solana: Add anchor linting (#507)

* Add a bash script to manually run anchor linting commands as it does not occur automatically in anchor-cli 0.29.0
* Add Makefile target that points to the new script 
* Add CI step to run the new make command
* Replace usages of `AccountInfo` with documented usages of `UncheckedAccount`

---------

Co-authored-by: John Saigle <[email protected]>

Author: nvsriram

.github/workflows/solana.yml

@@ -131,6 +131,12 @@ jobs:
       - name: Check idl
         run: |
           git diff --exit-code ts/idl
+      - name: Set default Rust toolchain
+        run: rustup default stable
+        shell: bash
+      - name: Run anchor lint
+        run: make anchor-lint
+        shell: bash
       - name: Run tests
         run: anchor test --skip-build
         shell: bash

solana/Makefile

@@ -1,5 +1,5 @@
 .DEFAULT_GOAL = build
-.PHONY: build cargo-build anchor-build prod-build test cargo-test anchor-test idl sdk clean node_modules lint fix-lint
+.PHONY: build cargo-build anchor-build prod-build test cargo-test anchor-test idl sdk clean node_modules lint cargo-lint anchor-lint fix-lint
 
 #find and convert version line:
 #  turn `const VERSION: &str = "major.minor.patch";` into `major_minor_patch`
@@ -68,11 +68,20 @@ anchor-test: idl sdk node_modules
 #######################
 ## LINT
 
-lint:
+lint: cargo-lint anchor-lint
+
+
+cargo-lint:
 	cargo fmt --check --all --manifest-path Cargo.toml
 	cargo check --workspace --tests --manifest-path Cargo.toml
 	cargo clippy --workspace --tests --manifest-path Cargo.toml -- -Dclippy::cast_possible_truncation
 
+# Run anchor's linter on all Rust files in the current directory via `anchor idl parse`
+# Results written to /dev/null because we're just calling parse for the linting capabilities and we don't care about
+# the JSON output.
+# anchor-cli v0.29.0 doesn't seem to do linting on the command-line during the build process so this is a workaround
+anchor-lint:
+	bash scripts/anchor-lint.sh
 
 fix-lint:
 	cargo fmt --all --manifest-path Cargo.toml

solana/programs/example-native-token-transfers/src/instructions/admin.rs

@@ -33,13 +33,14 @@ pub struct TransferOwnership<'info> {
     pub owner: Signer<'info>,
 
     /// CHECK: This account will be the signer in the [claim_ownership] instruction.
-    new_owner: AccountInfo<'info>,
+    new_owner: UncheckedAccount<'info>,
 
     #[account(
         seeds = [b"upgrade_lock"],
         bump,
     )]
-    upgrade_lock: AccountInfo<'info>,
+    /// CHECK: The seeds constraint enforces that this is the correct address
+    upgrade_lock: UncheckedAccount<'info>,
 
     #[account(
         mut,
@@ -89,7 +90,8 @@ pub struct ClaimOwnership<'info> {
         seeds = [b"upgrade_lock"],
         bump,
     )]
-    upgrade_lock: AccountInfo<'info>,
+    /// CHECK: The seeds constraint enforces that this is the correct address
+    upgrade_lock: UncheckedAccount<'info>,
 
     pub new_owner: Signer<'info>,
 
@@ -204,7 +206,9 @@ pub struct RegisterTransceiver<'info> {
     pub payer: Signer<'info>,
 
     #[account(executable)]
-    pub transceiver: AccountInfo<'info>,
+    /// CHECK: transceiver is meant to be a transceiver program. Arguably a `Program` constraint could be
+    /// used here that wraps the Transceiver account type.
+    pub transceiver: UncheckedAccount<'info>,
 
     #[account(
         init,

solana/programs/example-native-token-transfers/src/instructions/initialize.rs

@@ -58,6 +58,12 @@ pub struct Initialize<'info> {
         seeds = [crate::TOKEN_AUTHORITY_SEED],
         bump,
     )]
+    /// CHECK: [`token_authority`] is checked against the custody account and the [`mint`]'s mint_authority
+    /// In any case, this function is used to set the Config and initialize the program so we
+    /// assume the caller of this function will have total control over the program.
+    ///
+    /// TODO: Using `UncheckedAccount` here leads to "Access violation in stack frame ...".
+    /// Could refactor code to use `Box<_>` to reduce stack size.
     pub token_authority: AccountInfo<'info>,
 
     #[account(
@@ -73,7 +79,7 @@ pub struct Initialize<'info> {
     /// function if  the token account has already been created.
     pub custody: InterfaceAccount<'info, token_interface::TokenAccount>,
 
-    /// CHECK: checked to be the appropriate token progrem when initialising the
+    /// CHECK: checked to be the appropriate token program when initialising the
     /// associated token account for the given mint.
     pub token_program: Interface<'info, token_interface::TokenInterface>,
     pub associated_token_program: Program<'info, AssociatedToken>,

solana/programs/example-native-token-transfers/src/instructions/luts.rs

@@ -45,15 +45,17 @@ pub struct InitializeLUT<'info> {
         seeds = [b"lut_authority"],
         bump
     )]
-    pub authority: AccountInfo<'info>,
+    /// CHECK: The seeds constraint enforces that this is the correct account.
+    pub authority: UncheckedAccount<'info>,
 
     #[account(
         mut,
         seeds = [authority.key().as_ref(), &recent_slot.to_le_bytes()],
         seeds::program = solana_address_lookup_table_program::id(),
         bump
     )]
-    pub lut_address: AccountInfo<'info>,
+    /// CHECK: The seeds constraint enforces that this is the correct account.
+    pub lut_address: UncheckedAccount<'info>,
 
     #[account(
         init_if_needed,
@@ -81,23 +83,27 @@ pub struct Entries<'info> {
     #[account(
         constraint = custody.key() == config.custody,
     )]
-    pub custody: AccountInfo<'info>,
+    /// CHECK: The constraint enforces that this is the correct account.
+    pub custody: UncheckedAccount<'info>,
 
     #[account(
         constraint = token_program.key() == config.token_program,
     )]
-    pub token_program: AccountInfo<'info>,
+    /// CHECK: The constraint enforces that this is the correct account.
+    pub token_program: UncheckedAccount<'info>,
 
     #[account(
         constraint = mint.key() == config.mint,
     )]
-    pub mint: AccountInfo<'info>,
+    /// CHECK: The constraint enforces that this is the correct account.
+    pub mint: UncheckedAccount<'info>,
 
     #[account(
         seeds = [crate::TOKEN_AUTHORITY_SEED],
         bump,
     )]
-    pub token_authority: AccountInfo<'info>,
+    /// CHECK: The seeds constraint enforces that this is the correct account.
+    pub token_authority: UncheckedAccount<'info>,
 
     pub outbox_rate_limit: Account<'info, OutboxRateLimit>,
 

solana/programs/example-native-token-transfers/src/instructions/release_inbound.rs

@@ -31,7 +31,8 @@ pub struct ReleaseInbound<'info> {
         seeds = [crate::TOKEN_AUTHORITY_SEED],
         bump,
     )]
-    pub token_authority: AccountInfo<'info>,
+    /// CHECK The seeds constraint ensures that this is the correct address
+    pub token_authority: UncheckedAccount<'info>,
 
     #[account(
         mut,
@@ -112,7 +113,7 @@ pub fn release_inbound_mint<'info>(
             token_interface::MintTo {
                 mint: ctx.accounts.common.mint.to_account_info(),
                 to: ctx.accounts.common.custody.to_account_info(),
-                authority: ctx.accounts.common.token_authority.clone(),
+                authority: ctx.accounts.common.token_authority.to_account_info(),
             },
             &[&[
                 crate::TOKEN_AUTHORITY_SEED,
@@ -128,7 +129,7 @@ pub fn release_inbound_mint<'info>(
         ctx.accounts.common.custody.to_account_info(),
         ctx.accounts.common.mint.to_account_info(),
         ctx.accounts.common.recipient.to_account_info(),
-        ctx.accounts.common.token_authority.clone(),
+        ctx.accounts.common.token_authority.to_account_info(),
         ctx.remaining_accounts,
         inbox_item.amount,
         ctx.accounts.common.mint.decimals,
@@ -178,7 +179,7 @@ pub fn release_inbound_unlock<'info>(
         ctx.accounts.common.custody.to_account_info(),
         ctx.accounts.common.mint.to_account_info(),
         ctx.accounts.common.recipient.to_account_info(),
-        ctx.accounts.common.token_authority.clone(),
+        ctx.accounts.common.token_authority.to_account_info(),
         ctx.remaining_accounts,
         inbox_item.amount,
         ctx.accounts.common.mint.decimals,

solana/programs/example-native-token-transfers/src/instructions/transfer.rs

@@ -136,14 +136,16 @@ pub struct TransferBurn<'info> {
         ],
         bump,
     )]
+    /// CHECK: The seeds constraint enforces that this is the correct account.
     /// See [`crate::SESSION_AUTHORITY_SEED`] for an explanation of the flow.
-    pub session_authority: AccountInfo<'info>,
+    pub session_authority: UncheckedAccount<'info>,
 
     #[account(
         seeds = [crate::TOKEN_AUTHORITY_SEED],
         bump,
     )]
-    pub token_authority: AccountInfo<'info>,
+    /// CHECK: The seeds constraint enforces that this is the correct account.
+    pub token_authority: UncheckedAccount<'info>,
 }
 
 pub fn transfer_burn<'info>(
@@ -281,8 +283,9 @@ pub struct TransferLock<'info> {
         ],
         bump,
     )]
+    /// CHECK: The seeds constraint enforces that this is the correct account
     /// See [`crate::SESSION_AUTHORITY_SEED`] for an explanation of the flow.
-    pub session_authority: AccountInfo<'info>,
+    pub session_authority: UncheckedAccount<'info>,
 }
 
 pub fn transfer_lock<'info>(

solana/programs/example-native-token-transfers/src/transceivers/wormhole/instructions/broadcast_id.rs

@@ -24,6 +24,7 @@ pub struct BroadcastId<'info> {
         seeds = [b"emitter"],
         bump
     )]
+    /// CHECK: The seeds constraint ensures that this is the correct address
     pub emitter: UncheckedAccount<'info>,
 
     pub wormhole: WormholeAccounts<'info>,

solana/programs/example-native-token-transfers/src/transceivers/wormhole/instructions/broadcast_peer.rs

@@ -28,6 +28,7 @@ pub struct BroadcastPeer<'info> {
         seeds = [b"emitter"],
         bump
     )]
+    /// CHECK: The seeds constraint ensures that this is the correct address
     pub emitter: UncheckedAccount<'info>,
 
     pub wormhole: WormholeAccounts<'info>,

solana/programs/wormhole-governance/src/instructions/governance.rs

@@ -46,8 +46,8 @@ pub struct Governance<'info> {
         bump,
     )]
     /// CHECK: governance PDA. This PDA has to be the owner assigned to the
-    /// governed program.
-    pub governance: AccountInfo<'info>,
+    /// governed program. This account is validated by Wormhole, not this program.
+    pub governance: UncheckedAccount<'info>,
 
     #[account(
         constraint = vaa.emitter_chain() == Into::<u16>::into(Chain::Solana) @ GovernanceError::InvalidGovernanceChain,
@@ -57,7 +57,8 @@ pub struct Governance<'info> {
     pub vaa: Account<'info, PostedVaa<GovernanceMessage>>,
 
     #[account(executable)]
-    pub program: AccountInfo<'info>,
+    /// CHECK: This account is validated by Wormhole, not this program.
+    pub program: UncheckedAccount<'info>,
 
     #[account(
         init,