Governance: TokenOwnerRecord locks (#6215)

* feat: Add TokenOwnerRecordLocks to TokenOwnerRecord

* chore: Make fmt happy

* wip: Stub SetTokenOwnerRecordLock and RemoveTokenOwnerRecordLock

* wip: Store TOR locks

* chore: fmt

* wip: Trim existing locks

* chore: Make Clippy happy

* feat: Reject expired locks

* wip: Read RealmConfig and assert TOR belong to the same Realm

* feat: Remove TOR lock

* feat: Assert tokens can't be withdrawn when active TOR locks

* feat: Check configured lock authorities

* fix: Fix get_max_size to include lock_authorities

* feat: Implement SetRealmConfigItem

* chore: Make Clippy happy

* chore: Update comments

* chore: SetRealmConfigItem tests

* chore: test_set_realm_config_item_without_realm_config

* chore: remove unused var

* chore: test_set_realm_config_item_with_extended_account_size

* fix: Accept None as non expiring lock

* chore: SetTokenOwnerRecord tests

* chore: SetTokenOwnerLock tests

* chore: test_set_token_owner_record_lock_for_v1_account

* chore: RemoveTokenOwnerRecordLock tests

* chore: test_withdraw_governing_tokens_with_token_owner_record_lock_error

* chore: Refactor TOR  resize_and_serialize

* chore: Make Clippy happy

* chore: Refactor RealmConfigAccount serialisation with resizing

* chore: Refactor trim_locks

* chore: test_set_realm_config_without_existing_realm_config

* chore: Make fmt happy

* wip: Roundtrip lock authorities on SetRealmConfig

* chore: test_set_realm_config_with_token_owner_record_lock_authorities

* chore: Update comment

Co-authored-by: Jon C <[email protected]>

* chore: Rename lock_type to lock_id

* fix: Do not trim non expiring locks set as expiry=None

* chore: Update comments

* chore: Fix test_add_token_owner_record_lock_authority_with_authority_already_exists_error

* chore: Split trim_locks into remove_lock and remove_expired_locks

* chore: Rename RemoveTokenOwnerLocks to Relinquish and make ids optional

* chore: Clippy

* fix: Remove lock only if type specified

* chore: comments and cleanup

Improve test_add_token_owner_record_lock_authority_with_authority_already_exist readability

* feat: Throw error when removing TOR lock authority and it doesn't  exist

* feat: Support relinquishing multiple locks and for revoked authority without signature

* chore: Clippy

* chore: Fix merge issues

* chore: Fix build warnings

---------

Co-authored-by: Jon C <[email protected]>

Author: SebastianBor

governance/program/src/error.rs

@@ -507,19 +507,47 @@ pub enum GovernanceError {
 
     /// Invalid Governance for RequiredSignatory
     #[error("Invalid Governance for RequiredSignatory")]
-    InvalidGovernanceForRequiredSignatory,
+    InvalidGovernanceForRequiredSignatory, // 621
 
     /// SignatoryRecord already exists
     #[error("Signatory Record has already been created")]
-    SignatoryRecordAlreadyExists,
+    SignatoryRecordAlreadyExists, // 622
 
     /// Instruction has been removed
     #[error("Instruction has been removed")]
-    InstructionDeprecated,
+    InstructionDeprecated, // 623
 
     /// Proposal is missing signatories required by its governance
     #[error("Proposal is missing required signatories")]
-    MissingRequiredSignatories,
+    MissingRequiredSignatories, // 624
+
+    /// TokenOwnerRecordLock authority must sign
+    #[error("TokenOwnerRecordLock authority must sign")]
+    TokenOwnerRecordLockAuthorityMustSign, // 625
+
+    /// TokenOwnerRecordLock is expired
+    #[error("TokenOwnerRecordLock is expired ")]
+    ExpiredTokenOwnerRecordLock, // 626
+
+    /// TokenOwnerRecord locked
+    #[error("TokenOwnerRecord locked")]
+    TokenOwnerRecordLocked, // 627
+
+    /// Invalid TokenOwnerRecordLockAuthority
+    #[error("Invalid TokenOwnerRecordLockAuthority")]
+    InvalidTokenOwnerRecordLockAuthority, // 628
+
+    /// TokenOwnerRecordLock authority already exists
+    #[error("TokenOwnerRecordLock authority already exists")]
+    TokenOwnerRecordLockAuthorityAlreadyExists, // 629
+
+    /// TokenOwnerRecordLock not found
+    #[error("TokenOwnerRecordLock not found")]
+    TokenOwnerRecordLockNotFound, // 630
+
+    /// TokenOwnerRecordLockAuthority not found
+    #[error("TokenOwnerRecordLockAuthority not found")]
+    TokenOwnerRecordLockAuthorityNotFound, // 631
 }
 
 impl PrintProgramError for GovernanceError {

governance/program/src/instruction.rs

@@ -16,7 +16,7 @@ use {
             realm::{
                 get_governing_token_holding_address, get_realm_address,
                 GoverningTokenConfigAccountArgs, GoverningTokenConfigArgs, RealmConfigArgs,
-                SetRealmAuthorityAction,
+                SetRealmAuthorityAction, SetRealmConfigItemArgs,
             },
             realm_config::get_realm_config_address,
             required_signatory::get_required_signatory_address,
@@ -29,6 +29,7 @@ use {
     borsh::{BorshDeserialize, BorshSchema, BorshSerialize},
     solana_program::{
         bpf_loader_upgradeable,
+        clock::UnixTimestamp,
         instruction::{AccountMeta, Instruction},
         pubkey::Pubkey,
         system_program, sysvar,
@@ -663,6 +664,61 @@ pub enum GovernanceInstruction {
     ///  2. `[writable]` Beneficiary Account which would receive lamports from
     ///     the disposed RequiredSignatory Account
     RemoveRequiredSignatory,
+
+    /// Sets TokenOwnerRecord lock for the given authority and lock id
+    ///
+    ///   0. `[]` Realm
+    ///   1. `[]` RealmConfig
+    ///   2. `[writable]` TokenOwnerRecord the lock is set for
+    ///   3. `[signer]` Lock authority issuing the lock
+    ///   4. `[signer]` Payer
+    ///   5. `[]` System
+    SetTokenOwnerRecordLock {
+        /// Custom lock id which can be used by the authority to issue
+        /// different locks
+        #[allow(dead_code)]
+        lock_id: u8,
+
+        /// The timestamp when the lock expires or None if it never expires
+        #[allow(dead_code)]
+        expiry: Option<UnixTimestamp>,
+    },
+
+    /// Removes all expired TokenOwnerRecord locks and if specified
+    /// the locks identified by the given lock ids and authority
+    ///
+    ///
+    ///   0. `[]` Realm
+    ///   1. `[]` RealmConfig
+    ///   2. `[writable]` TokenOwnerRecord the locks are removed from
+    ///   3. `[signer]` Optional lock authority which issued the locks specified
+    ///      by lock_ids. If the authority is configured in RealmConfig then it
+    ///      must sign the transaction. If the authority is no longer configured
+    ///      then the locks are removed without the authority signature
+    RelinquishTokenOwnerRecordLocks {
+        /// Custom lock ids identifying the lock to remove
+        /// If the lock_id is None then only expired locks are removed
+        #[allow(dead_code)]
+        lock_ids: Option<Vec<u8>>,
+    },
+
+    /// Sets Realm config item
+    /// Note:
+    /// This instruction is used to set a single RealmConfig item at a time
+    /// In the current version it only supports TokenOwnerRecordLockAuthority
+    /// however eventually all Realm configuration items should be set using
+    /// this instruction and SetRealmConfig instruction should be deprecated
+    ///
+    ///   0. `[writable]` Realm account
+    ///   1. `[writable]` RealmConfig account
+    ///   2. `[signer]`  Realm authority
+    ///   3. `[signer]` Payer
+    ///   4. `[]` System
+    SetRealmConfigItem {
+        #[allow(dead_code)]
+        /// Config args
+        args: SetRealmConfigItemArgs,
+    },
 }
 
 /// Creates CreateRealm instruction
@@ -1883,3 +1939,99 @@ pub fn complete_proposal(
         data: borsh::to_vec(&instruction).unwrap(),
     }
 }
+
+/// Creates SetTokenOwnerRecordLock instruction to issue TokenOwnerRecord lock
+pub fn set_token_owner_record_lock(
+    program_id: &Pubkey,
+    // Accounts
+    realm: &Pubkey,
+    token_owner_record: &Pubkey,
+    token_owner_record_lock_authority: &Pubkey,
+    payer: &Pubkey,
+    // Args
+    lock_id: u8,
+    expiry: Option<UnixTimestamp>,
+) -> Instruction {
+    let realm_config_address = get_realm_config_address(program_id, realm);
+
+    let accounts = vec![
+        AccountMeta::new_readonly(*realm, false),
+        AccountMeta::new_readonly(realm_config_address, false),
+        AccountMeta::new(*token_owner_record, false),
+        AccountMeta::new_readonly(*token_owner_record_lock_authority, true),
+        AccountMeta::new(*payer, true),
+        AccountMeta::new_readonly(system_program::id(), false),
+    ];
+
+    let instruction = GovernanceInstruction::SetTokenOwnerRecordLock { lock_id, expiry };
+
+    Instruction {
+        program_id: *program_id,
+        accounts,
+        data: borsh::to_vec(&instruction).unwrap(),
+    }
+}
+
+/// Creates RelinquishTokenOwnerRecordLocks instruction to remove
+/// TokenOwnerRecord locks
+pub fn relinquish_token_owner_record_locks(
+    program_id: &Pubkey,
+    // Accounts
+    realm: &Pubkey,
+    token_owner_record: &Pubkey,
+    token_owner_record_lock_authority: Option<Pubkey>,
+    // Args
+    lock_ids: Option<Vec<u8>>,
+) -> Instruction {
+    let realm_config_address = get_realm_config_address(program_id, realm);
+
+    let mut accounts = vec![
+        AccountMeta::new_readonly(*realm, false),
+        AccountMeta::new_readonly(realm_config_address, false),
+        AccountMeta::new(*token_owner_record, false),
+    ];
+
+    if let Some(token_owner_record_lock_authority) = token_owner_record_lock_authority {
+        accounts.push(AccountMeta::new_readonly(
+            token_owner_record_lock_authority,
+            true,
+        ));
+    }
+
+    let instruction = GovernanceInstruction::RelinquishTokenOwnerRecordLocks { lock_ids };
+
+    Instruction {
+        program_id: *program_id,
+        accounts,
+        data: borsh::to_vec(&instruction).unwrap(),
+    }
+}
+
+/// Creates SetRealmConfigItem instruction to set realm config
+pub fn set_realm_config_item(
+    program_id: &Pubkey,
+    // Accounts
+    realm: &Pubkey,
+    realm_authority: &Pubkey,
+    payer: &Pubkey,
+    // Args
+    args: SetRealmConfigItemArgs,
+) -> Instruction {
+    let realm_config_address = get_realm_config_address(program_id, realm);
+
+    let accounts = vec![
+        AccountMeta::new(*realm, false),
+        AccountMeta::new(realm_config_address, false),
+        AccountMeta::new_readonly(*realm_authority, true),
+        AccountMeta::new(*payer, true),
+        AccountMeta::new_readonly(system_program::id(), false),
+    ];
+
+    let instruction = GovernanceInstruction::SetRealmConfigItem { args };
+
+    Instruction {
+        program_id: *program_id,
+        accounts,
+        data: borsh::to_vec(&instruction).unwrap(),
+    }
+}

governance/program/src/processor/mod.rs

@@ -19,6 +19,7 @@ mod process_finalize_vote;
 mod process_flag_transaction_error;
 mod process_insert_transaction;
 mod process_refund_proposal_deposit;
+mod process_relinquish_token_owner_record_locks;
 mod process_relinquish_vote;
 mod process_remove_required_signatory;
 mod process_remove_transaction;
@@ -27,6 +28,8 @@ mod process_set_governance_config;
 mod process_set_governance_delegate;
 mod process_set_realm_authority;
 mod process_set_realm_config;
+mod process_set_realm_config_item;
+mod process_set_token_owner_record_lock;
 mod process_sign_off_proposal;
 mod process_update_program_metadata;
 mod process_withdraw_governing_tokens;
@@ -52,6 +55,7 @@ use {
     process_flag_transaction_error::*,
     process_insert_transaction::*,
     process_refund_proposal_deposit::*,
+    process_relinquish_token_owner_record_locks::*,
     process_relinquish_vote::*,
     process_remove_required_signatory::*,
     process_remove_transaction::*,
@@ -60,6 +64,8 @@ use {
     process_set_governance_delegate::*,
     process_set_realm_authority::*,
     process_set_realm_config::*,
+    process_set_realm_config_item::*,
+    process_set_token_owner_record_lock::*,
     process_sign_off_proposal::*,
     process_update_program_metadata::*,
     process_withdraw_governing_tokens::*,
@@ -243,5 +249,17 @@ pub fn process_instruction(
         GovernanceInstruction::RemoveRequiredSignatory => {
             process_remove_required_signatory(program_id, accounts)
         }
+
+        GovernanceInstruction::SetTokenOwnerRecordLock { lock_id, expiry } => {
+            process_set_token_owner_record_lock(program_id, accounts, lock_id, expiry)
+        }
+
+        GovernanceInstruction::RelinquishTokenOwnerRecordLocks { lock_ids } => {
+            process_relinquish_token_owner_record_locks(program_id, accounts, lock_ids)
+        }
+
+        GovernanceInstruction::SetRealmConfigItem { args } => {
+            process_set_realm_config_item(program_id, accounts, args)
+        }
     }
 }

governance/program/src/processor/process_create_realm.rs

@@ -95,12 +95,14 @@ pub fn process_create_realm(
     let community_token_config = resolve_governing_token_config(
         account_info_iter,
         &realm_config_args.community_token_config_args,
+        None,
     )?;
 
     // 13, 14
     let council_token_config = resolve_governing_token_config(
         account_info_iter,
         &realm_config_args.council_token_config_args,
+        None,
     )?;
 
     let realm_config_data = RealmConfigAccount {

governance/program/src/processor/process_create_token_owner_record.rs

@@ -55,7 +55,8 @@ pub fn process_create_token_owner_record(
         outstanding_proposal_count: 0,
         version: TOKEN_OWNER_RECORD_LAYOUT_VERSION,
         reserved: [0; 6],
-        reserved_v2: [0; 128],
+        reserved_v2: [0; 124],
+        locks: vec![],
     };
 
     create_and_serialize_account_signed(

governance/program/src/processor/process_deposit_governing_tokens.rs

@@ -109,7 +109,8 @@ pub fn process_deposit_governing_tokens(
             outstanding_proposal_count: 0,
             version: TOKEN_OWNER_RECORD_LAYOUT_VERSION,
             reserved: [0; 6],
-            reserved_v2: [0; 128],
+            reserved_v2: [0; 124],
+            locks: vec![],
         };
 
         create_and_serialize_account_signed(

governance/program/src/processor/process_relinquish_token_owner_record_locks.rs

@@ -0,0 +1,70 @@
+//! Program state processor
+
+use {
+    crate::{
+        error::GovernanceError,
+        state::{
+            realm::get_realm_data, realm_config::get_realm_config_data_for_realm,
+            token_owner_record::get_token_owner_record_data_for_realm,
+        },
+    },
+    solana_program::{
+        account_info::{next_account_info, AccountInfo},
+        clock::Clock,
+        entrypoint::ProgramResult,
+        pubkey::Pubkey,
+        sysvar::Sysvar,
+    },
+};
+
+/// Processes RelinquishTokenOwnerRecordLocks instruction
+pub fn process_relinquish_token_owner_record_locks(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    lock_ids: Option<Vec<u8>>,
+) -> ProgramResult {
+    let account_info_iter = &mut accounts.iter();
+
+    let realm_info = next_account_info(account_info_iter)?; // 0
+    let realm_config_info = next_account_info(account_info_iter)?; // 1
+    let token_owner_record_info = next_account_info(account_info_iter)?; // 2
+
+    let realm_data = get_realm_data(program_id, realm_info)?;
+    let realm_config_data =
+        get_realm_config_data_for_realm(program_id, realm_config_info, realm_info.key)?;
+
+    let mut token_owner_record_data = get_token_owner_record_data_for_realm(
+        program_id,
+        token_owner_record_info,
+        &realm_config_data.realm,
+    )?;
+
+    if let Some(lock_ids) = lock_ids {
+        let token_owner_record_lock_authority_info = next_account_info(account_info_iter)?; // 3
+
+        if realm_config_data
+            .get_token_config(&realm_data, &token_owner_record_data.governing_token_mint)?
+            .lock_authorities
+            .contains(token_owner_record_lock_authority_info.key)
+        {
+            // If the authority is a configured lock authority it must sign the transaction
+            if !token_owner_record_lock_authority_info.is_signer {
+                return Err(GovernanceError::TokenOwnerRecordLockAuthorityMustSign.into());
+            }
+        }
+
+        // Remove the locks
+        for lock_id in lock_ids {
+            token_owner_record_data
+                .remove_lock(lock_id, token_owner_record_lock_authority_info.key)?;
+        }
+    }
+
+    // Trim expired locks
+    let clock = Clock::get()?;
+    token_owner_record_data.remove_expired_locks(clock.unix_timestamp);
+
+    token_owner_record_data.serialize(&mut token_owner_record_info.data.borrow_mut()[..])?;
+
+    Ok(())
+}