solmail_program/instructions/escrow/

confirm.rs

use pinocchio::{
    account_info::AccountInfo,
    program_error::ProgramError,
    pubkey::{find_program_address, Pubkey},
    ProgramResult,
};

use crate::{
    constants::{ESCROW_SEED, ESCROW_VAULT_SEED, ORACLE_PUBKEY, TREASURY_SEED},
    error::SolMailError,
    state::escrow::EscrowOrder,
};

/// Confirm delivery and release funds to treasury
///
/// Accounts:
/// 0. `[signer]` Oracle - authorized backend service
/// 1. `[writable]` Escrow state account (PDA)
/// 2. `[writable]` Escrow vault account (PDA)
/// 3. `[writable]` Treasury account (PDA)
/// 4. `[]` System program
///
/// Data:
/// - mail_id_low: u64 (8 bytes)
/// - mail_id_high: u64 (8 bytes)
pub fn process(program_id: &Pubkey, accounts: &[AccountInfo], data: &[u8]) -> ProgramResult {
    // Parse instruction data
    if data.len() < 16 {
        return Err(ProgramError::InvalidInstructionData);
    }

    let mail_id_low = u64::from_le_bytes(data[0..8].try_into().unwrap());
    let mail_id_high = u64::from_le_bytes(data[8..16].try_into().unwrap());

    // Parse accounts
    let [oracle, escrow_state, escrow_vault, treasury, _system_program] = accounts else {
        return Err(ProgramError::NotEnoughAccountKeys);
    };

    // Verify oracle is signer
    if !oracle.is_signer() {
        return Err(SolMailError::MissingRequiredSignature.into());
    }

    // Verify oracle is authorized
    if oracle.key().as_ref() != &ORACLE_PUBKEY {
        return Err(SolMailError::UnauthorizedOracle.into());
    }

    // Build mail_id bytes for PDA verification
    let mut mail_id_bytes = [0u8; 16];
    mail_id_bytes[..8].copy_from_slice(&mail_id_low.to_le_bytes());
    mail_id_bytes[8..].copy_from_slice(&mail_id_high.to_le_bytes());

    // Verify escrow state PDA
    let (escrow_pda, _) =
        find_program_address(&[ESCROW_SEED, &mail_id_bytes], program_id);

    if escrow_state.key() != &escrow_pda {
        return Err(SolMailError::InvalidPda.into());
    }

    // Read and validate escrow state
    let escrow_data = unsafe { escrow_state.borrow_mut_data_unchecked() };
    let escrow = EscrowOrder::from_bytes_mut(escrow_data)?;

    // Check not already delivered
    if escrow.delivered {
        return Err(SolMailError::AlreadyDelivered.into());
    }

    // Verify vault PDA
    let (vault_pda, _vault_bump) =
        find_program_address(&[ESCROW_VAULT_SEED, &mail_id_bytes], program_id);

    if escrow_vault.key() != &vault_pda {
        return Err(SolMailError::InvalidPda.into());
    }

    // Verify treasury PDA
    let (treasury_pda, _) = find_program_address(&[TREASURY_SEED], program_id);

    if treasury.key() != &treasury_pda {
        return Err(SolMailError::InvalidPda.into());
    }

    // Mark as delivered
    escrow.delivered = true;

    // Zero escrow state data before closing (prevent revival attacks)
    let state_data = unsafe { escrow_state.borrow_mut_data_unchecked() };
    state_data.iter_mut().for_each(|b| *b = 0);

    // Transfer SOL from vault to treasury
    let vault_lamports = escrow_vault.lamports();

    // Use raw lamport transfer (subtract from vault, add to treasury)
    unsafe {
        *escrow_vault.borrow_mut_lamports_unchecked() = 0;
        *treasury.borrow_mut_lamports_unchecked() += vault_lamports;
    }

    // Close escrow state account - return rent to treasury
    let escrow_lamports = escrow_state.lamports();
    unsafe {
        *escrow_state.borrow_mut_lamports_unchecked() = 0;
        *treasury.borrow_mut_lamports_unchecked() += escrow_lamports;
    }

    Ok(())
}