stake-pool: Add depositor key on init, required on deposit (#1616)

* stake-pool: Add depositor key on init, required on deposit

Some stake pools need to be private, and not allow outside depositors.

Enhance the existing deposit authority in the stake pool be configurable
on initialization, and then require its signature on deposit.

The existing deposit authority is a program address, making deposits
permissionless. This allows a pool creator to set their own deposit_authority on
initialization. In a great turn of events, almost everything else works
the same way!

Here's the current workflow for deposit, where the user calls
stake_program::authorize and stake_pool::deposit in the same
transaction:

* stake_program::authorize assigns staker and withdraw authority to the
  stake pool deposit authority
* stake_pool::deposit
    - uses the deposit authority to assign authority on the deposited
  stake account to the stake pool withdraw authority
    - uses the withdraw authority to merge the deposited stake into the validator stake

The deposit authority must "sign" the transaction in order to reassign
authority to the withdraw authority. Currently, as a program address, it
can just do that. With this change, if the deposit authority is set
during initialization, then that deposit authority must sign the
instruction.

There's also a little update for ease-of-use to always do the
stake_program::authorize in the same transaction as stake_pool::deposit.
This way, in case someone tries to deposit into a forbidden stake pool, the
whole transaction will bail and their stake will stay as theirs.

* Address review feedback

* Fix rebase issues

Author: joncinque

stake-pool/cli/src/main.rs

@@ -14,7 +14,7 @@ use {
         input_validators::{is_amount, is_keypair, is_parsable, is_pubkey, is_url},
         keypair::signer_from_path,
     },
-    solana_client::{rpc_client::RpcClient, rpc_response::StakeActivationState},
+    solana_client::rpc_client::RpcClient,
     solana_program::{
         borsh::get_packed_len, instruction::Instruction, program_pack::Pack, pubkey::Pubkey,
     },
@@ -28,9 +28,9 @@ use {
     spl_stake_pool::{
         self,
         borsh::get_instance_packed_len,
-        find_deposit_authority_program_address, find_stake_program_address,
-        find_transient_stake_program_address, find_withdraw_authority_program_address,
-        stake_program::{self, StakeAuthorize, StakeState},
+        find_stake_program_address, find_transient_stake_program_address,
+        find_withdraw_authority_program_address,
+        stake_program::{self, StakeState},
         state::{Fee, StakePool, ValidatorList},
         MAX_VALIDATORS_TO_UPDATE,
     },
@@ -42,6 +42,7 @@ struct Config {
     verbose: bool,
     manager: Box<dyn Signer>,
     staker: Box<dyn Signer>,
+    depositor: Option<Box<dyn Signer>>,
     token_owner: Box<dyn Signer>,
     fee_payer: Box<dyn Signer>,
     dry_run: bool,
@@ -94,7 +95,12 @@ fn send_transaction(
     Ok(())
 }
 
-fn command_create_pool(config: &Config, fee: Fee, max_validators: u32) -> CommandResult {
+fn command_create_pool(
+    config: &Config,
+    deposit_authority: Option<Pubkey>,
+    fee: Fee,
+    max_validators: u32,
+) -> CommandResult {
     let reserve_stake = Keypair::new();
     println!("Creating reserve stake {}", reserve_stake.pubkey());
 
@@ -224,6 +230,7 @@ fn command_create_pool(config: &Config, fee: Fee, max_validators: u32) -> Comman
                 &mint_account.pubkey(),
                 &pool_fee_account.pubkey(),
                 &spl_token::id(),
+                deposit_authority,
                 fee,
                 max_validators,
             )?,
@@ -286,7 +293,17 @@ fn command_vsa_create(
 }
 
 fn command_vsa_add(config: &Config, stake_pool_address: &Pubkey, stake: &Pubkey) -> CommandResult {
-    if config.rpc_client.get_stake_activation(*stake, None)?.state != StakeActivationState::Active {
+    let stake_state = get_stake_state(&config.rpc_client, &stake)?;
+    if let stake_program::StakeState::Stake(meta, _stake) = stake_state {
+        if meta.authorized.withdrawer != config.staker.pubkey() {
+            let error = format!(
+                "Stake account withdraw authority must be the staker {}, actual {}",
+                config.staker.pubkey(),
+                meta.authorized.withdrawer
+            );
+            return Err(error.into());
+        }
+    } else {
         return Err("Stake account is not active.".into());
     }
 
@@ -299,34 +316,16 @@ fn command_vsa_add(config: &Config, stake_pool_address: &Pubkey, stake: &Pubkey)
     let mut instructions: Vec<Instruction> = vec![];
     let mut signers = vec![config.fee_payer.as_ref(), config.staker.as_ref()];
 
-    // Calculate Deposit and Withdraw stake pool authorities
-    let pool_deposit_authority =
-        find_deposit_authority_program_address(&spl_stake_pool::id(), stake_pool_address).0;
-
+    // Calculate Withdraw stake pool authorities
     let pool_withdraw_authority =
         find_withdraw_authority_program_address(&spl_stake_pool::id(), stake_pool_address).0;
 
     instructions.extend(vec![
-        // Set Withdrawer on stake account to Deposit authority of the stake pool
-        stake_program::authorize(
-            &stake,
-            &config.staker.pubkey(),
-            &pool_deposit_authority,
-            StakeAuthorize::Withdrawer,
-        ),
-        // Set Staker on stake account to Deposit authority of the stake pool
-        stake_program::authorize(
-            &stake,
-            &config.staker.pubkey(),
-            &pool_deposit_authority,
-            StakeAuthorize::Staker,
-        ),
         // Add validator stake account to the pool
         spl_stake_pool::instruction::add_validator_to_pool(
             &spl_stake_pool::id(),
             &stake_pool_address,
             &config.staker.pubkey(),
-            &pool_deposit_authority,
             &pool_withdraw_authority,
             &stake_pool.validator_list,
             &stake,
@@ -588,42 +587,49 @@ fn command_deposit(
         },
     )?;
 
-    // Calculate Deposit and Withdraw stake pool authorities
-    let pool_deposit_authority =
-        find_deposit_authority_program_address(&spl_stake_pool::id(), stake_pool_address).0;
-
     let pool_withdraw_authority =
         find_withdraw_authority_program_address(&spl_stake_pool::id(), stake_pool_address).0;
 
-    instructions.extend(vec![
-        // Set Withdrawer on stake account to Deposit authority of the stake pool
-        stake_program::authorize(
-            &stake,
-            &config.staker.pubkey(),
-            &pool_deposit_authority,
-            StakeAuthorize::Withdrawer,
-        ),
-        // Set Staker on stake account to Deposit authority of the stake pool
-        stake_program::authorize(
+    let mut deposit_instructions = if let Some(deposit_authority) = config.depositor.as_ref() {
+        signers.push(deposit_authority.as_ref());
+        if deposit_authority.pubkey() != stake_pool.deposit_authority {
+            let error = format!(
+                "Invalid deposit authority specified, expected {}, received {}",
+                stake_pool.deposit_authority,
+                deposit_authority.pubkey()
+            );
+            return Err(error.into());
+        }
+
+        spl_stake_pool::instruction::deposit_with_authority(
+            &spl_stake_pool::id(),
+            &stake_pool_address,
+            &stake_pool.validator_list,
+            &deposit_authority.pubkey(),
+            &pool_withdraw_authority,
             &stake,
             &config.staker.pubkey(),
-            &pool_deposit_authority,
-            StakeAuthorize::Staker,
-        ),
-        // Add stake account to the pool
+            &validator_stake_account,
+            &token_receiver,
+            &stake_pool.pool_mint,
+            &spl_token::id(),
+        )
+    } else {
         spl_stake_pool::instruction::deposit(
             &spl_stake_pool::id(),
             &stake_pool_address,
             &stake_pool.validator_list,
-            &pool_deposit_authority,
             &pool_withdraw_authority,
             &stake,
+            &config.staker.pubkey(),
             &validator_stake_account,
             &token_receiver,
             &stake_pool.pool_mint,
             &spl_token::id(),
-        )?,
-    ]);
+        )
+    };
+
+    instructions.append(&mut deposit_instructions);
 
     let mut transaction =
         Transaction::new_with_payer(&instructions, Some(&config.fee_payer.pubkey()));
@@ -1130,6 +1136,17 @@ fn main() {
                      Defaults to the client keypair.",
                 ),
         )
+        .arg(
+            Arg::with_name("depositor")
+                .long("depositor")
+                .value_name("KEYPAIR")
+                .validator(is_keypair)
+                .takes_value(true)
+                .help(
+                    "Specify the stake pool depositor. \
+                     This may be a keypair file, the ASK keyword.",
+                ),
+        )
         .arg(
             Arg::with_name("token_owner")
                 .long("token-owner")
@@ -1186,6 +1203,15 @@ fn main() {
                     .required(true)
                     .help("Max number of validators included in the stake pool"),
             )
+            .arg(
+                Arg::with_name("deposit_authority")
+                    .long("deposit-authority")
+                    .short("a")
+                    .validator(is_pubkey)
+                    .value_name("DEPOSIT_AUTHORITY_ADDRESS")
+                    .takes_value(true)
+                    .help("Deposit authority required to sign all deposits into the stake pool"),
+            )
         )
         .subcommand(SubCommand::with_name("create-validator-stake")
             .about("Create a new stake account to use with the pool. Must be signed by the pool staker.")
@@ -1515,6 +1541,22 @@ fn main() {
             eprintln!("error: {}", e);
             exit(1);
         });
+        let depositor = if matches.is_present("depositor") {
+            Some(
+                signer_from_path(
+                    &matches,
+                    &cli_config.keypair_path,
+                    "depositor",
+                    &mut wallet_manager,
+                )
+                .unwrap_or_else(|e| {
+                    eprintln!("error: {}", e);
+                    exit(1);
+                }),
+            )
+        } else {
+            None
+        };
         let manager = signer_from_path(
             &matches,
             &cli_config.keypair_path,
@@ -1554,6 +1596,7 @@ fn main() {
             verbose,
             manager,
             staker,
+            depositor,
             token_owner,
             fee_payer,
             dry_run,
@@ -1563,11 +1606,13 @@ fn main() {
 
     let _ = match matches.subcommand() {
         ("create-pool", Some(arg_matches)) => {
+            let deposit_authority = pubkey_of(arg_matches, "deposit_authority");
             let numerator = value_t_or_exit!(arg_matches, "fee_numerator", u64);
             let denominator = value_t_or_exit!(arg_matches, "fee_denominator", u64);
             let max_validators = value_t_or_exit!(arg_matches, "max_validators", u32);
             command_create_pool(
                 &config,
+                deposit_authority,
                 Fee {
                     denominator,
                     numerator,