Add another test for hijacked account

joncinque · joncinque · commit 1d6cd5d803cf · 2022-05-02T19:40:09.000+02:00
diff --git a/stake-pool/program/src/processor.rs b/stake-pool/program/src/processor.rs
@@ -134,6 +134,17 @@ fn check_account_owner(
     }
 }
 
+/// Checks if a stake acount can be managed by the pool
+fn stake_is_usable_by_pool(
+    meta: &stake::state::Meta,
+    expected_authority: &Pubkey,
+    expected_lockup: &stake::state::Lockup,
+) -> bool {
+    meta.authorized.staker == *expected_authority
+        && meta.authorized.withdrawer == *expected_authority
+        && meta.lockup == *expected_lockup
+}
+
 /// Create a transient stake account without transferring lamports
 fn create_transient_stake_account<'a>(
     transient_stake_account_info: AccountInfo<'a>,
@@ -1541,10 +1552,11 @@ impl Processor {
             //  * not a stake -> ignore
             match transient_stake_state {
                 Some(stake::state::StakeState::Initialized(meta)) => {
-                    // if transient account was hijacked, ignore it
-                    if meta.authorized.staker == *withdraw_authority_info.key
-                        && meta.authorized.withdrawer == *withdraw_authority_info.key
-                    {
+                    if stake_is_usable_by_pool(
+                        &meta,
+                        withdraw_authority_info.key,
+                        &stake_pool.lockup,
+                    ) {
                         if no_merge {
                             transient_stake_lamports = transient_stake_info.lamports();
                         } else {
@@ -1569,10 +1581,11 @@ impl Processor {
                     }
                 }
                 Some(stake::state::StakeState::Stake(meta, stake)) => {
-                    // if transient account was hijacked, ignore it
-                    if meta.authorized.staker == *withdraw_authority_info.key
-                        && meta.authorized.withdrawer == *withdraw_authority_info.key
-                    {
+                    if stake_is_usable_by_pool(
+                        &meta,
+                        withdraw_authority_info.key,
+                        &stake_pool.lockup,
+                    ) {
                         let account_stake = meta
                             .rent_exempt_reserve
                             .saturating_add(stake.delegation.stake);
diff --git a/stake-pool/program/tests/update_validator_list_balance.rs b/stake-pool/program/tests/update_validator_list_balance.rs
@@ -7,12 +7,13 @@ use {
     solana_program::{borsh::try_from_slice_unchecked, program_pack::Pack, pubkey::Pubkey, stake},
     solana_program_test::*,
     solana_sdk::{
+        stake::state::{Authorized, Lockup, StakeState},
         signature::{Keypair, Signer},
         system_instruction,
         transaction::Transaction,
     },
     spl_stake_pool::{
-        find_transient_stake_program_address, id, instruction,
+        find_withdraw_authority_program_address, find_transient_stake_program_address, id, instruction,
         state::{StakePool, StakeStatus, ValidatorList},
         MAX_VALIDATORS_TO_UPDATE, MINIMUM_ACTIVE_STAKE, MINIMUM_RESERVE_LAMPORTS,
     },
@@ -163,7 +164,7 @@ async fn success() {
 
     // Check current balance in the list
     let rent = context.banks_client.get_rent().await.unwrap();
-    let stake_rent = rent.minimum_balance(std::mem::size_of::<stake::state::StakeState>());
+    let stake_rent = rent.minimum_balance(std::mem::size_of::<StakeState>());
     // initially, have all of the deposits plus their rent, and the reserve stake
     let initial_lamports =
         (validator_lamports + stake_rent) * num_validators as u64 + reserve_lamports;
@@ -436,7 +437,7 @@ async fn merge_into_validator_stake() {
 
     // Check validator stake accounts have the expected balance now:
     // validator stake account minimum + deposited lamports + rents + increased lamports
-    let stake_rent = rent.minimum_balance(std::mem::size_of::<stake::state::StakeState>());
+    let stake_rent = rent.minimum_balance(std::mem::size_of::<StakeState>());
     let expected_lamports = MINIMUM_ACTIVE_STAKE
         + lamports
         + reserve_lamports / stake_accounts.len() as u64
@@ -466,7 +467,7 @@ async fn merge_transient_stake_after_remove() {
         setup(1).await;
 
     let rent = context.banks_client.get_rent().await.unwrap();
-    let stake_rent = rent.minimum_balance(std::mem::size_of::<stake::state::StakeState>());
+    let stake_rent = rent.minimum_balance(std::mem::size_of::<StakeState>());
     let deactivated_lamports = lamports;
     let new_authority = Pubkey::new_unique();
     let destination_stake = Keypair::new();
@@ -677,20 +678,33 @@ async fn success_with_burned_tokens() {
 }
 
 #[tokio::test]
-async fn success_ignoring_hijacked_transient_stake() {
+async fn success_ignoring_hijacked_transient_stake_with_authorized() {
+    let hijacker = Pubkey::new_unique();
+    check_ignored_hijacked_transient_stake(Some(&Authorized::auto(&hijacker)), None).await;
+}
+
+#[tokio::test]
+async fn success_ignoring_hijacked_transient_stake_with_lockup() {
+    let hijacker = Pubkey::new_unique();
+    check_ignored_hijacked_transient_stake(None, Some(&Lockup { custodian: hijacker, ..Lockup::default() })).await;
+}
+
+async fn check_ignored_hijacked_transient_stake(hijack_authorized: Option<&Authorized>, hijack_lockup: Option<&Lockup>) {
     let num_validators = 1;
     let (mut context, stake_pool_accounts, stake_accounts, _, lamports, _, mut slot) =
         setup(num_validators).await;
 
     let rent = context.banks_client.get_rent().await.unwrap();
-    let stake_rent = rent.minimum_balance(std::mem::size_of::<stake::state::StakeState>());
+    let stake_rent = rent.minimum_balance(std::mem::size_of::<StakeState>());
 
     let pre_lamports = get_validator_list_sum(
         &mut context.banks_client,
         &stake_pool_accounts.reserve_stake.pubkey(),
         &stake_pool_accounts.validator_list.pubkey(),
     )
     .await;
+    let (withdraw_authority, _) =
+        find_withdraw_authority_program_address(&id(), &stake_pool_accounts.stake_pool.pubkey());
 
     println!("Decrease from all validators");
     let stake_account = &stake_accounts[0];
@@ -716,7 +730,6 @@ async fn success_ignoring_hijacked_transient_stake() {
     let validator_list = stake_pool_accounts
         .get_validator_list(&mut context.banks_client)
         .await;
-    let hijacker = Pubkey::new_unique();
     let transient_stake_address = find_transient_stake_program_address(
         &id(),
         &stake_account.vote.pubkey(),
@@ -744,11 +757,8 @@ async fn success_ignoring_hijacked_transient_stake() {
             ),
             stake::instruction::initialize(
                 &transient_stake_address,
-                &stake::state::Authorized {
-                    staker: hijacker,
-                    withdrawer: hijacker,
-                },
-                &stake::state::Lockup::default(),
+                &hijack_authorized.unwrap_or(&Authorized::auto(&withdraw_authority)),
+                &hijack_lockup.unwrap_or(&Lockup::default()),
             ),
             instruction::update_stake_pool_balance(
                 &id(),
