Add address map program by jstarry · Pull Request #19473 · solana-labs/solana

jstarry · 2021-08-27T17:50:37Z

Problem

Users and protocols need a way to store addresses on-chain for transaction v2 address lookups.

Summary of Changes

Added address map program

Number of entries is capped at u8::MAX since transaction v2 account indices are typed as u8
Activation is instant but deactivation of on-chain map accounts has a cool down period to ensure that address maps can't be re-initialized at the same address.
Support closing address map accounts but use derived addresses based on the current epoch to prevent address maps from being re-initialized at the same address.

Fixes #

codecov · 2021-09-06T20:38:50Z

Codecov Report

Merging #19473 (8f4312d) into master (8c5401e) will increase coverage by 12.1%.
The diff coverage is 28.5%.

❗ Current head 8f4312d differs from pull request most recent head d1f6225. Consider uploading reports for the commit d1f6225 to get more accurate results

@@             Coverage Diff             @@
##           master   #19473       +/-   ##
===========================================
+ Coverage    70.2%    82.3%    +12.1%     
===========================================
  Files          35      475      +440     
  Lines        2066   132434   +130368     
  Branches      295        0      -295     
===========================================
+ Hits         1451   109119   +107668     
- Misses        515    23315    +22800     
+ Partials      100        0      -100

jackcmay · 2021-09-09T00:07:46Z

Should these be exposed via the sdk?

jstarry · 2021-09-09T01:38:54Z

Should these be exposed via the sdk?

Yeah, definitely. I think I can use cargo features to have the sdk directly depend on the address map program crate without bringing in the program runtime.

joncinque

Looks really good! Most of my questions are nits and ideas about the interface, but I did look at the implementation as well, which looks safe

joncinque · 2021-09-15T15:13:07Z

+}
+
+/// Derive an address map address from a wallet address and the current epoch.
+pub fn derive_address_map_address(payer_address: &Pubkey, current_epoch: Epoch) -> (Pubkey, u8) {


I'm worried that this will make discoverability of address maps difficult. One of the great features of the associated token account is that you can immediately find someone's token account with just their wallet and the mint. Here, you may have to iterate through a bunch of epochs in order to find their address map, or you'll just use find_program_address and do it the "easy" way.

What if, instead of an epoch, this is another Pubkey? That way, you can setup a different address map for each program that you interact with. Since you've cleverly put this on a PDA dependent on the signer, there's no way for one of these to get hijacked after CloseAccount.

I agree that it's not ideal and I did consider this point when reimplementing the program here: #21616. However, I think indexing or creating a known registry of on-chain lookup tables is going to have to be the way forward here. I think it's more likely that bots and protocols will manage their own lookup table accounts and users will never have to manage them.

joncinque · 2021-09-15T15:13:44Z

+/// Returns an instruction that updates the authority of an address map account.
+/// If the new authority is `None`, the address map account will be immutable.
+/// Inactive address maps cannot be made immutable.
+pub fn set_authority(


Similar to an associated token account, should we discourage people from reassigning authority? Immutability makes sense, since you may want to setup an address map for your program as a one-time procedure, and have it hard-coded into the program.

What are the use-cases for reassigning authority? I'm thinking that a user may create an address map for a program, then give the authority over to one of the program addresses which performs the setup and adjusts it as needed after updates.

joncinque · 2021-09-15T15:19:24Z

+        &AddressMapInstruction::InitializeAccount {
+            bump_seed,
+            num_entries,
+            authority: authority_address,


take it or leave it: Since we've had potential hijackings in the past, we may want to have a signature from the authority as well. This way, bad integrations that just look for any account map for an authority can't get duped.

For example, if it's a defi application, the attacker sets up trap address map accounts for a bunch of addresses, using their own token accounts as the receivers, and just hopes that a bad integration uses the trap address map.

Great call, I modified the create instruction here (#21616) to use the authority in the PDA and enforce that it's a signer. It's also no longer possible to set the authority address to another address.

stale · 2021-10-02T01:52:11Z

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

jstarry · 2021-12-05T04:29:00Z

Addressed all relevant comments and closing this implementation in favor of a more dev-friendly version here: #21616

jstarry force-pushed the address-map-program branch 7 times, most recently from 09db86c to bf31023 Compare September 1, 2021 00:47

jstarry marked this pull request as ready for review September 1, 2021 00:48

jstarry force-pushed the address-map-program branch 2 times, most recently from 0c51bea to addc847 Compare September 1, 2021 07:00

jstarry requested review from jackcmay, sakridge and t-nelson September 1, 2021 14:10

jstarry force-pushed the address-map-program branch from addc847 to 8f4312d Compare September 6, 2021 18:54

jstarry requested a review from joncinque September 8, 2021 21:06

jstarry mentioned this pull request Sep 10, 2021

Fix native invoke writable privileges #19750

Merged

joncinque reviewed Sep 15, 2021

View reviewed changes

stale Bot added the stale [bot only] Added to stale content; results in auto-close after a week. label Oct 2, 2021

Add address map program

d1f6225

jstarry force-pushed the address-map-program branch from 8f4312d to d1f6225 Compare November 26, 2021 03:37

stale Bot removed the stale [bot only] Added to stale content; results in auto-close after a week. label Nov 26, 2021

jstarry closed this Dec 5, 2021

jstarry deleted the address-map-program branch January 5, 2022 03:09

Conversation

jstarry commented Aug 27, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Problem

Summary of Changes

Uh oh!

codecov Bot commented Sep 6, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

jackcmay commented Sep 9, 2021

Uh oh!

jstarry commented Sep 9, 2021

Uh oh!

joncinque left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

joncinque Sep 15, 2021

Choose a reason for hiding this comment

Uh oh!

jstarry Dec 5, 2021

Choose a reason for hiding this comment

Uh oh!

joncinque Sep 15, 2021

Choose a reason for hiding this comment

Uh oh!

joncinque Sep 15, 2021

Choose a reason for hiding this comment

Uh oh!

jstarry Dec 5, 2021

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

stale Bot commented Oct 2, 2021

Uh oh!

jstarry commented Dec 5, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

jstarry commented Aug 27, 2021 •

edited

Loading

codecov Bot commented Sep 6, 2021 •

edited

Loading