@ignitionfi/spl-stake-pool 1.1.14 → 1.1.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/index.browser.cjs.js +5 -13
  2. package/dist/index.browser.cjs.js.map +1 -1
  3. package/dist/index.browser.esm.js +6 -14
  4. package/dist/index.browser.esm.js.map +1 -1
  5. package/dist/index.cjs.js +5 -13
  6. package/dist/index.cjs.js.map +1 -1
  7. package/dist/index.esm.js +6 -14
  8. package/dist/index.esm.js.map +1 -1
  9. package/dist/index.iife.js +5 -13
  10. package/dist/index.iife.js.map +1 -1
  11. package/dist/index.iife.min.js +1 -1
  12. package/dist/index.iife.min.js.map +1 -1
  13. package/package.json +1 -1
  14. package/src/index.ts +11 -21
  15. package/src/instructions.ts +2 -1
package/dist/index.browser.cjs.js CHANGED
@@ -1468,6 +1468,7 @@ class StakePoolInstruction {
1468
1468
  { pubkey: params.wsolTransientAccount, isSigner: false, isWritable: true },
1469
1469
  { pubkey: params.programSigner, isSigner: false, isWritable: true },
1470
1470
  { pubkey: (_a = params.payer) !== null && _a !== void 0 ? _a : params.fundingAccount, isSigner: true, isWritable: true },
1471
+ { pubkey: splToken.ASSOCIATED_TOKEN_PROGRAM_ID, isSigner: false, isWritable: false },
1471
1472
  ];
1472
1473
  if (params.depositAuthority) {
1473
1474
  keys.push({
@@ -1857,13 +1858,11 @@ async function depositWsolWithSession(connection, stakePoolAddress, signerOrSess
1857
1858
  const stakePoolAccount = await getStakePoolAccount(connection, stakePoolAddress);
1858
1859
  const stakePoolProgramId = getStakePoolProgramId(connection.rpcEndpoint);
1859
1860
  const stakePool = stakePoolAccount.account.data;
1860
- // stakePool.tokenProgramId
1861
1861
  const instructions = [];
1862
- // Create token account if not specified
1862
+ // The program handles ATA creation internally using funds from the user's deposit
1863
+ // This prevents rent drain attacks where paymaster pays for ATA and user reclaims rent
1863
1864
  if (!destinationTokenAccount) {
1864
- const associatedAddress = splToken.getAssociatedTokenAddressSync(stakePool.poolMint, userPubkey);
1865
- instructions.push(splToken.createAssociatedTokenAccountIdempotentInstruction(payer !== null && payer !== void 0 ? payer : signerOrSession, associatedAddress, userPubkey, stakePool.poolMint));
1866
- destinationTokenAccount = associatedAddress;
1865
+ destinationTokenAccount = splToken.getAssociatedTokenAddressSync(stakePool.poolMint, userPubkey);
1867
1866
  }
1868
1867
  const withdrawAuthority = await findWithdrawAuthorityProgramAddress(stakePoolProgramId, stakePoolAddress);
1869
1868
  const [programSigner] = web3_js.PublicKey.findProgramAddressSync([Buffer.from('fogo_session_program_signer')], stakePoolProgramId);
@@ -2164,14 +2163,7 @@ async function withdrawWsolWithSession(connection, stakePoolAddress, signerOrSes
2164
2163
  const userWsolAccount = splToken.getAssociatedTokenAddressSync(splToken.NATIVE_MINT, userPubkey);
2165
2164
  const instructions = [];
2166
2165
  const signers = [];
2167
- // instructions.push(
2168
- // createAssociatedTokenAccountIdempotentInstruction(
2169
- // signerOrSession,
2170
- // userWsolAccount,
2171
- // userPubkey,
2172
- // NATIVE_MINT,
2173
- // ),
2174
- // )
2166
+ instructions.push(splToken.createAssociatedTokenAccountIdempotentInstruction(signerOrSession, userWsolAccount, userPubkey, splToken.NATIVE_MINT));
2175
2167
  const [programSigner] = web3_js.PublicKey.findProgramAddressSync([Buffer.from('fogo_session_program_signer')], stakePoolProgramId);
2176
2168
  const withdrawAuthority = await findWithdrawAuthorityProgramAddress(stakePoolProgramId, stakePoolAddress);
2177
2169
  instructions.push(StakePoolInstruction.withdrawWsolWithSession({