Merge branch 'dev' into token-2022-support

# Conflicts:
#	programs/tokenized_vault/src/utils/strategy.rs
#	tests/integration/vault.ts

.github/workflows/tests-local.yml

@@ -8,8 +8,8 @@ on:
   workflow_dispatch:
 
 env:
-  RUST_TOOLCHAIN: 1.75.0
-  SOLANA_CLI_VERSION: 1.18.11
+  RUST_TOOLCHAIN: 1.82.0
+  SOLANA_CLI_VERSION: 2.1.1
   ANCHOR_CLI_VERSION: 0.30.1
 
 jobs:
@@ -58,7 +58,7 @@ jobs:
       # 4. Install Solana CLI
       - name: Install Solana
         run: |
-          sh -c "$(curl -sSfL https://release.solana.com/v${{ env.SOLANA_CLI_VERSION }}/install)"
+          sh -c "$(curl -sSfL https://release.anza.xyz/v${{ env.SOLANA_CLI_VERSION }}/install)"
           echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
       - name: Verify Solana Installation
         run: solana --version
@@ -99,7 +99,17 @@ jobs:
       - name: Install Node.js dependencies
         run: yarn install
 
-      # 9. Run Anchor Tests (skip build step since we built earlier)
+      # 9. Run anchor keys sync 1
+      - name: Run Anchor Keys Sync 1
+        run: anchor keys sync
+        timeout-minutes: 1
+
+      # 10. Run anchor keys sync 2
+      - name: Run Anchor Keys Sync 2
+        run: anchor keys sync
+        timeout-minutes: 1
+
+      # 11. Run Anchor Tests (skip build step since we built earlier)
       - name: Run Anchor Tests
         run: anchor test
         timeout-minutes: 15
@@ -110,4 +120,4 @@ jobs:
           QASE_TESTOPS_RUN_TITLE: CI Automation Tests Run - Onchain Vault Integration Tests at branch ${{ env.BRANCH_NAME }}
           QASE_TESTOPS_RUN_COMPLETE: true
           QASE_CAPTURE_LOGS: true
-          QASE_ENVIRONMENT: local-tesnet
+          QASE_ENVIRONMENT: local-tesnet

Anchor.toml

@@ -37,7 +37,7 @@ initialize = "yarn run initialize"
 process_report = "yarn run process_report"
 set_roles = "yarn run set_roles"
 shutdown_vault = "yarn run shutdown_vault"
-test = "yarn run ts-mocha -r dotenv/config -p ./tsconfig.json -t 2000000 --require './tests/integration/setups/globalSetup.ts' --recursive --reporter mocha-qase-reporter 'tests/integration/**/*.test.ts'"
+test = "yarn run ts-mocha -r dotenv/config -p ./tsconfig.json -t 2000000 --require './tests/integration/setups/globalSetup.ts' --recursive 'tests/integration/**/*.test.ts'"
 underlying_mint = "yarn run underlying_mint"
 update_deposit_limit = "yarn run update-deposit-limit"
 whitelist = "yarn run whitelist"

package.json

@@ -27,7 +27,6 @@
     "@metaplex-foundation/mpl-token-metadata": "^3.2.1",
     "@metaplex-foundation/umi-bundle-defaults": "^0.9.2",
     "@metaplex-foundation/umi-signer-wallet-adapters": "^0.9.2",
-    "mocha-qase-reporter": "^1.0.0-beta.4",
     "prettier": "^2.6.2",
     "@solana/spl-token": "0.4.8",
     "@solana/spl-token-metadata": "^0.1.5",

programs/accountant/src/error.rs

@@ -10,7 +10,4 @@ pub enum ErrorCode {
 
     #[msg("Serialization error")]
     SerializationError,
-
-    #[msg("Invalid recipient")]
-    InvalidRecipient,
 }

programs/accountant/src/instructions/distribute.rs

@@ -18,7 +18,10 @@ pub struct Distribute<'info> {
     #[account(mut)]
     pub accountant: UncheckedAccount<'info>,
 
-    #[account(mut)]
+    #[account(
+        mut,
+        token::mint = underlying_mint,
+    )]
     pub recipient: Box<InterfaceAccount<'info, TokenAccount>>,
 
     #[account(

programs/accountant/src/instructions/init_accountant.rs

@@ -1,10 +1,6 @@
 use anchor_lang::prelude::*;
 use anchor_lang::Discriminator;
-use anchor_spl::{
-    associated_token::AssociatedToken,
-    token::Token,
-    token_interface::{Mint, TokenAccount},
-};
+
 use access_control::{
     constants::USER_ROLE_SEED,
     program::AccessControl,
@@ -29,17 +25,6 @@ pub struct InitAccountant<'info> {
     )]
     pub accountant: UncheckedAccount<'info>,
 
-    #[account(
-        init, 
-        payer = signer, 
-        associated_token::mint = underlying_mint, 
-        associated_token::authority = accountant,
-    )]
-    pub token_account: Box<InterfaceAccount<'info, TokenAccount>>,
-
-    #[account(mut)]
-    pub underlying_mint: Box<InterfaceAccount<'info, Mint>>,
-
     #[account(mut, seeds = [CONFIG_SEED.as_bytes()], bump)]
     pub config: Account<'info, Config>,
 
@@ -59,8 +44,6 @@ pub struct InitAccountant<'info> {
 
 
     pub access_control: Program<'info, AccessControl>,
-    pub token_program: Program<'info, Token>,
-    pub associated_token_program: Program<'info, AssociatedToken>,
     pub system_program: Program<'info, System>,
     pub rent: Sysvar<'info, Rent>,
 }

programs/accountant/src/instructions/init_token_account.rs

@@ -0,0 +1,59 @@
+use anchor_lang::prelude::*;
+use anchor_spl::{
+    associated_token::AssociatedToken,
+    token::Token,
+    token_interface::{Mint, TokenAccount},
+};
+use access_control::{
+    constants::USER_ROLE_SEED,
+    program::AccessControl,
+    state::{Role, UserRole}
+};
+
+use crate::state::*;
+use crate::constants::CONFIG_SEED;
+
+#[derive(Accounts)]
+pub struct InitTokenAccount<'info> {
+    #[account(
+        init_if_needed, 
+        payer = signer, 
+        associated_token::mint = underlying_mint, 
+        associated_token::authority = accountant,
+    )]
+    pub token_account: Box<InterfaceAccount<'info, TokenAccount>>,
+
+    #[account(mut)]
+    pub underlying_mint: Box<InterfaceAccount<'info, Mint>>,
+
+    /// CHECK: We want to hadle all accountant types here
+    #[account(mut)]
+    pub accountant: UncheckedAccount<'info>,
+
+    #[account(mut, seeds = [CONFIG_SEED.as_bytes()], bump)]
+    pub config: Account<'info, Config>,
+
+    #[account(
+        seeds = [
+            USER_ROLE_SEED.as_bytes(), 
+            signer.key().as_ref(),
+            Role::AccountantAdmin.to_seed().as_ref()
+        ], 
+        bump,
+        seeds::program = access_control.key()
+    )]
+    pub roles: Account<'info, UserRole>,
+
+    #[account(mut, constraint = roles.check_role()?)]
+    pub signer: Signer<'info>,
+
+    pub access_control: Program<'info, AccessControl>,
+    pub token_program: Program<'info, Token>,
+    pub associated_token_program: Program<'info, AssociatedToken>,
+    pub system_program: Program<'info, System>,
+    pub rent: Sysvar<'info, Rent>,
+}
+
+pub fn handle_init_token_account(_ctx: Context<InitTokenAccount>) -> Result<()> {
+    Ok(())
+}

programs/accountant/src/instructions/mod.rs

@@ -1,11 +1,11 @@
 pub mod distribute;
 pub mod init_accountant;
+pub mod init_token_account;
 pub mod initialize;
 pub mod set_fee;
-pub mod set_fee_recipient;
 
 pub use distribute::*;
 pub use init_accountant::*;
+pub use init_token_account::*;
 pub use initialize::*;
-pub use set_fee::*;
-pub use set_fee_recipient::*;
+pub use set_fee::*;

programs/accountant/src/lib.rs

@@ -37,15 +37,15 @@ pub mod accountant {
         handle_init_accountant(ctx, accountant_type)
     }
 
+    pub fn init_token_account(ctx: Context<InitTokenAccount>) -> Result<()> {
+        handle_init_token_account(ctx)
+    }
+
     pub fn distribute(ctx: Context<Distribute>) -> Result<()> {
         handle_distribute(ctx)
     }
 
     pub fn set_fee(ctx: Context<SetFee>, fee: u64) -> Result<()> {
         handle_set_fee(ctx, fee)
     }
-
-    pub fn set_fee_recipient(ctx: Context<SetFeeRecipient>, recipient: Pubkey) -> Result<()> {
-        handle_set_fee_recipient(ctx, recipient)
-    }
 }

programs/accountant/src/state/generic_accountant.rs

@@ -39,10 +39,6 @@ impl Accountant for GenericAccountant {
     fn distribute(&mut self, accounts: &Distribute) -> Result<()> {
         let total = accounts.token_account.amount;
 
-        if accounts.recipient.key() != self.fee_recipient {
-           return Err(ErrorCode::InvalidRecipient.into());
-        }
-
         token::transfer(
             CpiContext::new_with_signer(
                 accounts.token_program.to_account_info(),

programs/strategy/src/instructions/init_strategy.rs

@@ -39,7 +39,7 @@ pub struct InitStrategy<'info> {
     )]
     pub token_account: Box<InterfaceAccount<'info, TokenAccount>>,
 
-    #[account(seeds = [CONFIG_SEED.as_bytes()], bump)]
+    #[account(mut, seeds = [CONFIG_SEED.as_bytes()], bump)]
     pub config: Account<'info, Config>,
 
     /// CHECK: This should be a vault account

programs/tokenized_vault/src/errors.rs

@@ -61,4 +61,7 @@ pub enum ErrorCode {
 
     #[msg("All strategy data pda must be closed before vault closure")]
     VaultHasStrategies,
+
+    #[msg("Direct deposit is disabled")]
+    DirectDepositDisabled,
 }

programs/tokenized_vault/src/instructions/deposit.rs

@@ -1,7 +1,7 @@
 use access_control::{
     constants::USER_ROLE_SEED,
     program::AccessControl,
-    state::{Role, UserRole},
+    state::Role,
 };
 use anchor_lang::prelude::*;
 use anchor_spl::{
@@ -15,6 +15,7 @@ use crate::errors::ErrorCode;
 use crate::events::VaultDepositEvent;
 use crate::state::Vault;
 use crate::utils::token;
+use crate::utils::access_control::RolesAccInfo;
 
 #[derive(Accounts)]
 pub struct Deposit<'info> {
@@ -36,6 +37,18 @@ pub struct Deposit<'info> {
     #[account(mut)]
     pub user_shares_account: InterfaceAccount<'info, TokenAccount>,
 
+    /// CHECK: this account may not exist
+    #[account(
+        seeds = [
+            USER_ROLE_SEED.as_bytes(), 
+            user.key().as_ref(),
+            Role::KYCVerified.to_seed().as_ref()
+        ], 
+        bump,
+        seeds::program = access_control.key()
+    )]
+    pub kyc_verified: UncheckedAccount<'info>,
+
     #[account(mut)]
     pub user: Signer<'info>,
 
@@ -107,35 +120,8 @@ fn validate_deposit(ctx: &Context<Deposit>, amount: u64) -> Result<()> {
         return Err(ErrorCode::ExceedDepositLimit.into());
     }
 
-    if vault.kyc_verified_only {
-        let expected_roles_key = Pubkey::find_program_address(
-            &[
-                USER_ROLE_SEED.as_bytes(),
-                ctx.accounts.user.key().as_ref(),
-                Role::KYCVerified.to_seed().as_ref(),
-            ],
-            ctx.accounts.access_control.key,
-        )
-        .0;
-
-        let roles_acc_info: Option<&AccountInfo> = ctx
-            .remaining_accounts
-            .iter()
-            .find(|account| account.key.eq(&expected_roles_key));
-        if roles_acc_info.is_none() {
-            return Err(ErrorCode::KYCRequired.into());
-        }
-
-        let roles_data = roles_acc_info.unwrap().try_borrow_data()?;
-        if roles_data.len() < UserRole::INIT_SPACE + 8 {
-            return Err(ErrorCode::InvalidAccountType.into());
-        }
-        let roles = UserRole::try_from_slice(&roles_data[8..])
-            .map_err(|_| ErrorCode::InvalidAccountType)?;
-
-        if !roles.has_role {
-            return Err(ErrorCode::KYCRequired.into());
-        }
+    if vault.kyc_verified_only && !ctx.accounts.kyc_verified.has_role() {
+        return Err(ErrorCode::KYCRequired.into());
     }
 
     Ok(())