Treasury selection

.github/workflows/frontend.yml

@@ -15,7 +15,7 @@ jobs:
         ENDPOINT: http://localhost:8899
 
     env:
-      PROGRAM_ID: WabZqXyytFA2XeXswf9DdQkQuSZuRiEgKdDmq7c5Mnp
+      PROGRAM_ID: WApA1JC9eJLaULc2Ximo5TffuqCESzf47JZsuhYvfzC
 
     defaults:
       run:

backend/src/handlers/fund-transactions.ts

@@ -1,6 +1,6 @@
 import NodeWallet from '@coral-xyz/anchor/dist/cjs/nodewallet'
 import { APIGatewayProxyEvent, APIGatewayProxyResult } from 'aws-lambda'
-import { getFundingKey } from '../utils/secrets'
+import { getFundingKeys } from '../utils/secrets'
 import {
   checkTransactions,
   deserializeTransactions
@@ -12,7 +12,7 @@ import { asJsonResponse } from '../utils/response'
 
 export type FundTransactionRequest = Uint8Array[]
 
-let funderWallet: NodeWallet
+const funderWallets: Record<string, NodeWallet> = {}
 
 export const fundTransactions = async (
   event: APIGatewayProxyEvent
@@ -21,15 +21,29 @@ export const fundTransactions = async (
     const requestBody = JSON.parse(event.body!)
     validateFundTransactions(requestBody)
     const transactions = deserializeTransactions(requestBody)
-    const isTransactionsValid = await checkTransactions(transactions)
+    const isTransactionsValid = await checkTransactions(
+      transactions.map((txWithFunder) => txWithFunder.transaction)
+    )
 
     if (!isTransactionsValid) {
       return asJsonResponse(403, { error: 'Unauthorized transactions' })
     }
 
-    const wallet = await loadFunderWallet()
+    const wallets = await loadFunderWallets()
+
+    const signedTransactions: VersionedTransaction[] = []
+
+    for (const txWithFunder of transactions) {
+      const funderWallet = wallets[txWithFunder.funder]
+      if (!funderWallet) {
+        return asJsonResponse(403, { error: 'Unauthorized funder' })
+      }
+
+      signedTransactions.push(
+        await funderWallet.signTransaction(txWithFunder.transaction)
+      )
+    }
 
-    const signedTransactions = await wallet.signAllTransactions(transactions)
     logSignatures(signedTransactions)
     return asJsonResponse(
       200,
@@ -56,19 +70,29 @@ function validateFundTransactions(transactions: unknown) {
   }
 }
 
-async function loadFunderWallet(): Promise<NodeWallet> {
-  if (funderWallet) {
-    return funderWallet
+async function loadFunderWallets(): Promise<Record<string, NodeWallet>> {
+  if (Object.keys(funderWallets).length > 0) {
+    return funderWallets
   }
 
-  const secretData = await getFundingKey()
-  const funderWalletKey = secretData.key
+  const secretData = await getFundingKeys()
+  const funderWalletKeys = Object.values(secretData)
+
+  const keypairs = funderWalletKeys.map((key) => {
+    const parsedKey = key
+      .toString()
+      .replace('[', '')
+      .replace(']', '')
+      .split(',')
+      .map((l) => parseInt(l))
+    return Keypair.fromSecretKey(Uint8Array.from(parsedKey))
+  })
 
-  const keypair = Keypair.fromSecretKey(Uint8Array.from(funderWalletKey))
+  keypairs.forEach((keypair) => {
+    funderWallets[keypair.publicKey.toBase58()] = new NodeWallet(keypair)
+  })
 
-  funderWallet = new NodeWallet(keypair)
-  console.log('Loaded funder wallet')
-  return funderWallet
+  return funderWallets
 }
 
 function getSignature(tx: VersionedTransaction): string {

backend/src/utils/fund-transactions.ts

@@ -15,12 +15,29 @@ const SET_COMPUTE_UNIT_PRICE_DISCRIMINANT = 3
 
 const MAX_COMPUTE_UNIT_PRICE = BigInt(1_000_000)
 
+export type TransactionWithFunder = {
+  transaction: VersionedTransaction
+  funder: string
+}
+
+export type SerializedTransactionWithFunder = {
+  tx: Uint8Array
+  funder: string
+}
+
 export function deserializeTransactions(
   transactions: unknown
-): VersionedTransaction[] {
+): TransactionWithFunder[] {
   try {
-    return (transactions as Uint8Array[]).map((serializedTx) =>
-      VersionedTransaction.deserialize(Buffer.from(serializedTx))
+    return (transactions as SerializedTransactionWithFunder[]).map(
+      (serializedTx) => {
+        return {
+          transaction: VersionedTransaction.deserialize(
+            Buffer.from(serializedTx.tx)
+          ),
+          funder: serializedTx.funder
+        }
+      }
     )
   } catch (err) {
     console.error('Failed to deserialize transactions', err)

backend/src/utils/secrets.ts

@@ -18,15 +18,23 @@ export async function getDispenserKey() {
   return { key: JSON.parse(key) }
 }
 
-export async function getFundingKey(): Promise<{ key: Uint8Array }> {
-  let key: string
+export async function getFundingKeys(): Promise<Record<string, Uint8Array>> {
+  let keys: Record<string, Uint8Array> = {}
   if (config.keys.funding.key) {
     console.log('Using funding key from config')
-    key = config.keys.funding.key
+    // TODO: Is this ok??
+    const privKey = Uint8Array.from(
+      config.keys.funding.key.split('').map((l) => l.charCodeAt(0))
+    )
+    keys = {
+      key: privKey
+    }
+
+    return keys
   }
 
-  key = await getSecretKey(config.keys.funding.secretName, 'key')
-  return { key: JSON.parse(key) }
+  keys = await getSecret(config.keys.funding.secretName)
+  return keys
 }
 
 export async function getSecretKey(secretName: string, keyName: string) {

backend/test/handlers/fund-transactions.test.ts

@@ -229,7 +229,7 @@ const givenDownstreamServicesWork = () => {
   server.use(
     http.all('https://secretsmanager.us-east-2.amazonaws.com', () => {
       return HttpResponse.json({
-        SecretString: JSON.stringify({ key: `[${[...FUNDER_KEY.secretKey]}]` })
+        SecretString: JSON.stringify({ keys: `[${[...FUNDER_KEY.secretKey]}]` })
       })
     })
   )
@@ -238,7 +238,14 @@ const givenDownstreamServicesWork = () => {
 
 const whenFundTransactionsCalled = async () => {
   response = await fundTransactions({
-    body: JSON.stringify(input.map((tx) => Buffer.from(tx.serialize())))
+    body: JSON.stringify(
+      input.map((tx) => {
+        return {
+          tx: Buffer.from(tx.serialize()),
+          funder: FUNDER_KEY.publicKey
+        }
+      })
+    )
   } as unknown as APIGatewayProxyEvent)
 }
 

frontend/.env.sample

@@ -31,7 +31,7 @@ FUNDER_KEYPAIR=[145,197,43,77,224,103,196,174,132,195,48,31,177,97,237,163,15,19
 DEPLOYER_WALLET=[145,197,43,77,224,103,196,174,132,195,48,31,177,97,237,163,15,196,217,142,181,204,104,107,98,82,213,0,155,140,218,180,30,119,201,38,51,176,207,221,193,222,235,244,163,250,125,66,68,196,45,208,212,201,232,178,100,163,24,21,106,83,66,174]
 
 
-PROGRAM_ID=WabZqXyytFA2XeXswf9DdQkQuSZuRiEgKdDmq7c5Mnp
+PROGRAM_ID=WApA1JC9eJLaULc2Ximo5TffuqCESzf47JZsuhYvfzC
 CSV_DIR=/tmp
 
 # Datadog Event Subscriber Configs

frontend/claim_sdk/idl/token_dispenser.json

@@ -21,18 +21,7 @@
         {
           "name": "mint",
           "isMut": false,
-          "isSigner": false,
-          "docs": ["Mint of the treasury"]
-        },
-        {
-          "name": "treasury",
-          "isMut": false,
-          "isSigner": false,
-          "docs": [
-            "Treasury token account. This is an externally owned token account and",
-            "the owner of this account will approve the config as a delegate using the",
-            "solana CLI command `spl-token approve <treasury_account_address> <approve_amount> <config_address>`"
-          ]
+          "isSigner": false
         },
         {
           "name": "systemProgram",
@@ -56,10 +45,6 @@
           "name": "dispenserGuard",
           "type": "publicKey"
         },
-        {
-          "name": "funder",
-          "type": "publicKey"
-        },
         {
           "name": "maxTransfer",
           "type": "u64"
@@ -164,18 +149,10 @@
             "name": "mint",
             "type": "publicKey"
           },
-          {
-            "name": "treasury",
-            "type": "publicKey"
-          },
           {
             "name": "addressLookupTable",
             "type": "publicKey"
           },
-          {
-            "name": "funder",
-            "type": "publicKey"
-          },
           {
             "name": "maxTransfer",
             "type": "u64"
@@ -584,6 +561,11 @@
     {
       "name": "ClaimEvent",
       "fields": [
+        {
+          "name": "treasury",
+          "type": "publicKey",
+          "index": false
+        },
         {
           "name": "remainingBalance",
           "type": "u64",

frontend/claim_sdk/idl/token_dispenser.ts

@@ -22,17 +22,6 @@ export type TokenDispenser = {
           name: 'mint'
           isMut: false
           isSigner: false
-          docs: ['Mint of the treasury']
-        },
-        {
-          name: 'treasury'
-          isMut: false
-          isSigner: false
-          docs: [
-            'Treasury token account. This is an externally owned token account and',
-            'the owner of this account will approve the config as a delegate using the',
-            'solana CLI command `spl-token approve <treasury_account_address> <approve_amount> <config_address>`'
-          ]
         },
         {
           name: 'systemProgram'
@@ -56,10 +45,6 @@ export type TokenDispenser = {
           name: 'dispenserGuard'
           type: 'publicKey'
         },
-        {
-          name: 'funder'
-          type: 'publicKey'
-        },
         {
           name: 'maxTransfer'
           type: 'u64'
@@ -164,18 +149,10 @@ export type TokenDispenser = {
             name: 'mint'
             type: 'publicKey'
           },
-          {
-            name: 'treasury'
-            type: 'publicKey'
-          },
           {
             name: 'addressLookupTable'
             type: 'publicKey'
           },
-          {
-            name: 'funder'
-            type: 'publicKey'
-          },
           {
             name: 'maxTransfer'
             type: 'u64'
@@ -584,6 +561,11 @@ export type TokenDispenser = {
     {
       name: 'ClaimEvent'
       fields: [
+        {
+          name: 'treasury'
+          type: 'publicKey'
+          index: false
+        },
         {
           name: 'remainingBalance'
           type: 'u64'
@@ -675,17 +657,6 @@ export const IDL: TokenDispenser = {
           name: 'mint',
           isMut: false,
           isSigner: false,
-          docs: ['Mint of the treasury'],
-        },
-        {
-          name: 'treasury',
-          isMut: false,
-          isSigner: false,
-          docs: [
-            'Treasury token account. This is an externally owned token account and',
-            'the owner of this account will approve the config as a delegate using the',
-            'solana CLI command `spl-token approve <treasury_account_address> <approve_amount> <config_address>`',
-          ],
         },
         {
           name: 'systemProgram',
@@ -709,10 +680,6 @@ export const IDL: TokenDispenser = {
           name: 'dispenserGuard',
           type: 'publicKey',
         },
-        {
-          name: 'funder',
-          type: 'publicKey',
-        },
         {
           name: 'maxTransfer',
           type: 'u64',
@@ -817,18 +784,10 @@ export const IDL: TokenDispenser = {
             name: 'mint',
             type: 'publicKey',
           },
-          {
-            name: 'treasury',
-            type: 'publicKey',
-          },
           {
             name: 'addressLookupTable',
             type: 'publicKey',
           },
-          {
-            name: 'funder',
-            type: 'publicKey',
-          },
           {
             name: 'maxTransfer',
             type: 'u64',
@@ -1237,6 +1196,11 @@ export const IDL: TokenDispenser = {
     {
       name: 'ClaimEvent',
       fields: [
+        {
+          name: 'treasury',
+          type: 'publicKey',
+          index: false,
+        },
         {
           name: 'remainingBalance',
           type: 'u64',