Implement VoteInstruction::AuthorizeWithSeed & VoteInstruction::AuthorizeWithSeedChecked

[steveluscher]

Background

Given a base key, a seed (arbitrary data, like the string "VOTER_SEED") and the address of a program, you can create a derived key for that program. This key can never sign for anything, because it has no associated secret key.

The vote program lets you authorize an account to be the ‘withdrawer.’

Problem

There's nothing stopping you from authorizing a derived key to be the ‘withdrawer’ authority on a vote account, but if you do, you'll never be able to withdraw funds, since nobody can sign for the derived key.

Summary of Changes

• Add an AuthorizeWithSeed instruction/implementation/tests to the vote program. Now someone who can sign for the base key of a derived key can at least change such a ‘withdrawer’ authority to something else.
• Add an AuthorizeWithSeedChecked instruction/implementation/tests to the vote program. Does the same as AuthorizeWithSeed except that it also checks that the base key of the new authority has signed the transaction.
• Add a feature gate that governs access to that new instruction
• Update docs, wherever found
• Add AuthorizeWithSeed command to web3.js library
• Add AuthorizeWithSeedChecked command to web3.js library

Fixes #25860.
Feature Gate Issue: #25930.

[CriesofCarrots]

@steveluscher , looks like clippy has some opinions about some unnecessary clones and immediate dereferences. Can you fix up so that we can see the rest of CI?

[steveluscher]

…looks like clippy has some opinions…

Me: furiously Googles why cargo clippy isn't the default setting in the rust-analyzer VS Code plugin…

PR Updated!

[CriesofCarrots]

Try cargo clippy --tests

[CriesofCarrots]

Looking good! Just a handful of suggestions, primarily around readability.
Can you please add an implementation for VoteInstruction::AuthorizeCheckedWithSeed? 🙏 🙏 It should look like VoteInstruction::AuthorizeWithSeed, plus checking that the new authority is a signer, as per

solana/programs/vote/src/vote_processor.rs

Line 137 in bc3fb7c

if !instruction_context.is_signer(first_instruction_account + 3)? {

[steveluscher]

Alright! Everything except for AuthorizeWithSeedChecked has been rolled in. I'll work on that next; shall I put it up as a separate PR or just add a couple of commits to this one?

[CriesofCarrots]

shall I put it up as a separate PR or just add a couple of commits to this one?

Let's add it to this one. I'll review the current set of commits in the meantime!

[CriesofCarrots]

Current set of commits look great! Nothing more from me on those

[codecov]

Codecov Report

Merging #25928 (f587fae) into master (8caced6) will decrease coverage by 0.0%.
The diff coverage is 78.8%.

❗ Current head f587fae differs from pull request most recent head 481541f. Consider uploading reports for the commit 481541f to get more accurate results

@@            Coverage Diff            @@
##           master   #25928     +/-   ##
=========================================
- Coverage    82.1%    82.0%   -0.1%     
=========================================
  Files         628      631      +3     
  Lines      171471   173158   +1687     
=========================================
+ Hits       140878   142133   +1255     
- Misses      30593    31025    +432     

Pull request has been modified.

[steveluscher]

Alright! Sprinkled in AuthorizeCheckedWithSeed.

[CriesofCarrots]

Nice, lgtm. Thanks, @steveluscher !