_with_commitment(
        String::from("http://localhost:8899"),
        CommitmentConfig::confirmed(),
    );
    let latest_blockhash = client.get_latest_blockhash().await?;

    // Generate a new keypair for the fee payer
    let fee_payer = Keypair::new();

    // Airdrop 5 SOL to fee payer
    let airdrop_signature = client
        .request_airdrop(&fee_payer.pubkey(), 5_000_000_000)
        .await?;

    loop {
        let confirmed = client.confirm_transaction(&airdrop_signature).await?;
        if confirmed {
            break;
        }
    }

    // Generate keypair to use as address of mint
    let mint = Keypair::new();

    // Get default mint account size (in bytes), no extensions enabled
    let mint_space = Mint::LEN;
    let mint_rent = client
        .get_minimum_balance_for_rent_exemption(mint_space)
        .await?;

    // Instruction to create new account for mint (token22)
    let create_mint_account_instruction = create_account(
        &fee_payer.pubkey(),    // payer
        &mint.pubkey(),         // new account (mint)
        mint_rent,              // lamports
        mint_space as u64,      // space
        &TOKEN_2022_PROGRAM_ID, // program id
    );

    // Instruction to initialize mint account data
    let initialize_mint_instruction = initialize_mint(
        &TOKEN_2022_PROGRAM_ID,    // program id
        &mint.pubkey(),            // mint
        &fee_payer.pubkey(),       // mint authority
        Some(&fee_payer.pubkey()), // freeze authority
        9,                         // decimals
    )?;

    // Generate keypair to use as address of token account
    let token_account = Keypair::new();

    // Get default token account size (in bytes),
    //  with cpi guard extension enabled
    let token_account_space =
        ExtensionType::try_calculate_account_len::<Account>(&[ExtensionType::CpiGuard])?;

    let token_account_rent = client
        .get_minimum_balance_for_rent_exemption(token_account_space)
        .await?;

    // Instruction to create new account for token account (token22)
    let create_token_account_instruction = create_account(
        &fee_payer.pubkey(),        // payer
        &token_account.pubkey(),    // new account (token account)
        token_account_rent,         // rent
        token_account_space as u64, // space
        &TOKEN_2022_PROGRAM_ID,     // program id
    );

    // initialize token account
    let initialize_token_account = initialize_account(
        &TOKEN_2022_PROGRAM_ID,  // program_id
        &token_account.pubkey(), // token account
        &mint.pubkey(),          //  mint
        &fee_payer.pubkey(),     // authority
    )?;

    let enable_cpi_guard_instruction = enable_cpi_guard(
        &TOKEN_2022_PROGRAM_ID,
        &token_account.pubkey(),
        &fee_payer.pubkey(),
        &[&fee_payer.pubkey()],
    )?;

    // Construct transaction with previous instructions
    let transaction = Transaction::new_signed_with_payer(
        &[
            create_mint_account_instruction,
            initialize_mint_instruction,
            create_token_account_instruction,
            initialize_token_account,
            enable_cpi_guard_instruction,
        ],
        Some(&fee_payer.pubkey()),
        &[&fee_payer, &mint, &token_account],
        latest_blockhash,
    );

    // Send and confirm transaction
    client.send_and_confirm_transaction(&transaction).await?;

    println!("Token Account Address: {}", token_account.pubkey());

    // Fetch token account
    let token_account_data = client.get_account(&token_account.pubkey()).await?;
    // Deserialize the token account with extensions
    let token_account_state = StateWithExtensions::<Account>::unpack(&token_account_data.data)?;

    // Get all extension types enabled on this token account
    let token_extension_types = token_account_state.get_extension_types()?;
    println!(
        "\nToken Account extensions enabled: {:?}",
        token_extension_types
    );

    // Deserialize the CpiGuard extension data
    let cpi_guard = token_account_state.get_extension::<CpiGuard>()?;
    println!("\n{:#?}", cpi_guard);

    Ok(())
}

Console

Click to execute the code.

CPI Guard

Miten CpiGuardExtension otetaan käyttöön

Typescript

Rust

Sisällysluettelo