Skip to content

Claimable Tokens Program: Add SetAuthority and Close instructions #12841

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 11 commits into
base: main
Choose a base branch
from
Draft

Claimable Tokens Program: Add SetAuthority and Close instructions #12841

wants to merge 11 commits into from

Conversation

@rickyrombo
Copy link
Contributor

Adds the SetAuthority and Close instructions to the claimable tokens program.

SetAuthority is a proxy to spl_token's own set_authority. It allows the claimable tokens account to be reassigned elsewhere by setting the owner. Also allows changing the closing authority to help safeguard rent (provided the owner hasn't changed).

Note that instead of keeping a nonce account to prevent replays of these instructions, I'm using the recent blockhashes. For a bit, the instruction will be replayable. It's probably overkill actually in retrospect as setting an authority means that unsetting it now needs a signature from the existing authority.

Close is a proxy to spl_token's own close_account. It allows the rent to be reclaimed to a hardcoded address if the closeAuthority is not set and the owner is still the program PDA authority.

Risks:

  • Adding a CloseAccount proxy without any guards opens us up to the DoS-style attack warned about the other proposal, I believe
  • Launching both of these at the same time would allow users to manually reason the owner or closing authority before we had a chance to reclaim rent ourselves. We'll need to make sure a change goes out on Solana relay at the same time to prevent paying for opening these accounts unless we also set the close authority.

Tested using the CLI on a local solana-test-validator:

  • Created a claimable token account
  • Closed it
  • Recreated it
  • Set close authority to my wallet address
  • Closing it via the program now fails
  • Set owner to my wallet address
  • Verified it shows up as an aux token on my wallet

@changeset-bot
Copy link

changeset-bot bot commented Sep 5, 2025

⚠️ No Changeset found

Latest commit: d8faad1

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@raymondjacobson raymondjacobson Awaiting requested review from raymondjacobson

@dylanjeffers dylanjeffers Awaiting requested review from dylanjeffers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

size/XL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rickyrombo