solmail_program/instructions/escrow/

refund.rs

use pinocchio::{
    account_info::AccountInfo,
    program_error::ProgramError,
    pubkey::{find_program_address, Pubkey},
    sysvars::{clock::Clock, Sysvar},
    ProgramResult,
};

use crate::{
    constants::{ESCROW_SEED, ESCROW_VAULT_SEED},
    error::SolMailError,
    state::escrow::EscrowOrder,
};

/// Refund escrow after timeout
///
/// Accounts:
/// 0. `[signer, writable]` Payer - original escrow creator (receives refund)
/// 1. `[writable]` Escrow state account (PDA)
/// 2. `[writable]` Escrow vault account (PDA)
/// 3. `[]` System program
///
/// Data:
/// - mail_id_low: u64 (8 bytes)
/// - mail_id_high: u64 (8 bytes)
pub fn process(program_id: &Pubkey, accounts: &[AccountInfo], data: &[u8]) -> ProgramResult {
    // Parse instruction data
    if data.len() < 16 {
        return Err(ProgramError::InvalidInstructionData);
    }

    let mail_id_low = u64::from_le_bytes(data[0..8].try_into().unwrap());
    let mail_id_high = u64::from_le_bytes(data[8..16].try_into().unwrap());

    // Parse accounts
    let [payer, escrow_state, escrow_vault, _system_program] = accounts else {
        return Err(ProgramError::NotEnoughAccountKeys);
    };

    // Verify payer is signer
    if !payer.is_signer() {
        return Err(SolMailError::MissingRequiredSignature.into());
    }

    // Build mail_id bytes for PDA verification
    let mut mail_id_bytes = [0u8; 16];
    mail_id_bytes[..8].copy_from_slice(&mail_id_low.to_le_bytes());
    mail_id_bytes[8..].copy_from_slice(&mail_id_high.to_le_bytes());

    // Verify escrow state PDA
    let (escrow_pda, _) =
        find_program_address(&[ESCROW_SEED, &mail_id_bytes], program_id);

    if escrow_state.key() != &escrow_pda {
        return Err(SolMailError::InvalidPda.into());
    }

    // Read escrow state
    let escrow_data = unsafe { escrow_state.borrow_data_unchecked() };
    let escrow = EscrowOrder::from_bytes(escrow_data)?;

    // Verify payer matches original escrow creator
    if payer.key().as_ref() != &escrow.payer {
        return Err(SolMailError::InvalidPayer.into());
    }

    // Check not already delivered
    if escrow.delivered {
        return Err(SolMailError::AlreadyDelivered.into());
    }

    // Check timeout has passed
    let clock = Clock::get()?;
    if !escrow.is_timed_out(clock.unix_timestamp) {
        return Err(SolMailError::TimeoutNotReached.into());
    }

    // Verify vault PDA
    let (vault_pda, _) =
        find_program_address(&[ESCROW_VAULT_SEED, &mail_id_bytes], program_id);

    if escrow_vault.key() != &vault_pda {
        return Err(SolMailError::InvalidPda.into());
    }

    // Zero escrow state data before closing (prevent revival attacks)
    let state_data = unsafe { escrow_state.borrow_mut_data_unchecked() };
    state_data.iter_mut().for_each(|b| *b = 0);

    // Transfer all SOL from vault back to payer
    let vault_lamports = escrow_vault.lamports();
    unsafe {
        *escrow_vault.borrow_mut_lamports_unchecked() = 0;
        *payer.borrow_mut_lamports_unchecked() += vault_lamports;
    }

    // Close escrow state account - return rent to payer
    let escrow_lamports = escrow_state.lamports();
    unsafe {
        *escrow_state.borrow_mut_lamports_unchecked() = 0;
        *payer.borrow_mut_lamports_unchecked() += escrow_lamports;
    }

    Ok(())
}