stake-pool: Handle force destaked accounts (#3152)

Author: joncinque

stake-pool/js/src/index.ts

@@ -612,6 +612,12 @@ export async function increaseValidatorStake(
     transientStakeSeed,
   );
 
+  const validatorStake = await findStakeProgramAddress(
+    STAKE_POOL_PROGRAM_ID,
+    validatorInfo.voteAccountAddress,
+    stakePoolAddress,
+  );
+
   const instructions: TransactionInstruction[] = [];
   instructions.push(
     StakePoolInstruction.increaseValidatorStake({
@@ -622,6 +628,7 @@ export async function increaseValidatorStake(
       transientStakeSeed: transientStakeSeed.toNumber(),
       withdrawAuthority,
       transientStake,
+      validatorStake,
       validatorVote,
       lamports,
     }),

stake-pool/js/src/instructions.ts

@@ -157,6 +157,7 @@ export type IncreaseValidatorStakeParams = {
   validatorList: PublicKey;
   reserveStake: PublicKey;
   transientStake: PublicKey;
+  validatorStake: PublicKey;
   validatorVote: PublicKey;
   // Amount of lamports to split into the transient stake account.
   lamports: number;
@@ -343,6 +344,7 @@ export class StakePoolInstruction {
       validatorList,
       reserveStake,
       transientStake,
+      validatorStake,
       validatorVote,
       lamports,
       transientStakeSeed,
@@ -358,6 +360,7 @@ export class StakePoolInstruction {
       { pubkey: validatorList, isSigner: false, isWritable: true },
       { pubkey: reserveStake, isSigner: false, isWritable: true },
       { pubkey: transientStake, isSigner: false, isWritable: true },
+      { pubkey: validatorStake, isSigner: false, isWritable: false },
       { pubkey: validatorVote, isSigner: false, isWritable: false },
       { pubkey: SYSVAR_CLOCK_PUBKEY, isSigner: false, isWritable: false },
       { pubkey: SYSVAR_RENT_PUBKEY, isSigner: false, isWritable: false },

stake-pool/program/src/instruction.rs

@@ -166,13 +166,14 @@ pub enum StakePoolInstruction {
     ///  3. `[w]` Validator list
     ///  4. `[w]` Stake pool reserve stake
     ///  5. `[w]` Transient stake account
-    ///  6. `[]` Validator vote account to delegate to
-    ///  7. '[]' Clock sysvar
-    ///  8. '[]' Rent sysvar
-    ///  9. `[]` Stake History sysvar
-    /// 10. `[]` Stake Config sysvar
-    /// 11. `[]` System program
-    /// 12. `[]` Stake program
+    ///  6. `[]` Validator stake account
+    ///  7. `[]` Validator vote account to delegate to
+    ///  8. '[]' Clock sysvar
+    ///  9. '[]' Rent sysvar
+    /// 10. `[]` Stake History sysvar
+    /// 11. `[]` Stake Config sysvar
+    /// 12. `[]` System program
+    /// 13. `[]` Stake program
     ///  userdata: amount of lamports to increase on the given validator.
     ///  The actual amount split into the transient stake account is:
     ///  `lamports + stake_rent_exemption`
@@ -538,6 +539,7 @@ pub fn increase_validator_stake(
     validator_list: &Pubkey,
     reserve_stake: &Pubkey,
     transient_stake: &Pubkey,
+    validator_stake: &Pubkey,
     validator: &Pubkey,
     lamports: u64,
     transient_stake_seed: u64,
@@ -549,6 +551,7 @@ pub fn increase_validator_stake(
         AccountMeta::new(*validator_list, false),
         AccountMeta::new(*reserve_stake, false),
         AccountMeta::new(*transient_stake, false),
+        AccountMeta::new_readonly(*validator_stake, false),
         AccountMeta::new_readonly(*validator, false),
         AccountMeta::new_readonly(sysvar::clock::id(), false),
         AccountMeta::new_readonly(sysvar::rent::id(), false),
@@ -671,6 +674,8 @@ pub fn increase_validator_stake_with_vote(
         stake_pool_address,
         transient_stake_seed,
     );
+    let (validator_stake_address, _) =
+        find_stake_program_address(program_id, vote_account_address, stake_pool_address);
 
     increase_validator_stake(
         program_id,
@@ -680,6 +685,7 @@ pub fn increase_validator_stake_with_vote(
         &stake_pool.validator_list,
         &stake_pool.reserve_stake,
         &transient_stake_address,
+        &validator_stake_address,
         vote_account_address,
         lamports,
         transient_stake_seed,

stake-pool/program/src/processor.rs

@@ -1240,6 +1240,7 @@ impl Processor {
         let validator_list_info = next_account_info(account_info_iter)?;
         let reserve_stake_account_info = next_account_info(account_info_iter)?;
         let transient_stake_account_info = next_account_info(account_info_iter)?;
+        let validator_stake_account_info = next_account_info(account_info_iter)?;
         let validator_vote_account_info = next_account_info(account_info_iter)?;
         let clock_info = next_account_info(account_info_iter)?;
         let clock = &Clock::from_account_info(clock_info)?;
@@ -1300,6 +1301,32 @@ impl Processor {
             return Err(StakePoolError::TransientAccountInUse.into());
         }
 
+        // Check that the validator stake account is actually delegated to the right
+        // validator. This can happen if a validator was force destaked during a
+        // cluster restart.
+        {
+            check_account_owner(validator_stake_account_info, stake_program_info.key)?;
+            check_validator_stake_address(
+                program_id,
+                stake_pool_info.key,
+                validator_stake_account_info.key,
+                vote_account_address,
+            )?;
+            let (meta, stake) = get_stake_state(validator_stake_account_info)?;
+            if !stake_is_usable_by_pool(&meta, withdraw_authority_info.key, &stake_pool.lockup) {
+                msg!("Validator stake for {} not usable by pool, must be owned by withdraw authority", vote_account_address);
+                return Err(StakePoolError::WrongStakeState.into());
+            }
+            if stake.delegation.voter_pubkey != *vote_account_address {
+                msg!(
+                    "Validator stake {} not delegated to {}",
+                    validator_stake_account_info.key,
+                    vote_account_address
+                );
+                return Err(StakePoolError::WrongStakeState.into());
+            }
+        }
+
         let transient_stake_bump_seed = check_transient_stake_address(
             program_id,
             stake_pool_info.key,
@@ -1683,6 +1710,30 @@ impl Processor {
                         msg!("Validator stake account no longer part of the pool, ignoring");
                     }
                 }
+                Some(stake::state::StakeState::Initialized(meta))
+                    if stake_is_usable_by_pool(
+                        &meta,
+                        withdraw_authority_info.key,
+                        &stake_pool.lockup,
+                    ) =>
+                {
+                    // If a validator stake is `Initialized`, the validator could
+                    // have been destaked during a cluster restart. Either way,
+                    // absorb those lamports into the reserve.  The transient
+                    // stake was likely absorbed into the reserve earlier.
+                    Self::stake_merge(
+                        stake_pool_info.key,
+                        validator_stake_info.clone(),
+                        withdraw_authority_info.clone(),
+                        AUTHORITY_WITHDRAW,
+                        stake_pool.stake_withdraw_bump_seed,
+                        reserve_stake_info.clone(),
+                        clock_info.clone(),
+                        stake_history_info.clone(),
+                        stake_program_info.clone(),
+                    )?;
+                    validator_stake_record.status = StakeStatus::ReadyForRemoval;
+                }
                 Some(stake::state::StakeState::Initialized(_))
                 | Some(stake::state::StakeState::Uninitialized)
                 | Some(stake::state::StakeState::RewardsPool)

stake-pool/program/tests/force_destake.rs

@@ -0,0 +1,193 @@
+#![cfg(feature = "test-bpf")]
+
+mod helpers;
+
+use {
+    helpers::*,
+    solana_program::{instruction::InstructionError, pubkey::Pubkey, stake},
+    solana_program_test::*,
+    solana_sdk::{
+        account::{Account, WritableAccount},
+        clock::Epoch,
+        signature::Signer,
+        transaction::TransactionError,
+    },
+    spl_stake_pool::{
+        error::StakePoolError,
+        find_stake_program_address, find_transient_stake_program_address, id,
+        state::{StakeStatus, ValidatorStakeInfo},
+        MINIMUM_ACTIVE_STAKE,
+    },
+};
+
+async fn setup() -> (ProgramTestContext, StakePoolAccounts, Pubkey) {
+    let mut program_test = program_test();
+    let stake_pool_accounts = StakePoolAccounts::new();
+
+    let stake_pool_pubkey = stake_pool_accounts.stake_pool.pubkey();
+    let (mut stake_pool, mut validator_list) = stake_pool_accounts.state();
+
+    let voter_pubkey = add_vote_account(&mut program_test);
+    let meta = stake::state::Meta {
+        rent_exempt_reserve: STAKE_ACCOUNT_RENT_EXEMPTION,
+        authorized: stake::state::Authorized {
+            staker: stake_pool_accounts.withdraw_authority,
+            withdrawer: stake_pool_accounts.withdraw_authority,
+        },
+        lockup: stake_pool.lockup,
+    };
+
+    let stake_account = Account::create(
+        TEST_STAKE_AMOUNT + STAKE_ACCOUNT_RENT_EXEMPTION,
+        bincode::serialize::<stake::state::StakeState>(&stake::state::StakeState::Initialized(
+            meta,
+        ))
+        .unwrap(),
+        stake::program::id(),
+        false,
+        Epoch::default(),
+    );
+
+    let (stake_address, _) = find_stake_program_address(&id(), &voter_pubkey, &stake_pool_pubkey);
+    program_test.add_account(stake_address, stake_account);
+    let active_stake_lamports = TEST_STAKE_AMOUNT - MINIMUM_ACTIVE_STAKE;
+    // add to validator list
+    validator_list.validators.push(ValidatorStakeInfo {
+        status: StakeStatus::Active,
+        vote_account_address: voter_pubkey,
+        active_stake_lamports,
+        transient_stake_lamports: 0,
+        last_update_epoch: 0,
+        transient_seed_suffix_start: 0,
+        transient_seed_suffix_end: 0,
+    });
+
+    stake_pool.total_lamports += active_stake_lamports;
+    stake_pool.pool_token_supply += active_stake_lamports;
+
+    add_reserve_stake_account(
+        &mut program_test,
+        &stake_pool_accounts.reserve_stake.pubkey(),
+        &stake_pool_accounts.withdraw_authority,
+        TEST_STAKE_AMOUNT,
+    );
+    add_stake_pool_account(
+        &mut program_test,
+        &stake_pool_accounts.stake_pool.pubkey(),
+        &stake_pool,
+    );
+    add_validator_list_account(
+        &mut program_test,
+        &stake_pool_accounts.validator_list.pubkey(),
+        &validator_list,
+        stake_pool_accounts.max_validators,
+    );
+
+    add_mint_account(
+        &mut program_test,
+        &stake_pool_accounts.pool_mint.pubkey(),
+        &stake_pool_accounts.withdraw_authority,
+        stake_pool.pool_token_supply,
+    );
+    add_token_account(
+        &mut program_test,
+        &stake_pool_accounts.pool_fee_account.pubkey(),
+        &stake_pool_accounts.pool_mint.pubkey(),
+        &stake_pool_accounts.manager.pubkey(),
+    );
+
+    let context = program_test.start_with_context().await;
+    (context, stake_pool_accounts, voter_pubkey)
+}
+
+#[tokio::test]
+async fn success_update() {
+    let (mut context, stake_pool_accounts, voter_pubkey) = setup().await;
+    let pre_reserve_lamports = context
+        .banks_client
+        .get_account(stake_pool_accounts.reserve_stake.pubkey())
+        .await
+        .unwrap()
+        .unwrap()
+        .lamports;
+    let (stake_address, _) = find_stake_program_address(
+        &id(),
+        &voter_pubkey,
+        &stake_pool_accounts.stake_pool.pubkey(),
+    );
+    let validator_stake_lamports = context
+        .banks_client
+        .get_account(stake_address)
+        .await
+        .unwrap()
+        .unwrap()
+        .lamports;
+    // update should merge the destaked validator stake account into the reserve
+    let error = stake_pool_accounts
+        .update_all(
+            &mut context.banks_client,
+            &context.payer,
+            &context.last_blockhash,
+            &[voter_pubkey],
+            false,
+        )
+        .await;
+    assert!(error.is_none());
+    let post_reserve_lamports = context
+        .banks_client
+        .get_account(stake_pool_accounts.reserve_stake.pubkey())
+        .await
+        .unwrap()
+        .unwrap()
+        .lamports;
+    assert_eq!(
+        post_reserve_lamports,
+        pre_reserve_lamports + validator_stake_lamports
+    );
+    // test no more validator stake account
+    assert!(context
+        .banks_client
+        .get_account(stake_address)
+        .await
+        .unwrap()
+        .is_none());
+}
+
+#[tokio::test]
+async fn fail_increase() {
+    let (mut context, stake_pool_accounts, voter_pubkey) = setup().await;
+    let (stake_address, _) = find_stake_program_address(
+        &id(),
+        &voter_pubkey,
+        &stake_pool_accounts.stake_pool.pubkey(),
+    );
+    let transient_stake_seed = 0;
+    let transient_stake_address = find_transient_stake_program_address(
+        &id(),
+        &voter_pubkey,
+        &stake_pool_accounts.stake_pool.pubkey(),
+        transient_stake_seed,
+    )
+    .0;
+    let error = stake_pool_accounts
+        .increase_validator_stake(
+            &mut context.banks_client,
+            &context.payer,
+            &context.last_blockhash,
+            &transient_stake_address,
+            &stake_address,
+            &voter_pubkey,
+            MINIMUM_ACTIVE_STAKE,
+            transient_stake_seed,
+        )
+        .await
+        .unwrap()
+        .unwrap();
+    assert_eq!(
+        error,
+        TransactionError::InstructionError(
+            0,
+            InstructionError::Custom(StakePoolError::WrongStakeState as u32)
+        )
+    );
+}