Struct TransferChecked 

pub struct TransferChecked<'a> {
    pub from: &'a AccountView,
    pub mint: &'a AccountView,
    pub to: &'a AccountView,
    pub authority: &'a AccountView,
    pub amount: u64,
    pub decimals: u8,
}

Builder for SPL Token TransferChecked (instruction index 12).

Adds mint + decimals validation over [Transfer]. Required for accounts that participate in Token-2022 extension flows.

Fields

from: &'a AccountView

mint: &'a AccountView

to: &'a AccountView

authority: &'a AccountView

amount: u64

decimals: u8

Implementations

impl TransferChecked<'_>

pub fn invoke(&self) -> ProgramResult

Invoke with a transaction-signed authority. Fails fast with MissingRequiredSignature before the CPI if the authority is not a signer.

pub fn invoke_strict(&self) -> ProgramResult

Strict invoke: signer pre-check plus token-account ownership verification. Auto-injects the check that #[hopper::program(enforce_token_checks = true)] promises so a handler inside such a program can write TransferChecked { ... }.invoke_strict()? and know that the attacker-passes-correct-pubkey-but-wrong-signer exploit class is closed before the CPI.

Verifies self.from’s owner field (SPL TokenAccount bytes [32..64]) matches self.authority.address(). Returns ProgramError::IncorrectAuthority on mismatch.

pub fn invoke_signed(&self, signers: &[Signer<'_, '_>]) -> ProgramResult

Invoke with explicit PDA signer seeds. The SPL token program validates mint + decimals regardless of the signer source.

pub fn invoke_signed_strict(&self, signers: &[Signer<'_, '_>]) -> ProgramResult

Strict PDA-signed invoke: ownership pre-check (the SPL token program revalidates, but Hopper surfaces a branded error first) then CPI with the supplied signer seeds.