Skip to content

add pinocchio token-2022 mint-close-authority example#624

Open
MarkFeder wants to merge 2 commits into
solana-foundation:mainfrom
MarkFeder:tokens-token-2022-mint-close-authority-pinocchio
Open

add pinocchio token-2022 mint-close-authority example#624
MarkFeder wants to merge 2 commits into
solana-foundation:mainfrom
MarkFeder:tokens-token-2022-mint-close-authority-pinocchio

Conversation

@MarkFeder

Copy link
Copy Markdown
Contributor

Adds a Pinocchio port of the tokens/token-2022/mint-close-authority example, alongside the existing anchor and native versions.

What it does

A single instruction creates an SPL Token-2022 mint carrying the MintCloseAuthority extension, so a designated authority can later close the mint and reclaim its rent.

Notes

Token-2022 has no Pinocchio wrapper crate (pinocchio-token targets the legacy SPL Token program), so the Token-2022 instructions are built by hand and CPI'd:

  1. CreateAccount for the mint, sized to 202 bytes (base Account length 165 + account-type byte + one MintCloseAuthority TLV entry) and owned by the Token-2022 program.
  2. InitializeMintCloseAuthority (variant 25) — must run before the mint is initialized.
  3. InitializeMint (variant 0).

The bankrun test asserts the resulting mint is owned by Token-2022, is exactly 202 bytes, has the correct decimals, and that the extension header (account type Mint, TLV type MintCloseAuthority) and stored close authority were written correctly.

@greptile-apps

greptile-apps Bot commented Jul 1, 2026

Copy link
Copy Markdown

Greptile Summary

This PR adds a Pinocchio port of the token-2022/mint-close-authority example, sitting alongside the existing Anchor and native versions. It manually constructs Token-2022 CPIs since no Pinocchio wrapper crate exists for Token-2022, building and invoking InitializeMintCloseAuthority (variant 25) before InitializeMint (variant 0) in the required order.

  • Program (create_mint.rs): Allocates a 202-byte mint account via CreateAccount, then CPIs InitializeMintCloseAuthority and InitializeMint to Token-2022 in the correct sequence; instruction-data serialisation byte counts (34 and 67) are accurate.
  • Test (test.ts): Uses a distinct closeAuthority keypair (not the payer) and explicitly asserts all TLV fields — type, length (32), and the stored pubkey — giving meaningful coverage of the extension layout.

Confidence Score: 5/5

Safe to merge — new self-contained example with no changes to shared infrastructure.

The CPI ordering (extension before mint), account mutability flags, instruction-data byte layouts (34 and 67 bytes), and MINT_SIZE (202) are all correct. The test uses a distinct close-authority keypair and fully validates all three TLV fields. No shared code is modified beyond adding the new workspace member and updating the README.

No files require special attention.

Important Files Changed

Filename Overview
tokens/token-2022/mint-close-authority/pinocchio/program/src/instructions/create_mint.rs Core instruction handler; CPI ordering, account mutability flags, and instruction-data byte layouts are all correct.
tokens/token-2022/mint-close-authority/pinocchio/program/src/instructions/mod.rs Defines TOKEN_2022_PROGRAM_ID constant, MINT_SIZE (202 = 165+1+36), and CreateTokenArgs; all values are correct.
tokens/token-2022/mint-close-authority/pinocchio/tests/test.ts Bankrun test with a distinct close-authority keypair; asserts TLV type, length (32), and stored pubkey — comprehensive extension coverage.
tokens/token-2022/mint-close-authority/pinocchio/program/src/processor.rs Single-instruction dispatcher; no discriminator needed since only one instruction exists.
tokens/token-2022/mint-close-authority/pinocchio/program/Cargo.toml Standard pinocchio crate manifest; dependencies (pinocchio, pinocchio-log, pinocchio-system) are appropriate for manual Token-2022 CPI.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant Client
    participant OurProgram as token-2022-mint-close-authority pinocchio program
    participant SystemProg as System Program
    participant Token2022 as Token-2022 Program

    Client->>OurProgram: create_mint(decimals, accounts[0..6])
    OurProgram->>SystemProg: "CreateAccount(mint, space=202, owner=Token2022)"
    SystemProg-->>OurProgram: OK
    OurProgram->>Token2022: "InitializeMintCloseAuthority(variant=25, COption::Some(close_authority))"
    Token2022-->>OurProgram: OK — extension TLV written
    OurProgram->>Token2022: "InitializeMint(variant=0, decimals, mint_authority, freeze_authority)"
    Token2022-->>OurProgram: OK — base mint fields written
    OurProgram-->>Client: OK
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant Client
    participant OurProgram as token-2022-mint-close-authority pinocchio program
    participant SystemProg as System Program
    participant Token2022 as Token-2022 Program

    Client->>OurProgram: create_mint(decimals, accounts[0..6])
    OurProgram->>SystemProg: "CreateAccount(mint, space=202, owner=Token2022)"
    SystemProg-->>OurProgram: OK
    OurProgram->>Token2022: "InitializeMintCloseAuthority(variant=25, COption::Some(close_authority))"
    Token2022-->>OurProgram: OK — extension TLV written
    OurProgram->>Token2022: "InitializeMint(variant=0, decimals, mint_authority, freeze_authority)"
    Token2022-->>OurProgram: OK — base mint fields written
    OurProgram-->>Client: OK
Loading

Reviews (2): Last reviewed commit: "test: strengthen token-2022 mint-close-a..." | Re-trigger Greptile

Comment on lines +43 to +90
it("Creates a Token-2022 mint with a close authority", async () => {
const decimals = 9;
const mintKeypair = Keypair.generate();

const data = Buffer.from(borsh.serialize(CreateTokenArgsSchema, { token_decimals: decimals }));

const ix = new TransactionInstruction({
programId: PROGRAM_ID,
keys: [
{ pubkey: mintKeypair.publicKey, isSigner: true, isWritable: true }, // mint account
{ pubkey: payer.publicKey, isSigner: false, isWritable: false }, // mint authority
{ pubkey: payer.publicKey, isSigner: false, isWritable: false }, // close authority
{ pubkey: payer.publicKey, isSigner: true, isWritable: true }, // payer
{ pubkey: SYSVAR_RENT_PUBKEY, isSigner: false, isWritable: false }, // rent sysvar
{ pubkey: SystemProgram.programId, isSigner: false, isWritable: false }, // system program
{ pubkey: TOKEN_2022_PROGRAM_ID, isSigner: false, isWritable: false }, // Token-2022 program
],
data,
});

const tx = new Transaction();
tx.feePayer = payer.publicKey;
tx.recentBlockhash = context.lastBlockhash;
tx.add(ix);
tx.sign(payer, mintKeypair);
await client.processTransaction(tx);

const mintAccount = await client.getAccount(mintKeypair.publicKey);
if (mintAccount === null) throw new Error("Mint account not found");
const mintData = Buffer.from(mintAccount.data);

// Owned by Token-2022, and sized for exactly one extension.
assert.deepEqual(mintAccount.owner.toBytes(), TOKEN_2022_PROGRAM_ID.toBytes());
assert.equal(mintData.length, EXTENDED_MINT_SIZE);

// Base mint fields were initialized.
assert.equal(mintData[DECIMALS_OFFSET], decimals);

// The extension header marks this as a Mint carrying MintCloseAuthority.
assert.equal(mintData[ACCOUNT_TYPE_OFFSET], ACCOUNT_TYPE_MINT);
assert.equal(mintData.readUInt16LE(TLV_TYPE_OFFSET), MINT_CLOSE_AUTHORITY_EXTENSION);

// The configured close authority was stored in the extension.
const storedCloseAuthority = mintData.subarray(TLV_VALUE_OFFSET, TLV_VALUE_OFFSET + 32);
assert.deepEqual(new Uint8Array(storedCloseAuthority), payer.publicKey.toBytes());

console.log("Mint address:", mintKeypair.publicKey.toBase58());
});

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Single test case conflates three distinct roles

The test uses payer.publicKey for the mint authority, close authority, and payer simultaneously. This means the test cannot verify that the close authority stored in the TLV is correctly sourced from account index 2 (close authority) rather than index 1 (mint authority) or the payer — all three are identical addresses. A bug that swapped accounts 1 and 2 would go undetected. Using a distinct keypair for at least the close authority would make the assertion at line 87 meaningful.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch — fixed in 1b2f802. The test now generates a distinct closeAuthority keypair for account index 2, so the stored-authority assertion genuinely verifies the close authority is sourced from index 2 rather than the mint authority/payer (which remain payer).

Comment on lines +28 to +31
const TLV_TYPE_OFFSET = 166; // u16 LE, 3 == MintCloseAuthority
const TLV_VALUE_OFFSET = 170; // 32-byte close authority pubkey
const DECIMALS_OFFSET = 44; // in the base mint layout
const MINT_CLOSE_AUTHORITY_EXTENSION = 3;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 TLV length field is asserted indirectly, not explicitly

The test validates TLV_TYPE_OFFSET (type = 3) and TLV_VALUE_OFFSET (close authority bytes), but never reads the 2-byte TLV length at offset 168 (TLV_TYPE_OFFSET + 2). Adding assert.equal(mintData.readUInt16LE(168), 32) would fully exercise the on-chain TLV header and catch any future change where Token-2022 alters the MintCloseAuthority value size.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed — added assert.equal(mintData.readUInt16LE(168), 32) (TLV_LENGTH_OFFSET) in 1b2f802 so the 2-byte TLV length header is exercised explicitly.

Comment on lines +37 to +41
let [mint_account, mint_authority, close_authority, payer, rent_sysvar, _system_program, _token_program] =
accounts
else {
return Err(ProgramError::NotEnoughAccountKeys);
};

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Token-2022 program ID is never validated

_token_program (account index 6) is accepted and silently forwarded to all three CPIs as the callee program, but its address is never compared against TOKEN_2022_PROGRAM_ID. A caller that passes a spoofed program at index 6 would cause the CPIs to target an arbitrary program. For an educational example this is a known trade-off, but adding even a one-line equality check would demonstrate the secure pattern to learners.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The premise here isn't quite accurate: _token_program (index 6) is not forwarded to the CPIs as the callee. Each InstructionView sets program_id: &TOKEN_2022_PROGRAM_ID — the hard-coded constant — and the account isn't even passed in the invoke infos slices (&[mint_account] / &[mint_account, rent_sysvar]). So a spoofed account at index 6 has no effect; the CPIs always target the real Token-2022 program by construction. Index 6 is present only to mirror the native example's account layout. No equality check is needed here since dispatch is already pinned to the constant.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're completely right — I was wrong. Both InstructionView structs hardcode program_id: &TOKEN_2022_PROGRAM_ID, and _token_program doesn't appear in either invoke accounts slice. A spoofed account at index 6 is entirely inert. Apologies for the noise.

Tip: You can customize Greptile's behavior for this repo with .greptile/rules.md and .greptile/config.json.

Use a distinct close-authority keypair so the stored-authority check
verifies sourcing from account index 2, and assert the TLV length field
(32) explicitly.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant