Add Anchor example programs by tilo-14 · Pull Request #26 · Lightprotocol/examples-light-token

tilo-14 · 2026-02-16T18:57:20Z

Summary

Add four Light Token Anchor example programs: escrow, fundraiser, token-swap, light-token-minter
Each program tests 5 token configurations (SPL, Token2022, Light, LightSpl, LightT22)
Shared test utilities crate for mint/ATA creation, balance verification, SPL interface PDAs
Fix light-token-minter: remove deprecated associated_token::bump (now derived on-chain)
Update CI workflow to test the four example programs

Programs

Program	Description
escrow	Peer-to-peer token swap with rent-free Light Token vaults
fundraiser	Crowdfunding with contribute, claim, and refund flows
token-swap	Constant-product AMM with rent-free pool vaults
light-token-minter	Light Token mint creation and minting

Test plan

cargo test-sbf -p escrow
cargo test-sbf -p fundraiser
cargo test-sbf -p light-token-minter
cargo test-sbf -p swap_example

devin-ai-integration

Devin Review found 2 new potential issues.

View 11 additional findings in Devin Review.

devin-ai-integration · 2026-02-16T19:43:47Z

programs/anchor/fundraiser/src/instructions/contribute.rs

+        require!(
+            amount >= 10_u64.pow(self.mint_to_raise.decimals as u32),
+            FundraiserError::ContributionTooSmall
+        );


🟡 Fundraiser contribute() minimum amount check panics on overflow for high-decimal mints

The contribute() function computes the minimum contribution as 10_u64.pow(self.mint_to_raise.decimals as u32) without checking for overflow. If a mint has decimals > 19, this expression overflows u64.

Detailed Explanation

At programs/anchor/fundraiser/src/instructions/contribute.rs:74:

require!( amount >= 10_u64.pow(self.mint_to_raise.decimals as u32), FundraiserError::ContributionTooSmall );

10_u64.pow(20) = 10^20 which exceeds u64::MAX (≈1.8×10^19). The workspace Cargo.toml sets overflow-checks = true for the release profile, so this would cause a panic (program abort) rather than silent wraparound.

While SPL Token mints typically use decimals 0-9, Token-2022 mints can be created with any u8 value for decimals. Since the fundraiser supports Token-2022 mints (via TokenConfig::Token2022), a malicious or misconfigured mint with decimals >= 20 would make the contribute instruction permanently fail with a panic.

Impact: A fundraiser created with a high-decimal mint would be unable to accept any contributions, effectively locking the fundraiser in a broken state.

Suggested change

require!(

amount >= 10_u64.pow(self.mint_to_raise.decimals as u32),

FundraiserError::ContributionTooSmall

);

let min_amount = 10_u64.checked_pow(self.mint_to_raise.decimals as u32)

.ok_or(FundraiserError::CalculationOverflow)?;

require!(

amount >= min_amount,

FundraiserError::ContributionTooSmall

);

Was this helpful? React with 👍 or 👎 to provide feedback.

devin-ai-integration · 2026-02-16T19:43:49Z

programs/anchor/fundraiser/src/instructions/initialize.rs

+        require!(
+            params.amount >= MIN_AMOUNT_TO_RAISE.checked_mul(10_u64.pow(self.mint_to_raise.decimals as u32)).ok_or(FundraiserError::InvalidAmount)?,
+            FundraiserError::InvalidAmount
+        );


🟡 Fundraiser initialize() minimum amount check panics on overflow for high-decimal mints

The initialize() function computes the minimum amount to raise as MIN_AMOUNT_TO_RAISE.checked_mul(10_u64.pow(self.mint_to_raise.decimals as u32)), but the inner pow call is unchecked and will panic for decimals > 19.

Detailed Explanation

At programs/anchor/fundraiser/src/instructions/initialize.rs:78:

require!( params.amount >= MIN_AMOUNT_TO_RAISE .checked_mul(10_u64.pow(self.mint_to_raise.decimals as u32)) .ok_or(FundraiserError::InvalidAmount)?, FundraiserError::InvalidAmount );

While checked_mul is used for the multiplication, the 10_u64.pow(decimals) call itself is not checked. For decimals >= 20, pow overflows u64 and panics (since overflow-checks = true in the release profile). The checked_mul never gets a chance to catch the overflow.

Impact: Creating a fundraiser with a high-decimal Token-2022 mint would cause the initialize instruction to panic, wasting the caller's transaction fee.

Suggested change

require!(

params.amount >= MIN_AMOUNT_TO_RAISE.checked_mul(10_u64.pow(self.mint_to_raise.decimals as u32)).ok_or(FundraiserError::InvalidAmount)?,

FundraiserError::InvalidAmount

);

let min_unit = 10_u64.checked_pow(self.mint_to_raise.decimals as u32)

.and_then(|v| MIN_AMOUNT_TO_RAISE.checked_mul(v))

.ok_or(FundraiserError::InvalidAmount)?;

require!(

params.amount >= min_unit,

FundraiserError::InvalidAmount

);

Was this helpful? React with 👍 or 👎 to provide feedback.

ananas-block · 2026-02-17T01:30:47Z

programs/anchor/escrow/tests/escrow.rs

+/// After compressing, the test loads cold accounts back to active state
+/// before the next transaction.
+/// Standard SPL/Token 2022 accounts are unaffected.
+async fn warp_to_compress<R: Rpc + TestRpc + Indexer>(rpc: &mut R) {


best put into common

programs/anchor/escrow/tests/escrow.rs

ananas-block · 2026-02-17T17:14:05Z

programs/anchor/basic-macros/create-associated-token-account/Cargo.toml

not all of these deps should be necessary only:
light-sdk
light-account
light-hasher
light-token

these should reexport whatever you need from the other crates.

Applies to all tests.

ananas-block · 2026-02-17T17:17:23Z

programs/anchor/escrow/src/instructions/make_offer.rs

+) -> Result<()> {
+    let decimals = ctx.accounts.token_mint_a.decimals;
+    let (_, spl_interface_bump_a) =
+        find_spl_interface_pda(&ctx.accounts.token_mint_a.key(), false);


would be better to send the bump in instruction data

ananas-block · 2026-02-17T17:18:24Z

programs/anchor/escrow/src/instructions/shared.rs

+) -> Result<()> {
+    let is_light_to_light = is_light_account(&from) && is_light_account(&to);
+
+    if is_light_to_light {


can we use TransferInterface instead?
This way we can remove the complete function.

ananas-block · 2026-02-17T17:19:42Z

programs/anchor/escrow/src/instructions/take_offer.rs

+
+    let decimals_a = ctx.accounts.token_mint_a.decimals;
+    let (_, spl_interface_bump_a) =
+        find_spl_interface_pda(&ctx.accounts.token_mint_a.key(), false);


same here better put bump into ix data.

ananas-block · 2026-02-17T17:19:57Z

programs/anchor/escrow/src/instructions/take_offer.rs

+        spl_interface_pda_bump: spl_interface_bump_a,
+    };
+
+    transfer_tokens(


use transfer interface directly

ananas-block · 2026-02-17T17:22:38Z

programs/anchor/escrow/tests/escrow.rs

+    load_light_mints(rpc, &ctx.payer, &[ctx.mint_a_pubkey, ctx.mint_b_pubkey]).await;
+    load_light_pdas(
+        rpc,
+        &ctx.payer,
+        &ctx.maker,
+        &ctx.program_id,
+        ctx.compression_config,
+        offer_pda,
+        vault_pda,
+    )
+    .await;
+    load_light_accounts(
+        rpc,
+        &ctx.payer,
+        &ctx.taker,
+        &[ctx.mint_a_pubkey, ctx.mint_b_pubkey],
+    )
+    .await;
+    load_light_accounts(
+        rpc,
+        &ctx.payer,
+        &ctx.maker,
+        &[ctx.mint_b_pubkey],
+    )
+    .await;


don't we have a unified load function now?

programs/anchor/escrow/Cargo.toml

programs/anchor/escrow/SPL_COMPARISON.md

Peer-to-peer escrow, crowdfunding, AMM swap, and mint helper programs demonstrating rent-free Light Token vaults with full test coverage across SPL, Token-2022, and Light token standards.

This comment was marked as resolved.

Sign in to view

tilo-14 force-pushed the pr/anchor-examples branch from 4c9e894 to 61dfdf8 Compare February 16, 2026 19:34

devin-ai-integration bot reviewed Feb 16, 2026

View reviewed changes