Skip to content

Commit 7dcf7cb

Browse files
ChesterSimChesterSim
authored
refactor(sdk): enforce payer to only interact with own if stake and user stats (#1709)
1 parent 82feade commit 7dcf7cb

File tree

1 file changed

+29
-13
lines changed

1 file changed

+29
-13
lines changed

sdk/src/driftClient.ts

Lines changed: 29 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1075,7 +1075,10 @@ export class DriftClient {
10751075
async getInitializeUserStatsIx(): Promise<TransactionInstruction> {
10761076
return await this.program.instruction.initializeUserStats({
10771077
accounts: {
1078-
userStats: this.getUserStatsAccountPublicKey(),
1078+
userStats: getUserStatsAccountPublicKey(
1079+
this.program.programId,
1080+
this.wallet.publicKey // only allow payer to initialize own user stats account
1081+
),
10791082
authority: this.wallet.publicKey,
10801083
payer: this.wallet.publicKey,
10811084
rent: anchor.web3.SYSVAR_RENT_PUBKEY,
@@ -8377,19 +8380,24 @@ export class DriftClient {
83778380
marketIndex
83788381
);
83798382

8383+
const accounts = {
8384+
insuranceFundStake: ifStakeAccountPublicKey,
8385+
spotMarket: this.getSpotMarketAccount(marketIndex).pubkey,
8386+
userStats: getUserStatsAccountPublicKey(
8387+
this.program.programId,
8388+
this.wallet.publicKey // only allow payer to initialize own insurance fund stake account
8389+
),
8390+
authority: this.wallet.publicKey,
8391+
payer: this.wallet.publicKey,
8392+
rent: anchor.web3.SYSVAR_RENT_PUBKEY,
8393+
systemProgram: anchor.web3.SystemProgram.programId,
8394+
state: await this.getStatePublicKey(),
8395+
};
8396+
83808397
return await this.program.instruction.initializeInsuranceFundStake(
83818398
marketIndex,
83828399
{
8383-
accounts: {
8384-
insuranceFundStake: ifStakeAccountPublicKey,
8385-
spotMarket: this.getSpotMarketAccount(marketIndex).pubkey,
8386-
userStats: this.getUserStatsAccountPublicKey(),
8387-
authority: this.wallet.publicKey,
8388-
payer: this.wallet.publicKey,
8389-
rent: anchor.web3.SYSVAR_RENT_PUBKEY,
8390-
systemProgram: anchor.web3.SystemProgram.programId,
8391-
state: await this.getStatePublicKey(),
8392-
},
8400+
accounts,
83938401
}
83948402
);
83958403
}
@@ -8417,7 +8425,10 @@ export class DriftClient {
84178425
state: await this.getStatePublicKey(),
84188426
spotMarket: spotMarket.pubkey,
84198427
insuranceFundStake: ifStakeAccountPublicKey,
8420-
userStats: this.getUserStatsAccountPublicKey(),
8428+
userStats: getUserStatsAccountPublicKey(
8429+
this.program.programId,
8430+
this.wallet.publicKey // only allow payer to add to own insurance fund stake account
8431+
),
84218432
authority: this.wallet.publicKey,
84228433
spotMarketVault: spotMarket.vault,
84238434
insuranceFundVault: spotMarket.insuranceFund.vault,
@@ -8539,7 +8550,12 @@ export class DriftClient {
85398550
let tokenAccount;
85408551

85418552
if (
8542-
!(await this.checkIfAccountExists(this.getUserStatsAccountPublicKey()))
8553+
!(await this.checkIfAccountExists(
8554+
getUserStatsAccountPublicKey(
8555+
this.program.programId,
8556+
this.wallet.publicKey // only allow payer to initialize own user stats account
8557+
)
8558+
))
85438559
) {
85448560
addIfStakeIxs.push(await this.getInitializeUserStatsIx());
85458561
}

0 commit comments

Comments
 (0)