Proof Of Concepts for security based token extensions using the transfer hook interface.
The rate_limits program provides an implementation of the transfer hook interface that allows for rate limiting the amount of tokens transferred in a given time period.
There are two types of rate limits:
- Mint Based Rate Limit
- Authority Based Rate Limit
The Management account is created through the initialize instruction which is intended to run immediately after the program is deployed. Creation of this account sets the authority to the address used to pay the rent cost.
Rate limits can only be instantiated by the authority.
Standard account required by transfer hook implementations. This account must be created before any block lists are created.
The Mint Based Rate Limit applies rate limiting on token transfers in general, regardless of the authority they come from. For example if USDC has a mint based rate limit of 1000 in a 60 second time period, no more than 1000 USDC tokens may be transferred by any address in a 60 second time period.
The Authority Based Rate Limit applies rate limiting on token transfers coming from specific authority address. For example if J6MtLv2o7xJRTCHDAyLhLeTo3yjMPW73wvccJAiqHeMx has a rate limit of 1000 USDC in a 60 second time period, J6MtLv2o7xJRTCHDAyLhLeTo3yjMPW73wvccJAiqHeMx can transfer no more than 1000 USDC in that time period, however other addresses may transfer any amount of tokens and not be subject to rate limiting.
Note: Integration of this in the transfer hook is not yet complete
The block_lists program provides an implementation of the transfer hook interface tht allows for block list functionality to disallow sets of addresses from being able to send/receive tokens.
Addresses included in the block list are evaluated against the source/recipient token account owners, as well as the address being used to sign the transfer. If any of the addresses are in the block list, the transfer is aborted.
The Management account is created through the initialize instruction which is intended to run immediately after the program is deployed. Creation of this account sets the authority to the address used to pay the rent cost.
Additional block lists can only be created by this authority.
Standard account required by transfer hook implementations. This account must be created before any block lists are created.
The main account of interest, which allows adding/removing addresses that can be blocked from sending/receiving tokens.
Whenever a new block list account is created, it is automatically added to the ExtraAccountMetaList account.
The initialization of the management account can be front-run immediately after program deployment. Possible solution is to hard code the seeds via anchor constraints to a specific address.
Due to realloc constraints, each block list can hold a max of 318 addresses. As a solution for this multiple block list accounts can be created.
At the moment the size of the block list account is assumed to have room for 318 addresses. A more convenient solution would be to allow customizing the amount of addresses that have space allocated for them, and then reallocate the account space when more addresses need to be added.