Use Token Extensions in onchain programs
Summary
- The
Token Extensions Programis a superset of theToken Programwith a different program id token_programis an Anchor account constraint allowing you to verify an account belongs to a specific token program- Anchor introduced the concept of Interfaces to easily allow for programs to
support interaction with both
Token ProgramandToken Extensions Program
Overview
The Token Extensions Program is a program on Solana mainnet that provides
additional functionality to Solana tokens and mints. The
Token Extensions Program is a superset of the Token Program. Essentially it
is a byte for byte recreation with additional functionality tagged on at the
end. However they are sill separate programs. With two types of Token Programs,
we must anticipate being sent the program type in instructions.
In this lesson, you'll learn how to design your program to accept
Token Program and Token Extensions Program accounts using Anchor. You will
also learn how to interact with Token Extensions Program accounts, identifying
which token program an account belongs to, and some differences between
Token Program and the Token Extensions Program onchain.
Difference between legacy Token Program and Token Extensions Program
We must clarify that the Token Extensions Program is separate from the
original Token Program. The Token Extensions Program is a superset of the
original Token Program, meaning all the instructions and functionality in the
original Token Program come with the Token Extensions Program.
Previously, one primary program (the Token Program) was in charge of creating
accounts. As more and more use cases came to Solana, there was a need for new
token functionality. Historically, only way to add new token functionality was
to create a new type of token. A new token required its own program, and any
wallet or client that wanted to use this new token had to add specific logic to
support it. Fortunately the headache of supporting different types of tokens,
made this option not very popular. However, new functionality was still very
much needed, and the Token Extensions Program was built to address this.
As mentioned before, the Token Extensions Program is a strict superset of the
original token program and comes with all the previous functionality. The
Token Extensions Program development team chose this approach to ensure
minimal disruption to users, wallets, and dApps while adding new functionality.
The Token Extensions Program supports the same instruction set as the Token
program and is the same byte-for-byte throughout the very last instruction,
allowing existing programs to support Token Extensions out of the box. However
this does not mean that Token Extensions Program tokens and Token Program
tokens are interoperable - they are not. We'll have to handle each separately.
How to determine which program owns a particular token
With Anchor managing the two different token programs is pretty straight
forward. Now when we work with tokens within our programs we'll check the
token_program constraint.
The two token programs ID are as follows:
use spl_token::ID; // Token Program
use anchor_spl::token_2022::ID; // Token Extensions Program
To check for the regular Token Program you'd use the following:
use spl_token::ID;
// verify given token/mint accounts belong to the spl-token program
#[account(
mint::token_program = ID,
)]
pub token_a_mint: Box>,
#[account(
token::token_program = ID,
)]
pub token_a_account: Box>,
You can do the same thing for the Token Extensions Program, just with a
different ID.
use anchor_spl::token_2022::ID;
// verify given token/mint accounts belong to the Token Extension program
#[account(
mint::token_program = ID,
)]
pub token_a_mint: Box>,
#[account(
token::token_program = ID,
)]
pub token_a_account: Box>,
If a client passed in the wrong token program account, the instruction would
fail. However, this raises a problem, what if we want to support both
Token Program and Token Extensions Program? If we hardcode the check for the
program ID, we'd need twice as many instructions. Fortunately, you can verify
that the token accounts passed into your program belong to a particular token
program. You would do this similarly to the previous examples. Instead of
passing in the static ID of the token program, you check the given
token_program.
// verify the given token and mint accounts match the given token_program
#[account(
mint::token_program = token_program,
)]
pub token_a_mint: Box>,
#[account(
token::token_program = token_program,
)]
pub token_a_account: Box>,
pub token_program: Interface<'info, token_interface::TokenInterface>,
You can do the same thing with an associated token account by supplying a specific token program.
#[account(
associated_token::token_program = token_program
)]
pub associated_token: Box>,
pub token_program: Interface<'info, token_interface::TokenInterface>,
If you'd like to check which token program a token account and mint belongs to
in your program logic, you can refer to the owner field on the AccountInfo
struct. The following code will log the owning program's ID. You could use this
field in a conditional to execute different logic for spl-token and
Token Extensions Program accounts.
msg!("Token Program Owner: {}", ctx.accounts.token_account.to_account_info().owner);
Anchor Interfaces
Interfaces are Anchor's newest feature that simplifies working with
Token Extensions in a program. There are two relevant interface wrapper types
from the anchor_lang crate:
And three corresponding Account Types from the anchor_spl crate:
In the previous section, we defined the token_program in our example as:
pub token_program: Interface<'info, token_interface::TokenInterface>,
This code makes use of Interface and token_interface::TokenInterface.
Interface is a wrapper over the original Program type, allowing multiple
possible program IDs. It's a type validating that the account is one of a set of
given programs. The Interface type checks the following:
- If the given account is executable
- If the given account is one of a set of expected accounts from the given interface type
You must use the Interface wrapper with a specific interface type. The
anchor_lang and anchor_spl crates provide the following Interface type of
out the box:
TokenInterface provides an interface type that expects the pubkey of the
account passed in to match either spl_token::ID or spl_token_2022::ID. These
program IDs are hard coded on the TokenInterface type in Anchor.
static IDS: [Pubkey; 2] = [spl_token::ID, spl_token_2022::ID];
#[derive(Clone)]
pub struct TokenInterface;
impl anchor_lang::Ids for TokenInterface {
fn ids() -> &'static [Pubkey] {
&IDS
}
}
Anchor checks that the ID of the account passed in matches one of the two IDs
above. If the given account does not match either of these two, Anchor will
throw an InvalidProgramId error and prevent the transaction from executing.
impl<T: Ids> CheckId for T {
fn check_id(id: &Pubkey) -> Result<()> {
if !Self::ids().contains(id) {
Err(error::Error::from(error::ErrorCode::InvalidProgramId).with_account_name(*id))
} else {
Ok(())
}
}
}
.
.
.
impl<'a, T: CheckId> TryFrom<&'a AccountInfo<'a>> for Interface<'a, T> {
type Error = Error;
/// Deserializes the given `info` into a `Program`.
fn try_from(info: &'a AccountInfo<'a>) -> Result<Self> {
T::check_id(info.key)?;
if !info.executable {
return Err(ErrorCode::InvalidProgramExecutable.into());
}
Ok(Self::new(info))
}
}
The InterfaceAccount type is similar to the Interface type in that it is
also a wrapper, this time around AccountInfo. InterfaceAccount is used on
accounts; it verifies program ownership and deserializes the underlying data
into a Rust type. This lesson will focus on using the InterfaceAccount on
token and mint accounts. We can use the InterfaceAccount wrapper with the
Mint or TokenAccount types from the anchor_spl::token_interface crate we
mentioned. Here is an example:
use {
anchor_lang::prelude::*,
anchor_spl::{token_interface},
};
#[derive(Accounts)]
pub struct Example<'info>{
// Token account
#[account(
token::token_program = token_program
)]
pub token_account: InterfaceAccount<'info, token_interface::TokenAccount>,
// Mint account
#[account(
mut,
mint::token_program = token_program
)]
pub mint_account: InterfaceAccount<'info, token_interface::Mint>,
pub token_program: Interface<'info, token_interface::TokenInterface>,
}
If you're familiar with Anchor, then you may notice the TokenAccount and
Mint account types are not new. Although what is new is how they work with the
InterfaceAccount wrapper. The InterfaceAccount wrapper allows for either
Token Program or Token Extensions Program accounts to be passed in and
deserialized, just like the Interface and the TokenInterface types. These
wrappers and account types work together to provide a smooth and
straight-forward experience for developers, giving you the flexibility to
interact with both Token Program and the Token Extensions Program in your
program.
However, you cannot use any of these types from the token_interface module
with the regular Anchor Program and Account wrappers. These new types are
used with either the Interface or InterfaceAccount wrappers. For example,
the following would not be valid, and any transactions sent to an instruction
using this account deserialization would return an error.
// This is invalid, using as an example.
// Cannot wrap Account over a token_interface::* type.
pub token_account: Account<'info, token_interface::TokenAccount>
Lab
Now let's get some hands-on experience with the Token Extensions Program
onchain by implementing a generalized token staking program that will accept
both Token Program and Token Extensions Program accounts. As far as staking
programs go, this will be a simple implementation with the following design:
- We'll create a stake pool account to hold all the staked tokens. There will only be one staking pool for a given token. The program will own the account.
- Every stake pool will have a state account that will hold information regarding the amount of tokens staked in the pool, etc.
- Users can stake as many tokens as they like, transferring them from their token account to the stake pool.
- Each user will have a state account created for each pool they stake in. This state account will keep track of how many tokens they have staked in this pool, when they last staked, etc.
- Users will be minted staking reward tokens upon unstaking. There is no separate claim process required.
- We'll determine a user's staking rewards using a simple algorithm.
- The program will accept both
Token ProgramandToken Extensions Programaccounts.
The program will have four instructions: init_pool, init_stake_entry,
stake, unstake.
This lab will utilize a lot of Anchor and Solana APIs that have been covered previously in this course. We will not spend time explaining some of the concepts we expect you to know. With that said, let's get started.
1. Verify Solana/Anchor/Rust Versions
We will be interacting with the Token Extension program in this lab and that
requires you have solana cli version ≥ 1.18.0.
To check your version run:
solana --version
If the version printed out after running solana --version is less than
1.18.0 then you can update the
cli version manually. Note, at the
time of writing this, you cannot simply run the solana-install update command.
This command will not update the CLI to the correct version for us, so we have
to explicitly download version 1.18.0. You can do so with the following
command:
solana-install init 1.18.0
If you run into the following error at any point attempting to build the program, that likely means you do not have the correct version of the Solana CLI installed.
anchor build
error: package `solana-program v1.18.0` cannot be built because it requires rustc 1.72.0 or newer, while the currently active rustc version is 1.68.0-dev
Either upgrade to rustc 1.72.0 or newer, or use
cargo update -p [email protected] --precise ver
where `ver` is the latest version of `solana-program` supporting rustc 1.68.0-dev
You will also want the latest version of the Anchor CLI installed. You can follow along the steps listed here to update via avm https://www.anchor-lang.com/docs/avm or simply run:
avm install latest
avm use latest
At the time of writing, the latest version of the Anchor CLI is 0.29.0
Now, we can check our Rust version.
rustc --version
At the time of writing, version 1.26.0 was used for the Rust compiler. If you
would like to update, you can do so via rustup
https://doc.rust-lang.org/book/ch01-01-installation.html
rustup update
Now, we should have all the correct versions installed.
2. Get starter code and add dependencies
Let's grab the starter branch.
git clone https://github.com/Unboxed-Software/token22-staking
cd token22-staking
git checkout starter
3. Update Program ID and Anchor Keypair
Once in the starter branch, run anchor keys list to get your program ID.
Copy and paste this program ID in the Anchor.toml file:
// in Anchor.toml
[programs.localnet]
token_22_staking = "<YOUR-PROGRAM-ID-HERE>"
And in the programs/token-22-staking/src/lib.rs file:
declare_id!("<YOUR-PROGRAM-ID-HERE>");
Lastly set your developer keypair path in Anchor.toml.
[provider]
cluster = "Localnet"
wallet = "/YOUR/PATH/HERE/id.json"
If you don't know what your current keypair path is you can always run the Solana cli to find out.
solana config get
4. Confirm the program builds
Let's build the starter code to confirm we have everything configured correctly. If it does not build, please revisit the steps above.
anchor build
You can safely ignore the warnings of the build script, these will go away as we add in the necessary code.
Feel free to run the provided tests to make sure the rest of the development
environment is set up correctly. You'll have to install the node dependencies
using npm or yarn. The tests should run, but they'll all fail until we have
completed our program.
yarn install
anchor test
5. Explore program design
Now that we have confirmed the program builds, let's take a look at the layout
of the program. You'll notice inside /programs/token22-staking/src there are a
few different files:
lib.rserror.rsstate.rsutils.rs
The errors.rs and utils.rs files are already filled out for you. errors.rs
is where we have defined our custom errors for our program. To do this, you just
have to create a public enum and define each error.
utils.rs is a file that only contains one function called
check_token_program. This is just a file where you can write helper functions
if you have the need. This function was written ahead of time and will be used
in our program to simply log the specific token program that was passed in the
instruction. We will be using both Token Extensions Program and spl-token in
this program, so this function will help clarify that distinction.
lib.rs is the entrypoint to our program, as is the common practice in all
Solana programs. Here we define our program ID using the declare_id Anchor
macro and the public token_22_staking module. This module is where we define
our publicly callable instructions, these can be thought of as our program's
API.
We have four separate instructions defined here:
init_poolinit_stake_entrystakeunstake
Each of these instructions makes a call to a handler method that is defined
elsewhere. We do this to modularize the program, which helps keep the program
organized. This is generally a good idea when working with larger programs.
Each of these specific handler methods are defined in their own file in the
instructions directory. You'll notice there is a file corresponding to each
instruction, as well as an additional mod.rs file. Each of these instruction
files is where we will write the logic for each individual instruction. The
mod.rs file is what makes these handler methods callable from the lib.rs
file.
6. Implement state.rs
Open up the /src/state.rs file. Here, we will define some state data
structures and a few constants that we will need throughout our program. Let's
start by bringing in the packages we'll need here.
use {
anchor_lang::prelude::*,
solana_program::{pubkey::Pubkey},
};
Next, we we will need a handful of seeds defined that will be referenced throughout the program. These seeds will be used to derive different PDAs our program will expect to receive.
pub const STAKE_POOL_STATE_SEED: &str = "state";
pub const VAULT_SEED: &str = "vault";
pub const VAULT_AUTH_SEED: &str = "vault_authority";
pub const STAKE_ENTRY_SEED: &str = "stake_entry";
Now, we'll define two data structs that will define the data of two different
accounts our program will use to hold state. The PoolState and StakeEntry
accounts.
The PoolState account is meant to hold information about a specific staking
pool.
#[account]
pub struct PoolState {
pub bump: u8,
pub amount: u64,
pub token_mint: Pubkey,
pub staking_token_mint: Pubkey,
pub staking_token_mint_bump: u8,
pub vault_bump: u8,
pub vault_auth_bump: u8,
pub vault_authority: Pubkey,
}
The StakeEntry account will hold information about a specific user's stake in
that pool.
#[account]
pub struct StakeEntry {
pub user: Pubkey,
pub user_stake_token_account: Pubkey,
pub bump: u8,
pub balance: u64,
pub last_staked: i64,
}
7. init_pool Instruction
Now that we understand our program's architecture, let's get started with the
first instruction init_pool.
Open init_pool.rs and you should see the following:
use {
anchor_lang::prelude::*,
crate::{state::*, utils::*},
anchor_spl::{token_interface},
std::mem::size_of
};
pub fn handler(ctx: Context<InitializePool>) -> Result <()> {
check_token_program(ctx.accounts.token_program.key());
Ok(())
}
#[derive(Accounts)]
pub struct InitializePool<'info> {
pub token_program: Interface<'info, token_interface::TokenInterface>,
}
The handler method is defined and so is the InitializePool accounts struct.
The accounts struct simply expects to receive a token_program account and
that's it. The handler method calls the check_token_program method that is
defined in the utils.rs file. As it stands, this instruction does not really
do a whole lot.
To get started implementing the logic of this instruction, let's first think about the accounts that will be required. We will need the following to initialize a staking pool:
pool_authority- PDA that is the authority over all staking pools. This will be a PDA derived with a specific seed.pool_state- State account created in this instruction at a PDA. This account will hold state regarding this specific staking pool like the amount of tokens staked, how many users have staked, etc.token_mint- The mint of tokens expected to be staked in this staking pool. There will be a unique staking pool for each token.token_vault- Token account of the same mint astoken_mintat a PDA. This is a token account with thepool_authorityPDA as the authority. This gives the program control over the token account. All tokens staked in this pool will be held in this token account.staking_token_mint- The reward token mint for staking in this pool.payer- Account responsible for paying for the creation of the staking pool.token_program- The token program associated with the given token and mint accounts. Should work for either the Token Extension or the Token program.system_program- System program.rent- Rent program.
Let's implement this accounts struct starting with the pool_authority account
and its constraints.
The pool_authority account is a PDA derived with the VAULT_AUTH_SEED that we
defined in the state.rs file. This account does not hold any state, so we do
not need to deserialize it into any specific account structure. For this reason,
we use the UncheckedAccount Anchor account type.
#[derive(Accounts)]
pub struct InitializePool<'info> {
/// CHECK: PDA, auth over all token vaults
#[account(
seeds = [VAULT_AUTH_SEED.as_bytes()],
bump
)]
pub pool_authority: UncheckedAccount<'info>,
pub token_program: Interface<'info, token_interface::TokenInterface>,
}
Note that the UncheckedAccount is considered unsafe by Anchor because Anchor
does not do any additional verification under the hood. However, this is okay
here because we do verify that the account is the expected PDA and we do not
read or write from the account. However, the /// CHECK: comment is required
above an account utilizing the UncheckedAccount or AccountInfo structs.
Without that annotation, your program will throw the following error while
building:
Struct field "pool_authority" is unsafe, but is not documented.
Please add a `/// CHECK:` doc comment explaining why no checks through types are necessary.
See https://www.anchor-lang.com/docs/the-accounts-struct#safety-checks for more information.
Next, we'll define the pool_state account.
This account utilizes the init constraint, which indicates to Anchor that we
need to create the account. The account is expected to be a PDA derived with the
token_mint account key and STAKE_POOL_STATE_SEED as keys. payer is
required to pay the rent required to create this account. We allocate enough
space for the account to store the PoolState data struct that we defined in
the state.rs file. Lastly, we use the Account wrapper to deserialize the
given account into the PoolState struct.
// pool state account
#[account(
init,
seeds = [token_mint.key().as_ref(), STAKE_POOL_STATE_SEED.as_bytes()],
bump,
payer = payer,
space = 8 + size_of::<PoolState>()
)]
pub pool_state: Account<'info, PoolState>,
Moving on to the token_mint account.
We make use of two account constraints on this token_mint account.
mint::token_program = <token_program> verifies that the given account is a
mint created from the given <token_program>. Before the Token Extensions
Program, this was not really a concern as there was only one token program. Now,
there are two! The reason we verify the token_mint account belongs to the
given token_program is because token accounts and mints of one program are not
compatible with token accounts and mints from the other program. So, for every
instruction in our program, we will be verifying that all the given token
accounts and mints belong to the same token_program.
The second constraint mint::authority = payer verifies that the authority over
the mint passed in is the payer account, which will also be required to be a
signer. This may seem counterintuitive, but we do this because at the moment we
are inherently restricting the program to one staking pool per token due to the
PDA seeds we use for the pool_state account. We also allow the creator of the
pool to define what the reward token mint is for staking in that pool. Because
the program currently limits one pool per token, we wouldn't want to allow just
anybody to create a staking pool for a token. This gives the creator of the pool
control over what the reward is for staking here. Imagine if we did not require
the mint::authority, this would allow anyone to create the staking pool for
Token X and define what the reward is for everyone that stakes Token X with
this staking program. If they decide to define the reward token as the meme coin
FooBar, then everyone would be stuck with that staking pool in this program.
For this reason, we will only allow the token_mint authority to create a
staking pool for said token_mint. This program design would probably not be a
good choice for the real world, it does not scale very well. But, it serves as a
great example to help get the points across in this lesson while keeping things
relatively simple. This can also serve as a good exercise in program design. How
would you design this program to make it more scalable for mainnet?
Lastly, we utilize the InterfaceAccount struct to deserialize the given
account into token_interface::Mint. The InterfaceAccount type is a wrapper
around AccountInfo that verifies program ownership and deserializes underlying
data into a given Rust type. Used with the token_interface::Mint struct,
Anchor knows to deserialize this into a Mint account. The
token_interface::Mint struct provides support for both Token Program and
Token Extensions Program mints out of the box! This interface concept was
created specifically for this use case. You can read more about the
InterfaceAccount in the
anchor_lang docs.
// Mint of token
#[account(
mint::token_program = token_program,
mint::authority = payer
)]
pub token_mint: InterfaceAccount<'info, token_interface::Mint>,
Looking at the pool_token_vault where the tokens staked in this pool will be
held.
We initialize the token account with the init constraint, create the token
account with mint = token_mint, authority = pool_authority, and
token_program. This token account is created at a PDA using the token_mint,
pool_authority, and VAULT_SEED as seeds. pool_authority is assigned as
authority over this token account so that the program has control over it.
// pool token account for Token Mint
#[account(
init,
token::mint = token_mint,
token::authority = pool_authority,
token::token_program = token_program,
// use token_mint, pool auth, and constant as seeds for token a vault
seeds = [token_mint.key().as_ref(), pool_authority.key().as_ref(), VAULT_SEED.as_bytes()],
bump,
payer = payer,
)]
pub token_vault: InterfaceAccount<'info, token_interface::TokenAccount>,
Moving on to staking_token_mint
We just verify the mint belongs to the given token_program. Again, we are
using InterfaceAccount and token_interface::Mint here.
// Mint of staking token
#[account(
mut,
mint::token_program = token_program
)]
pub staking_token_mint: InterfaceAccount<'info, token_interface::Mint>,
Lastly, we have a few familiar accounts.
// payer, will pay for creation of pool vault
#[account(mut)]
pub payer: Signer<'info>,
pub token_program: Interface<'info, token_interface::TokenInterface>,
pub system_program: Program<'info, System>,
pub rent: Sysvar<'info, Rent>
Take a look at the token_program. This account uses the Interface and
token_interface::TokenInterface structs similar to the TokenInterface and
mint/token structs we used earlier. This follows the same idea as those, the
Interface and token_interface::TokenInterface structs allow for either token
program to be passed in here. This is why we must verify that all of the token
and mint accounts passed in belong to the given token_program.
Our accounts struct should look like this now:
#[derive(Accounts)]
pub struct InitializePool<'info> {
/// CHECK: PDA, auth over all token vaults
#[account(
seeds = [VAULT_AUTH_SEED.as_bytes()],
bump
)]
pub pool_authority: UncheckedAccount<'info>,
// pool state account
#[account(
init,
seeds = [token_mint.key().as_ref(), STAKE_POOL_STATE_SEED.as_bytes()],
bump,
payer = payer,
space = 8 + size_of::<PoolState>()
)]
pub pool_state: Account<'info, PoolState>,
// Mint of token
#[account(
mint::token_program = token_program,
mint::authority = payer
)]
pub token_mint: InterfaceAccount<'info, token_interface::Mint>,
// pool token account for Token Mint
#[account(
init,
token::mint = token_mint,
token::authority = pool_authority,
token::token_program = token_program,
// use token_mint, pool auth, and constant as seeds for token a vault
seeds = [token_mint.key().as_ref(), pool_authority.key().as_ref(), VAULT_SEED.as_bytes()],
bump,
payer = payer,
)]
pub token_vault: InterfaceAccount<'info, token_interface::TokenAccount>,
// Mint of staking token
#[account(
mut,
mint::token_program = token_program
)]
pub staking_token_mint: InterfaceAccount<'info, token_interface::Mint>,
// payer, will pay for creation of pool vault
#[account(mut)]
pub payer: Signer<'info>,
pub token_program: Interface<'info, token_interface::TokenInterface>,
pub system_program: Program<'info, System>,
pub rent: Sysvar<'info, Rent>
}
Setting up the account struct is the bulk of the logic for this instruction. All
we have to do inside the handler function, is to initialize all of the
pool_state fields.
The handler function should be:
pub fn handler(ctx: Context<InitializePool>) -> Result <()> {
check_token_program(ctx.accounts.token_program.key());
// initialize pool state
let pool_state = &mut ctx.accounts.pool_state;
pool_state.bump = ctx.bumps.pool_state;
pool_state.amount = 0;
pool_state.vault_bump = ctx.bumps.token_vault;
pool_state.vault_auth_bump = ctx.bumps.pool_authority;
pool_state.token_mint = ctx.accounts.token_mint.key();
pool_state.staking_token_mint = ctx.accounts.staking_token_mint.key();
pool_state.vault_authority = ctx.accounts.pool_authority.key();
msg!("Staking pool created!");
Ok(())
}
After that, save your work and build to make sure there are no issues with your program at this point.
anchor build
8. init_stake_entry Instruction
Now we can move on to the init_stake_entry.rs file. This instruction creates a
staking account for a user to keep track of some state while they stake their
tokens. The StakeEntry account is required to exist before a user can stake
tokens. The StakeEntry account struct was defined in the state.rs file
earlier.
Let's get started with the accounts required for this instruction. We will need the following:
user- The user that is creating thestake_entryaccount. This account must sign the transaction and will need to pay for the rent required to create thestake_entryaccount.user_stake_entry- State account that will be created at a PDA derived from the user, mint the staking pool was created for, and theSTAKE_ENTRY_SEEDas seeds.user_stake_token_account- User's associated token account for the staking reward token.staking_token_mint- Mint of the staking reward token of this pool.pool_state-PoolStateaccount for this staking pool.token_program- Token Program.associated_token_program- Associated token program.system_program- System Program.
Let's start by adding in the user account to the InitializeStakeEntry
account struct.
It's necessary to verify that the user account has the authority to sign, indicating ownership, and is also changeable, as they are the payer of the transaction (which will mutate their balance).
#[derive(Accounts)]
pub struct InitializeStakeEntry<'info> {
#[account(mut)]
pub user: Signer<'info>,
pub token_program: Interface<'info, token_interface::TokenInterface>,
}
The user_stake_entry account requires a few more constraints. We need to
initialize the account, derive the address using the expected seeds, define who
is paying for the creation of the account, and allocate enough space for the
StakeEntry data struct. We deserialize the given account into the StakeEntry
account.
#[account(
init,
seeds = [user.key().as_ref(), pool_state.token_mint.key().as_ref(), STAKE_ENTRY_SEED.as_bytes()],
bump,
payer = user,
space = 8 + size_of::<StakeEntry>()
)]
pub user_stake_entry: Account<'info, StakeEntry>,
The user_stake_token_account is, again, the account where the user's staking
rewards will eventually be sent. We create the account in this instruction so we
don't have to worry about it later on when it's time to dole out the staking
rewards. Because we initialize this account in this instruction, it puts a limit
on the number of pools a user can stake in with the same reward token. This
current design would prevent a user from creating another user_stake_entry
account for another pool with the same staking_token_mint. This is another
design choice that probably would not scale in production. Think about how else
this could be designed.
We use some similar Anchor SPL constraints as in the previous instruction, this
time targeting the associated token program. With the init constraint, these
tell Anchor what mint, authority, and token program to use while initializing
this associated token account.
#[account(
init,
associated_token::mint = staking_token_mint,
associated_token::authority = user,
associated_token::token_program = token_program,
payer = user,
)]
pub user_stake_token_account: InterfaceAccount<'info, token_interface::TokenAccount>,
InterfaceAccount and
token_interface::TokenAccount types here. The token_interface::TokenAccount
type can only be used in conjunction with InterfaceAccount.
Next, we add the staking_token_mint account. Notice we are using our first
custom error here. This constraint verifies that the pubkey on the
staking_token_mint account is equal to the pubkey stored in the
staking_token_mint field of the given PoolState account. This field was
initialized in the handler method of the inti_pool instruction in the
previous step.
#[account(
constraint = staking_token_mint.key() == pool_state.staking_token_mint
@ StakeError::InvalidStakingTokenMint,
mint::token_program = token_program
)]
pub staking_token_mint: InterfaceAccount<'info, token_interface::Mint>,
The pool_state account is pretty much the same here as in the init_pool
instruction. However, in the init_pool instruction we saved the bump used to
derive this account so we don't actually have to re-calculate it every time we
want to verify the PDA. We can conveniently call bump = pool_state.bump and
this will use the bump stored in this account.
#[account(
seeds = [pool_state.token_mint.key().as_ref(), STAKE_POOL_STATE_SEED.as_bytes()],
bump = pool_state.bump
)]
pub pool_state: Account<'info, PoolState>,
The remaining accounts are ones that we are familiar with already and there are not any special constraints on them.
pub token_program: Interface<'info, token_interface::TokenInterface>,
pub associated_token_program: Program<'info, AssociatedToken>,
pub system_program: Program<'info, System>
The final InitializeStakeEntry account struct should be:
#[derive(Accounts)]
pub struct InitializeStakeEntry<'info> {
#[account(mut)]
pub user: Signer<'info>,
#[account(
init,
seeds = [user.key().as_ref(), pool_state.token_mint.key().as_ref(), STAKE_ENTRY_SEED.as_bytes()],
bump,
payer = user,
space = 8 + size_of::<StakeEntry>()
)]
pub user_stake_entry: Account<'info, StakeEntry>,
#[account(
init,
associated_token::mint = staking_token_mint,
associated_token::authority = user,
associated_token::token_program = token_program,
payer = user,
)]
pub user_stake_token_account: InterfaceAccount<'info, token_interface::TokenAccount>,
#[account(
constraint = staking_token_mint.key() == pool_state.staking_token_mint
@ StakeError::InvalidStakingTokenMint,
mint::token_program = token_program
)]
pub staking_token_mint: InterfaceAccount<'info, token_interface::Mint>,
#[account(
seeds = [pool_state.token_mint.key().as_ref(), STAKE_POOL_STATE_SEED.as_bytes()],
bump = pool_state.bump
)]
pub pool_state: Account<'info, PoolState>,
pub token_program: Interface<'info, token_interface::TokenInterface>,
pub associated_token_program: Program<'info, AssociatedToken>,
pub system_program: Program<'info, System>
}
The handler method is also very straight-forward in this instruction. All we
need to is initialize the state of the newly created user_stake_entry account.
pub fn handler(ctx: Context<InitializeStakeEntry>) -> Result<()> {
check_token_program(ctx.accounts.token_program.key());
// initialize user stake entry state
let user_entry = &mut ctx.accounts.user_stake_entry;
user_entry.user = ctx.accounts.user.key();
user_entry.user_stake_token_account = ctx.accounts.user_stake_token_account.key();
user_entry.bump = ctx.bumps.user_stake_entry;
user_entry.balance = 0;
Ok(())
}
Save your work and build to verify there are no compilation errors.
anchor build
9. stake Instruction
The stake instruction is what is called when users actually want to stake
their tokens. This instruction should transfer the amount of tokens the user
wants to stake from their token account to the pool vault account that is owned
by the program. There's a lot of validation in this instruction to prevent any
potentially malicious transactions from succeeding.
The accounts required are:
pool_state- State account of the staking pool.token_mint- Mint of the token being staked. This is required for the transfer.pool_authority- PDA given authority over all staking pools.token_vault- Token vault account where the tokens staked in this pool are held.user- User attempting to stake tokens.user_token_account- User owned token account where the tokens they would like to stake will be transferred from.user_stake_entry- UserStakeEntryaccount created in the previous instructiontoken_programsystem_program
Again, let's build the Stake account struct first.
First taking a look at the pool_state account. This is the same account we
have used in previous instructions, derived with the same seeds and bump.
#[derive(Accounts)]
pub struct Stake<'info> {
// pool state account
#[account(
mut,
seeds = [token_mint.key().as_ref(), STAKE_POOL_STATE_SEED.as_bytes()],
bump = pool_state.bump,
)]
pub pool_state: Account<'info, PoolState>,
pub token_program: Interface<'info, token_interface::TokenInterface>,
}
Next, is the token_mint which is required for the transfer CPI in this
instruction. This is the mint of the token that is being staked. We verify that
the given mint is of the given token_program to make sure we are not mixing
any spl-token and Token Extensions Program accounts.
// Mint of token to stake
#[account(
mut,
mint::token_program = token_program
)]
pub token_mint: InterfaceAccount<'info, token_interface::Mint>,
The pool_authority account is again the PDA that is the authority over all of
the staking pools.
/// CHECK: PDA, auth over all token vaults
#[account(
seeds = [VAULT_AUTH_SEED.as_bytes()],
bump
)]
pub pool_authority: UncheckedAccount<'info>,
Now we have the token_vault which is where the tokens will be held while they
are staked. This account MUST be verified since this is where the tokens are
transferred to. Here, we verify the given account is the expected PDA derived
from the token_mint, pool_authority, and VAULT_SEED seeds. We also verify
the token account belongs to the given token_program. We use
InterfaceAccount and token_interface::TokenAccount here again to support
either spl-token or Token Extensions Program accounts.
// pool token account for Token Mint
#[account(
mut,
// use token_mint, pool auth, and constant as seeds for token a vault
seeds = [token_mint.key().as_ref(), pool_authority.key().as_ref(), VAULT_SEED.as_bytes()],
bump = pool_state.vault_bump,
token::token_program = token_program
)]
pub token_vault: InterfaceAccount<'info, token_interface::TokenAccount>,
The user account is marked as mutable and must sign the transaction. They are
the ones initiating the transfer and they are the owner of the tokens being
transferred, so their signature is a requirement for the transfer to take place.
#[account(
mut,
constraint = user.key() == user_stake_entry.user
@ StakeError::InvalidUser
)]
pub user: Signer<'info>,
user_stake_entry account. If it is not, our program will
throw the InvalidUser custom error.
The user_token_account is the token account where the tokens being transferred
to be staked should be currently held. The mint of this token account must match
the mint of the staking pool. If it does not, a custom InvalidMint error will
be thrown. We also verify the given token account matches the given
token_program.
#[account(
mut,
constraint = user_token_account.mint == pool_state.token_mint
@ StakeError::InvalidMint,
token::token_program = token_program
)]
pub user_token_account: InterfaceAccount<'info, token_interface::TokenAccount>,
The last three accounts are ones we are familiar with by now.
#[account(
mut,
seeds = [user.key().as_ref(), pool_state.token_mint.key().as_ref(), STAKE_ENTRY_SEED.as_bytes()],
bump = user_stake_entry.bump,
)]
pub user_stake_entry: Account<'info, StakeEntry>,
pub token_program: Interface<'info, token_interface::TokenInterface>,
pub system_program: Program<'info, System>
The full Stake accounts struct should look like:
#[derive(Accounts)]
pub struct Stake<'info> {
// pool state account
#[account(
mut,
seeds = [token_mint.key().as_ref(), STAKE_POOL_STATE_SEED.as_bytes()],
bump = pool_state.bump,
)]
pub pool_state: Account<'info, PoolState>,
// Mint of token to stake
#[account(
mut,
mint::token_program = token_program
)]
pub token_mint: InterfaceAccount<'info, token_interface::Mint>,
/// CHECK: PDA, auth over all token vaults
#[account(
seeds = [VAULT_AUTH_SEED.as_bytes()],
bump
)]
pub pool_authority: UncheckedAccount<'info>,
// pool token account for Token Mint
#[account(
mut,
// use token_mint, pool auth, and constant as seeds for token a vault
seeds = [token_mint.key().as_ref(), pool_authority.key().as_ref(), VAULT_SEED.as_bytes()],
bump = pool_state.vault_bump,
token::token_program = token_program
)]
pub token_vault: InterfaceAccount<'info, token_interface::TokenAccount>,
#[account(
mut,
constraint = user.key() == user_stake_entry.user
@ StakeError::InvalidUser
)]
pub user: Signer<'info>,
#[account(
mut,
constraint = user_token_account.mint == pool_state.token_mint
@ StakeError::InvalidMint,
token::token_program = token_program
)]
pub user_token_account: InterfaceAccount<'info, token_interface::TokenAccount>,
#[account(
mut,
seeds = [user.key().as_ref(), pool_state.token_mint.key().as_ref(), STAKE_ENTRY_SEED.as_bytes()],
bump = user_stake_entry.bump,
)]
pub user_stake_entry: Account<'info, StakeEntry>,
pub token_program: Interface<'info, token_interface::TokenInterface>,
pub system_program: Program<'info, System>
}
That is it for the accounts struct. Save your work and verify your program still compiles.
anchor build
Next, we are going to implement a helper function to assist with the transfer
CPI that we will have to make. We'll add the skeleton for the implementation of
a transfer_checked_ctx method on our Stake data struct. Below the Stake
accounts struct we just built, add the following:
impl<'info> Stake <'info> {
// transfer_checked for Token2022
pub fn transfer_checked_ctx(&self) -> CpiContext<'_, '_, '_, 'info, TransferChecked<'info>> {
}
}
This method takes &self as an argument, which gives us access to members of
the Stake struct inside of the method by calling self. This method is
expected to return a CpiContext,
which is an Anchor primitive.
A CpiContext is defined as:
pub struct CpiContext<'a, 'b, 'c, 'info, T>
where
T: ToAccountMetas + ToAccountInfos<'info>,
{
pub accounts: T,
pub remaining_accounts: Vec<AccountInfo<'info>>,
pub program: AccountInfo<'info>,
pub signer_seeds: &'a [&'b [&'c [u8]]],
}
Where T is the accounts struct for the instruction you are invoking.
This is very similar to the Context object that traditional Anchor
instructions expect as input (i.e. ctx: Context<Stake>). This is the same
concept here, except we are defining one for a Cross-Program Invocation instead!
In our case, we will be invoking the transfer_checked instruction in either
token programs, hence the transfer_checked_ctx method name and the
TransferChecked type in the returned CpiContext. The regular transfer
instruction has been deprecated in the Token Extensions Program and it is
suggested you use transfer_checked going forward.
Now that we know what the goal of this method is, we can implement it! First, we
will need to define the program we will be invoking. This should be the
token_program that was passed into our accounts struct.
impl<'info> Stake <'info> {
// transfer_checked for spl-token or Token2022
pub fn transfer_checked_ctx(&self) -> CpiContext<'_, '_, '_, 'info, TransferChecked<'info>> {
let cpi_program = self.token_program.to_account_info();
}
}
Notice how we are simply able to reference the accounts in the Stake data
struct by calling self.
Then, we need to define the accounts we'll be passing in the CPI. We can do this
via the TransferChecked data type, which we are importing from the
anchor_spl::token_2022 crate
at the top of our file. This data type is defined as:
pub struct TransferChecked<'info> {
pub from: AccountInfo<'info>,
pub mint: AccountInfo<'info>,
pub to: AccountInfo<'info>,
pub authority: AccountInfo<'info>,
}
This data type expects four different AccountInfo objects, all of which should
have been passed into our program. Just like with the cpi_program, we can
build this TransferChecked data struct by referencing self which gives us
access to all of the accounts defined in the Stake data structure. Note, this
is only possible because transfer_checked_ctx is being implemented on the
Stake data type with this line impl<'info> Stake <'info>. Without it, there
is no self to reference.
impl<'info> Stake <'info> {
// transfer_checked for spl-token or Token2022
pub fn transfer_checked_ctx(&self) -> CpiContext<'_, '_, '_, 'info, TransferChecked<'info>> {
let cpi_program = self.token_program.to_account_info();
let cpi_accounts = TransferChecked {
from: self.user_token_account.to_account_info(),
to: self.token_vault.to_account_info(),
authority: self.user.to_account_info(),
mint: self.token_mint.to_account_info()
};
}
}
So we have our cpi_program and cpi_accounts defined, but this method is
supposed to return a CpiContext object. To do that, we simply need to pass
these two into the CpiContext constructor CpiContext::new.
impl<'info> Stake <'info> {
// transfer_checked for Token2022
pub fn transfer_checked_ctx(&self) -> CpiContext<'_, '_, '_, 'info, TransferChecked<'info>> {
let cpi_program = self.token_program.to_account_info();
let cpi_accounts = TransferChecked {
from: self.user_token_account.to_account_info(),
to: self.token_vault.to_account_info(),
authority: self.user.to_account_info(),
mint: self.token_mint.to_account_info()
};
CpiContext::new(cpi_program, cpi_accounts)
}
}
With this defined, we can call transfer_checked_ctx at any point in our
handler method and it will return a CpiContext object that we can use to
execute a CPI.
Moving on to the handler function, we'll need to do a couple of things here.
First, we need to use our transfer_checked_ctx method to create the correct
CpiContext and make the CPI. Then, we have some critical updates to make to
our two state accounts. As a reminder, we have two state accounts PoolState
and StakeEntry. The former holds information regarding current state of the
overall staking pool, while the latter is in charge of keeping an accurate
recording of the a specific user's stake in a pool. With that in mind, any time
there is an update to the staking pool we should be updating both the
PoolState and a given user's StakeEntry accounts in some way.
For starters, let's implement the actual CPI. Since we defined the program and
accounts required for the CPI ahead of time in the transfer_checked_ctx()
method, the actual CPI is very straight-forward. We'll make use of another
helper function from the anchor_spl::token_2022 crate, specifically the
transfer_checked function. This is
defined as the following:
pub fn transfer_checked<'info>(
ctx: CpiContext<'_, '_, '_, 'info, TransferChecked<'info>>,
amount: u64,
decimals: u8
) -> Result<()>
It takes three input parameters:
CpiContext- amount
- decimals
The CpiContext is exactly what is returned in our transfer_checked_ctx()
method, so for this first argument we can simply call the method with
ctx.accounts.transfer_checked_ctx().
The amount is simply the amount of tokens to transfer, which our handler
method expects as an input parameter.
Lastly, the decimals argument is the amount of decimals on the token mint of
what is being transferred. This is a requirement of the transfer checked
instruction. Since the token_mint account is passed in, you can actually fetch
the decimals on the token mint in this instruction. Then, we just pass that in
as the third argument.
All in all, it should look something like this:
pub fn handler(ctx: Context<Stake>, stake_amount: u64) -> Result <()> {
check_token_program(ctx.accounts.token_program.key());
msg!("Pool initial total: {}", ctx.accounts.pool_state.amount);
msg!("User entry initial balance: {}", ctx.accounts.user_stake_entry.balance);
let decimals = ctx.accounts.token_mint.decimals;
// transfer_checked for either spl-token or the Token Extension program
transfer_checked(ctx.accounts.transfer_checked_ctx(), stake_amount, decimals)?;
Ok(())
}
The transfer_checked method builds a transfer_checked instruction object and
actually invokes the program in the CpiContext under the hood. We are just
utilizing Anchor's wrapper over the top of this process. If you're curious,
here is the source code.
pub fn transfer_checked<'info>(
ctx: CpiContext<'_, '_, '_, 'info, TransferChecked<'info>>,
amount: u64,
decimals: u8,
) -> Result<()> {
let ix = spl_token_2022::instruction::transfer_checked(
ctx.program.key,
ctx.accounts.from.key,
ctx.accounts.mint.key,
ctx.accounts.to.key,
ctx.accounts.authority.key,
&[],
amount,
decimals,
)?;
solana_program::program::invoke_signed(
&ix,
&[
ctx.accounts.from,
ctx.accounts.mint,
ctx.accounts.to,
ctx.accounts.authority,
],
ctx.signer_seeds,
)
.map_err(Into::into)
}
Using Anchor's CpiContext wrapper is much cleaner and it abstracts a lot away,
but it's important you understand what's going on under the hood.
Once the transfer_checked function has completed, we can start updating our
state accounts because that means the transfer has taken place. The two accounts
we'll want to update are the pool_state and user_entry accounts, which
represent the overall staking pool data and this specific user's data regarding
their stake in this pool.
Since this is the stake instruction and the user is transferring tokens into
the pool, both values representing the amount the user has staked and the total
amount staked in the pool should increase by the stake_amount.
To do this, we will deserialize the pool_state and user_entry accounts as
mutable and increase the pool_state.amount and user_enry.balance fields by
the stake_amount using checked_add(). CheckedAdd is a Rust feature that
allows you to safely perform mathematical operations without worrying about
buffer overflow. checked_add() adds two numbers, checking for overflow. If
overflow happens, None is returned.
Lastly, we'll also update the user_entry.last_staked field with the current
unix timestamp from the Clock. This is just meant to keep track of the most
recent time a specific user staked tokens.
Add this after transfer_checked and before Ok(()) in the handler function.
let pool_state = &mut ctx.accounts.pool_state;
let user_entry = &mut ctx.accounts.user_stake_entry;
// update pool state amount
pool_state.amount = pool_state.amount.checked_add(stake_amount).unwrap();
msg!("Current pool stake total: {}", pool_state.amount);
// update user stake entry
user_entry.balance = user_entry.balance.checked_add(stake_amount).unwrap();
msg!("User stake balance: {}", user_entry.balance);
user_entry.last_staked = Clock::get().unwrap().unix_timestamp;
Now that was a lot and we covered some new stuff, so feel free to go back through and make sure it all makes sense. Check out all of the external resources that are linked for any of the new topics. Once you're ready to move on, save your work and verify the program still builds!
anchor build
10. unstake Instruction
Lastly, the unstake transaction will be pretty similar to the stake
transaction. We'll need to transfer tokens out of the stake pool to the user,
this is also when the user will receive their staking rewards. Their staking
rewards will be minted to the user in this same transaction.
Something to note here, we are not going to allow the user to determine how many
tokens are unstaked, we will simply unstake all of the tokens that they
currently have staked. Additionally, we are not going to implement a very
realistic algorithm to determine how many reward tokens they have accrued. We'll
simply take their stake balance and multiply by 10 to get the amount of reward
tokens to mint them. We do this again to simplify the program and remain focused
on the goal of the lesson, the Token Extensions Program.
The account structure will be very similar to the stake instruction, but there
are a few differences. We'll need:
pool_statetoken_mintpool_authoritytoken_vaultuseruser_token_accountuser_stake_entrystaking_token_mintuser_stake_token_accounttoken_programsystem_program
The main difference between the required accounts in stake and unstake is
that we need the staking_token_mint and user_stake_token_account for this
instruction to mint the user their staking rewards. We won't cover each account
individually because the struct is the exact same as the previous instruction,
just with the addition of these two new accounts.
First, the staking_token_mint account is the mint of the staking reward token.
The mint authority must be the pool_authority PDA so that the program has the
ability to mint tokens to users. The given staking_token_mint account also
must match the given token_program. We'll add a custom constraint verifying
that this account matches the pubkey stored in the staking_token_mint field of
the pool_state account, if not we will return the custom
InvalidStakingTokenMint error.
// Mint of staking token
#[account(
mut,
mint::authority = pool_authority,
mint::token_program = token_program,
constraint = staking_token_mint.key() == pool_state.staking_token_mint
@ StakeError::InvalidStakingTokenMint
)]
pub staking_token_mint: InterfaceAccount<'info, token_interface::Mint>,
The user_stake_token_account follows a similar vein. It must match the mint
staking_token_mint, the user must be the authority since these are their
staking rewards, and this account must match what we have stored on the
user_stake_entry account as their stake token account.
#[account(
mut,
token::mint = staking_token_mint,
token::authority = user,
token::token_program = token_program,
constraint = user_stake_token_account.key() == user_stake_entry.user_stake_token_account
@ StakeError::InvalidUserStakeTokenAccount
)]
pub user_stake_token_account: InterfaceAccount<'info, token_interface::TokenAccount>,
Here is what the final Unstake struct should look like:
#[derive(Accounts)]
pub struct Unstake<'info> {
// pool state account
#[account(
mut,
seeds = [token_mint.key().as_ref(), STAKE_POOL_STATE_SEED.as_bytes()],
bump = pool_state.bump,
)]
pub pool_state: Account<'info, PoolState>,
// Mint of token
#[account(
mut,
mint::token_program = token_program
)]
pub token_mint: InterfaceAccount<'info, token_interface::Mint>,
/// CHECK: PDA, auth over all token vaults
#[account(
seeds = [VAULT_AUTH_SEED.as_bytes()],
bump
)]
pub pool_authority: UncheckedAccount<'info>,
// pool token account for Token Mint
#[account(
mut,
// use token_mint, pool auth, and constant as seeds for token a vault
seeds = [token_mint.key().as_ref(), pool_authority.key().as_ref(), VAULT_SEED.as_bytes()],
bump = pool_state.vault_bump,
token::token_program = token_program
)]
pub token_vault: InterfaceAccount<'info, token_interface::TokenAccount>,
// require a signature because only the user should be able to unstake their tokens
#[account(
mut,
constraint = user.key() == user_stake_entry.user
@ StakeError::InvalidUser
)]
pub user: Signer<'info>,
#[account(
mut,
constraint = user_token_account.mint == pool_state.token_mint
@ StakeError::InvalidMint,
token::token_program = token_program
)]
pub user_token_account: InterfaceAccount<'info, token_interface::TokenAccount>,
#[account(
mut,
seeds = [user.key().as_ref(), pool_state.token_mint.key().as_ref(), STAKE_ENTRY_SEED.as_bytes()],
bump = user_stake_entry.bump,
)]
pub user_stake_entry: Account<'info, StakeEntry>,
// Mint of staking token
#[account(
mut,
mint::authority = pool_authority,
mint::token_program = token_program,
constraint = staking_token_mint.key() == pool_state.staking_token_mint
@ StakeError::InvalidStakingTokenMint
)]
pub staking_token_mint: InterfaceAccount<'info, token_interface::Mint>,
#[account(
mut,
token::mint = staking_token_mint,
token::authority = user,
token::token_program = token_program,
constraint = user_stake_token_account.key() == user_stake_entry.user_stake_token_account
@ StakeError::InvalidUserStakeTokenAccount
)]
pub user_stake_token_account: InterfaceAccount<'info, token_interface::TokenAccount>,
pub token_program: Interface<'info, token_interface::TokenInterface>,
pub system_program: Program<'info, System>
}
Now, we have two different CPIs to make in this instruction - a transfer and a
mint. We are going to be using a CpiContext for both in this instruction as
well. There is a catch however, in the stake instruction we did not require a
"signature" from a PDA but in this instruction we do. So, we cannot follow the
exact same pattern as before but we can do something very similar.
Again, let's create two skeleton helper functions implemented on the Unstake
data struct: transfer_checked_ctx and mint_to_ctx.
impl<'info> Unstake <'info> {
// transfer_checked for Token2022
pub fn transfer_checked_ctx<'a>(&'a self, seeds: &'a [&[&[u8]]]) -> CpiContext<'_, '_, '_, 'info, TransferChecked<'info>> {
}
// mint_to
pub fn mint_to_ctx<'a>(&'a self, seeds: &'a [&[&[u8]]]) -> CpiContext<'_, '_, '_, 'info, MintTo<'info>> {
}
}
We'll work on transfer_checked_ctx first, the implementation of this method is
almost exactly the same as in the stake instruction. The main difference is
here we have two arguments: self and seeds. The second argument will be the
vector of PDA signature seeds that we would normally pass into invoke_signed
ourselves. Since we need to sign with a PDA, instead of calling the
CpiContext::new constructor, we'll call CpiContext::new_with_signer instead.
new_with_signer is defined as:
pub fn new_with_signer(
program: AccountInfo<'info>,
accounts: T,
signer_seeds: &'a [&'b [&'c [u8]]]
) -> Self
Additionally, the from and to accounts in our TransferChecked struct will
be reversed from before.
// transfer_checked for spl-token or Token2022
pub fn transfer_checked_ctx<'a>(&'a self, seeds: &'a [&[&[u8]]]) -> CpiContext<'_, '_, '_, 'info, TransferChecked<'info>> {
let cpi_program = self.token_program.to_account_info();
let cpi_accounts = TransferChecked {
from: self.token_vault.to_account_info(),
to: self.user_token_account.to_account_info(),
authority: self.pool_authority.to_account_info(),
mint: self.token_mint.to_account_info()
};
CpiContext::new_with_signer(cpi_program, cpi_accounts, seeds)
}
Check out the
anchor_lang crate docs to learn more about CpiContext.
Moving on to the mint_to_ctx function, we need to do the exact same thing we
just did with transfer_checked_ctx but target the mint_to instruction
instead! To do this, we'll need to use the MintTo struct instead of
TransferChecked. MintTo is defined as:
pub struct MintTo<'info> {
pub mint: AccountInfo<'info>,
pub to: AccountInfo<'info>,
pub authority: AccountInfo<'info>,
}
anchor_spl::token_2022::MintTo rust crate docs.
With this in mind, we can implement mint_to_ctx the same exact way we did
transfer_checked_ctx. We'll be targeting the exact same token_program with
this CPI, so cpi_program should be the same as before. We construct the
MinTo struct the same as we did the TransferChecked struct, just passing the
appropriate accounts here. The mint is the staking_token_mint because that
is the mint we will be minting to the user, to is the user's
user_stake_token_account, and authority is the pool_authority because this
PDA should have sole authority over this mint.
Lastly, the function returns a CpiContext object constructed using the signer
seeds passed into it.
// mint_to
pub fn mint_to_ctx<'a>(&'a self, seeds: &'a [&[&[u8]]]) -> CpiContext<'_, '_, '_, 'info, MintTo<'info>> {
let cpi_program = self.token_program.to_account_info();
let cpi_accounts = MintTo {
mint: self.staking_token_mint.to_account_info(),
to: self.user_stake_token_account.to_account_info(),
authority: self.pool_authority.to_account_info()
};
CpiContext::new_with_signer(cpi_program, cpi_accounts, seeds)
}
Now we can move on to the logic of our handler function. This instruction will
need to update both the pool and user state accounts, transfer all of the user's
staked tokens, and mint the user their reward tokens. To get started, we are
going to log some info and determine how many tokens to transfer to the user.
We have kept track of the user's stake amount in the user_stake_entry account,
so we know exactly how many tokens this user has staked at this point in time.
We can fetch this amount from the user_entry.balance field. Then, we'll log
some information so that we can inspect this later. We'll also verify that the
amount to transfer out is not greater than the amount that is stored in the
pool as an extra safety measure. If so, we will return a custom OverdrawError
and prevent the user from draining the pool.
pub fn handler(ctx: Context<Unstake>) -> Result <()> {
check_token_program(ctx.accounts.token_program.key());
let user_entry = &ctx.accounts.user_stake_entry;
let amount = user_entry.balance;
let decimals = ctx.accounts.token_mint.decimals;
msg!("User stake balance: {}", user_entry.balance);
msg!("Withdrawing all of users stake balance. Tokens to withdraw: {}", amount);
msg!("Total staked before withdrawal: {}", ctx.accounts.pool_state.amount);
// verify user and pool have >= requested amount of tokens staked
if amount > ctx.accounts.pool_state.amount {
return Err(StakeError::OverdrawError.into())
}
// More code to come
Ok(())
}
Next, we will fetch the signer seeds needed for the PDA signature. The
pool_authority is what will be required to sign in these CPIs, so we use that
account's seeds.
// program signer seeds
let auth_bump = ctx.accounts.pool_state.vault_auth_bump;
let auth_seeds = &[VAULT_AUTH_SEED.as_bytes(), &[auth_bump]];
let signer = &[&auth_seeds[..]];
Once we have those seeds stored in the signer variable, we can easily pass it
into the transfer_checked_ctx() method. At the same time, we'll call the
transfer_checked helper function from the Anchor crate to acually invoke the
CPI behind the scenes.
// transfer staked tokens
transfer_checked(ctx.accounts.transfer_checked_ctx(signer), amount, decimals)?;
Next, we'll calculate how many reward tokens to mint the user and invoke the
mint_to instruction using our mint_to_ctx function. Remember, we are just
taking the amount of tokens the user has staked and multiplying it by 10 to get
their reward amount. This is a very simple algorithm that would not make sense
to use in production, but it works here as an example.
Notice we use checked_mul() here, similar to how we used checked_add in the
stake instruction. Again, this is to prevent buffer overflow.
// mint users staking rewards, 10x amount of staked tokens
let stake_rewards = amount.checked_mul(10).unwrap();
// mint rewards to user
mint_to(ctx.accounts.mint_to_ctx(signer), stake_rewards)?;
Lastly, we will need to update our state accounts by subtracting the amount that
was unstaked from both the pool and user's balances. We'll be using
checked_sub() for this.
// borrow mutable references
let pool_state = &mut ctx.accounts.pool_state;
let user_entry = &mut ctx.accounts.user_stake_entry;
// subtract transferred amount from pool total
pool_state.amount = pool_state.amount.checked_sub(amount).unwrap();
msg!("Total staked after withdrawal: {}", pool_state.amount);
// update user stake entry
user_entry.balance = user_entry.balance.checked_sub(amount).unwrap();
user_entry.last_staked = Clock::get().unwrap().unix_timestamp;
Putting that all together gives us our final handler function:
pub fn handler(ctx: Context<Unstake>) -> Result <()> {
check_token_program(ctx.accounts.token_program.key());
let user_entry = &ctx.accounts.user_stake_entry;
let amount = user_entry.balance;
let decimals = ctx.accounts.token_mint.decimals;
msg!("User stake balance: {}", user_entry.balance);
msg!("Withdrawing all of users stake balance. Tokens to withdraw: {}", amount);
msg!("Total staked before withdrawal: {}", ctx.accounts.pool_state.amount);
// verify user and pool have >= requested amount of tokens staked
if amount > ctx.accounts.pool_state.amount {
return Err(StakeError::OverdrawError.into())
}
// program signer seeds
let auth_bump = ctx.accounts.pool_state.vault_auth_bump;
let auth_seeds = &[VAULT_AUTH_SEED.as_bytes(), &[auth_bump]];
let signer = &[&auth_seeds[..]];
// transfer staked tokens
transfer_checked(ctx.accounts.transfer_checked_ctx(signer), amount, decimals)?;
// mint users staking rewards, 10x amount of staked tokens
let stake_rewards = amount.checked_mul(10).unwrap();
// mint rewards to user
mint_to(ctx.accounts.mint_to_ctx(signer), stake_rewards)?;
// borrow mutable references
let pool_state = &mut ctx.accounts.pool_state;
let user_entry = &mut ctx.accounts.user_stake_entry;
// subtract transferred amount from pool total
pool_state.amount = pool_state.amount.checked_sub(amount).unwrap();
msg!("Total staked after withdrawal: {}", pool_state.amount);
// update user stake entry
user_entry.balance = user_entry.balance.checked_sub(amount).unwrap();
user_entry.last_staked = Clock::get().unwrap().unix_timestamp;
Ok(())
}
That is it for our staking program! There has been an entire test suite written ahead of time for you to run against this program. Go ahead and install the needed packages for testing and run the tests:
npm install
anchor test
If you run into problems feel free to checkout the solution branch.
Challenge
Create your own program that is Token Program and Token Extensions Program agnostic.