feat: Use const-crypto to compute event auth and do address comparison (solana-foundation#3986)

* feat: Use const-crypto to compute event auth and do address comparison

* event auth const is computed and present only when event-cpi feature is enabled

* chore: update lockfiles

---------

Co-authored-by: Arrowana <Arrowana@users.noreply.github.com>

Author: jacobcreech

Cargo.lock

@@ -23,7 +23,7 @@ anchor-debug = [
     "anchor-derive-accounts/anchor-debug",
 ]
 derive = []
-event-cpi = ["anchor-attribute-event/event-cpi"]
+event-cpi = ["anchor-attribute-event/event-cpi","anchor-attribute-account/event-cpi"]
 idl-build = [
     "anchor-attribute-account/idl-build",
     "anchor-attribute-constant/idl-build",
@@ -56,6 +56,7 @@ base64 = "0.21"
 bincode = "1"
 borsh = "0.10.3"
 bytemuck = { version = "1", features = ["derive"] }
+const-crypto = "0.3.0"
 solana-account-info = "2"
 solana-clock = "2"
 solana-cpi = "2"

lang/Cargo.toml

@@ -14,6 +14,7 @@ proc-macro = true
 anchor-debug = ["anchor-syn/anchor-debug"]
 idl-build = ["anchor-syn/idl-build"]
 lazy-account = []
+event-cpi = []
 
 [dependencies]
 anchor-syn = { path = "../../syn", version = "0.32.1", features = ["hash"] }

lang/attribute/account/Cargo.toml

@@ -39,6 +39,17 @@ fn id_to_tokens(
     pubkey_type: proc_macro2::TokenStream,
     tokens: &mut proc_macro2::TokenStream,
 ) {
+    let event_authority_and_bump = {
+        #[cfg(feature = "event-cpi")]
+        quote! {
+            pub const EVENT_AUTHORITY_AND_BUMP: (#pubkey_type, u8) = {
+                let (address, bump) = anchor_lang::derive_program_address(&[b"__event_authority"], &ID_CONST.to_bytes());
+                (#pubkey_type::new_from_array(address), bump)
+            };
+        }
+        #[cfg(not(feature = "event-cpi"))]
+        quote! {}
+    };
     tokens.extend(quote! {
         /// The static program ID
         pub static ID: #pubkey_type = #id;
@@ -61,6 +72,8 @@ fn id_to_tokens(
             ID_CONST
         }
 
+        #event_authority_and_bump
+
         #[cfg(test)]
         #[test]
         fn test_id() {

lang/attribute/account/src/id.rs

@@ -164,7 +164,6 @@ pub fn emit_cpi(input: proc_macro::TokenStream) -> proc_macro::TokenStream {
     proc_macro::TokenStream::from(quote! {
         {
             let authority_info = ctx.accounts.#authority_name.to_account_info();
-            let authority_bump = ctx.bumps.#authority_name;
 
             let disc = anchor_lang::event::EVENT_IX_TAG_LE;
             let inner_data = anchor_lang::Event::data(&#event_struct);
@@ -187,7 +186,7 @@ pub fn emit_cpi(input: proc_macro::TokenStream) -> proc_macro::TokenStream {
             anchor_lang::solana_program::program::invoke_signed(
                 &ix,
                 &[authority_info],
-                &[&[#authority_seeds, &[authority_bump]]],
+                &[&[#authority_seeds, &[crate::EVENT_AUTHORITY_AND_BUMP.1]]],
             )
             .map_err(anchor_lang::error::Error::from)?;
         }

lang/attribute/event/src/lib.rs

@@ -59,6 +59,7 @@ pub use anchor_attribute_program::{declare_program, instruction, program};
 pub use anchor_derive_accounts::Accounts;
 pub use anchor_derive_serde::{AnchorDeserialize, AnchorSerialize};
 pub use anchor_derive_space::InitSpace;
+pub use const_crypto::ed25519::derive_program_address;
 
 /// Borsh is the default serialization format for instructions and accounts.
 pub use borsh::de::BorshDeserialize as AnchorDeserialize;

lang/src/lib.rs

@@ -197,7 +197,6 @@ fn generate_event_cpi_mod() -> proc_macro2::TokenStream {
     {
         let authority = crate::parser::accounts::event_cpi::EventAuthority::get();
         let authority_name = authority.name;
-        let authority_seeds = authority.seeds;
 
         quote! {
             /// __events mod defines handler for self-cpi based event logging
@@ -218,14 +217,12 @@ fn generate_event_cpi_mod() -> proc_macro2::TokenStream {
                         .with_account_name(#authority_name));
                     }
 
-                    let (expected_event_authority, _) =
-                        Pubkey::find_program_address(&[#authority_seeds], &program_id);
-                    if given_event_authority.key() != expected_event_authority {
+                    if given_event_authority.key() != crate::EVENT_AUTHORITY_AND_BUMP.0 {
                         return Err(anchor_lang::error::Error::from(
                             anchor_lang::error::ErrorCode::ConstraintSeeds,
                         )
                         .with_account_name(#authority_name)
-                        .with_pubkeys((given_event_authority.key(), expected_event_authority)));
+                        .with_pubkeys((given_event_authority.key(), crate::EVENT_AUTHORITY_AND_BUMP.0)));
                     }
 
                     Ok(())

lang/syn/src/codegen/program/handlers.rs

@@ -52,15 +52,14 @@ pub fn add_event_cpi_accounts(
 
     let authority = EventAuthority::get();
     let authority_name = authority.name_token_stream();
-    let authority_seeds = authority.seeds;
 
     let accounts_struct = quote! {
         #(#attrs)*
         #vis #struct_token #ident #generics {
             #(#fields,)*
 
             /// CHECK: Only the event authority can invoke self-CPI
-            #[account(seeds = [#authority_seeds], bump)]
+            #[account(address = crate::EVENT_AUTHORITY_AND_BUMP.0)]
             pub #authority_name: AccountInfo<#info_lifetime>,
             /// CHECK: Self-CPI will fail if the program is not the current program
             pub program: AccountInfo<#info_lifetime>,