@ignitionfi/spl-stake-pool 1.1.15 → 1.1.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/dist/index.browser.cjs.js +5 -5
  2. package/dist/index.browser.cjs.js.map +1 -1
  3. package/dist/index.browser.esm.js +5 -5
  4. package/dist/index.browser.esm.js.map +1 -1
  5. package/dist/index.cjs.js +5 -5
  6. package/dist/index.cjs.js.map +1 -1
  7. package/dist/index.esm.js +5 -5
  8. package/dist/index.esm.js.map +1 -1
  9. package/dist/index.iife.js +5 -5
  10. package/dist/index.iife.js.map +1 -1
  11. package/dist/index.iife.min.js +1 -1
  12. package/dist/index.iife.min.js.map +1 -1
  13. package/dist/instructions.d.ts +1 -0
  14. package/package.json +1 -1
  15. package/src/index.ts +4 -13
  16. package/src/instructions.ts +2 -0
package/dist/index.browser.cjs.js CHANGED
@@ -1468,6 +1468,7 @@ class StakePoolInstruction {
1468
1468
  { pubkey: params.wsolTransientAccount, isSigner: false, isWritable: true },
1469
1469
  { pubkey: params.programSigner, isSigner: false, isWritable: true },
1470
1470
  { pubkey: (_a = params.payer) !== null && _a !== void 0 ? _a : params.fundingAccount, isSigner: true, isWritable: true },
1471
+ { pubkey: params.userWallet, isSigner: false, isWritable: false },
1471
1472
  ];
1472
1473
  if (params.depositAuthority) {
1473
1474
  keys.push({
@@ -1857,13 +1858,11 @@ async function depositWsolWithSession(connection, stakePoolAddress, signerOrSess
1857
1858
  const stakePoolAccount = await getStakePoolAccount(connection, stakePoolAddress);
1858
1859
  const stakePoolProgramId = getStakePoolProgramId(connection.rpcEndpoint);
1859
1860
  const stakePool = stakePoolAccount.account.data;
1860
- // stakePool.tokenProgramId
1861
1861
  const instructions = [];
1862
- // Create token account if not specified
1862
+ // The program handles ATA creation internally using funds from the user's deposit
1863
+ // This prevents rent drain attacks where paymaster pays for ATA and user reclaims rent
1863
1864
  if (!destinationTokenAccount) {
1864
- const associatedAddress = splToken.getAssociatedTokenAddressSync(stakePool.poolMint, userPubkey);
1865
- instructions.push(splToken.createAssociatedTokenAccountIdempotentInstruction(payer !== null && payer !== void 0 ? payer : signerOrSession, associatedAddress, userPubkey, stakePool.poolMint));
1866
- destinationTokenAccount = associatedAddress;
1865
+ destinationTokenAccount = splToken.getAssociatedTokenAddressSync(stakePool.poolMint, userPubkey);
1867
1866
  }
1868
1867
  const withdrawAuthority = await findWithdrawAuthorityProgramAddress(stakePoolProgramId, stakePoolAddress);
1869
1868
  const [programSigner] = web3_js.PublicKey.findProgramAddressSync([Buffer.from('fogo_session_program_signer')], stakePoolProgramId);
@@ -1887,6 +1886,7 @@ async function depositWsolWithSession(connection, stakePoolAddress, signerOrSess
1887
1886
  tokenProgramId: stakePool.tokenProgramId,
1888
1887
  programSigner,
1889
1888
  payer,
1889
+ userWallet: userPubkey,
1890
1890
  }));
1891
1891
  return {
1892
1892
  instructions,