feat: whitelist and unwhitelist SPL tokens

[brewmaster012]

closes #42

Add whitelisting function to SPL tokens to be deposited into the program PDA.
Right now the authority are authorized to whitelist/de-whitelist SPL token.
The integration tests are also refactored somewhat to increase code reuse.

Only deposit_spl_token*() instructions need to provide evidence of whitelisting.
withdraw_spl_token is not encumbered by whitelisting for the following reasons:

1. when the SPL token has never been whitelisted, there is no way to deposit into the program therefore
   no way to withdraw; there is no need for witheraw_spl_token to respect whitelisting;
2. when the SPL token was whitelisted and later de-whitelisted, the desired behavior would be to
   pause deposit, and allow withdraw otherwise the deposited SPL tokens will be stuck.

Whitelisting is implemented as a special PDA for each mint account (SPL token id).

#[derive(Accounts)]
pub struct AddToWhitelist<'info> {
    #[account(
        init,
        space=8,
        payer=authority,
        seeds=[
            b"whitelist",
            whitelist_candidate.key().as_ref()
        ],
        bump
    )]
    pub whitelist_entry: Account<'info, WhitelistEntry>,
    pub whitelist_candidate: Account<'info, Mint>,

    #[account(mut, seeds = [b"meta"], bump, has_one = authority)]
    pub pda: Account<'info, Pda>,
    #[account(mut)]
    pub authority: Signer<'info>,

    pub system_program: Program<'info, System>,
}

Whitelisting creates a PDA derived from the mint_account of the whitelisted SPL token.
When a user deposits the whitelisted token, she must provide evidence, i.e. provide the PDA whitelist entry
in the accounts:

#[derive(Accounts)]
pub struct DepositSplToken<'info> {
    #[account(mut)]
    pub signer: Signer<'info>,

    #[account(seeds = [b"meta"], bump)]
    pub pda: Account<'info, Pda>,

    #[account(seeds=[b"whitelist", mint_account.key().as_ref()], bump)]
    pub whitelist_entry: Account<'info, WhitelistEntry>, // attach whitelist entry to show the mint_account is whitelisted

    pub mint_account: Account<'info, Mint>,

    pub token_program: Program<'info, Token>,

    #[account(mut)]
    pub from: Account<'info, TokenAccount>, // this must be owned by signer; normally the ATA of signer
    #[account(mut)]
    pub to: Account<'info, TokenAccount>, // this must be ATA of PDA
}

This way, the existence of the PDA whitelist_entry is the evidence of the mint_account being whitelisted.

De-whitelisting closes the PDA whitelist_entry so that deposit spl token will error with AccountNotInitialized.

query whitelisted status

To query whether a SPL token is whitelisted by the program off-chain, derive the whitelist_entry PDA account
from seeds [b"whitelist", mint_account.key().as_ref()] and access the PDA account. The existence of this
PDA account means whitelisted; otherwise not whitelisted.

To query whether a SPL token is whitelisted by the program on-chain, add evidence whitelist_entry

 #[account(seeds=[b"whitelist", mint_account.key().as_ref()], bump)]
    pub whitelist_entry: Account<'info, WhitelistEntry>, // attach whitelist entry to show the mint_account is whitelisted

    pub mint_account: Account<'info, Mint>,

to the accounts of the instruction. Anchor constraints ensures that whitelist_entry must exists (and initialized)
which means the referenced mint_account must be whitelisted.

testing

both positive and negative tests are in the integration test suite.

$ anchor test

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 33.33333% with 6 lines in your changes missing coverage. Please review.

Project coverage is 9.16%. Comparing base (74c9d81) to head (75ac812).

Files with missing lines	Patch %	Lines
programs/protocol-contracts-solana/src/lib.rs	33.33%	6 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff            @@
##            main     #41      +/-   ##
========================================
+ Coverage   8.30%   9.16%   +0.85%     
========================================
  Files          1       1              
  Lines        253     262       +9     
========================================
+ Hits          21      24       +3     
- Misses       232     238       +6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[lumtis]

Unclear what these are for

[skosito]

i think all logic for this is in the accounts definition, when you whitelist new one is created (with init), when you unwhitelist its closed (with close)

[lumtis]

We should use consistent terminology with Solidity contracts:

• whitelist
• unwhitelist

[brewmaster012]

changed to whitelist/unwhitelist across the board
e905e67

[lumtis]

I think we should remove all console.log in the test, logging in tests should be minimal by default, should printing passing tests

[brewmaster012]

disabled console.log in the test
e905e67

[skosito]

not sure if its ok to overwrite console.log like this, i think the point was to just remove all console.logs calls as they are just useful while tests are being written or during debugging

if there is console.log that is absolutely needed, it is probably better to replace it with assertion

[lumtis]

What does mint mean?

There should be no minting involved since we lock/unlock SPL tokens?

[skosito]

according to description Whitelisting is implemented as a special PDA for each mint account (SPL token id). is needed to create pda for mint account and existence of that pda marks that token is whitelisted

[brewmaster012]

What does mint mean?

There should be no minting involved since we lock/unlock SPL tokens?

mint (short for mint account) is the Solana equivalent for ERC20 contract address.
This is Solana jargon.

[skosito]

just curious if is there a pros/cons for whitelisting in 2 following ways:

1. init/close account
2. store flag within pda marking if its whitelisted or not

is it because having long lived pda in solana is not efficient if not needed because of rent, or something else?

[brewmaster012]

For whitelisting we really need is a mapping like Ethereum address=>bool

But Solana does not have mapping as a data structure like Ethereum mapping.
You'll need to roll your own. Say you want to create a mapping data account
and then store a hashmap or list in the PDA to implement the mapping.
There are two issues:

1. size of the data structure and therefore the account size could dynamically change;
2. hard to get deterministic constant access time (key-value lookup)

The PDA for each key-value pair is the idiomatic way to do Ethereum mapping on Solana.
Think of part of the seed as the key (mint account address), and value is the PDA account.

[ws4charlie]

good explanation

[ws4charlie]

It means the signer (the authority) of the Whitelist instruction must be one of the fields in pda struct?

[brewmaster012]

yes,
the b"meta" PDA contains the authority.

[ws4charlie]

looks good

[skosito]

seems like changes in this file are from merge with main, probably should be reverted

[brewmaster012]

reverted

[skosito]

not sure if its ok to overwrite console.log like this, i think the point was to just remove all console.logs calls as they are just useful while tests are being written or during debugging

if there is console.log that is absolutely needed, it is probably better to replace it with assertion

[brewmaster012]

removed the console logs in the next PR. Don't want to create merging issue later so maybe let's put the console logs aside for this one.