Sec3 audit fixes (#106)

* sec3 audits fixes for:
 * P2-L-01 P2-L-02, P2-I-01, P2-I-02

* fix P2-L-01 from token-voter sec3 audit

* set voter_weight_expiry to None in token-voter in the case of deposits and withdraws.

Cargo.toml

@@ -5,6 +5,7 @@ members = [
     "programs/realm-voter",
     "programs/nft-voter",
     "programs/token-haver",
+    "programs/token-voter",
 ]
 
 [profile.release]

programs/token-voter/src/error.rs

@@ -99,4 +99,7 @@ pub enum TokenVoterError {
 
     #[msg("Mint Index mismatch!")]
     MintIndexMismatch,
+
+    #[msg("Inactive Deposit Index!")]
+    DepositIndexInactive,
 }

programs/token-voter/src/instructions/close_voter.rs

@@ -26,6 +26,14 @@ pub struct CloseVoter<'info> {
     )]
     pub voter: Box<Account<'info, Voter>>,
 
+    #[account(
+        mut,
+        seeds = [registrar.key().as_ref(), b"voter-weight-record".as_ref(), voter_authority.key().as_ref()],
+        bump,
+        close = sol_destination
+    )]
+    pub voter_weight_record: Box<Account<'info, VoterWeightRecord>>,
+
     pub voter_authority: Signer<'info>,
 
     /// CHECK: Destination may be any address.

programs/token-voter/src/instructions/configure_mint_config.rs

@@ -63,14 +63,12 @@ pub fn configure_mint_config(
         ctx.accounts.realm_authority.key(),
         TokenVoterError::InvalidRealmAuthority
     );
-
-    let token_supply = mint.supply;
-    let supply_with_digit_shift =
-        VotingMintConfig::compute_digit_shift_native(digit_shift, token_supply)?;
+
     let voting_mint_config = VotingMintConfig {
         mint: mint.key(),
         digit_shift,
-        reserved1: [0; 63],
+        mint_supply: mint.supply,
+        reserved1: [0; 55],
     };
 
     let mint_config_idx = registrar
@@ -87,10 +85,9 @@ pub fn configure_mint_config(
     }
 
     // Update MaxVoterWeightRecord.max_voter_weight
-    max_voter_weight_record.max_voter_weight = max_voter_weight_record
-        .max_voter_weight
-        .checked_add(supply_with_digit_shift)
-        .ok_or_else(|| error!(TokenVoterError::VoterWeightOverflow))?;
+    // recalculate the max voter weight as mint supply has possibly changed 
+    max_voter_weight_record.max_voter_weight = registrar.max_vote_weight()?;
+
 
     max_voter_weight_record.max_voter_weight_expiry = None;
 

programs/token-voter/src/instructions/create_voter_weight_record.rs

@@ -65,7 +65,8 @@ pub fn create_voter_weight_record(
     voter.voter_weight_record_bump = ctx.bumps.voter_weight_record;
     voter.voter_authority = voter_authority.key();
     voter.registrar = registrar.key();
-    voter.deposits = vec![];
+    voter.deposits = DepositEntry::init_deposits(registrar.max_mints as usize);
+
 
     let voter_weight_record = &mut ctx.accounts.voter_weight_record;
 

programs/token-voter/src/instructions/deposit.rs

@@ -155,13 +155,13 @@ pub fn deposit<'key, 'accounts, 'remaining, 'info>(
                 is_used: true,
                 reserved: [0; 38],
             };
-            voter.deposits.push(deposit_entry);
+            voter.deposits[mint_idx] = deposit_entry;
         }
     }
 
     let voter_weight_record = &mut ctx.accounts.voter_weight_record;
 
-    let governance_program_id = ctx.accounts.token_owner_record.owner;
+    let governance_program_id = &ctx.accounts.registrar.governance_program_id;
 
     let token_owner_record = token_owner_record::get_token_owner_record_data(
         governance_program_id,
@@ -178,8 +178,9 @@ pub fn deposit<'key, 'accounts, 'remaining, 'info>(
     // Setup voter_weight
     voter_weight_record.voter_weight = voter.weight(registrar)?;
 
-    // Record is only valid as of the current slot
-    voter_weight_record.voter_weight_expiry = Some(Clock::get()?.slot);
+    // Voter Weight Expiry is always set to None after a deposit
+    // since no other action other than deposit and withdraw could invalidate it
+    voter_weight_record.voter_weight_expiry = None;
 
     // Set action and target to None to indicate the weight is valid for any action and target
     voter_weight_record.weight_action = None;

programs/token-voter/src/instructions/withdraw.rs

@@ -149,7 +149,10 @@ pub fn withdraw<'key, 'accounts, 'remaining, 'info>(
     // Update the voter weight record
     let voter_weight_record = &mut ctx.accounts.voter_weight_record;
     voter_weight_record.voter_weight = voter.weight(registrar)?;
-    voter_weight_record.voter_weight_expiry = Some(Clock::get()?.slot);
+    // Voter Weight Expiry is always set to None after a deposit
+    // since no other action other than deposit and withdraw could invalidate it
+    voter_weight_record.voter_weight_expiry = None;
+
 
     Ok(())
 }

programs/token-voter/src/state/deposit_entry.rs

@@ -31,6 +31,22 @@ const_assert!(std::mem::size_of::<DepositEntry>() == 8 + 1 + 8 + 1 + 38);
 const_assert!(std::mem::size_of::<DepositEntry>() % 8 == 0);
 
 impl DepositEntry {
+    /// Creates a new DepositEntry with default values
+    pub fn new() -> Self {
+        Self {
+            amount_deposited_native: 0,
+            voting_mint_config_idx: 0,
+            deposit_slot_hash: 0,
+            is_used: false,
+            reserved: [0; 38],
+        }
+    }
+
+    /// Initializes a vector of DepositEntry with a given length
+    pub fn init_deposits(length: usize) -> Vec<Self> {
+        vec![Self::new(); length]
+    }
+
     /// Voting Power Caclulation
     /// Returns the voting power for the deposit.
     pub fn voting_power(&self, mint_config: &VotingMintConfig) -> Result<u64> {