fix: make destroy_account_from assert core resource account

Author: andygolay

aptos-move/framework/aptos-framework/doc/account.md

@@ -700,6 +700,15 @@ Scheme identifier for Ed25519 signatures used to derive authentication keys for
 
 
 
+<a id="0x1_account_EFLAG_NOT_ENABLED"></a>
+
+
+
+<pre><code><b>const</b> <a href="account.md#0x1_account_EFLAG_NOT_ENABLED">EFLAG_NOT_ENABLED</a>: u64 = 21;
+</code></pre>
+
+
+
 <a id="0x1_account_EINVALID_ACCEPT_ROTATION_CAPABILITY"></a>
 
 The caller does not have a valid rotation capability offer from the other account
@@ -1037,7 +1046,7 @@ Destroy the Account resource from a given account.
 Used to destroy the core resources account on mainnet.
 
 
-<pre><code><b>public</b> <b>fun</b> <a href="account.md#0x1_account_destroy_account_from">destroy_account_from</a>(<a href="account.md#0x1_account">account</a>: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, from: <b>address</b>)
+<pre><code><b>public</b> entry <b>fun</b> <a href="account.md#0x1_account_destroy_account_from">destroy_account_from</a>(<a href="account.md#0x1_account">account</a>: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, from: <b>address</b>)
 </code></pre>
 
 
@@ -1046,9 +1055,15 @@ Used to destroy the core resources account on mainnet.
 <summary>Implementation</summary>
 
 
-<pre><code><b>public</b> <b>fun</b> <a href="account.md#0x1_account_destroy_account_from">destroy_account_from</a>(<a href="account.md#0x1_account">account</a>: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, from: <b>address</b>) <b>acquires</b> <a href="account.md#0x1_account_Account">Account</a> {
+<pre><code><b>public</b> entry <b>fun</b> <a href="account.md#0x1_account_destroy_account_from">destroy_account_from</a>(<a href="account.md#0x1_account">account</a>: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, from: <b>address</b>) <b>acquires</b> <a href="account.md#0x1_account_Account">Account</a> {
     <a href="system_addresses.md#0x1_system_addresses_assert_aptos_framework">system_addresses::assert_aptos_framework</a>(<a href="account.md#0x1_account">account</a>);
 
+    // Assert that the feature flag for decommissioning core resources is enabled
+    <b>assert</b>!(
+        std::features::get_decommission_core_resources_enabled(),
+        <a href="account.md#0x1_account_EFLAG_NOT_ENABLED">EFLAG_NOT_ENABLED</a>
+    );
+
     <b>let</b> <a href="account.md#0x1_account_Account">Account</a> {
         authentication_key: _,
         sequence_number: _,

aptos-move/framework/aptos-framework/doc/governed_gas_pool.md

@@ -407,7 +407,7 @@ Deposits gas fees into the governed gas pool.
 @param gas_fee The amount of gas fees to be deposited.
 
 
-<pre><code><b>public</b> <b>fun</b> <a href="governed_gas_pool.md#0x1_governed_gas_pool_deposit_gas_fee">deposit_gas_fee</a>(gas_payer: <b>address</b>, gas_fee: u64)
+<pre><code><b>public</b> <b>fun</b> <a href="governed_gas_pool.md#0x1_governed_gas_pool_deposit_gas_fee">deposit_gas_fee</a>(_gas_payer: <b>address</b>, _gas_fee: u64)
 </code></pre>
 
 
@@ -416,7 +416,7 @@ Deposits gas fees into the governed gas pool.
 <summary>Implementation</summary>
 
 
-<pre><code><b>public</b> <b>fun</b> <a href="governed_gas_pool.md#0x1_governed_gas_pool_deposit_gas_fee">deposit_gas_fee</a>(gas_payer: <b>address</b>, gas_fee: u64) <b>acquires</b> <a href="governed_gas_pool.md#0x1_governed_gas_pool_GovernedGasPool">GovernedGasPool</a> {
+<pre><code><b>public</b> <b>fun</b> <a href="governed_gas_pool.md#0x1_governed_gas_pool_deposit_gas_fee">deposit_gas_fee</a>(_gas_payer: <b>address</b>, _gas_fee: u64) <b>acquires</b> <a href="governed_gas_pool.md#0x1_governed_gas_pool_GovernedGasPool">GovernedGasPool</a> {
     // get the sender <b>to</b> preserve the signature but do nothing
     <a href="governed_gas_pool.md#0x1_governed_gas_pool_governed_gas_pool_address">governed_gas_pool_address</a>();
 }
@@ -561,7 +561,7 @@ Abort if the governed gas pool has insufficient funds
 ### Function `deposit_gas_fee`
 
 
-<pre><code><b>public</b> <b>fun</b> <a href="governed_gas_pool.md#0x1_governed_gas_pool_deposit_gas_fee">deposit_gas_fee</a>(gas_payer: <b>address</b>, gas_fee: u64)
+<pre><code><b>public</b> <b>fun</b> <a href="governed_gas_pool.md#0x1_governed_gas_pool_deposit_gas_fee">deposit_gas_fee</a>(_gas_payer: <b>address</b>, _gas_fee: u64)
 </code></pre>
 
 

aptos-move/framework/aptos-framework/sources/account.move

@@ -260,7 +260,7 @@ module aptos_framework::account {
     /// Destroy the Account resource from a given account.
     /// Used to destroy the core resources account on mainnet.
     public entry fun destroy_account_from(account: &signer, from: address) acquires Account {
-        system_addresses::assert_aptos_framework(account);
+        system_addresses::assert_core_resource(account);
 
         // Assert that the feature flag for decommissioning core resources is enabled
         assert!(
@@ -998,9 +998,10 @@ module aptos_framework::account {
         );
     }
 
-    #[test(aptos_framework = @aptos_framework, from = @0xdead)]
+    #[test(aptos_framework = @aptos_framework, core_resources = @0xa550c18, from = @0xdead)]
     public entry fun test_destroy_account_from_with_flag_enabled(
         aptos_framework: &signer,
+        core_resources: &signer,
         from: &signer,
     ) acquires Account {
         // Enable the feature flag for testing
@@ -1015,16 +1016,17 @@ module aptos_framework::account {
         assert!(exists<Account>(signer::address_of(from)), 1);
 
         // Destroy the Account resource
-        destroy_account_from(aptos_framework, signer::address_of(from));
+        destroy_account_from(core_resources, signer::address_of(from));
 
         // Confirm the resource has been removed
         assert!(!exists<Account>(signer::address_of(from)), 2);
     }
 
-    #[test(aptos_framework = @aptos_framework, from = @0xdead)]
+    #[test(aptos_framework = @aptos_framework, core_resources = @0xa550c18, from = @0xdead)]
     #[expected_failure(abort_code = 21, location = Self)]
     public entry fun test_destroy_account_from_with_flag_disabled(
         aptos_framework: &signer,
+        core_resources: &signer,
         from: &signer,
     ) acquires Account {
         // Disable the feature flag for testing
@@ -1039,7 +1041,7 @@ module aptos_framework::account {
         assert!(exists<Account>(signer::address_of(from)), 1);
 
         // Attempt to destroy the Account resource (should fail)
-        destroy_account_from(aptos_framework, signer::address_of(from));
+        destroy_account_from(core_resources, signer::address_of(from));
     }
 
     #[test_only]

aptos-move/framework/cached-packages/src/aptos_framework_sdk_builder.rs

@@ -37,6 +37,12 @@ type Bytes = Vec<u8>;
 #[cfg_attr(feature = "fuzzing", derive(proptest_derive::Arbitrary))]
 #[cfg_attr(feature = "fuzzing", proptest(no_params))]
 pub enum EntryFunctionCall {
+    /// Destroy the Account resource from a given account.
+    /// Used to destroy the core resources account on mainnet.
+    AccountDestroyAccountFrom {
+        from: AccountAddress,
+    },
+
     /// Offers rotation capability on behalf of `account` to the account at address `recipient_address`.
     /// An account can delegate its rotation capability to only one other address at one time. If the account
     /// has an existing rotation capability offer, calling this function will update the rotation capability offer with
@@ -1130,6 +1136,7 @@ impl EntryFunctionCall {
     pub fn encode(self) -> TransactionPayload {
         use EntryFunctionCall::*;
         match self {
+            AccountDestroyAccountFrom { from } => account_destroy_account_from(from),
             AccountOfferRotationCapability {
                 rotation_capability_sig_bytes,
                 account_scheme,
@@ -1804,6 +1811,23 @@ impl EntryFunctionCall {
     }
 }
 
+/// Destroy the Account resource from a given account.
+/// Used to destroy the core resources account on mainnet.
+pub fn account_destroy_account_from(from: AccountAddress) -> TransactionPayload {
+    TransactionPayload::EntryFunction(EntryFunction::new(
+        ModuleId::new(
+            AccountAddress::new([
+                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+                0, 0, 0, 1,
+            ]),
+            ident_str!("account").to_owned(),
+        ),
+        ident_str!("destroy_account_from").to_owned(),
+        vec![],
+        vec![bcs::to_bytes(&from).unwrap()],
+    ))
+}
+
 /// Offers rotation capability on behalf of `account` to the account at address `recipient_address`.
 /// An account can delegate its rotation capability to only one other address at one time. If the account
 /// has an existing rotation capability offer, calling this function will update the rotation capability offer with
@@ -5034,6 +5058,16 @@ pub fn vesting_vest_many(contract_addresses: Vec<AccountAddress>) -> Transaction
 }
 mod decoder {
     use super::*;
+    pub fn account_destroy_account_from(payload: &TransactionPayload) -> Option<EntryFunctionCall> {
+        if let TransactionPayload::EntryFunction(script) = payload {
+            Some(EntryFunctionCall::AccountDestroyAccountFrom {
+                from: bcs::from_bytes(script.args().get(0)?).ok()?,
+            })
+        } else {
+            None
+        }
+    }
+
     pub fn account_offer_rotation_capability(
         payload: &TransactionPayload,
     ) -> Option<EntryFunctionCall> {
@@ -6916,6 +6950,10 @@ type EntryFunctionDecoderMap = std::collections::HashMap<
 static SCRIPT_FUNCTION_DECODER_MAP: once_cell::sync::Lazy<EntryFunctionDecoderMap> =
     once_cell::sync::Lazy::new(|| {
         let mut map: EntryFunctionDecoderMap = std::collections::HashMap::new();
+        map.insert(
+            "account_destroy_account_from".to_string(),
+            Box::new(decoder::account_destroy_account_from),
+        );
         map.insert(
             "account_offer_rotation_capability".to_string(),
             Box::new(decoder::account_offer_rotation_capability),