Skip to content

reclaim buffer account#60

Open
kaze-cow wants to merge 5 commits into
kaze/sc-150-close-order-accountfrom
kaze/sc-151-close-buffer-account
Open

reclaim buffer account#60
kaze-cow wants to merge 5 commits into
kaze/sc-150-close-order-accountfrom
kaze/sc-151-close-buffer-account

Conversation

@kaze-cow

@kaze-cow kaze-cow commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Description

Adds the ReclaimBuffers instruction. Also add some more capabilities to the test helpers.

Changes

The instruction takes in 3 accounts, state_account, receiver_account, token_account, plus two additional accounts buffer_pda, mint for each buffer to clear. The mint is required to help verify the canonical status of buffer_pda, as well as to call Burn if the account happens to hold excess funds.

The instruction can only be called by the receiver account which is registered in the state_pda

As of right now the state pda has been initialized with no data, so it was changed to allow for initiating a single receiver account (maybe later we rename this to fundsManager or so?). Ultimately it seems we will need to have some sort of account that wields this role so might as well start thinking about it now.

Since a bad actor could send 1 wei/lamport of a token to the buffers just before we close them, the buffer may become unable to be closed and the instruction would fail. This could be used as a griefing tactic, so this instruction will additionally Burn any remaining tokens found in the buffer before closing. Burn is used instead of Transfer because a transfer would likely require conditional allocation and sending--all for what is almost certainly a tiny . So its much easier to simply burn this amount entirely and move on. As this is a potentially destructive operation, multiple warnings have been added around the codebase to prevent this from being overlooked. Additionally, while most tokens support anyone being able to Burn their own tokens, there may exist certain 2022 tokens which disallow it, and so the buffer could not be closed unless we were to empty the account completely.

For the unit tests (which were expanded upon in #53 ), one additional change was made to allow for controlling the signer with is_signer. For right now it arbitrarily assumes any account that doesn't have data is a signer and any account that does have data is not. Tbh I am not sure how to handle this, I think it would be really annoying to have a boolean for every single call to the fake_account* functions. Maybe there is another way?

How to test

  • Confirm is_signer unit testing strategy, could be improved (please provide suggestion!)
  • Confirm ReclaimBuffer general methodology.
  • Consider behavior of burning tokens as a way of reducing the security impact

@kaze-cow kaze-cow self-assigned this Jul 6, 2026
@kaze-cow kaze-cow requested a review from a team as a code owner July 6, 2026 14:47
@linear-code

linear-code Bot commented Jul 6, 2026

Copy link
Copy Markdown

SC-151

@kaze-cow kaze-cow changed the title Kaze/sc 151 close buffer account reclaim buffer account Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant