Init permissions (#275)

* Checkpoint

* Compiles

* Start pyth simulator

* Working implementation of test bench with upgrade_authority

* Test works

* Renames

* Cleanup

* Cleanup imports

* Comments

* Fix typo

* Fix some feedbakc

* Add permission check

* Fixing feedback

* More feeback

* Stop storing bump

* Fix 1 lamport attack

* Extend tests

* Cleanup pyth simulator

* Check accpnt with previous balance

* Merge

* Delete accidental file

* Make some fields private

* Payer as argument

* Rename check authority

Author: guibescos

program/c/src/oracle/oracle.h

@@ -51,6 +51,7 @@ const uint64_t EXTRA_PUBLISHER_SPACE = 1000ULL;
 #define PC_ACCTYPE_PRODUCT    2
 #define PC_ACCTYPE_PRICE      3
 #define PC_ACCTYPE_TEST       4
+#define PC_ACCTYPE_PERMISSIONS       5
 
 // binary version of sysvar_clock account id
 const uint64_t sysvar_clock[] = {

program/rust/Cargo.toml

@@ -14,6 +14,7 @@ bytemuck = "1.11.0"
 thiserror = "1.0"
 num-derive = "0.3"
 num-traits = "0.2"
+bincode = "1.3.3"
 
 [dev-dependencies]
 solana-program-test = "=1.10.29"

program/rust/src/c_oracle_header.rs

@@ -13,6 +13,8 @@ use std::mem::size_of;
 //things defined in bindings.h
 include!("../bindings.rs");
 
+pub const PERMISSIONS_SEED: &str = "permissions";
+
 
 /// If ci > price / PC_MAX_CI_DIVISOR, set publisher status to unknown.
 /// (e.g., 20 means ci must be < 5% of price)
@@ -58,6 +60,35 @@ impl PythAccount for PriceAccount {
     const INITIAL_SIZE: u32 = PC_PRICE_T_COMP_OFFSET as u32;
 }
 
+impl PythAccount for PermissionAccount {
+    const ACCOUNT_TYPE: u32 = PC_ACCTYPE_PERMISSIONS;
+    const INITIAL_SIZE: u32 = size_of::<PermissionAccount>() as u32;
+}
+
+/// This account stores the pubkeys that can execute administrative instructions in the Pyth
+/// program. Only the upgrade authority of the program can update these permissions.
+#[repr(C)]
+#[derive(Copy, Clone, Pod, Zeroable)]
+pub struct PermissionAccount {
+    /// pyth account header
+    pub header:                  AccountHeader,
+    /// An authority that can do any administrative task
+    pub master_authority:        Pubkey,
+    /// An authority that can  :
+    /// - Add mapping accounts
+    /// - Add price accounts
+    /// - Add product accounts
+    /// - Delete price accounts
+    /// - Delete product accounts
+    /// - Update product accounts
+    pub data_curation_authority: Pubkey,
+    /// An authority that can  :
+    /// - Add publishers
+    /// - Delete publishers
+    /// - Set minimum number of publishers
+    pub security_authority:      Pubkey,
+}
+
 #[repr(C)]
 #[derive(Copy, Clone, Pod, Zeroable)]
 pub struct PriceAccount {

program/rust/src/deserialize.rs

@@ -5,6 +5,8 @@ use bytemuck::{
     try_from_bytes_mut,
     Pod,
 };
+use solana_program::pubkey::Pubkey;
+use solana_program::rent::Rent;
 
 use crate::c_oracle_header::{
     AccountHeader,
@@ -13,9 +15,12 @@ use crate::c_oracle_header::{
 };
 use crate::error::OracleError;
 use crate::utils::{
+    allocate_data,
+    assign_owner,
     check_valid_fresh_account,
     clear_account,
     pyth_assert,
+    send_lamports,
 };
 use solana_program::account_info::AccountInfo;
 use solana_program::program_error::ProgramError;
@@ -112,3 +117,29 @@ pub fn initialize_pyth_account_checked<'a, T: PythAccount>(
 
     load_account_as_mut::<T>(account)
 }
+
+// Creates pda if needed and initializes it as one of the Pyth accounts
+pub fn create_pda_if_needed<'a, T: PythAccount>(
+    account: &AccountInfo<'a>,
+    funding_account: &AccountInfo<'a>,
+    system_program: &AccountInfo<'a>,
+    program_id: &Pubkey,
+    seeds: &[&[u8]],
+    version: u32,
+) -> Result<(), ProgramError> {
+    let target_rent = Rent::default().minimum_balance(T::MINIMUM_SIZE);
+    if account.lamports() < target_rent {
+        send_lamports(
+            funding_account,
+            account,
+            system_program,
+            target_rent - account.lamports(),
+        )?;
+    }
+    if account.data_len() == 0 {
+        allocate_data(account, system_program, T::MINIMUM_SIZE, seeds)?;
+        assign_owner(account, program_id, system_program, seeds)?;
+        initialize_pyth_account_checked::<T>(account, version)?;
+    }
+    Ok(())
+}

program/rust/src/error.rs

@@ -34,6 +34,12 @@ pub enum OracleError {
     InstructionDataSliceMisaligned = 611,
     #[error("AccountTooSmall")]
     AccountTooSmall                = 612,
+    #[error("DeserializationError")]
+    DeserializationError           = 613,
+    #[error("FailedAuthenticatingUpgradeAuthority")]
+    InvalidUpgradeAuthority        = 614,
+    #[error("FailedPdaVerification")]
+    InvalidPda                     = 615,
 }
 
 impl From<OracleError> for ProgramError {

program/rust/src/instruction.rs

@@ -89,6 +89,13 @@ pub enum OracleCommand {
     // key[1] mapping account       [signer writable]
     // key[2] product account       [signer writable]
     DelProduct            = 16,
+    // Update authorities
+    // key[0] upgrade authority         [signer writable]
+    // key[1] program account           []
+    // key[2] programdata account       []
+    // key[3] permissions account       [writable]
+    // key[4] system program            []
+    UpdPermissions        = 17,
 }
 
 #[repr(C)]
@@ -143,3 +150,12 @@ pub struct UpdPriceArgs {
     pub confidence:      u64,
     pub publishing_slot: u64,
 }
+
+#[repr(C)]
+#[derive(Zeroable, Pod, Copy, Clone)]
+pub struct UpdPermissionsArgs {
+    pub header:                  CommandHeader,
+    pub master_authority:        Pubkey,
+    pub data_curation_authority: Pubkey,
+    pub security_authority:      Pubkey,
+}

program/rust/src/processor.rs

@@ -19,6 +19,7 @@ use crate::rust_oracle::{
     init_price,
     resize_price_account,
     set_min_pub,
+    upd_permissions,
     upd_price,
     upd_price_no_fail_on_error,
     upd_product,
@@ -52,5 +53,6 @@ pub fn process_instruction(
         }
         OracleCommand::DelPrice => del_price(program_id, accounts, instruction_data),
         OracleCommand::DelProduct => del_product(program_id, accounts, instruction_data),
+        OracleCommand::UpdPermissions => upd_permissions(program_id, accounts, instruction_data),
     }
 }

program/rust/src/rust_oracle.rs

@@ -5,6 +5,7 @@ use std::mem::{
 
 use crate::c_oracle_header::{
     MappingAccount,
+    PermissionAccount,
     PriceAccount,
     PriceComponent,
     PriceEma,
@@ -18,8 +19,11 @@ use crate::c_oracle_header::{
     PC_PTYPE_UNKNOWN,
     PC_STATUS_UNKNOWN,
     PC_VERSION,
+    PERMISSIONS_SEED,
 };
+
 use crate::deserialize::{
+    create_pda_if_needed,
     initialize_pyth_account_checked,
     load,
     load_checked,
@@ -31,33 +35,34 @@ use crate::instruction::{
     DelPublisherArgs,
     InitPriceArgs,
     SetMinPubArgs,
+    UpdPermissionsArgs,
     UpdPriceArgs,
 };
 use crate::time_machine_types::PriceAccountWrapper;
 use crate::utils::{
     check_exponent_range,
+    check_is_upgrade_authority_for_program,
     check_valid_funding_account,
     check_valid_signable_account,
     check_valid_writable_account,
     is_component_update,
     pyth_assert,
     read_pc_str_t,
+    send_lamports,
     try_convert,
 };
 use crate::OracleError;
 use bytemuck::bytes_of_mut;
 use solana_program::account_info::AccountInfo;
 use solana_program::clock::Clock;
 use solana_program::entrypoint::ProgramResult;
-use solana_program::program::invoke;
 use solana_program::program_error::ProgramError;
 use solana_program::program_memory::{
     sol_memcpy,
     sol_memset,
 };
 use solana_program::pubkey::Pubkey;
 use solana_program::rent::Rent;
-use solana_program::system_instruction::transfer;
 use solana_program::system_program::check_id;
 use solana_program::sysvar::Sysvar;
 
@@ -74,20 +79,6 @@ extern "C" {
     pub fn c_upd_aggregate(_input: *mut u8, clock_slot: u64, clock_timestamp: i64) -> bool;
 }
 
-fn send_lamports<'a>(
-    from: &AccountInfo<'a>,
-    to: &AccountInfo<'a>,
-    system_program: &AccountInfo<'a>,
-    amount: u64,
-) -> Result<(), ProgramError> {
-    let transfer_instruction = transfer(from.key, to.key, amount);
-    invoke(
-        &transfer_instruction,
-        &[from.clone(), to.clone(), system_program.clone()],
-    )?;
-    Ok(())
-}
-
 /// resizes a price account so that it fits the Time Machine
 /// key[0] funding account       [signer writable]
 /// key[1] price account         [Signer writable]
@@ -746,3 +737,63 @@ pub fn del_product(
 
     Ok(())
 }
+
+
+/// Updates permissions for the pyth oracle program
+/// This function can create and update the permissions accounts, which stores
+/// several public keys that can execute administrative instructions in the pyth program
+pub fn upd_permissions(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    instruction_data: &[u8],
+) -> ProgramResult {
+    let [funding_account, program_account, programdata_account, permissions_account, system_program] =
+        match accounts {
+            [v, w, x, y, z] => Ok([v, w, x, y, z]),
+            _ => Err(ProgramError::InvalidArgument),
+        }?;
+
+    let cmd_args = load::<UpdPermissionsArgs>(instruction_data)?;
+
+    check_valid_funding_account(funding_account)?;
+    check_is_upgrade_authority_for_program(
+        funding_account,
+        program_account,
+        programdata_account,
+        program_id,
+    )?;
+
+    let (permission_pda_address, bump_seed) =
+        Pubkey::find_program_address(&[PERMISSIONS_SEED.as_bytes()], program_id);
+    pyth_assert(
+        permission_pda_address == *permissions_account.key,
+        OracleError::InvalidPda.into(),
+    )?;
+
+    pyth_assert(
+        check_id(system_program.key),
+        OracleError::InvalidSystemAccount.into(),
+    )?;
+
+
+    // Create permissions account if it doesn't exist
+    create_pda_if_needed::<PermissionAccount>(
+        permissions_account,
+        funding_account,
+        system_program,
+        program_id,
+        &[PERMISSIONS_SEED.as_bytes(), &[bump_seed]],
+        cmd_args.header.version,
+    )?;
+
+    check_valid_writable_account(program_id, permissions_account)?;
+
+    let mut permissions_account_data =
+        load_checked::<PermissionAccount>(permissions_account, cmd_args.header.version)?;
+    permissions_account_data.master_authority = cmd_args.master_authority;
+
+    permissions_account_data.data_curation_authority = cmd_args.data_curation_authority;
+    permissions_account_data.security_authority = cmd_args.security_authority;
+
+    Ok(())
+}

program/rust/src/tests/mod.rs

@@ -12,6 +12,7 @@ mod test_resize_account;
 mod test_set_min_pub;
 mod test_sizes;
 mod test_upd_aggregate;
+mod test_upd_permissions;
 mod test_upd_price;
 mod test_upd_price_no_fail_on_error;
 mod test_upd_product;