[token-2022] Enable confidential payments only feature (#3790)

* add allow_non_confidential_credits field

* add tests for disabling non-confidential transfers

* Apply suggestions from code review

Co-authored-by: Tyera Eulberg <[email protected]>

* clarify comment wording

* Update token/program-2022/src/extension/confidential_transfer/processor.rs

Co-authored-by: Jon Cinque <[email protected]>

Co-authored-by: Tyera Eulberg <[email protected]>
Co-authored-by: Jon Cinque <[email protected]>

Author: 3 people

token/client/src/token.rs

@@ -2151,36 +2151,80 @@ where
     }
 
     /// Enable confidential transfer `Deposit` and `Transfer` instructions for a token account
-    pub async fn confidential_transfer_enable_balance_credits<S: Signer>(
+    pub async fn confidential_transfer_enable_confidential_credits<S: Signer>(
         &self,
         token_account: &Pubkey,
         authority: &S,
     ) -> TokenResult<T::Output> {
         self.process_ixs(
-            &[confidential_transfer::instruction::enable_balance_credits(
-                &self.program_id,
-                token_account,
-                &authority.pubkey(),
-                &[],
-            )?],
+            &[
+                confidential_transfer::instruction::enable_confidential_credits(
+                    &self.program_id,
+                    token_account,
+                    &authority.pubkey(),
+                    &[],
+                )?,
+            ],
             &[authority],
         )
         .await
     }
 
     /// Disable confidential transfer `Deposit` and `Transfer` instructions for a token account
-    pub async fn confidential_transfer_disable_balance_credits<S: Signer>(
+    pub async fn confidential_transfer_disable_confidential_credits<S: Signer>(
         &self,
         token_account: &Pubkey,
         authority: &S,
     ) -> TokenResult<T::Output> {
         self.process_ixs(
-            &[confidential_transfer::instruction::disable_balance_credits(
-                &self.program_id,
-                token_account,
-                &authority.pubkey(),
-                &[],
-            )?],
+            &[
+                confidential_transfer::instruction::disable_confidential_credits(
+                    &self.program_id,
+                    token_account,
+                    &authority.pubkey(),
+                    &[],
+                )?,
+            ],
+            &[authority],
+        )
+        .await
+    }
+
+    /// Enable a confidential extension token account to receive non-confidential payments
+    pub async fn confidential_transfer_enable_non_confidential_credits<S: Signer>(
+        &self,
+        token_account: &Pubkey,
+        authority: &S,
+    ) -> TokenResult<T::Output> {
+        self.process_ixs(
+            &[
+                confidential_transfer::instruction::enable_non_confidential_credits(
+                    &self.program_id,
+                    token_account,
+                    &authority.pubkey(),
+                    &[],
+                )?,
+            ],
+            &[authority],
+        )
+        .await
+    }
+
+    /// Disable non-confidential payments for a confidential extension token account
+    pub async fn confidential_transfer_disable_non_confidential_credits<S: Signer>(
+        &self,
+        token_account: &Pubkey,
+        authority: &S,
+    ) -> TokenResult<T::Output> {
+        self.process_ixs(
+            &[
+                confidential_transfer::instruction::disable_non_confidential_credits(
+                    &self.program_id,
+                    token_account,
+                    &authority.pubkey(),
+                    &[],
+                )?,
+            ],
             &[authority],
         )
         .await

token/program-2022-test/tests/confidential_transfer.rs

@@ -369,7 +369,7 @@ async fn ct_configure_token_account() {
         .get_extension::<ConfidentialTransferAccount>()
         .unwrap();
     assert!(!bool::from(&extension.approved));
-    assert!(bool::from(&extension.allow_balance_credits));
+    assert!(bool::from(&extension.allow_confidential_credits));
     assert_eq!(
         extension.encryption_pubkey,
         alice_meta.elgamal_keypair.public.into()
@@ -418,7 +418,7 @@ async fn ct_configure_token_account() {
 }
 
 #[tokio::test]
-async fn ct_enable_disable_balance_credits() {
+async fn ct_enable_disable_confidential_credits() {
     let ConfidentialTransferMintWithKeypairs { ct_mint, .. } =
         ConfidentialTransferMintWithKeypairs::new();
     let mut context = TestContext::new().await;
@@ -433,7 +433,7 @@ async fn ct_enable_disable_balance_credits() {
     let alice_meta = ConfidentialTokenAccountMeta::new(&token, &alice).await;
 
     token
-        .confidential_transfer_disable_balance_credits(&alice_meta.token_account, &alice)
+        .confidential_transfer_disable_confidential_credits(&alice_meta.token_account, &alice)
         .await
         .unwrap();
     let state = token
@@ -443,10 +443,10 @@ async fn ct_enable_disable_balance_credits() {
     let extension = state
         .get_extension::<ConfidentialTransferAccount>()
         .unwrap();
-    assert!(!bool::from(&extension.allow_balance_credits));
+    assert!(!bool::from(&extension.allow_confidential_credits));
 
     token
-        .confidential_transfer_enable_balance_credits(&alice_meta.token_account, &alice)
+        .confidential_transfer_enable_confidential_credits(&alice_meta.token_account, &alice)
         .await
         .unwrap();
     let state = token
@@ -456,7 +456,98 @@ async fn ct_enable_disable_balance_credits() {
     let extension = state
         .get_extension::<ConfidentialTransferAccount>()
         .unwrap();
-    assert!(bool::from(&extension.allow_balance_credits));
+    assert!(bool::from(&extension.allow_confidential_credits));
+}
+
+#[tokio::test]
+async fn ct_enable_disable_non_confidential_credits() {
+    let ConfidentialTransferMintWithKeypairs { ct_mint, .. } =
+        ConfidentialTransferMintWithKeypairs::new();
+    let mut context = TestContext::new().await;
+    context
+        .init_token_with_mint(vec![
+            ExtensionInitializationParams::ConfidentialTransferMint { ct_mint },
+        ])
+        .await
+        .unwrap();
+
+    let TokenContext {
+        token,
+        alice,
+        bob,
+        mint_authority,
+        ..
+    } = context.token_context.unwrap();
+    let alice_meta = ConfidentialTokenAccountMeta::new(&token, &alice).await;
+    let bob_meta = ConfidentialTokenAccountMeta::new(&token, &bob).await;
+
+    token
+        .mint_to(
+            &alice_meta.token_account,
+            &mint_authority.pubkey(),
+            10,
+            &[&mint_authority],
+        )
+        .await
+        .unwrap();
+
+    token
+        .confidential_transfer_disable_non_confidential_credits(&bob_meta.token_account, &bob)
+        .await
+        .unwrap();
+    let state = token
+        .get_account_info(&bob_meta.token_account)
+        .await
+        .unwrap();
+    let extension = state
+        .get_extension::<ConfidentialTransferAccount>()
+        .unwrap();
+    assert!(!bool::from(&extension.allow_non_confidential_credits));
+
+    let err = token
+        .transfer(
+            &alice_meta.token_account,
+            &bob_meta.token_account,
+            &alice.pubkey(),
+            10,
+            &[&alice],
+        )
+        .await
+        .unwrap_err();
+
+    assert_eq!(
+        err,
+        TokenClientError::Client(Box::new(TransportError::TransactionError(
+            TransactionError::InstructionError(
+                0,
+                InstructionError::Custom(TokenError::NonConfidentialTransfersDisabled as u32)
+            )
+        )))
+    );
+
+    token
+        .confidential_transfer_enable_non_confidential_credits(&bob_meta.token_account, &bob)
+        .await
+        .unwrap();
+    let state = token
+        .get_account_info(&bob_meta.token_account)
+        .await
+        .unwrap();
+    let extension = state
+        .get_extension::<ConfidentialTransferAccount>()
+        .unwrap();
+    assert!(bool::from(&extension.allow_non_confidential_credits));
+
+    token
+        .transfer(
+            &alice_meta.token_account,
+            &bob_meta.token_account,
+            &alice.pubkey(),
+            10,
+            &[&alice],
+        )
+        .await
+        .unwrap();
 }
 
 #[tokio::test]

token/program-2022/src/error.rs

@@ -190,6 +190,9 @@ pub enum TokenError {
     /// Extension not found in account data
     #[error("Extension not found in account data")]
     ExtensionNotFound,
+    /// Account does not accept non-confidential transfers
+    #[error("Non-confidential transfers disabled")]
+    NonConfidentialTransfersDisabled,
 }
 impl From<TokenError> for ProgramError {
     fn from(e: TokenError) -> Self {
@@ -329,6 +332,9 @@ impl PrintProgramError for TokenError {
             TokenError::ExtensionNotFound => {
                 msg!("Extension not found in account data")
             }
+            TokenError::NonConfidentialTransfersDisabled => {
+                msg!("Non-confidential transfers disabled")
+            }
         }
     }
 }