solana: add recovery flow

Author: kcsongor

solana/programs/example-native-token-transfers/Cargo.toml

@@ -9,15 +9,17 @@ crate-type = ["cdylib", "lib"]
 name = "example_native_token_transfers"
 
 [features]
-default = ["mainnet"]
+default = ["owner-recovery", "mainnet"]
 no-entrypoint = []
 no-idl = []
 no-log-ix-name = []
 cpi = ["no-entrypoint"]
 idl-build = [
   "anchor-lang/idl-build",
-  "anchor-spl/idl-build"
+  "anchor-spl/idl-build",
 ]
+# whether the owner can recover transactions
+owner-recovery = []
 # cargo-test-sbf will pass this along
 test-sbf = []
 # networks

solana/programs/example-native-token-transfers/src/error.rs

@@ -51,6 +51,8 @@ pub enum NTTError {
     OverflowScaledAmount,
     #[msg("BitmapIndexOutOfBounds")]
     BitmapIndexOutOfBounds,
+    #[msg("FeatureNotEnabled")]
+    FeatureNotEnabled,
 }
 
 impl From<ScalingError> for NTTError {

solana/programs/example-native-token-transfers/src/instructions/mod.rs

@@ -1,11 +1,13 @@
 pub mod admin;
 pub mod initialize;
+pub mod recover;
 pub mod redeem;
 pub mod release_inbound;
 pub mod transfer;
 
 pub use admin::*;
 pub use initialize::*;
+pub use recover::*;
 pub use redeem::*;
 pub use release_inbound::*;
 pub use transfer::*;

solana/programs/example-native-token-transfers/src/instructions/release_inbound.rs

@@ -52,7 +52,7 @@ pub struct ReleaseInboundArgs {
 
 #[derive(Accounts)]
 pub struct ReleaseInboundMint<'info> {
-    common: ReleaseInbound<'info>,
+    pub common: ReleaseInbound<'info>,
 }
 
 /// Release an inbound transfer and mint the tokens to the recipient.
@@ -103,7 +103,7 @@ pub fn release_inbound_mint(
 
 #[derive(Accounts)]
 pub struct ReleaseInboundUnlock<'info> {
-    common: ReleaseInbound<'info>,
+    pub common: ReleaseInbound<'info>,
 
     /// CHECK: the token program checks if this indeed the right authority for the mint
     #[account(

solana/programs/example-native-token-transfers/src/lib.rs

@@ -1,3 +1,5 @@
+#![feature(type_changing_struct_update)]
+
 use anchor_lang::prelude::*;
 
 // TODO: is there a more elegant way of checking that these 3 features are mutually exclusive?
@@ -73,6 +75,16 @@ pub mod example_native_token_transfers {
         instructions::initialize(ctx, args)
     }
 
+    /// Initialize the recovery account.
+    /// The recovery flow
+    pub fn initialize_recovery_account(ctx: Context<InitializeRecoveryAccount>) -> Result<()> {
+        return instructions::initialize_recovery_account(ctx);
+    }
+
+    pub fn update_recovery_address(ctx: Context<UpdateRecoveryAddress>) -> Result<()> {
+        instructions::update_recovery_address(ctx)
+    }
+
     pub fn version(_ctx: Context<Version>) -> Result<String> {
         Ok(VERSION.to_string())
     }
@@ -106,6 +118,20 @@ pub mod example_native_token_transfers {
         instructions::release_inbound_unlock(ctx, args)
     }
 
+    pub fn recover_unlock<'info>(
+        ctx: Context<'_, '_, '_, 'info, RecoverUnlock<'info>>,
+        args: ReleaseInboundArgs,
+    ) -> Result<()> {
+        instructions::recover_unlock(ctx, args)
+    }
+
+    pub fn recover_mint<'info>(
+        ctx: Context<'_, '_, '_, 'info, RecoverMint<'info>>,
+        args: ReleaseInboundArgs,
+    ) -> Result<()> {
+        instructions::recover_mint(ctx, args)
+    }
+
     pub fn transfer_ownership(ctx: Context<TransferOwnership>) -> Result<()> {
         instructions::transfer_ownership(ctx)
     }

solana/tests/example-native-token-transfer.ts

@@ -50,6 +50,7 @@ describe("example-native-token-transfers", () => {
   });
   const user = anchor.web3.Keypair.generate();
   let tokenAccount: anchor.web3.PublicKey;
+  const recoveryTokenAccount = anchor.web3.Keypair.generate();
 
   const mint = anchor.web3.Keypair.generate();
 
@@ -113,6 +114,16 @@ describe("example-native-token-transfers", () => {
       spl.ASSOCIATED_TOKEN_PROGRAM_ID
     );
 
+    await spl.createAccount(
+      connection,
+      payer,
+      mint.publicKey,
+      payer.publicKey,
+      recoveryTokenAccount,
+      undefined,
+      spl.TOKEN_2022_PROGRAM_ID
+    );
+
     await spl.mintTo(
       connection,
       payer,
@@ -154,6 +165,14 @@ describe("example-native-token-transfers", () => {
   });
 
   describe("Locking", () => {
+    const guardians = new MockGuardians(0, [GUARDIAN_KEY]);
+
+    const emitter = new MockEmitter(
+      Buffer.from("transceiver".padStart(32, "\0")).toString("hex"),
+      toChainId("ethereum"),
+      Number(0) // sequence
+    );
+
     before(async () => {
       await spl.setAuthority(
         connection,
@@ -173,7 +192,7 @@ describe("example-native-token-transfers", () => {
         chain: "solana",
         mint: mint.publicKey,
         outboundLimit: new BN(1000000),
-        mode: "locking",
+        mode: "burning",
       });
 
       await ntt.registerTransceiver({
@@ -233,39 +252,18 @@ describe("example-native-token-transfers", () => {
         messageData.message.payload
       );
 
-      // assert theat amount is what we expect
+      // assert that amount is what we expect
       expect(
         transceiverMessage.nttManagerPayload.payload.trimmedAmount
       ).to.deep.equal({ amount: 10000n, decimals: 8 });
       // get from balance
       const balance = await connection.getTokenAccountBalance(tokenAccount);
       expect(balance.value.amount).to.equal("9900000");
 
-      // grab logs
-      // await connection.confirmTransaction(redeemTx, 'confirmed');
-      // const tx = await anchor.getProvider().connection.getParsedTransaction(redeemTx, {
-      //   commitment: "confirmed",
-      // });
-      // console.log(tx);
-
-      // const log = tx.meta.logMessages[1];
-      // const message = log.substring(log.indexOf(':') + 1);
-      // console.log(message);
-
-      // TODO: assert other stuff in the message
-      // console.log(nttManagerMessage);
       expect((await counterValue()).toString()).to.be.eq("1")
     });
 
     it("Can receive tokens", async () => {
-      const emitter = new MockEmitter(
-        Buffer.from("transceiver".padStart(32, "\0")).toString("hex"),
-        toChainId("ethereum"),
-        Number(0) // sequence
-      );
-
-      const guardians = new MockGuardians(0, [GUARDIAN_KEY]);
-
       const sendingTransceiverMessage: WormholeTransceiverMessage<
         typeof nttMessageLayout
       > = {
@@ -280,7 +278,7 @@ describe("example-native-token-transfers", () => {
           sender: new UniversalAddress("FACE".padStart(64, "0")),
           payload: {
             trimmedAmount: {
-              amount: 10000n,
+              amount: 5000n,
               decimals: 8,
             },
             sourceToken: new UniversalAddress("FAFA".padStart(64, "0")),
@@ -315,6 +313,95 @@ describe("example-native-token-transfers", () => {
 
       expect((await counterValue()).toString()).to.be.eq("2")
     });
+
+    describe("Recovery", () => {
+      it("Can initialize recovery account", async () => {
+        await ntt.initializeRecoveryAccount({
+          payer,
+          owner: payer,
+          recoveryTokenAccount: tokenAccount,
+        });
+
+        const recoveryAccount = await ntt.getRecoveryAccount();
+
+        expect(recoveryAccount?.toBase58()).to.equal(tokenAccount.toBase58());
+      });
+
+      it("Can update recovery account", async () => {
+        await ntt.updateRecoveryAddress({
+          // payer,
+          owner: payer,
+          newRecoveryAccount: recoveryTokenAccount.publicKey,
+        });
+
+        const recoveryAccount = await ntt.getRecoveryAccount();
+
+        expect(recoveryAccount?.toBase58()).to.equal(
+          recoveryTokenAccount.publicKey.toBase58()
+        );
+      });
+
+      it("Owner can recover transfers", async () => {
+        const sendingTransceiverMessage: WormholeTransceiverMessage<
+          typeof nttMessageLayout
+        > = {
+          sourceNttManager: new UniversalAddress(
+            encoding.bytes.encode("nttManager".padStart(32, "\0"))
+          ),
+          recipientNttManager: new UniversalAddress(
+            ntt.program.programId.toBytes()
+          ),
+          nttManagerPayload: {
+            id: encoding.bytes.encode("sequence2".padEnd(32, "0")),
+            sender: new UniversalAddress("FACE".padStart(64, "0")),
+            payload: {
+              trimmedAmount: {
+                amount: 5000n,
+                decimals: 8,
+              },
+              sourceToken: new UniversalAddress("FAFA".padStart(64, "0")),
+              recipientAddress: new UniversalAddress(user.publicKey.toBytes()),
+              recipientChain: "Solana",
+            },
+          },
+          transceiverPayload: { forSpecializedRelayer: false },
+        } as const;
+
+        const serialized = serializePayload(
+          "Ntt:WormholeTransfer",
+          sendingTransceiverMessage
+        );
+
+        const published = emitter.publishMessage(
+          0, // nonce
+          Buffer.from(serialized),
+          0 // consistency level
+        );
+
+        const vaaBuf = guardians.addSignatures(published, [0]);
+
+        await postVaa(connection, payer, vaaBuf, ntt.wormholeId);
+
+        const released = await ntt.redeem({
+          payer,
+          vaa: vaaBuf,
+          recover: payer,
+        });
+
+        expect(released).to.equal(true);
+
+        const account = await spl.getAccount(
+          connection,
+          recoveryTokenAccount.publicKey,
+          undefined,
+          spl.TOKEN_2022_PROGRAM_ID
+        );
+
+        expect(account.amount).to.equal(BigInt(50000));
+
+        expect((await counterValue()).toString()).to.be.eq("3")
+      });
+    });
   });
 
   // describe('Burning', () => {