Using PDAs and SPL Token in Anchor | by Daniel Pyrathon

Solana Seashore

Like many different Web3 devs, I’ve slowly been stepping into Solana.

First as a tester of the expertise, and now I’m getting deeper into the event facet.

Over the last 2–3 years at 0x, a lot of the challenges I’ve been uncovered are Ethereum-specific: EVM, ABI-encoding, gasoline auctions, Solidity contracts, block reorgs, and so forth.

A few of these ideas map over properly to Solana, however a majority of ideas require a mindset shift. The expertise behind Proof of Historical past and with the ability to parallelize reads whereas nonetheless locking on writes make issues extra scalable than a consensus-based mannequin.

In comparison with many different chains that “mount” an EVM to be backward-compatible with Ethereum, and compromise on a few of the most basic elements of a blockchain (like safety), the Solana blockchain has to re-think fundamentals at a decrease stage to cut back the value of its transactions and to supply the perfect consumer expertise.

Edgar is true! — Instance of Binance Good Chain taking shortcuts to make their chain appropriate with EVM


As a software program engineer by commerce and occupation, I’ve actually loved writing Solana packages, it’s difficult and enjoyable, and the neighborhood round it’s good and pleasant.

I’ve realized to understand the event decisions round a few of the Solana complexity, and this has pushed me to assist fill a few of the gaps round program improvement. At the moment I wish to stroll us by way of some latest thrilling issues that I’ve realized in Anchor (Solana’s in style improvement framework):

  • CPI (Cross-program invocation)
  • PDAs (Program-derived accounts)
  • Token program inside your Anchor program.


This text would require prior information of Solana and Anchor. There are many unimaginable sources on the market that do an ideal job describing how Anchor, Solana accounts, and basic Anchor improvement. I’d do a disservice to the authors of those sources by ranging from scratch and repeating their explanations, I’d quite construct on high of their work and reference their articles throughout our path. I counsel you go and skim up on these articles that will provide you with a head begin on every thing to know. Any new idea which may be coated, nonetheless, can be defined.

Essential hyperlinks

One other apparent disclaimer that I wish to share is that the code under has not been audited by any means! It’s not production-ready, and it might include bugs. The content material under is solely academic and, as a result of your consideration is pea-sized pricey anon, I can be focusing completely on the core ideas. I wish to share what I realized on CPI invocation, Token accounts, Related Token accounts, and Solana packages on the whole. This was a enjoyable software that entails all the above.

What is that this all about?

We wish to construct the “Protected Token Switch app”, that stops funds from being misplaced.

What is that this all about?

When somebody needs to switch tokens to a specific consumer, they do it in 2 steps to implement security. First, they deposit these tokens into an escrow token account that’s managed by our program. Second, the ultimate receiver of the tokens confirms the withdrawal and receives the funds from the escrow.

Why can we wish to construct this?

Crypto funds are scary. In Ethereum and Bitcoin, you may ship Ether and any ERC20/721 token to any 20-byte encoded hex string. This implies that you could be wish to ship some DAI to a pal, however by mistake you might ship that DAI to another person or, even worse, nobody in any respect!

Some funds to handle(0) are intentional, others aren’t

This app is an try to resolve the core downside of sending funds that get caught without end. The sender of funds has a chance to soundly withdraw their tokens in case of points, and the receiver ensures that they’ve entry to the keys wanted to obtain the tokens.

The high-level consumer circulate

Our program options 2 customers, Alice and Bob.

  • Alice needs to pay Bob
  • Bob is aware of that they are going to be paid by Alice

Our story between Alice and Bob goes like this:

  1. Alice must pay Bob 10,000 USDC as prize cash for a Hackathon that they received. Alice is aware of Bob’s Solana (EOA) tackle
  2. Alice initiates a “Protected Cost” with Bob as a result of she needs to have peace of thoughts and keep away from any “fats finger” state of affairs.
  3. Alice funds the Protected Cost and creates a brand new Protected Pay ID that can be utilized to reference her particular cost intent (ship 10,000 USDC to Bob)
  4. Alice sends Bob a novel URL (that references the brand new Protected Pay ID). Bob can use that Protected Cost to redeem his tokens.
  5. If Alice fat-fingered Bob’s tackle, or if Bob can not discover his keys anymore, Alice can safely pull again her Protected Cost earlier than the switch is full, and provoke a brand new Protected Cost in direction of Bob.

Breaking down our consumer circulate right into a set of directions

  1. Initialize and deposit instruction invoked by Alice: Creates a brand new Protected Cost intent and defines the parameters for it, initialized the escrow pockets owned by the Protected Switch program. strikes the funds from Alice’s pockets to the escrow pockets
  2. Full instruction invoked by Bob: transfer funds from the escrow pockets to Bob’s pockets
  3. PullBack instruction invoked by Alice: strikes funds from the escrow pockets to Alice’s pockets

With a purpose to preserve monitor of what part of the circulate we’re in, and the varied parameters being initialized, we have to have an account to retailer the state.

In Solana, the state is decoupled from logic (or program execution) and is saved in an account. In our case, the state is created by Alice as quickly as a brand new Protected Cost is initialized. So there needs to be 1 new state account for every Protected Cost. Let’s consider the state because the core little bit of storage the place we preserve monitor of what’s occurring, who’re the actors concerned, and what parameters are set.

Initialize and Deposit instruction

What does it do?
Initializes the State account and initializes the escrow pockets account, and strikes the funds from Alice’s pockets to the escrow pockets

Why is it wanted?
Alice makes use of this instruction once they need to pay Bob. Funds go from Alice’s pockets to an escrow pockets.

📝 Parameters
amount_tokens: unsigned integer representing what number of tokens Alice needs to provide to Bob
application_idx: a semi-unique identifier (like a timestamp) that serves to make the cost occasion distinctive. This may be represented by a UNIX timestamp

🖋 Signers: Alice

Instruction for Initializing a brand new Protected Cost occasion
Initialize instruction

You might discover that our constructor accepts 2 stunning parameters. These parameters are handed within the instruction set to be able to compute PDAs for the accounts application_state and escrow_wallet_state. Anchor acknowledges that these two are PDA accounts as a result of we specify seeds and bump for them within the instruction set. You might be asking, why ought to these 2 accounts be PDAs?

PDAs are accounts that may solely be signed by a program. Consider a PDA as an account whose non-public key was solely identified to this system. In our case, because of this updating this system state, and authority over the escrow token pockets, is feasible solely by way of this system that we’re constructing which is gated by the enterprise logic that we code up.
As you may see, these PDAs have an init assertion, which implies that Anchor will automagically create these accounts by way of a SystemProgram name.

Full instruction

What does it do?
Strikes the funds from the previously-funded escrow pockets to Bob’s pockets

Why is it wanted?
Requiring Bob to explicitly withdraw funds to their very own account ensures they’ve the important thing to entry the funds.

🖋 Signers: Bob

Full lastly brings Bob into the image! One vital distinction between the final 2 accounts is that Alice will not be a signer anymore, however now Bob is the signer.

One other vital observe is the presence of AssociatedToken this system. This program defines the conference and offers the mechanism for locating the distinctive pockets tackle to USDC the consumer holds. One other profit

AssociatedToken is that it permits our program to ship tokens to Bob even when they don’t but have a USDC token account (therefore, the init_if_needed clause through the account definition).

Paying out of the escrow might be so simple as calling the switch operate from spl_token as soon as once more, however we needs to be doing greater than this if we wish to do issues accurately. For the reason that escrow pockets is created particularly for the Protected Cost occasion in query, we should always clear it up (shut the pockets) as soon as the cost is full and there’s no use for that account anymore. By closing the pockets, Alice can get again the lamports she put as rent, and we will keep away from polluting the blockchain.

Stand-alone operate to pay out of the escrow, and shut the account if the token account is empty

And under is the instruction code:

Pull Again instruction

What does it do?
Strikes the funds from the escrow pockets to Alice’s pockets

Why is it wanted?
If Bob is unable to entry the funds in escrow, Alice can nonetheless pull the funds again and initialize a brand new Protected Cost

🖋 Signers: Alice

Pull again accounts
Pull again instruction

The above snippets have been extracted from my GitHub repo. The repository has just a few unit assessments that may also present you the way to appropriately take a look at Anchor apps.

Thanks to everybody who has inspired me to enter the house, and who has supplied help from the sidelines!

  • Phil Liao, my colleague and companion in crime at 0x
  • Nader Dabit, founding father of Developer DAO
  • King Maven, for introducing me to many neighborhood members
  • Chase Barker, for offering a lot helpful info and being so responsive in DMs!
Let’s join!Wish to be taught extra about Anchor improvement? I’m hoping to publish extra content material sooner or later. You'll be able to observe me on and be the primary to know concerning the content material I create and share. I additionally run Workplace Hours — If you wish to chat about your undertaking, and also you want somebody that will help you develop within the house (from SWE to Crypto stuff), be happy to succeed in out!

More Posts