Skip to content

add pinocchio token-2022 mint-close-authority example#624

Open
MarkFeder wants to merge 2 commits into
solana-foundation:mainfrom
MarkFeder:tokens-token-2022-mint-close-authority-pinocchio
Open

add pinocchio token-2022 mint-close-authority example#624
MarkFeder wants to merge 2 commits into
solana-foundation:mainfrom
MarkFeder:tokens-token-2022-mint-close-authority-pinocchio

Conversation

@MarkFeder

Copy link
Copy Markdown
Contributor

Adds a Pinocchio port of the tokens/token-2022/mint-close-authority example, alongside the existing anchor and native versions.

What it does

A single instruction creates an SPL Token-2022 mint carrying the MintCloseAuthority extension, so a designated authority can later close the mint and reclaim its rent.

Notes

Token-2022 has no Pinocchio wrapper crate (pinocchio-token targets the legacy SPL Token program), so the Token-2022 instructions are built by hand and CPI'd:

  1. CreateAccount for the mint, sized to 202 bytes (base Account length 165 + account-type byte + one MintCloseAuthority TLV entry) and owned by the Token-2022 program.
  2. InitializeMintCloseAuthority (variant 25) — must run before the mint is initialized.
  3. InitializeMint (variant 0).

The bankrun test asserts the resulting mint is owned by Token-2022, is exactly 202 bytes, has the correct decimals, and that the extension header (account type Mint, TLV type MintCloseAuthority) and stored close authority were written correctly.

@greptile-apps

greptile-apps Bot commented Jul 1, 2026

Copy link
Copy Markdown

Greptile Summary

This PR adds a Pinocchio port of the tokens/token-2022/mint-close-authority example alongside the existing Anchor and native variants. Because no Pinocchio wrapper crate exists for Token-2022, the three CPIs (CreateAccount, InitializeMintCloseAuthority, InitializeMint) are constructed by hand.

  • The binary instruction layouts for both Token-2022 instruction variants (discriminant 25 and 0) are serialized correctly: COption<Pubkey> is encoded as a 1-byte tag + 32-byte key, capacities match the exact byte counts, and the mandatory extension-before-mint ordering is respected.
  • The hardcoded MINT_SIZE = 202 matches ExtensionType::try_calculate_account_len::<Mint>(&[MintCloseAuthority]) (165 padded base + 1 account-type byte + 2 TLV type + 2 TLV length + 32 pubkey), and the bankrun test validates size, account type, TLV header, TLV length, and the stored close authority against a distinct keypair.

Confidence Score: 5/5

Safe to merge. The hand-rolled Token-2022 CPI byte layouts are correct, the extension-before-mint ordering is respected, and the bankrun test exercises the key extension fields with a distinct close authority keypair.

The three CPIs (CreateAccount, InitializeMintCloseAuthority, InitializeMint) are serialized with the right discriminants, byte-for-byte correct COption encoding, and correctly sized account slices. MINT_SIZE=202 matches the Token-2022 TLV layout. The only feedback is a minor test coverage suggestion; nothing in the changed code path is wrong.

No files require special attention.

Important Files Changed

Filename Overview
tokens/token-2022/mint-close-authority/pinocchio/program/src/instructions/create_mint.rs Core instruction handler: three CPIs built by hand (CreateAccount, InitializeMintCloseAuthority, InitializeMint) with correct account slices, byte layouts, and ordering.
tokens/token-2022/mint-close-authority/pinocchio/program/src/instructions/mod.rs Exports constants (TOKEN_2022_PROGRAM_ID, MINT_SIZE=202) and CreateTokenArgs parser; MINT_SIZE calculation matches Token-2022's TLV layout.
tokens/token-2022/mint-close-authority/pinocchio/program/src/lib.rs Standard no_std entrypoint wiring; correct use of pinocchio's entrypoint! and nostd_panic_handler!.
tokens/token-2022/mint-close-authority/pinocchio/program/src/processor.rs Single-instruction dispatcher with no discriminator byte, matching the native example's wire format.
tokens/token-2022/mint-close-authority/pinocchio/tests/test.ts Bankrun test covers size, account type, TLV type/length/value, decimals, and close authority using a distinct keypair; mint authority not explicitly re-verified from the base mint bytes.
tokens/token-2022/mint-close-authority/pinocchio/program/Cargo.toml Minimal dependency set (pinocchio, pinocchio-log, pinocchio-system) with workspace version pinning; no Token-2022 crate needed since instructions are hand-built.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant Client
    participant OurProgram as Our Pinocchio Program
    participant SystemProgram as System Program
    participant Token2022 as Token-2022 Program

    Client->>OurProgram: "create_mint(decimals=9)"

    OurProgram->>SystemProgram: "CreateAccount(mint, size=202, owner=Token2022)"
    SystemProgram-->>OurProgram: OK

    OurProgram->>Token2022: InitializeMintCloseAuthority (variant 25)
    Token2022-->>OurProgram: OK

    OurProgram->>Token2022: InitializeMint (variant 0)
    Token2022-->>OurProgram: OK

    OurProgram-->>Client: OK
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant Client
    participant OurProgram as Our Pinocchio Program
    participant SystemProgram as System Program
    participant Token2022 as Token-2022 Program

    Client->>OurProgram: "create_mint(decimals=9)"

    OurProgram->>SystemProgram: "CreateAccount(mint, size=202, owner=Token2022)"
    SystemProgram-->>OurProgram: OK

    OurProgram->>Token2022: InitializeMintCloseAuthority (variant 25)
    Token2022-->>OurProgram: OK

    OurProgram->>Token2022: InitializeMint (variant 0)
    Token2022-->>OurProgram: OK

    OurProgram-->>Client: OK
Loading

Reviews (4): Last reviewed commit: "test: strengthen token-2022 mint-close-a..." | Re-trigger Greptile

Comment on lines +43 to +90
it("Creates a Token-2022 mint with a close authority", async () => {
const decimals = 9;
const mintKeypair = Keypair.generate();

const data = Buffer.from(borsh.serialize(CreateTokenArgsSchema, { token_decimals: decimals }));

const ix = new TransactionInstruction({
programId: PROGRAM_ID,
keys: [
{ pubkey: mintKeypair.publicKey, isSigner: true, isWritable: true }, // mint account
{ pubkey: payer.publicKey, isSigner: false, isWritable: false }, // mint authority
{ pubkey: payer.publicKey, isSigner: false, isWritable: false }, // close authority
{ pubkey: payer.publicKey, isSigner: true, isWritable: true }, // payer
{ pubkey: SYSVAR_RENT_PUBKEY, isSigner: false, isWritable: false }, // rent sysvar
{ pubkey: SystemProgram.programId, isSigner: false, isWritable: false }, // system program
{ pubkey: TOKEN_2022_PROGRAM_ID, isSigner: false, isWritable: false }, // Token-2022 program
],
data,
});

const tx = new Transaction();
tx.feePayer = payer.publicKey;
tx.recentBlockhash = context.lastBlockhash;
tx.add(ix);
tx.sign(payer, mintKeypair);
await client.processTransaction(tx);

const mintAccount = await client.getAccount(mintKeypair.publicKey);
if (mintAccount === null) throw new Error("Mint account not found");
const mintData = Buffer.from(mintAccount.data);

// Owned by Token-2022, and sized for exactly one extension.
assert.deepEqual(mintAccount.owner.toBytes(), TOKEN_2022_PROGRAM_ID.toBytes());
assert.equal(mintData.length, EXTENDED_MINT_SIZE);

// Base mint fields were initialized.
assert.equal(mintData[DECIMALS_OFFSET], decimals);

// The extension header marks this as a Mint carrying MintCloseAuthority.
assert.equal(mintData[ACCOUNT_TYPE_OFFSET], ACCOUNT_TYPE_MINT);
assert.equal(mintData.readUInt16LE(TLV_TYPE_OFFSET), MINT_CLOSE_AUTHORITY_EXTENSION);

// The configured close authority was stored in the extension.
const storedCloseAuthority = mintData.subarray(TLV_VALUE_OFFSET, TLV_VALUE_OFFSET + 32);
assert.deepEqual(new Uint8Array(storedCloseAuthority), payer.publicKey.toBytes());

console.log("Mint address:", mintKeypair.publicKey.toBase58());
});

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Single test case conflates three distinct roles

The test uses payer.publicKey for the mint authority, close authority, and payer simultaneously. This means the test cannot verify that the close authority stored in the TLV is correctly sourced from account index 2 (close authority) rather than index 1 (mint authority) or the payer — all three are identical addresses. A bug that swapped accounts 1 and 2 would go undetected. Using a distinct keypair for at least the close authority would make the assertion at line 87 meaningful.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch — fixed in 1b2f802. The test now generates a distinct closeAuthority keypair for account index 2, so the stored-authority assertion genuinely verifies the close authority is sourced from index 2 rather than the mint authority/payer (which remain payer).

Comment on lines +28 to +31
const TLV_TYPE_OFFSET = 166; // u16 LE, 3 == MintCloseAuthority
const TLV_VALUE_OFFSET = 170; // 32-byte close authority pubkey
const DECIMALS_OFFSET = 44; // in the base mint layout
const MINT_CLOSE_AUTHORITY_EXTENSION = 3;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 TLV length field is asserted indirectly, not explicitly

The test validates TLV_TYPE_OFFSET (type = 3) and TLV_VALUE_OFFSET (close authority bytes), but never reads the 2-byte TLV length at offset 168 (TLV_TYPE_OFFSET + 2). Adding assert.equal(mintData.readUInt16LE(168), 32) would fully exercise the on-chain TLV header and catch any future change where Token-2022 alters the MintCloseAuthority value size.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed — added assert.equal(mintData.readUInt16LE(168), 32) (TLV_LENGTH_OFFSET) in 1b2f802 so the 2-byte TLV length header is exercised explicitly.

Comment on lines +37 to +41
let [mint_account, mint_authority, close_authority, payer, rent_sysvar, _system_program, _token_program] =
accounts
else {
return Err(ProgramError::NotEnoughAccountKeys);
};

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Token-2022 program ID is never validated

_token_program (account index 6) is accepted and silently forwarded to all three CPIs as the callee program, but its address is never compared against TOKEN_2022_PROGRAM_ID. A caller that passes a spoofed program at index 6 would cause the CPIs to target an arbitrary program. For an educational example this is a known trade-off, but adding even a one-line equality check would demonstrate the secure pattern to learners.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The premise here isn't quite accurate: _token_program (index 6) is not forwarded to the CPIs as the callee. Each InstructionView sets program_id: &TOKEN_2022_PROGRAM_ID — the hard-coded constant — and the account isn't even passed in the invoke infos slices (&[mint_account] / &[mint_account, rent_sysvar]). So a spoofed account at index 6 has no effect; the CPIs always target the real Token-2022 program by construction. Index 6 is present only to mirror the native example's account layout. No equality check is needed here since dispatch is already pinned to the constant.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're completely right — I was wrong. Both InstructionView structs hardcode program_id: &TOKEN_2022_PROGRAM_ID, and _token_program doesn't appear in either invoke accounts slice. A spoofed account at index 6 is entirely inert. Apologies for the noise.

Tip: You can customize Greptile's behavior for this repo with .greptile/rules.md and .greptile/config.json.

@MarkFeder

Copy link
Copy Markdown
Contributor Author

Hi @Perelyn-sama — thanks again for merging my previous pinocchio examples! This one adds the token-2022/mint-close-authority pinocchio port (the first Token-2022 example in the pinocchio series). All checks are green except a single red X on the ASM build-and-test-group-0 — that's the pre-existing repo-wide ASM failure, unrelated to this diff, which #625 fixes. Greptile has it at 5/5 "safe to merge." Would appreciate a review whenever you get a chance. Thanks!

@MarkFeder MarkFeder force-pushed the tokens-token-2022-mint-close-authority-pinocchio branch from 1b2f802 to 6a49f60 Compare July 8, 2026 21:13
MarkFeder and others added 2 commits July 9, 2026 09:32
Use a distinct close-authority keypair so the stored-authority check
verifies sourcing from account index 2, and assert the TLV length field
(32) explicitly.
@MarkFeder MarkFeder force-pushed the tokens-token-2022-mint-close-authority-pinocchio branch from 6a49f60 to b40292f Compare July 9, 2026 07:32
@MarkFeder

Copy link
Copy Markdown
Contributor Author

@Perelyn-sama @dev-jodee — rebased onto latest main (picks up the ASM sbpf/Solana pin from #625), CI is now fully green. Ready for review whenever you have a chance 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant