The latest articles on Forem by Ola Adesoye (@ola-zoll). https://forem.com/ola-zoll https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3518658%2F465a1b54-168b-4f1c-b19e-06252755a6f3.jpeg https://forem.com/ola-zoll en Ola Adesoye Sun, 25 Jan 2026 22:59:26 +0000 https://forem.com/ola-zoll/a-rent-recovery-tool-for-solana-accounts-22hf https://forem.com/ola-zoll/a-rent-recovery-tool-for-solana-accounts-22hf <h2> A Quick Solana Primer </h2> <p>If you're not deep in the Solana ecosystem, here's a 30-second crash course.</p> <p>Solana is a blockchain — like Ethereum, but faster and cheaper. To do anything on Solana (send tokens, interact with apps, mint NFTs), you need to pay transaction fees. These fees are paid in <strong>SOL</strong>, Solana's native currency.</p> <p>Here's where it gets interesting: every piece of data stored on Solana lives in something called an "account." Your wallet? An account. Your token balances? Each one is a separate account. And every account needs to hold a minimum amount of SOL to exist — this is called <strong>rent</strong>.</p> <p>Think of it like a security deposit. The blockchain holds onto this SOL to prevent spam (otherwise people could create infinite accounts and bloat the network). The good news? When you close an account, you get that deposit back.</p> <p>For a standard token account, this deposit is about <strong>0.002 SOL</strong> (~$0.30-0.50 USD). Not much for one account. But what if you have thousands?</p> <h2> Kora for Gasless Transactions on Solana </h2> <p>Now let's talk about <strong>Kora</strong>.</p> <p>One of the friction points in crypto is that you always need the native token to do anything. Want to send USDC on Solana? You need SOL for the fee. Just got some tokens airdropped but have zero SOL? Too bad, you can't move them.</p> <p>Kora solves this. It's infrastructure enables <strong>gasless transactions</strong>. Users can pay transaction fees in tokens they already have (like USDC or BONK) instead of SOL.</p> <p>Here's how it works at a high level:</p> <ol> <li>A user wants to make a transaction but doesn't have SOL for fees</li> <li>They submit their transaction to a Kora node</li> <li>The Kora node <strong>sponsors</strong> the SOL fee on their behalf</li> <li>In return, the user pays the node in a token (like USDC)</li> <li>The transaction goes through, everyone's happy</li> </ol> <p>Kora nodes are essentially "paymasters" who front the SOL and get paid back in tokens.</p> <h2> The Problem: Phantom Token Accounts </h2> <p>Here's where my project comes in.</p> <p>Every time a Kora node receives a token payment from a user, Solana creates a <strong>token account</strong> to hold those tokens. This happens automatically. The node accumulates USDC from one user, BONK from another, maybe some random memecoin from a third.</p> <p>Eventually, these tokens get swept to a treasury or converted to SOL. The token accounts become empty.</p> <p>But here's the catch: <strong>empty doesn't mean gone</strong>.</p> <p>Those accounts still exist on the blockchain. And they're still holding that rent deposit hostage — 0.002 SOL each, locked up and unusable.</p> <p>A busy Kora node might process thousands of transactions across hundreds of different tokens. That's potentially hundreds of empty token accounts. At 0.002 SOL each, we're talking about real money just... sitting there. Doing nothing.</p> <p>I built a tool to get it back.</p> <h2> The Tool </h2> <p><strong>Kora Rent-Reclaim</strong> is a command-line tool that:</p> <ol> <li> <strong>Discovers</strong> all token accounts owned by your wallet</li> <li> <strong>Filters</strong> to find the ones that are empty and safe to close</li> <li> <strong>Closes</strong> them and sends the rent back to an address you specify</li> <li> <strong>Reports</strong> exactly what happened for your records</li> </ol> <p>The concept is simple, but the execution required handling a lot of edge cases.</p> <h2> The "Oh, That's How Solana Works" Moments </h2> <p>There's always something to learn. Building this taught me a lot about Solana's internals. Here are the interesting bits:</p> <h3> Rent-Exempt Minimum </h3> <p>Solana used to actually charge ongoing rent — your account balance would slowly decrease over time. They've since moved to a simpler model: hold a minimum balance, and your account lives forever. For token accounts, that magic number is exactly <strong>0.00203928 SOL</strong>.</p> <p>When you close an account, this entire amount returns to you. It's not a fee — it's more like a refundable deposit.</p> <h3> Token Accounts Have Rules </h3> <p>You can't just delete any account. Token accounts (technically called Associated Token Accounts or ATAs) follow specific rules:</p> <ul> <li>Only the <strong>owner</strong> can close them</li> <li>They must have <strong>zero token balance</strong> </li> <li>They must be in an <strong>initialized</strong> state (not frozen)</li> </ul> <p>Try to close an account with tokens still in it? The blockchain rejects the transaction. This is actually great since it means the tool can't accidentally destroy your assets.</p> <h3> The getProgramAccounts Challenge </h3> <p>To find all token accounts for a wallet, you query the Token Program with <code>getProgramAccounts</code>. This returns every matching account in one response.</p> <p>For a wallet with 10,000 accounts? That's a heavy call. There's no pagination, no streaming. You get everything at once or nothing. This informed some of my design decisions around memory management.</p> <h2> Building It: The Interesting Parts </h2> <h3> The Pipeline </h3> <p>The tool follows a straightforward pipeline:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Discover → Filter → Reclaim → Report </code></pre> </div> <p><strong>Discover</strong>: Query the RPC endpoint to get all token accounts owned by the signer wallet.</p> <p><strong>Filter</strong>: Categorize accounts into closeable (zero balance, initialized, not whitelisted) versus non-closeable (has balance, frozen, protected).</p> <p><strong>Reclaim</strong>: Bundle close instructions into transactions, send them, track successes and failures.</p> <p><strong>Report</strong>: Display results to the user by writing to a CSV audit log.</p> <h3> Handling the Real World </h3> <p>Production infrastructure is messy. Things fail. I built the tool to handle:</p> <p><strong>RPC Rate Limiting</strong>: Endpoints return 429 errors when you hit them too hard. The tool uses exponential backoff — wait 100ms, then 200ms, then 400ms between retries.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Retry with exponential backoff</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">attempt</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="nx">attempt</span> <span class="o">&lt;=</span> <span class="mi">3</span><span class="p">;</span> <span class="nx">attempt</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">fn</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nf">isRetryable</span><span class="p">(</span><span class="nx">error</span><span class="p">))</span> <span class="k">throw</span> <span class="nx">error</span><span class="p">;</span> <span class="k">await</span> <span class="nf">sleep</span><span class="p">(</span><span class="mi">100</span> <span class="o">*</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">pow</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="nx">attempt</span> <span class="o">-</span> <span class="mi">1</span><span class="p">));</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>User Interruption</strong>: Someone hits Ctrl+C mid-operation. The tool catches SIGINT, finishes the current transaction batch (no partial state), logs what completed, and exits cleanly.</p> <p><strong>Low Balance Warning</strong>: If your wallet doesn't have enough SOL to cover transaction fees, the tool warns you upfront rather than failing mysteriously later.</p> <h3> Error Messages That Actually Help </h3> <p>Every error follows a <strong>What / Why / Do</strong> pattern:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[ERROR] Cannot read keypair file: ./missing.json File not found or not readable. → Check the path and ensure the file exists. </code></pre> </div> <p>No cryptic stack traces and no generic error message like "something went wrong." Tell users what broke, why it matters, and exactly what to do about it.</p> <h2> Design Decisions </h2> <h3> Dry-Run by Default </h3> <p>The first time you run this tool, nothing happens. You see what <em>would</em> happen. You have to explicitly pass <code>--execute</code> to actually close accounts.</p> <p>Why? Because closing accounts is <strong>irreversible</strong>. Once closed, the account is gone. Better to make the dangerous action opt-in rather than opt-out.</p> <h3> Batching: 10 Accounts Per Transaction </h3> <p>Solana transactions have compute limits. If you pack too many instructions into one transaction, it fails. Through testing, I landed on 10 close instructions per transaction — safe across different RPC providers and network conditions.</p> <h3> Memory Efficiency for Large Wallets </h3> <p>For wallets with 10,000+ accounts, keeping everything in memory gets problematic. The tool writes history log entries in batches rather than accumulating them all until the end. This is a small change but it has significant impact on memory usage.</p> <h3> Verbose Mode for Debugging </h3> <p>When things go wrong, you need visibility. The <code>--verbose</code> flag shows RPC call timing, slot numbers, and batch progress — all going to stderr so it doesn't interfere with JSON output if you're piping results somewhere.</p> <h2> What I Learned </h2> <p><strong>1. Solana's rent model is clever.</strong> It solves blockchain state bloat by making storage have a real cost, but you get your money back when you're done. It's a deposit, not a tax.</p> <p><strong>2. CLI user experience matters more than you'd think.</strong> Nobody reads documentation. The tool needs to guide users with first-run tips, clear defaults, and helpful error messages.</p> <p><strong>3. Defensive coding isn't paranoia — it's necessity.</strong> RPCs fail. Users interrupt operations. Account states change between when you check and when you act. Handle all of it, or your tool becomes unreliable.</p> <p><strong>4. TypeScript for CLI tools is underrated.</strong> Type safety caught countless bugs during development. The confidence to refactor without fear is worth the initial setup overhead.</p> <p><strong>5. The boring parts matter most.</strong> Retry logic, graceful shutdown, audit logging — none of this is exciting to build, but it's what separates a script from a tool you can actually rely on.</p> <h2> Try It Yourself </h2> <p>If you have a Solana wallet with old token accounts (and most active wallets do):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Clone and build</span> git clone https://github.com/Zolldyk/Auto-rent-reclaim-bot.git <span class="nb">cd </span>Auto-rent-reclaim-bot npm <span class="nb">install</span> <span class="o">&amp;&amp;</span> npm run build <span class="c"># Preview what you could reclaim (safe - no changes made)</span> npx kora-reclaim <span class="se">\</span> <span class="nt">--signer-keypair</span> ~/your-wallet.json <span class="se">\</span> <span class="nt">--treasury</span> YOUR_SOL_ADDRESS <span class="se">\</span> <span class="nt">--rpc-url</span> https://api.mainnet-beta.solana.com <span class="c"># Actually reclaim (when you're ready)</span> npx kora-reclaim <span class="se">\</span> <span class="nt">--signer-keypair</span> ~/your-wallet.json <span class="se">\</span> <span class="nt">--treasury</span> YOUR_SOL_ADDRESS <span class="se">\</span> <span class="nt">--rpc-url</span> https://api.mainnet-beta.solana.com <span class="se">\</span> <span class="nt">--execute</span> </code></pre> </div> <p>You might be surprised how much SOL is sitting in empty accounts and waiting to be reclaimed.</p> <h2> Wrapping Up </h2> <p>This project started as a specific solution for Kora node operators but works for anyone with unused token accounts on Solana. The core insight is simple: those empty accounts aren't free — they're holding your SOL.</p> <p>The implementation taught me a lot about Solana's architecture, building reliable CLI tools, and the importance of handling edge cases gracefully.</p> <p>Sometimes the best tools are the ones that solve one specific problem really well.</p> web3 blockchain solana programming Ola Adesoye Sun, 25 Jan 2026 21:27:23 +0000 https://forem.com/ola-zoll/i-built-a-hacking-playground-for-solana-so-you-dont-have-to-lose-real-money-learning-21df https://forem.com/ola-zoll/i-built-a-hacking-playground-for-solana-so-you-dont-have-to-lose-real-money-learning-21df <p><strong>TL;DR:</strong> I created an open-source educational repository with intentionally vulnerable Solana smart contracts. You can legally hack them, watch exploits work in real-time, then study the secure versions to understand exactly what went wrong. It's like a flight simulator for blockchain security.</p> <h2> The $300 Million Wake-Up Call </h2> <p>In 2022, the Wormhole bridge lost $320 million in a single exploit. The Cashio stablecoin collapsed overnight. Slope wallet leaked private keys. These weren't random accidents—they were predictable security failures that could have been prevented.</p> <p>What's crazy is not only the money you realize was lost in those exploits, but also that the same vulnerability patterns keep appearing over and over. Missing signature checks, unchecked math overflow, and authority validation failures. </p> <p>The same mistakes, different projects, millions gone.</p> <p>Anyway, here's a safe place to <em>experience</em> these vulnerabilities firsthand. </p> <h2> The project </h2> <p><strong><a href="https://github.com/Zolldyk/anchor-pinochio-security-template" rel="noopener noreferrer">Anchor/Pinocchio Security Template</a></strong> is a collection of six vulnerability patterns, each containing:</p> <ol> <li> <strong>A deliberately broken smart contract</strong> — with intentional security flaws</li> <li> <strong>A secure version</strong> — showing exactly how to fix it</li> <li> <strong>Working exploit code</strong> — that actually drains the vulnerable contract</li> <li><strong>Tests proving the secure version blocks attacks</strong></li> </ol> <p>Everything runs on a local Solana validator. No real money. No devnet tokens. Just you, the code, and a safe environment to break things.</p> <h3> The six patterns </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Pattern</th> <th>What Goes Wrong</th> <th>Real-World Parallel</th> </tr> </thead> <tbody> <tr> <td>Missing Validation</td> <td>No check if caller is authorized</td> <td>Leaving your front door unlocked</td> </tr> <tr> <td>Authority Failures</td> <td>Admin functions anyone can call</td> <td>Giving everyone the master key</td> </tr> <tr> <td>Unsafe Arithmetic</td> <td>Numbers overflow and wrap around</td> <td>Your bank balance going from $1 to $18 quintillion</td> </tr> <tr> <td>CPI Re-entrancy</td> <td>Contract calls back into itself mid-transaction</td> <td>Someone withdrawing money while the ATM is still counting</td> </tr> <tr> <td>PDA Derivation</td> <td>Wrong address generation lets attackers substitute accounts</td> <td>Someone redirecting your mail to their house</td> </tr> <tr> <td>Token Validation</td> <td>Accepting fake tokens as real ones</td> <td>A vending machine that accepts photocopied bills</td> </tr> </tbody> </table></div> <h2> A side-by-side comparison that changes everything </h2> <p>Most security tutorials show you the "right way" and leave it at that. It might also be great to learn by seeing <em>what not to do</em> first.</p> <p>Here's the thing: when you only see correct code, you don't develop intuition for what's dangerous. You follow patterns without understanding why they exist.</p> <p>But when you see this vulnerable code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="c1">// VULNERABILITY: Anyone can call this!</span> <span class="k">pub</span> <span class="k">fn</span> <span class="nf">transfer</span><span class="p">(</span><span class="n">ctx</span><span class="p">:</span> <span class="n">Context</span><span class="o">&lt;</span><span class="n">Transfer</span><span class="o">&gt;</span><span class="p">,</span> <span class="n">amount</span><span class="p">:</span> <span class="nb">u64</span><span class="p">)</span> <span class="k">-&gt;</span> <span class="nb">Result</span><span class="o">&lt;</span><span class="p">()</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// No check if caller is the owner</span> <span class="n">ctx</span><span class="py">.accounts.vault.balance</span> <span class="o">-=</span> <span class="n">amount</span><span class="p">;</span> <span class="nf">Ok</span><span class="p">(())</span> <span class="p">}</span> </code></pre> </div> <p>And then run an exploit that actually steals funds from it... suddenly the secure version makes visceral sense:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="c1">// SECURITY: Only the owner can transfer</span> <span class="k">pub</span> <span class="k">fn</span> <span class="nf">transfer</span><span class="p">(</span><span class="n">ctx</span><span class="p">:</span> <span class="n">Context</span><span class="o">&lt;</span><span class="n">Transfer</span><span class="o">&gt;</span><span class="p">,</span> <span class="n">amount</span><span class="p">:</span> <span class="nb">u64</span><span class="p">)</span> <span class="k">-&gt;</span> <span class="nb">Result</span><span class="o">&lt;</span><span class="p">()</span><span class="o">&gt;</span> <span class="p">{</span> <span class="nd">require!</span><span class="p">(</span> <span class="n">ctx</span><span class="py">.accounts.authority</span><span class="nf">.key</span><span class="p">()</span> <span class="o">==</span> <span class="n">ctx</span><span class="py">.accounts.vault.owner</span><span class="p">,</span> <span class="nn">ErrorCode</span><span class="p">::</span><span class="n">Unauthorized</span> <span class="p">);</span> <span class="n">ctx</span><span class="py">.accounts.vault.balance</span> <span class="o">-=</span> <span class="n">amount</span><span class="p">;</span> <span class="nf">Ok</span><span class="p">(())</span> <span class="p">}</span> </code></pre> </div> <p>That <code>require!</code> check isn't just "best practice" anymore. It's the line between your program working and someone draining everything.</p> <h2> The dual-framework approach </h2> <p>One thing that sets this project apart: every vulnerability is implemented in both <strong>Anchor</strong> (the popular high-level framework) and <strong>Pinocchio</strong> (a minimal, lower-level library).</p> <p>Why bother?</p> <p>Because security principles are framework-agnostic. Whether you're using Anchor's convenient macros or writing raw account parsing with Pinocchio, the same vulnerabilities exist. </p> <p>Seeing them in both contexts drives home that security isn't about memorizing framework-specific tricks - it's about understanding the underlying model.</p> <p>Plus, Pinocchio implementations show you what Anchor is doing "under the hood." When you see the 50 lines of manual validation that Anchor's <code>#[account(...)]</code> macro generates for you, you appreciate both the convenience AND understand what could go wrong.</p> <h2> How to use this </h2> <p><strong>1. Clone and set up:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/Zolldyk/anchor-pinochio-security-template.git <span class="nb">cd </span>anchor-pinochio-security-template npm <span class="nb">install</span> </code></pre> </div> <p><strong>2. Start with Pattern 01 (Missing Validation):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run <span class="nb">test</span>:01 </code></pre> </div> <p>You'll see output like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Vulnerable program ✗ allows unauthorized balance update (demonstrates vulnerability) Secure Program ✓ blocks unauthorized balance update (demonstrates fix) </code></pre> </div> <p>The <code>✗</code> means the exploit succeeded. The <code>✓</code> means the attack was blocked. Both are expected!</p> <p><strong>3. Read the code, modify the exploit, break things.</strong></p> <p>The <a href="https://github.com/Zolldyk/anchor-pinochio-security-template/blob/master/LEARNING_PATH.md" rel="noopener noreferrer">LEARNING_PATH.md</a> provides a structured progression from beginner to advanced patterns.</p> <h2> What I learned building this </h2> <p>A few things surprised me:</p> <p><strong>Anchor does a lot of heavy lifting.</strong> Starting from the <code>Signer&lt;'info&gt;</code> type, to the <code>has_one</code> constraint, and the <code>#[account(...)]</code> macro. They aren't just conveniences; they're guardrails that prevent entire categories of vulnerabilities. </p> <p>The Pinocchio implementations made me appreciate how much validation Anchor handles automatically.</p> <p><strong>Arithmetic bugs are sneakier than I expected.</strong> Integer overflow doesn't throw an error in Rust by default (in release mode). Your balance just quietly wraps from 0 to 18,446,744,073,709,551,615. The checked math functions (<code>checked_add</code>, <code>checked_sub</code>) exist for a reason.</p> <p><strong>Re-entrancy in Solana is different from Ethereum.</strong> Solana's account model makes traditional re-entrancy harder, but CPI (Cross-Program Invocation) introduces its own version. The "checks-effects-interactions" pattern matters here too.</p> <p><strong>Security is about layers.</strong> No single check makes a program secure. It's the combination of signer validation, owner checks, PDA derivation, bounds checking, and careful state management that creates defense in depth.</p> <h2> Who this is for </h2> <ul> <li> <strong>Solana developers</strong> who want to level up their security knowledge</li> <li> <strong>Auditors</strong> looking for a reference of common vulnerability patterns</li> <li> <strong>Web3 security enthusiasts</strong> interested in hands-on learning</li> <li> <strong>Anyone curious</strong> about how smart contract exploits actually work</li> </ul> <p>You don't need to be a Solana expert. If you know basic Rust and understand that blockchains have "smart contracts," you can follow along.</p> <p>Happy (secure) coding!</p> webdev web3 blockchain solana Ola Adesoye Wed, 14 Jan 2026 00:05:25 +0000 https://forem.com/ola-zoll/building-a-biometric-crypto-wallet-that-actually-works-2ble https://forem.com/ola-zoll/building-a-biometric-crypto-wallet-that-actually-works-2ble <p><em>Or: How I Learned to Stop Worrying and Love WebAuthn Passkeys</em></p> <h2> The "Why Did I Do This Again?" Moment </h2> <p>So, I built a mobile crypto wallet. But not just any wallet – one where you create your wallet using your face (or fingerprint), and send money without paying gas fees. Sounds cool, right? Well, it kind of is, and I'm here to tell you it's also kind of not.</p> <p>Let me back up.</p> <p>A few weeks ago, I stumbled upon this thing called Lazorkit. They had this wild idea: what if instead of making people memorize 12-word seed phrases (which, let's be honest, most people just screenshot and pray their phones don't get stolen), we used biometric authentication? You know, the Face ID thing you use to unlock your phone 50 times a day anyway?</p> <p>Challenge accepted.</p> <h2> What I Built </h2> <p>The app is pretty straightforward:</p> <ol> <li>You tap "Create Wallet."</li> <li>Your phone asks for Face ID or fingerprint</li> <li>Boom. You have a Solana wallet.</li> <li>You can send USDC tokens without having SOL for gas fees (gasless transactions via a paymaster)</li> </ol> <p>That's it. No seed phrases. No "write this down on a piece of paper and hide it in your mattress." Just your face.</p> <p><strong>Tech Stack:</strong></p> <ul> <li>React Native (with Expo SDK 54)</li> <li>TypeScript (because I like knowing what's breaking before it breaks)</li> <li>Solana blockchain (Devnet for testing)</li> <li>Lazorkit SDK (the magic sauce)</li> <li>WebAuthn passkeys (the real magic sauce)</li> </ul> <h2> The "Oh Crap" Moments (aka What I Learned) </h2> <h3> 1. Polyfills Are Your Secret Enemies </h3> <p>First lesson: React Native doesn't have all the JavaScript globals that web browsers have. Solana's SDK expects things like <code>Buffer</code> and <code>crypto.getRandomValues()</code> to just... exist. They don't.</p> <p>I spent 2 hours debugging a cryptic error about randomness before realizing I needed to import polyfills. And not just import them – import them in the EXACT RIGHT ORDER at the very top of my app.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// This order matters. Don't ask me why. I've been hurt before.</span> <span class="k">import</span> <span class="dl">'</span><span class="s1">react-native-url-polyfill/auto</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Buffer</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">buffer</span><span class="dl">'</span><span class="p">;</span> <span class="nb">global</span><span class="p">.</span><span class="nx">Buffer</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">;</span> <span class="k">import</span> <span class="dl">'</span><span class="s1">react-native-get-random-values</span><span class="dl">'</span><span class="p">;</span> </code></pre> </div> <p>Move these around? Your app explodes. Fun times.</p> <h3> 2. Simulators Are Liars </h3> <p>You can't test biometric authentication properly on a simulator. I mean, you <em>can</em>, but it's like testing a swimming pool by looking at a picture of water. The iOS simulator has a "fake Face ID" feature that sort of works, but deep linking to the Lazorkit Portal and back? Yeah, that's where things get weird.</p> <p><strong>Hot tip:</strong> Get a physical device. Test on real hardware. Trust me on this one.</p> <h3> 3. WebAuthn Is Actually Pretty Cool </h3> <p>Here's the thing nobody told me: WebAuthn passkeys are just public-key cryptography with better UX. When you create a wallet:</p> <ol> <li>Your phone generates a key pair</li> <li>The private key stays in your device's secure enclave (the same place your fingerprint data lives)</li> <li>The public key goes to Lazorkit's Portal service</li> <li>When you need to sign something, your phone uses Face ID to unlock the private key</li> </ol> <p>It's like having a hardware wallet, but your phone IS the hardware wallet. Mind. Blown.</p> <h3> 4. Gasless Transactions Are Secretly Not Gasless </h3> <p>Plot twist: "gasless" transactions still have gas fees. You just don't pay them. A paymaster does.</p> <p>Here's how it works:</p> <ol> <li>You create a transaction (send 1 USDC to your friend)</li> <li>The paymaster service looks at it and says "cool, I'll pay the SOL fee"</li> <li>The paymaster signs the transaction with their wallet</li> <li>You sign it with your biometric wallet</li> <li>Transaction goes through, you paid $0</li> </ol> <p><strong>Catch:</strong> The paymaster won't create token accounts for you. If your recipient doesn't have a USDC account already, the transaction fails. This burned me during testing until I realized I could just send USDC to myself.</p> <h3> 5. Deep Linking Is Dark Magic </h3> <p>To make the biometric authentication work, the app needs to:</p> <ul> <li>Open Safari/Chrome</li> <li>Load the Lazorkit Portal page</li> <li>Trigger Face ID</li> <li>Redirect back to your app</li> </ul> <p>This requires deep linking configuration in <code>app.json</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"scheme"</span><span class="p">:</span><span class="w"> </span><span class="s2">"lazorkitstarter"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Getting this right took me 3 tries because I kept using weird characters. Keep it simple: lowercase, no spaces, no special characters. Future you will thank present you.</p> <h2> The "Wait, This Actually Works?" Moment </h2> <p>After wrestling with polyfills, deep links, and trying to understand why my transaction kept failing (spoiler: I had no test USDC), I finally got it working.</p> <p>I opened the app, tapped "Create Wallet," looked at my phone for Face ID, and BAM – I had a Solana wallet. </p> <p>No seed phrases. No friction.</p> <p>It felt like science fiction, but it's just good API design.</p> <h2> The Tutorials (Because I Like You) </h2> <p>I wrote two full tutorials for this project so you can follow along:</p> <p><strong>Tutorial 1: <a href="https://dev.to/ola-zoll/wallet-creation-with-biometric-authentication-1j6l">Wallet Creation with Biometric Authentication</a></strong> (~30 min)</p> <ul> <li>Setting up polyfills (the right way)</li> <li>Configuring LazorKitProvider</li> <li>Deep linking between your app and the Portal</li> <li>Handling biometric authentication callbacks</li> </ul> <p><strong>Tutorial 2: <a href="https://dev.to/ola-zoll/gasless-usdc-transactions-with-lazorkit-paymaster-356b">Gasless USDC Transactions</a></strong> (~40 min)</p> <ul> <li>Building Solana transactions with web3.js</li> <li>Integrating paymaster for gasless fees</li> <li>Proper blockhash management (because they expire after 60 seconds and will ruin your day)</li> <li>Error handling and validation</li> </ul> <h2> Who Is This For? </h2> <p><strong>You should build this if:</strong></p> <ul> <li>You're learning React Native and want a real-world project</li> <li>You're curious about Solana mobile development</li> <li>You want to understand how WebAuthn passkeys work</li> <li>You like the idea of crypto wallets without seed phrases</li> </ul> <p><strong>You should NOT build this if:</strong></p> <ul> <li>You need production-ready code (this is Devnet only, folks)</li> <li>You hate TypeScript</li> <li>You don't have a physical iPhone or Android device for testing</li> <li>You're allergic to polyfills</li> </ul> <h2> The TL;DR </h2> <p>I built a mobile crypto wallet with Face ID authentication and gasless transactions. It uses WebAuthn passkeys (no seed phrases!), runs on Solana Devnet, and actually works. I learned way too much about polyfills, deep linking, and why simulators are not your friends.</p> <p>If you're learning mobile dev or blockchain stuff, give it a shot. If nothing else, you'll have a very strong opinion about import order.</p> <p><em>Built this? Got stuck? Found a bug? Hit me up – I'm always down to talk about why something broke.</em></p> <p><strong>P.S.</strong> If you try this and your app crashes because of polyfill order, just know I told you so.😅</p> webdev programming web3 solana Ola Adesoye Tue, 13 Jan 2026 23:50:24 +0000 https://forem.com/ola-zoll/gasless-usdc-transactions-with-lazorkit-paymaster-356b https://forem.com/ola-zoll/gasless-usdc-transactions-with-lazorkit-paymaster-356b <p>In traditional blockchain applications, users need native cryptocurrency (like SOL on Solana) to pay for transaction fees, even when they're just sending tokens like USDC. This creates a major onboarding friction: users must acquire SOL before they can use your app to send USDC.</p> <p><strong>Gasless transactions solve this problem.</strong> With Lazorkit's paymaster integration, users can send USDC without holding any SOL. The paymaster service sponsors the transaction fees on behalf of the user by creating a seamless experience where users only need the tokens they want to send.</p> <h3> What is a Paymaster? </h3> <p>A paymaster is a third-party service that pays transaction fees on behalf of users. Here's how it works:</p> <ol> <li> <strong>User builds and signs transaction</strong> - The user creates a transfer transaction and signs it with their biometric authentication</li> <li> <strong>Paymaster receives signed transaction</strong> - The Lazorkit SDK automatically sends the signed transaction to the paymaster service</li> <li> <strong>Paymaster adds fee payment</strong> - The paymaster validates the transaction and adds a fee payer instruction (using their own SOL)</li> <li> <strong>Paymaster submits to blockchain</strong> - The sponsored transaction is submitted to the Solana network</li> </ol> <p><strong>Trustless security:</strong> Users only sign the transfer instruction itself, not the fee payment. The paymaster adds its own fee payment after receiving the user's signature. This means users always know exactly what they're signing.</p> <h3> Prerequisites </h3> <p>Before starting this tutorial, you should have:</p> <ul> <li>Completed <a href="https://dev.to/ola-zoll/wallet-creation-with-biometric-authentication-1j6l">Tutorial 1: Wallet Creation with Biometric Authentication</a> </li> <li>Basic understanding of React Native and Expo</li> <li>Familiarity with Solana blockchain concepts (accounts, transactions, tokens)</li> <li>Knowledge of TypeScript and async/await patterns</li> <li>Understanding of <code>@solana/web3.js</code> library basics</li> </ul> <h3> What You'll Build </h3> <p>In this tutorial, you'll implement a complete gasless USDC transfer flow:</p> <ol> <li> <strong>Transfer Form</strong> - Input validation for recipient address and amount</li> <li> <strong>Transaction Preview</strong> - Display transaction details before signing</li> <li> <strong>Transaction Building</strong> - Construct SPL Token transfer instruction using @solana/web3.js</li> <li> <strong>Biometric Signing</strong> - Trigger Face ID/Touch ID authentication</li> <li> <strong>Gasless Submission</strong> - Automatic paymaster sponsorship via Lazorkit SDK</li> <li> <strong>Confirmation Polling</strong> - Monitor blockchain for transaction confirmation</li> <li> <strong>Success Display</strong> - Show transaction details with Solana Explorer link</li> </ol> <h3> Time Required </h3> <p>Approximately <strong>30-40 minutes</strong> to complete all steps.</p> <h3> Related Resources </h3> <ul> <li> <a href="https://dev.to/ola-zoll/wallet-creation-with-biometric-authentication-1j6l">Tutorial 1: Wallet Creation</a> - Complete wallet setup first</li> </ul> <h2> Step 1: Understanding USDC SPL Token Transfers </h2> <p>Before building transactions, it's important to understand how USDC transfers work on Solana.</p> <h3> What is the SPL Token Program? </h3> <p>The <strong>Solana Program Library (SPL)</strong> Token Program is the standard for creating and managing fungible tokens on Solana. USDC on Solana is an SPL Token, just like thousands of other tokens on the network.</p> <p>Key concepts:</p> <ul> <li> <strong>Mint Address</strong>: Every SPL Token has a unique mint address that identifies the token type (like USDC)</li> <li> <strong>Token Accounts</strong>: Each wallet needs a separate "token account" to hold each type of SPL Token</li> <li> <strong>Associated Token Accounts (ATAs)</strong>: Deterministic addresses derived from wallet address + mint address</li> </ul> <h3> USDC Mint Address </h3> <p>In this project, we use the Devnet USDC mint address:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Source: services/constants.ts:127-129</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">USDC_MINT_DEVNET</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PublicKey</span><span class="p">(</span> <span class="dl">'</span><span class="s1">Gh9ZwEmdLJ8DscKNTkTqPbNwLNNBjuSzaG9Vp2KGtKJr</span><span class="dl">'</span> <span class="p">);</span> </code></pre> </div> <p><strong>What is a mint address?</strong> Think of it as the "contract address" or unique identifier for USDC on Solana. All USDC tokens on Devnet share this same mint address.</p> <blockquote> <p><strong>Note:</strong> Mainnet USDC has a different mint address. Always verify you're using the correct mint for your target network.</p> </blockquote> <h3> Associated Token Accounts (ATAs) </h3> <p>To hold USDC, each wallet needs an <strong>Associated Token Account (ATA)</strong>. The ATA address is deterministically derived from:</p> <ul> <li>The wallet's public key (owner)</li> <li>The token mint address (e.g., USDC) </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Source: services/SolanaService.ts:115-119</span> <span class="kd">const</span> <span class="nx">senderTokenAccount</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getAssociatedTokenAddress</span><span class="p">(</span> <span class="nx">usdcMint</span><span class="p">,</span> <span class="c1">// USDC mint address</span> <span class="nx">senderPublicKey</span><span class="p">,</span> <span class="c1">// Wallet owner's public key</span> <span class="kc">true</span> <span class="c1">// allowOwnerOffCurve - CRITICAL for smart wallets!</span> <span class="p">);</span> </code></pre> </div> <h4> CRITICAL: Smart Wallet Compatibility </h4> <p>The third parameter <code>allowOwnerOffCurve: true</code> is <strong>required</strong> for Lazorkit smart wallets:</p> <ul> <li> <strong>Why?</strong> Lazorkit smart wallets use Program Derived Addresses (PDAs)</li> <li> <strong>What are PDAs?</strong> Deterministic addresses generated using seeds (not random keypairs)</li> <li> <strong>The issue:</strong> PDAs are intentionally "off the ed25519 curve" (not valid elliptic curve points)</li> <li> <strong>The fix:</strong> Setting <code>allowOwnerOffCurve: true</code> tells the SDK to allow these off-curve addresses</li> </ul> <p><strong>Without this parameter, you'll get <code>TokenOwnerOffCurveError</code></strong> and transactions will fail.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// WRONG - Will fail for smart wallets</span> <span class="kd">const</span> <span class="nx">tokenAccount</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getAssociatedTokenAddress</span><span class="p">(</span><span class="nx">mint</span><span class="p">,</span> <span class="nx">owner</span><span class="p">);</span> <span class="c1">// CORRECT - Works with smart wallets (PDAs)</span> <span class="kd">const</span> <span class="nx">tokenAccount</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getAssociatedTokenAddress</span><span class="p">(</span><span class="nx">mint</span><span class="p">,</span> <span class="nx">owner</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> </code></pre> </div> <h3> SPL Token Transfer Instruction </h3> <p>Once you have both sender and recipient token accounts, you create a transfer instruction:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Source: services/SolanaService.ts:140-147</span> <span class="kd">const</span> <span class="nx">transferInstruction</span> <span class="o">=</span> <span class="nf">createTransferInstruction</span><span class="p">(</span> <span class="nx">senderTokenAccount</span><span class="p">,</span> <span class="c1">// Source: sender's USDC token account</span> <span class="nx">recipientTokenAccount</span><span class="p">,</span> <span class="c1">// Destination: recipient's USDC token account</span> <span class="nx">senderPublicKey</span><span class="p">,</span> <span class="c1">// Owner: wallet signing the transfer</span> <span class="nx">amountLamports</span><span class="p">,</span> <span class="c1">// Amount: USDC in lamports (6 decimals)</span> <span class="p">[],</span> <span class="c1">// Multi-signers: empty for single signature</span> <span class="nx">TOKEN_PROGRAM_ID</span> <span class="c1">// Program: SPL Token program</span> <span class="p">);</span> </code></pre> </div> <p><strong>Parameters explained:</strong></p> <ul> <li> <strong>Source</strong>: The sender's USDC token account (where USDC comes from)</li> <li> <strong>Destination</strong>: The recipient's USDC token account (where USDC goes)</li> <li> <strong>Owner</strong>: The sender's wallet public key (must sign the transaction)</li> <li> <strong>Amount</strong>: The amount to transfer in <strong>lamports</strong> (see below)</li> <li> <strong>Multi-signers</strong>: Empty array for single-signature wallets</li> <li> <strong>Program ID</strong>: The SPL Token program that processes this instruction</li> </ul> <h3> USDC Lamports Conversion </h3> <blockquote> <p><strong>Important:</strong> USDC has 6 decimal places, just like USD cents but with 4 more digits.</p> </blockquote> <p><strong>1 USDC = 1,000,000 lamports</strong></p> <p>Examples:</p> <ul> <li>10.50 USDC = 10,500,000 lamports</li> <li>0.01 USDC = 10,000 lamports</li> <li>100 USDC = 100,000,000 lamports </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Source: utils/ValidationUtils.ts:125-128</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">formatUSDCAmountToLamports</span><span class="p">(</span><span class="nx">amount</span><span class="p">:</span> <span class="kr">number</span><span class="p">):</span> <span class="kr">number</span> <span class="p">{</span> <span class="c1">// USDC has 6 decimals, so multiply by 1,000,000</span> <span class="k">return</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">round</span><span class="p">(</span><span class="nx">amount</span> <span class="o">*</span> <span class="mi">1</span><span class="nx">_000_000</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>This conversion is critical - transactions use lamports, not decimal amounts.</p> <h2> Step 2: Building the Transfer Transaction </h2> <p>Now that you understand SPL Token transfers, let's implement the transaction building logic using the <code>SolanaService</code> class.</p> <h3> The buildUSDCTransfer Method </h3> <p>The complete transaction building flow is encapsulated in <code>SolanaService.buildUSDCTransfer()</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Source: services/SolanaService.ts:101-161</span> <span class="k">static</span> <span class="k">async</span> <span class="nf">buildUSDCTransfer</span><span class="p">(</span> <span class="nx">request</span><span class="p">:</span> <span class="nx">TransactionRequest</span><span class="p">,</span> <span class="nx">senderPublicKey</span><span class="p">:</span> <span class="nx">PublicKey</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">Transaction</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// 1. Initialize RPC connection</span> <span class="kd">const</span> <span class="nx">connection</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nf">getConnection</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">usdcMint</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nf">getUSDCMintAddress</span><span class="p">();</span> <span class="c1">// 2. Parse recipient address to PublicKey</span> <span class="kd">const</span> <span class="nx">recipientPublicKey</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PublicKey</span><span class="p">(</span><span class="nx">request</span><span class="p">.</span><span class="nx">recipientAddress</span><span class="p">);</span> <span class="c1">// 3. Derive sender's USDC token account (ATA)</span> <span class="kd">const</span> <span class="nx">senderTokenAccount</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getAssociatedTokenAddress</span><span class="p">(</span> <span class="nx">usdcMint</span><span class="p">,</span> <span class="nx">senderPublicKey</span><span class="p">,</span> <span class="kc">true</span> <span class="c1">// allowOwnerOffCurve - CRITICAL for smart wallets!</span> <span class="p">);</span> <span class="c1">// 4. Derive recipient's USDC token account (ATA)</span> <span class="kd">const</span> <span class="nx">recipientTokenAccount</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getAssociatedTokenAddress</span><span class="p">(</span> <span class="nx">usdcMint</span><span class="p">,</span> <span class="nx">recipientPublicKey</span><span class="p">,</span> <span class="kc">true</span> <span class="c1">// allowOwnerOffCurve - recipient may also use smart wallet</span> <span class="p">);</span> <span class="c1">// 5. CRITICAL VALIDATION: Check recipient account exists</span> <span class="kd">const</span> <span class="nx">recipientAccountInfo</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">connection</span><span class="p">.</span><span class="nf">getAccountInfo</span><span class="p">(</span> <span class="nx">recipientTokenAccount</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">recipientAccountInfo</span> <span class="o">===</span> <span class="kc">null</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span> <span class="dl">'</span><span class="s1">Recipient USDC token account not initialized. They must receive USDC at least once before you can send to them.</span><span class="dl">'</span> <span class="p">);</span> <span class="p">}</span> <span class="c1">// 6. Create SPL Token transfer instruction</span> <span class="kd">const</span> <span class="nx">transferInstruction</span> <span class="o">=</span> <span class="nf">createTransferInstruction</span><span class="p">(</span> <span class="nx">senderTokenAccount</span><span class="p">,</span> <span class="c1">// Source</span> <span class="nx">recipientTokenAccount</span><span class="p">,</span> <span class="c1">// Destination</span> <span class="nx">senderPublicKey</span><span class="p">,</span> <span class="c1">// Owner</span> <span class="nx">request</span><span class="p">.</span><span class="nx">amountLamports</span><span class="p">,</span> <span class="c1">// Amount in lamports</span> <span class="p">[],</span> <span class="c1">// No multi-signers</span> <span class="nx">TOKEN_PROGRAM_ID</span> <span class="c1">// SPL Token program</span> <span class="p">);</span> <span class="c1">// 7. Build transaction with instruction</span> <span class="kd">const</span> <span class="nx">transaction</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Transaction</span><span class="p">().</span><span class="nf">add</span><span class="p">(</span><span class="nx">transferInstruction</span><span class="p">);</span> <span class="c1">// 8. Set fee payer (will be overridden by paymaster)</span> <span class="nx">transaction</span><span class="p">.</span><span class="nx">feePayer</span> <span class="o">=</span> <span class="nx">senderPublicKey</span><span class="p">;</span> <span class="c1">// 9. Fetch recent blockhash</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">blockhash</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">connection</span><span class="p">.</span><span class="nf">getLatestBlockhash</span><span class="p">();</span> <span class="nx">transaction</span><span class="p">.</span><span class="nx">recentBlockhash</span> <span class="o">=</span> <span class="nx">blockhash</span><span class="p">;</span> <span class="k">return</span> <span class="nx">transaction</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> Step-by-Step Breakdown </h3> <p>Let's understand each step in detail:</p> <h4> Step 1-2: Initialize Connection and Parse Address </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">connection</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nf">getConnection</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">usdcMint</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nf">getUSDCMintAddress</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">recipientPublicKey</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PublicKey</span><span class="p">(</span><span class="nx">request</span><span class="p">.</span><span class="nx">recipientAddress</span><span class="p">);</span> </code></pre> </div> <ul> <li> <strong>Connection</strong>: Create RPC connection to Solana Devnet</li> <li> <strong>USDC Mint</strong>: Get the USDC token mint address constant</li> <li> <strong>Recipient PublicKey</strong>: Convert recipient address string to PublicKey object</li> </ul> <h4> Step 3-4: Derive Token Accounts </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">senderTokenAccount</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getAssociatedTokenAddress</span><span class="p">(</span> <span class="nx">usdcMint</span><span class="p">,</span> <span class="nx">senderPublicKey</span><span class="p">,</span> <span class="kc">true</span> <span class="c1">// allowOwnerOffCurve - CRITICAL!</span> <span class="p">);</span> </code></pre> </div> <p><strong>Why <code>allowOwnerOffCurve: true</code>?</strong></p> <ul> <li>Lazorkit smart wallets use Program Derived Addresses (PDAs)</li> <li>PDAs are "off the ed25519 curve" by design</li> <li>Without this parameter, <code>getAssociatedTokenAddress()</code> throws <code>TokenOwnerOffCurveError</code> </li> <li>This applies to BOTH sender and recipient (either could use smart wallets)</li> </ul> <h4> Step 5: Validate Recipient Account Exists ⚠️ </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">recipientAccountInfo</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">connection</span><span class="p">.</span><span class="nf">getAccountInfo</span><span class="p">(</span><span class="nx">recipientTokenAccount</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">recipientAccountInfo</span> <span class="o">===</span> <span class="kc">null</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Recipient USDC token account not initialized...</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Why is this validation critical?</strong></p> <ol> <li> <strong>Paymaster won't initialize accounts</strong> - Creating token accounts costs SOL, and paymasters won't do this (too expensive and abusable)</li> <li> <strong>Transaction would fail</strong> - Sending to a non-existent account fails on-chain</li> <li> <strong>Better user experience</strong> - Fail fast with clear error before signing</li> </ol> <p><strong>When does this happen?</strong></p> <ul> <li>Recipient has never received USDC before</li> <li>Their USDC token account doesn't exist yet</li> <li>They need to receive USDC from another source first (faucet, exchange, friend)</li> </ul> <h4> Step 6: Create Transfer Instruction </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">transferInstruction</span> <span class="o">=</span> <span class="nf">createTransferInstruction</span><span class="p">(</span> <span class="nx">senderTokenAccount</span><span class="p">,</span> <span class="c1">// Where USDC comes from</span> <span class="nx">recipientTokenAccount</span><span class="p">,</span> <span class="c1">// Where USDC goes</span> <span class="nx">senderPublicKey</span><span class="p">,</span> <span class="c1">// Who signs the transfer</span> <span class="nx">request</span><span class="p">.</span><span class="nx">amountLamports</span><span class="p">,</span> <span class="c1">// How much (in lamports)</span> <span class="p">[],</span> <span class="c1">// Multi-sig signers (none)</span> <span class="nx">TOKEN_PROGRAM_ID</span> <span class="c1">// SPL Token program ID</span> <span class="p">);</span> </code></pre> </div> <p>This instruction tells the SPL Token program to move USDC from sender to recipient.</p> <h4> Step 7-9: Build Transaction </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">transaction</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Transaction</span><span class="p">().</span><span class="nf">add</span><span class="p">(</span><span class="nx">transferInstruction</span><span class="p">);</span> <span class="nx">transaction</span><span class="p">.</span><span class="nx">feePayer</span> <span class="o">=</span> <span class="nx">senderPublicKey</span><span class="p">;</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">blockhash</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">connection</span><span class="p">.</span><span class="nf">getLatestBlockhash</span><span class="p">();</span> <span class="nx">transaction</span><span class="p">.</span><span class="nx">recentBlockhash</span> <span class="o">=</span> <span class="nx">blockhash</span><span class="p">;</span> </code></pre> </div> <p><strong>Fee Payer</strong>: Set to sender's wallet, but <strong>paymaster will override this</strong><br> <strong>Blockhash</strong>: Acts as a timestamp to prevent transaction replay. Valid for ~60 seconds.</p> <blockquote> <p><strong>Important:</strong> Always fetch blockhash immediately before signing. Don't pre-build transactions minutes in advance, or the blockhash will become stale and the transaction will be rejected.</p> </blockquote> <h3> The TransactionRequest Interface </h3> <p>The method accepts a <code>TransactionRequest</code> object from the transfer form:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Source: types/index.ts:45-77</span> <span class="kr">interface</span> <span class="nx">TransactionRequest</span> <span class="p">{</span> <span class="nl">recipientAddress</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// Base58-encoded Solana address</span> <span class="nl">amount</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// USDC in decimal format (e.g., 10.50)</span> <span class="nl">amountLamports</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// USDC in lamports (e.g., 10,500,000)</span> <span class="nl">timestamp</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// Unix timestamp (milliseconds)</span> <span class="p">}</span> </code></pre> </div> <p>This is created by the transfer form and passed via navigation params.</p> <h2> Step 3: Configuring the Paymaster </h2> <p>The paymaster integration is configured once at the application root using <code>LazorKitProvider</code>. Once configured, all transactions automatically benefit from gas sponsorship with no additional code required.</p> <h3> LazorKitProvider Configuration </h3> <p>In your root layout file, wrap your application with <code>LazorKitProvider</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Source: app/_layout.tsx:22-28</span> <span class="o">&lt;</span><span class="nx">LazorKitProvider</span> <span class="nx">rpcUrl</span><span class="o">=</span><span class="dl">"</span><span class="s2">https://api.devnet.solana.com</span><span class="dl">"</span> <span class="nx">portalUrl</span><span class="o">=</span><span class="dl">"</span><span class="s2">https://portal.lazor.sh</span><span class="dl">"</span> <span class="nx">configPaymaster</span><span class="o">=</span><span class="p">{{</span> <span class="na">paymasterUrl</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://kora.devnet.lazorkit.com</span><span class="dl">'</span> <span class="p">}}</span> <span class="o">&gt;</span> <span class="p">{</span><span class="nx">children</span><span class="p">}</span> <span class="o">&lt;</span><span class="sr">/LazorKitProvider</span><span class="err">&gt; </span></code></pre> </div> <h3> Configuration Parameters Explained </h3> <h4> <code>rpcUrl</code> - Solana RPC Endpoint </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">rpcUrl</span><span class="o">=</span><span class="dl">"</span><span class="s2">https://api.devnet.solana.com</span><span class="dl">"</span> </code></pre> </div> <p><strong>What it does:</strong> Defines the Solana blockchain RPC endpoint for:</p> <ul> <li>Querying account data (balances, token accounts)</li> <li>Submitting transactions to the network</li> <li>Confirming transaction status</li> </ul> <p><strong>Networks:</strong></p> <ul> <li>Devnet: <code>https://api.devnet.solana.com</code> (for development)</li> <li>Mainnet: <code>https://api.mainnet-beta.solana.com</code> (for production)</li> </ul> <blockquote> <p><strong>Note:</strong> The public RPC has rate limits (~40 requests per 10 seconds). For production apps, use a paid RPC provider like QuickNode, Alchemy, or Helius.</p> </blockquote> <h4> <code>portalUrl</code> - Lazorkit Portal for Authentication </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">portalUrl</span><span class="o">=</span><span class="dl">"</span><span class="s2">https://portal.lazor.sh</span><span class="dl">"</span> </code></pre> </div> <p><strong>What it does:</strong> Lazorkit Portal URL for WebAuthn passkey authentication:</p> <ul> <li>Handles biometric credential creation (Face ID/Touch ID)</li> <li>Manages passkey authentication flow</li> <li>Returns signed transactions to your app</li> </ul> <p><strong>How it works:</strong> When signing transactions, your app opens this portal in a browser, which triggers the biometric prompt and signs the transaction using the user's passkey.</p> <h4> <code>configPaymaster</code> - Paymaster Service Configuration </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">configPaymaster</span><span class="o">=</span><span class="p">{{</span> <span class="na">paymasterUrl</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://kora.devnet.lazorkit.com</span><span class="dl">'</span> <span class="p">}}</span> </code></pre> </div> <p><strong>What it does:</strong> Configures the paymaster service that sponsors transaction fees.</p> <p><strong>Paymaster URLs:</strong></p> <ul> <li>Devnet: <code>https://kora.devnet.lazorkit.com</code> </li> <li>Mainnet: <code>https://kora.lazorkit.com</code> </li> </ul> <p><strong>How it works:</strong></p> <ol> <li>You build and sign transaction client-side</li> <li>SDK automatically sends signed transaction to <code>paymasterUrl</code> </li> <li>Paymaster validates the transaction</li> <li>Paymaster adds its own fee payer instruction (sponsors the gas)</li> <li>Paymaster submits sponsored transaction to Solana RPC</li> <li>SDK receives transaction signature and returns to your app</li> </ol> <p><strong>No explicit API calls needed</strong> - The Lazorkit SDK handles all paymaster communication internally when you call <code>wallet.signAndSendTransaction()</code>.</p> <h3> Automatic Paymaster Routing </h3> <p>Once configured, every transaction signed with <code>wallet.signAndSendTransaction()</code> automatically routes through the paymaster. You don't need to:</p> <ul> <li>Make explicit paymaster API calls</li> <li>Handle paymaster request/response manually</li> <li>Add fee payer logic to your code</li> </ul> <p>The SDK does it all automatically based on the <code>configPaymaster.paymasterUrl</code> setting.</p> <h3> Environment-Specific Configuration </h3> <p>For production apps, consider using environment variables:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="o">&lt;</span><span class="nx">LazorKitProvider</span> <span class="nx">rpcUrl</span><span class="o">=</span><span class="p">{</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">EXPO_PUBLIC_SOLANA_RPC_URL</span><span class="p">}</span> <span class="nx">portalUrl</span><span class="o">=</span><span class="p">{</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">EXPO_PUBLIC_PORTAL_URL</span><span class="p">}</span> <span class="nx">configPaymaster</span><span class="o">=</span><span class="p">{{</span> <span class="na">paymasterUrl</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">EXPO_PUBLIC_PAYMASTER_URL</span> <span class="p">}}</span> <span class="o">&gt;</span> <span class="p">{</span><span class="nx">children</span><span class="p">}</span> <span class="o">&lt;</span><span class="sr">/LazorKitProvider</span><span class="err">&gt; </span></code></pre> </div> <p>This allows easy switching between Devnet and Mainnet without code changes.</p> <h2> Step 4: Signing and Submitting the Transaction </h2> <p>Now that the transaction is built and the paymaster is configured, let's implement the signing and submission flow using the Lazorkit SDK.</p> <h3> Complete Signing Flow </h3> <p>Here's the complete flow extracted from the confirm screen:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Source: app/confirm.tsx:84-106</span> <span class="kd">const</span> <span class="nx">handleConfirmAndSign</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">setIsSubmitting</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="nf">setTransactionStatus</span><span class="p">(</span><span class="dl">'</span><span class="s1">pending</span><span class="dl">'</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Build USDC transfer transaction</span> <span class="kd">const</span> <span class="nx">transaction</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">SolanaService</span><span class="p">.</span><span class="nf">buildUSDCTransfer</span><span class="p">(</span> <span class="nx">transactionRequest</span><span class="p">,</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">smartWalletPubkey</span><span class="o">!</span> <span class="p">);</span> <span class="c1">// Sign and send via Lazorkit SDK (triggers biometric + paymaster)</span> <span class="kd">const</span> <span class="nx">txSignature</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">wallet</span><span class="p">.</span><span class="nf">signAndSendTransaction</span><span class="p">(</span> <span class="p">{</span> <span class="na">instructions</span><span class="p">:</span> <span class="nx">transaction</span><span class="p">.</span><span class="nx">instructions</span><span class="p">,</span> <span class="na">transactionOptions</span><span class="p">:</span> <span class="p">{</span> <span class="na">clusterSimulation</span><span class="p">:</span> <span class="dl">'</span><span class="s1">devnet</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">{</span> <span class="na">redirectUrl</span><span class="p">:</span> <span class="dl">'</span><span class="s1">passkey-integ://confirm</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span> <span class="p">);</span> <span class="nf">setSignature</span><span class="p">(</span><span class="nx">txSignature</span><span class="p">);</span> <span class="c1">// Poll for confirmation (covered in Step 5)</span> <span class="kd">const</span> <span class="nx">status</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">SolanaService</span><span class="p">.</span><span class="nf">confirmTransaction</span><span class="p">(</span><span class="nx">txSignature</span><span class="p">);</span> <span class="c1">// ... handle status</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// ... handle error</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <h3> Understanding signAndSendTransaction() </h3> <p>The <code>wallet.signAndSendTransaction()</code> method is the heart of the Lazorkit SDK. Let's break down its parameters:</p> <h4> First Parameter: Transaction Payload </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">{</span> <span class="nl">instructions</span><span class="p">:</span> <span class="nx">transaction</span><span class="p">.</span><span class="nx">instructions</span><span class="p">,</span> <span class="nx">transactionOptions</span><span class="p">:</span> <span class="p">{</span> <span class="nl">clusterSimulation</span><span class="p">:</span> <span class="dl">'</span><span class="s1">devnet</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> </code></pre> </div> <p><strong><code>instructions</code></strong>: Array of transaction instructions to sign</p> <ul> <li>Extracted from the Transaction object built by SolanaService</li> <li>Contains the SPL Token transfer instruction</li> </ul> <p><strong><code>transactionOptions.clusterSimulation</code></strong>: Blockchain network for simulation</p> <ul> <li>Set to <code>'devnet'</code> for development</li> <li>Set to <code>'mainnet-beta'</code> for production</li> <li>Used by SDK to validate transaction before submission</li> </ul> <blockquote> <p><strong>Important:</strong> The Lazorkit SDK uses a specific API format. You pass <code>{ instructions: [...] }</code>, NOT a complete Transaction object like standard Solana wallet adapters.</p> </blockquote> <h4> Second Parameter: Sign Options </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">{</span> <span class="nl">redirectUrl</span><span class="p">:</span> <span class="dl">'</span><span class="s1">passkey-integ://confirm</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <p><strong><code>redirectUrl</code></strong>: Deep link URL for returning to your app</p> <ul> <li>After signing, Portal redirects back to this URL</li> <li>Must match your app's deep link scheme (configured in <code>app.json</code>)</li> <li>Example: <code>'yourapp://confirm'</code> or <code>'yourapp://callback'</code> </li> </ul> <p>This is required for the authentication flow to return control to your app after biometric signing.</p> <h3> The Automatic Paymaster Flow </h3> <p>When you call <code>wallet.signAndSendTransaction()</code>, here's what happens automatically:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌──────────────────────────────────────────────────────────────┐ │ Paymaster Flow (Automatic) │ └──────────────────────────────────────────────────────────────┘ 1. App calls wallet.signAndSendTransaction() └─&gt; SDK receives unsigned transaction 2. SDK triggers biometric prompt └─&gt; User authenticates with Face ID/Touch ID 3. SDK signs transaction with passkey └─&gt; User signature applied to transfer instruction 4. SDK sends signed transaction to paymaster └─&gt; Automatic POST to configPaymaster.paymasterUrl 5. Paymaster validates transaction └─&gt; Checks signature, structure, and limits 6. Paymaster adds fee payer instruction └─&gt; Paymaster's wallet pays transaction fees (SOL) 7. Paymaster submits to Solana RPC └─&gt; Sponsored transaction sent to blockchain 8. SDK receives transaction signature └─&gt; Returns signature to your app </code></pre> </div> <h3> Trustless Security Model </h3> <p><strong>Critical security feature:</strong> Users only sign the transfer instruction, NOT the fee payment.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// What user signs:</span> <span class="c1">// "Transfer 10 USDC from my account to recipient"</span> <span class="c1">// What user does NOT sign:</span> <span class="c1">// Fee payer instruction (added by paymaster after signing)</span> </code></pre> </div> <p>This means:</p> <ul> <li>User sees exactly what they're signing (transfer amount and recipient)</li> <li>Paymaster cannot modify the transfer instruction (already signed)</li> <li>Paymaster can only add its own fee payment (doesn't affect transfer)</li> <li>User always knows precisely what transaction will execute</li> </ul> <h3> Biometric Authentication </h3> <p>When <code>signAndSendTransaction()</code> is called, the SDK automatically:</p> <ol> <li>Opens Lazorkit Portal in system browser</li> <li>Portal triggers OS biometric prompt (Face ID/Touch ID)</li> <li>User authenticates with biometrics</li> <li>Portal signs transaction using passkey credential</li> <li>Portal redirects back to your app via <code>redirectUrl</code> </li> </ol> <p><strong>User cancellation:</strong> If user cancels biometric prompt, SDK throws error:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">?.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">cancelled</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// User cancelled - handle gracefully</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Error Handling </h3> <p>Common errors during signing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">signature</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">wallet</span><span class="p">.</span><span class="nf">signAndSendTransaction</span><span class="p">(...)</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">?.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">cancelled</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// User cancelled biometric prompt</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">?.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">not initialized</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// Recipient account doesn't exist</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">?.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">Insufficient</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// Not enough USDC balance</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">?.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">Paymaster</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// Paymaster rejected transaction</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c1">// Other network or SDK errors</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>See Step 6 (Troubleshooting) for detailed error handling strategies.</p> <h2> Step 5: Confirming Transaction on Blockchain </h2> <p>After the transaction is signed and submitted, you need to poll the blockchain to confirm it was successfully processed.</p> <h3> Transaction Confirmation Flow </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Source: app/confirm.tsx:109-118</span> <span class="kd">const</span> <span class="nx">txSignature</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">wallet</span><span class="p">.</span><span class="nf">signAndSendTransaction</span><span class="p">(...);</span> <span class="nf">setSignature</span><span class="p">(</span><span class="nx">txSignature</span><span class="p">);</span> <span class="c1">// Poll for confirmation with 'confirmed' commitment</span> <span class="kd">const</span> <span class="nx">status</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">SolanaService</span><span class="p">.</span><span class="nf">confirmTransaction</span><span class="p">(</span><span class="nx">txSignature</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">status</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">confirmed</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setTransactionStatus</span><span class="p">(</span><span class="dl">'</span><span class="s1">confirmed</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">setTransactionStatus</span><span class="p">(</span><span class="dl">'</span><span class="s1">failed</span><span class="dl">'</span><span class="p">);</span> <span class="nf">setError</span><span class="p">(</span><span class="nx">status</span><span class="p">.</span><span class="nx">error</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">Transaction failed</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> The confirmTransaction Method </h3> <p>The <code>SolanaService.confirmTransaction()</code> method polls the RPC for transaction status:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Source: services/SolanaService.ts:189-239</span> <span class="k">static</span> <span class="k">async</span> <span class="nf">confirmTransaction</span><span class="p">(</span> <span class="nx">signature</span><span class="p">:</span> <span class="nx">TransactionSignature</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">TransactionStatus</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">connection</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nf">getConnection</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">submittedAt</span> <span class="o">=</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">();</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Poll for transaction confirmation with 'confirmed' commitment level</span> <span class="kd">const</span> <span class="nx">confirmation</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">connection</span><span class="p">.</span><span class="nf">confirmTransaction</span><span class="p">(</span> <span class="nx">signature</span><span class="p">,</span> <span class="dl">'</span><span class="s1">confirmed</span><span class="dl">'</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">confirmedAt</span> <span class="o">=</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">();</span> <span class="c1">// Check if transaction succeeded or failed on-chain</span> <span class="k">if </span><span class="p">(</span><span class="nx">confirmation</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Transaction was confirmed but failed execution</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">signature</span><span class="p">,</span> <span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">failed</span><span class="dl">'</span><span class="p">,</span> <span class="na">confirmations</span><span class="p">:</span> <span class="mi">32</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="s2">`Transaction failed: </span><span class="p">${</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">confirmation</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">err</span><span class="p">)}</span><span class="s2">`</span><span class="p">,</span> <span class="na">explorerUrl</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">SOLANA_EXPLORER_URL</span><span class="p">}</span><span class="s2">/tx/</span><span class="p">${</span><span class="nx">signature</span><span class="p">}</span><span class="s2">?cluster=devnet`</span><span class="p">,</span> <span class="nx">submittedAt</span><span class="p">,</span> <span class="nx">confirmedAt</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> <span class="c1">// Transaction succeeded</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">signature</span><span class="p">,</span> <span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">confirmed</span><span class="dl">'</span><span class="p">,</span> <span class="na">confirmations</span><span class="p">:</span> <span class="mi">32</span><span class="p">,</span> <span class="na">explorerUrl</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">SOLANA_EXPLORER_URL</span><span class="p">}</span><span class="s2">/tx/</span><span class="p">${</span><span class="nx">signature</span><span class="p">}</span><span class="s2">?cluster=devnet`</span><span class="p">,</span> <span class="nx">submittedAt</span><span class="p">,</span> <span class="nx">confirmedAt</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="na">error</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Confirmation timeout or RPC error</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">signature</span><span class="p">,</span> <span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">failed</span><span class="dl">'</span><span class="p">,</span> <span class="na">confirmations</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">Transaction confirmation failed</span><span class="dl">'</span><span class="p">,</span> <span class="na">explorerUrl</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">SOLANA_EXPLORER_URL</span><span class="p">}</span><span class="s2">/tx/</span><span class="p">${</span><span class="nx">signature</span><span class="p">}</span><span class="s2">?cluster=devnet`</span><span class="p">,</span> <span class="nx">submittedAt</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Understanding Commitment Levels </h3> <p>Solana offers different commitment levels for transaction confirmation:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Commitment Level</th> <th>Confirmations</th> <th>Time</th> <th>Finality</th> <th>Use Case</th> </tr> </thead> <tbody> <tr> <td><strong>processed</strong></td> <td>0</td> <td>Instant</td> <td>None</td> <td>Real-time updates (NOT recommended for financial ops)</td> </tr> <tr> <td><strong>confirmed</strong></td> <td>32</td> <td>15-20s</td> <td>High</td> <td> <strong>RECOMMENDED</strong> - Good balance of speed and security</td> </tr> <tr> <td><strong>finalized</strong></td> <td>Max</td> <td>30+s</td> <td>Highest</td> <td>Maximum security (slow for UX)</td> </tr> </tbody> </table></div> <p><strong>Why we use 'confirmed':</strong></p> <ul> <li>Provides high confidence of finality (32 confirmations)</li> <li>Much faster than 'finalized' (15-20s vs 30+s)</li> <li>Better user experience without sacrificing security</li> <li>Sufficient for most applications including financial transfers</li> </ul> <blockquote> <p><strong>Note:</strong> Once a transaction reaches 'confirmed' status, the probability of it being rolled back is extremely low on Solana.</p> </blockquote> <h3> The TransactionStatus Interface </h3> <p>The confirmation method returns a <code>TransactionStatus</code> object:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Source: types/index.ts:85-131</span> <span class="kr">interface</span> <span class="nx">TransactionStatus</span> <span class="p">{</span> <span class="nl">signature</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// Transaction signature</span> <span class="nl">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">pending</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">confirmed</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">failed</span><span class="dl">'</span><span class="p">;</span> <span class="nl">confirmations</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// Number of confirmations (32 for 'confirmed')</span> <span class="nl">error</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// Error message if failed</span> <span class="nl">explorerUrl</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// Solana Explorer link</span> <span class="nl">submittedAt</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// Timestamp when submitted</span> <span class="nl">confirmedAt</span><span class="p">?:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// Timestamp when confirmed</span> <span class="p">}</span> </code></pre> </div> <h3> UI State Management </h3> <p>The confirm screen manages transaction state through the lifecycle:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Source: app/confirm.tsx:56-61</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">transactionStatus</span><span class="p">,</span> <span class="nx">setTransactionStatus</span><span class="p">]</span> <span class="o">=</span> <span class="nx">useState</span><span class="o">&lt;</span> <span class="dl">'</span><span class="s1">preview</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">pending</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">confirmed</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">failed</span><span class="dl">'</span> <span class="o">&gt;</span><span class="p">(</span><span class="dl">'</span><span class="s1">preview</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">signature</span><span class="p">,</span> <span class="nx">setSignature</span><span class="p">]</span> <span class="o">=</span> <span class="nx">useState</span><span class="o">&lt;</span><span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">error</span><span class="p">,</span> <span class="nx">setError</span><span class="p">]</span> <span class="o">=</span> <span class="nx">useState</span><span class="o">&lt;</span><span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> </code></pre> </div> <p><strong>State transitions:</strong></p> <ol> <li> <strong>preview</strong> → User sees transaction details, taps "Confirm &amp; Sign"</li> <li> <strong>pending</strong> → Show loading spinner while waiting for confirmation</li> <li> <strong>confirmed</strong> → Show success checkmark with Explorer link</li> <li> <strong>failed</strong> → Show error message with retry option</li> </ol> <h3> Displaying Transaction Status </h3> <p>The UI shows different views based on transaction status:</p> <p><strong>Pending State:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Source: app/confirm.tsx:242-256</span> <span class="p">{</span><span class="nx">transactionStatus</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">pending</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">View</span> <span class="nx">style</span><span class="o">=</span><span class="p">{</span><span class="nx">styles</span><span class="p">.</span><span class="nx">statusContainer</span><span class="p">}</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">Text</span> <span class="nx">style</span><span class="o">=</span><span class="p">{</span><span class="nx">styles</span><span class="p">.</span><span class="nx">title</span><span class="p">}</span><span class="o">&gt;</span><span class="nx">Processing</span> <span class="nx">Transaction</span><span class="o">&lt;</span><span class="sr">/Text</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">ActivityIndicator</span> <span class="nx">size</span><span class="o">=</span><span class="dl">"</span><span class="s2">large</span><span class="dl">"</span> <span class="nx">color</span><span class="o">=</span><span class="p">{</span><span class="nx">Colors</span><span class="p">.</span><span class="nx">primary</span><span class="p">.</span><span class="nx">purple</span><span class="p">}</span> <span class="sr">/</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">Text</span> <span class="nx">style</span><span class="o">=</span><span class="p">{</span><span class="nx">styles</span><span class="p">.</span><span class="nx">loadingText</span><span class="p">}</span><span class="o">&gt;</span> <span class="nx">Waiting</span> <span class="k">for</span> <span class="nx">blockchain</span> <span class="nx">confirmation</span><span class="p">...</span> <span class="o">&lt;</span><span class="sr">/Text</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">Text</span> <span class="nx">style</span><span class="o">=</span><span class="p">{</span><span class="nx">styles</span><span class="p">.</span><span class="nx">loadingText</span><span class="p">}</span><span class="o">&gt;</span><span class="nx">This</span> <span class="nx">may</span> <span class="nx">take</span> <span class="mi">15</span><span class="o">-</span><span class="mi">30</span> <span class="nx">seconds</span><span class="o">&lt;</span><span class="sr">/Text</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/View</span><span class="err">&gt; </span><span class="p">)}</span> </code></pre> </div> <p><strong>Confirmed State:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Source: app/confirm.tsx:259-313</span> <span class="p">{</span><span class="nx">transactionStatus</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">confirmed</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="p">(</span> <span class="o">&lt;&gt;</span> <span class="o">&lt;</span><span class="nx">View</span> <span class="nx">style</span><span class="o">=</span><span class="p">{</span><span class="nx">styles</span><span class="p">.</span><span class="nx">statusContainer</span><span class="p">}</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">Text</span> <span class="nx">style</span><span class="o">=</span><span class="p">{</span><span class="nx">styles</span><span class="p">.</span><span class="nx">statusIcon</span><span class="p">}</span><span class="o">&gt;</span><span class="err">✓</span><span class="o">&lt;</span><span class="sr">/Text</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">Text</span> <span class="nx">style</span><span class="o">=</span><span class="p">{</span><span class="nx">styles</span><span class="p">.</span><span class="nx">title</span><span class="p">}</span><span class="o">&gt;</span><span class="nx">Transaction</span> <span class="nx">Successful</span><span class="o">&lt;</span><span class="sr">/Text</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/View</span><span class="err">&gt; </span> <span class="p">{</span><span class="cm">/* Show transaction details */</span><span class="p">}</span> <span class="o">&lt;</span><span class="nx">TouchableOpacity</span> <span class="nx">onPress</span><span class="o">=</span><span class="p">{</span><span class="nx">handleViewOnExplorer</span><span class="p">}</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">Text</span><span class="o">&gt;</span><span class="nx">View</span> <span class="nx">on</span> <span class="nx">Explorer</span><span class="o">&lt;</span><span class="sr">/Text</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/TouchableOpacity</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/</span><span class="err">&gt; </span><span class="p">)}</span> </code></pre> </div> <h3> Opening Solana Explorer </h3> <p>Allow users to view transaction details on Solana Explorer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Source: app/confirm.tsx:167-171</span> <span class="kd">const</span> <span class="nx">handleViewOnExplorer</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">signature</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">explorerUrl</span> <span class="o">=</span> <span class="s2">`https://explorer.solana.com/tx/</span><span class="p">${</span><span class="nx">signature</span><span class="p">}</span><span class="s2">?cluster=devnet`</span><span class="p">;</span> <span class="nx">Linking</span><span class="p">.</span><span class="nf">openURL</span><span class="p">(</span><span class="nx">explorerUrl</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>The Explorer shows:</p> <ul> <li>Transaction signature</li> <li>Block number and timestamp</li> <li> <strong>Fee payer</strong> (shows paymaster address, not user's address!)</li> <li>All instructions (transfer + fee payment)</li> <li>Transaction logs</li> </ul> <h2> Step 6: Verifying Gasless Execution </h2> <p>One of the key benefits of the paymaster is that users don't need SOL to send USDC. Let's verify this.</p> <h3> How to Verify Gasless Transaction </h3> <p>Follow these steps to confirm the transaction was truly gasless:</p> <h4> 1. Check Wallet SOL Balance Before Transfer </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Connection</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@solana/web3.js</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">connection</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Connection</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://api.devnet.solana.com</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">balanceBefore</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">connection</span><span class="p">.</span><span class="nf">getBalance</span><span class="p">(</span><span class="nx">wallet</span><span class="p">.</span><span class="nx">smartWalletPubkey</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">SOL balance before:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">balanceBefore</span> <span class="o">/</span> <span class="mi">1</span><span class="nx">e9</span><span class="p">,</span> <span class="dl">'</span><span class="s1">SOL</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <h4> 2. Complete USDC Transfer </h4> <p>Execute the transfer as documented in Steps 1-5.</p> <h4> 3. Check Wallet SOL Balance After Transfer </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">balanceAfter</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">connection</span><span class="p">.</span><span class="nf">getBalance</span><span class="p">(</span><span class="nx">wallet</span><span class="p">.</span><span class="nx">smartWalletPubkey</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">SOL balance after:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">balanceAfter</span> <span class="o">/</span> <span class="mi">1</span><span class="nx">e9</span><span class="p">,</span> <span class="dl">'</span><span class="s1">SOL</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <h4> 4. Verify SOL Balance Unchanged </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">if </span><span class="p">(</span><span class="nx">balanceBefore</span> <span class="o">===</span> <span class="nx">balanceAfter</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Transaction was gasless! SOL balance unchanged.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Transaction consumed SOL:</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">balanceBefore</span> <span class="o">-</span> <span class="nx">balanceAfter</span><span class="p">)</span> <span class="o">/</span> <span class="mi">1</span><span class="nx">e9</span><span class="p">,</span> <span class="dl">'</span><span class="s1">SOL</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Expected result:</strong> SOL balance should be exactly the same (typically 0 SOL for new wallets).</p> <h3> What "Gasless" Means </h3> <p><strong>Gasless transactions:</strong></p> <ul> <li>User's wallet never needs SOL for transaction fees</li> <li>Paymaster's wallet pays all gas fees (SOL)</li> <li>User only needs USDC to send USDC</li> <li>No friction for users to acquire SOL</li> </ul> <p><strong>Traditional transactions:</strong></p> <ul> <li>User must hold SOL to pay gas fees</li> <li>Even for sending USDC, SOL is required</li> <li>Adds onboarding friction (where to buy SOL?)</li> </ul> <h3> Verifying on Solana Explorer </h3> <p>Open the transaction in Solana Explorer to see the paymaster in action:</p> <ol> <li>Click "View on Explorer" button after transaction confirms</li> <li>Look for the <strong>"Fee Payer"</strong> field in transaction details</li> <li>The fee payer address will be the <strong>paymaster's wallet</strong>, not your wallet</li> </ol> <p><strong>What to look for:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Transaction Details ├─ Signature: 5VERv8NMvzb... ├─ Block: 234567890 ├─ Fee Payer: &lt;Paymaster Address&gt; ← Not your wallet! ├─ Recent Blockhash: abc123... └─ Instructions: ├─ 1. SPL Token Transfer (your signature) └─ 2. Fee Payment (paymaster signature) </code></pre> </div> <p>The <strong>Fee Payer</strong> field shows who paid for the transaction. In gasless transactions, this is the paymaster's address, proving your wallet didn't spend any SOL.</p> <h3> Benefits of Gasless Transactions </h3> <p><strong>For Users:</strong></p> <ul> <li> <strong>Simpler onboarding</strong> - No need to acquire SOL first</li> <li> <strong>One-token model</strong> - Only need USDC to send USDC</li> <li> <strong>Mobile-first UX</strong> - Works like traditional payment apps</li> <li> <strong>Instant start</strong> - Send transactions immediately after wallet creation</li> </ul> <p><strong>For Developers:</strong></p> <ul> <li> <strong>Lower user friction</strong> - Higher conversion rates</li> <li> <strong>Better UX</strong> - No "acquire gas" tutorial needed</li> <li> <strong>Mainstream appeal</strong> - Blockchain complexity hidden</li> <li> <strong>Business model flexibility</strong> - You control sponsorship limits</li> </ul> <h2> Troubleshooting </h2> <p>Common issues you may encounter when implementing gasless USDC transfers:</p> <h3> Issue 1: "Recipient USDC token account not initialized" </h3> <p><strong>Error Message:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Recipient USDC token account not initialized. They must receive USDC at least once before you can send to them. </code></pre> </div> <p><strong>Cause:</strong></p> <ul> <li>Recipient has never received USDC before</li> <li>Their Associated Token Account (ATA) for USDC doesn't exist on-chain</li> </ul> <p><strong>Solution:</strong></p> <ul> <li>Recipient must receive USDC at least once from another source first</li> <li>Options: Devnet faucet, exchange transfer, or transfer from another wallet</li> <li>The paymaster will NOT initialize token accounts (too expensive and abusable)</li> </ul> <p><strong>Prevention:</strong><br> Display a clear error message to users explaining that the recipient needs to initialize their USDC account first.</p> <h3> Issue 2: "TokenOwnerOffCurveError when calling getAssociatedTokenAddress" </h3> <p><strong>Error Message:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>TokenOwnerOffCurveError: Token owner off curve </code></pre> </div> <p><strong>Cause:</strong></p> <ul> <li>Missing <code>allowOwnerOffCurve: true</code> parameter in <code>getAssociatedTokenAddress()</code> call</li> <li>Lazorkit smart wallets use Program Derived Addresses (PDAs) which are off-curve</li> </ul> <p><strong>Solution:</strong><br> Always add the third parameter to <code>getAssociatedTokenAddress()</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// WRONG - Will fail for smart wallets</span> <span class="kd">const</span> <span class="nx">tokenAccount</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getAssociatedTokenAddress</span><span class="p">(</span><span class="nx">mint</span><span class="p">,</span> <span class="nx">owner</span><span class="p">);</span> <span class="c1">// CORRECT - Works with smart wallets</span> <span class="kd">const</span> <span class="nx">tokenAccount</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getAssociatedTokenAddress</span><span class="p">(</span><span class="nx">mint</span><span class="p">,</span> <span class="nx">owner</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> </code></pre> </div> <p><strong>Background:</strong><br> PDAs are intentionally "off the ed25519 curve" - they're deterministic addresses generated using seeds, not random keypairs. The <code>allowOwnerOffCurve</code> parameter tells the SDK to allow these addresses.</p> <h3> Issue 3: "Transaction signing was cancelled" </h3> <p><strong>Error Message:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Transaction signing was cancelled </code></pre> </div> <p><strong>Cause:</strong></p> <ul> <li>User cancelled the biometric prompt (Face ID/Touch ID)</li> <li>User dismissed the authentication dialog</li> </ul> <p><strong>Solution:</strong><br> This is expected user behavior - handle gracefully:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">?.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">cancelled</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// Show user-friendly message</span> <span class="nf">setError</span><span class="p">(</span><span class="dl">'</span><span class="s1">Transaction signing was cancelled. You can try again.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>User Experience:</strong></p> <ul> <li>Allow users to retry the transaction</li> <li>Don't treat cancellation as a critical error</li> <li>Provide a "Try Again" button</li> </ul> <h3> Issue 4: "Insufficient USDC balance" </h3> <p><strong>Error Message:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>You don't have enough USDC to complete this transfer </code></pre> </div> <p><strong>Cause:</strong></p> <ul> <li>User's wallet doesn't have enough USDC for the transfer amount</li> <li>Balance check happens on-chain when transaction executes</li> </ul> <p><strong>Solution:</strong><br> Implement client-side balance validation before transaction building:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Query USDC balance before building transaction</span> <span class="kd">const</span> <span class="nx">connection</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Connection</span><span class="p">(</span><span class="nx">SOLANA_RPC_URL</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">tokenAccount</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getAssociatedTokenAddress</span><span class="p">(</span> <span class="nx">USDC_MINT_DEVNET</span><span class="p">,</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">smartWalletPubkey</span><span class="p">,</span> <span class="kc">true</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">accountInfo</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">connection</span><span class="p">.</span><span class="nf">getTokenAccountBalance</span><span class="p">(</span><span class="nx">tokenAccount</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">balance</span> <span class="o">=</span> <span class="nx">accountInfo</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">uiAmount</span><span class="p">;</span> <span class="c1">// USDC balance as decimal</span> <span class="k">if </span><span class="p">(</span><span class="nx">amount</span> <span class="o">&gt;</span> <span class="nx">balance</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Insufficient USDC balance</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Prevention:</strong></p> <ul> <li>Display wallet balance on transfer form</li> <li>Validate <code>amount &lt;= balance</code> before allowing submission</li> <li>Provide a "Max" button to set amount to full balance</li> </ul> <h3> Issue 5: "Transaction confirmation timeout" </h3> <p><strong>Error Message:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Transaction confirmation failed </code></pre> </div> <p><strong>Cause:</strong></p> <ul> <li>Solana network congestion</li> <li>RPC node issues or downtime</li> <li>Transaction took longer than expected to confirm</li> </ul> <p><strong>Solution:</strong></p> <p><strong>Option 1: Retry confirmation polling</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">status</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">SolanaService</span><span class="p">.</span><span class="nf">confirmTransaction</span><span class="p">(</span><span class="nx">signature</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">status</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">failed</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="nx">status</span><span class="p">.</span><span class="nx">error</span><span class="p">?.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">timeout</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// Retry confirmation</span> <span class="kd">const</span> <span class="nx">retryStatus</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">SolanaService</span><span class="p">.</span><span class="nf">confirmTransaction</span><span class="p">(</span><span class="nx">signature</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Option 2: Check Explorer manually</strong><br> Even if confirmation times out, the transaction may have succeeded. Check Solana Explorer with the transaction signature.</p> <p><strong>Prevention:</strong></p> <ul> <li>Implement exponential backoff retry logic</li> <li>Extend confirmation timeout for congested periods</li> <li>Use a more reliable RPC provider (QuickNode, Alchemy, Helius)</li> </ul> <h3> Issue 6: "Paymaster rejected transaction" </h3> <p><strong>Error Message:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Transaction could not be sponsored. Please try again later. </code></pre> </div> <p><strong>Cause:</strong></p> <ul> <li>Transaction exceeds paymaster size limits</li> <li>Paymaster service is temporarily down</li> <li>Transaction structure is invalid</li> <li>Paymaster rate limits exceeded</li> </ul> <p><strong>Solution:</strong></p> <p><strong>For size limits:</strong></p> <ul> <li>Keep transactions simple (single transfer instruction)</li> <li>Don't add unnecessary instructions or metadata</li> </ul> <p><strong>For service downtime:</strong></p> <ul> <li>Implement retry logic with exponential backoff</li> <li>Show user-friendly error: "Service temporarily unavailable"</li> </ul> <p><strong>For invalid transactions:</strong></p> <ul> <li>Validate all transaction parameters before signing</li> <li>Ensure blockhash is fresh (&lt; 60 seconds old)</li> </ul> <p><strong>Devnet Note:</strong><br> The Devnet paymaster may have stricter limits than Mainnet. This is normal for testing environments.</p> <h3> Issue 7: "Stale blockhash error" </h3> <p><strong>Error Message:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Transaction simulation failed: Blockhash not found </code></pre> </div> <p><strong>Cause:</strong></p> <ul> <li>Transaction not submitted within ~60 seconds of fetching blockhash</li> <li>Blockhash expired before reaching the blockchain</li> </ul> <p><strong>Solution:</strong></p> <p><strong>Always fetch blockhash immediately before signing:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// WRONG - Building transaction minutes in advance</span> <span class="kd">const</span> <span class="nx">transaction</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">buildTransaction</span><span class="p">();</span> <span class="c1">// Gets blockhash</span> <span class="k">await</span> <span class="nf">doSomethingElse</span><span class="p">();</span> <span class="c1">// Time passes...</span> <span class="k">await</span> <span class="nf">signTransaction</span><span class="p">(</span><span class="nx">transaction</span><span class="p">);</span> <span class="c1">// Blockhash is stale!</span> <span class="c1">// CORRECT - Build and sign immediately</span> <span class="kd">const</span> <span class="nx">transaction</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">buildTransaction</span><span class="p">();</span> <span class="c1">// Gets fresh blockhash</span> <span class="k">await</span> <span class="nf">signTransaction</span><span class="p">(</span><span class="nx">transaction</span><span class="p">);</span> <span class="c1">// Sign right away</span> </code></pre> </div> <p><strong>Prevention:</strong></p> <ul> <li>Build transactions just-in-time (right before signing)</li> <li>Don't pre-build transactions and store them</li> <li>If you must wait, fetch a new blockhash before signing</li> </ul> <p><strong>Blockhash Lifetime:</strong><br> Blockhashes are valid for approximately 60 seconds (150 blocks at 400ms per block).</p> <h2> Testing Your Implementation </h2> <h3> Manual Testing Checklist </h3> <p>Follow these steps to manually test your gasless USDC transfer implementation:</p> <ol> <li> <p><strong>Setup Prerequisites</strong></p> <ul> <li>[ ] Wallet created and authenticated (Tutorial 1 complete)</li> <li>[ ] App connected to Devnet</li> <li>[ ] Deep linking configured correctly</li> </ul> </li> <li><p><strong>Get Test USDC</strong></p></li> <li> <p><strong>Prepare Test Recipient</strong></p> <ul> <li>[ ] Find or create a test recipient address</li> <li>[ ] Ensure recipient has initialized USDC account (received USDC at least once)</li> <li>[ ] If recipient is new, send them test USDC from faucet first</li> </ul> </li> <li> <p><strong>Test Transfer Flow</strong></p> <ul> <li>[ ] Open transfer form</li> <li>[ ] Enter valid recipient address</li> <li>[ ] Enter amount (less than balance)</li> <li>[ ] Verify "Review Transaction" button enables</li> <li>[ ] Tap "Review Transaction"</li> </ul> </li> <li> <p><strong>Test Transaction Preview</strong></p> <ul> <li>[ ] Verify recipient address displays correctly (truncated)</li> <li>[ ] Verify amount displays correctly</li> <li>[ ] Verify "Gasless Transaction" badge appears</li> <li>[ ] Tap "Confirm &amp; Sign"</li> </ul> </li> <li> <p><strong>Test Biometric Signing</strong></p> <ul> <li>[ ] Biometric prompt appears (Face ID/Touch ID)</li> <li>[ ] Authenticate with biometrics</li> <li>[ ] Browser opens with Lazorkit Portal (briefly)</li> <li>[ ] App receives control back via deep link</li> </ul> </li> <li> <p><strong>Test Transaction Confirmation</strong></p> <ul> <li>[ ] "Pending" screen displays with loading spinner</li> <li>[ ] Wait 15-30 seconds for confirmation</li> <li>[ ] "Success" screen displays with checkmark</li> <li>[ ] Transaction signature displays</li> </ul> </li> <li> <p><strong>Verify Gasless Execution</strong></p> <ul> <li>[ ] Check SOL balance unchanged (should be 0 or same as before)</li> <li>[ ] Tap "View on Explorer"</li> <li>[ ] Verify Fee Payer is paymaster address (not your wallet)</li> </ul> </li> <li> <p><strong>Test Error Cases</strong></p> <ul> <li>[ ] Test with invalid recipient address (should show validation error)</li> <li>[ ] Test with insufficient balance (should show error)</li> <li>[ ] Test with uninitialized recipient (should show "not initialized" error)</li> <li>[ ] Test cancelling biometric prompt (should show cancellation error)</li> </ul> </li> </ol> <h3> Using Solana Explorer </h3> <p>After transaction confirms, verify details on Solana Explorer:</p> <ol> <li> <p><strong>Open Explorer</strong></p> <ul> <li>Click "View on Explorer" button in app</li> <li>Or manually visit: <code>https://explorer.solana.com/tx/YOUR_SIGNATURE?cluster=devnet</code> </li> </ul> </li> <li> <p><strong>Verify Transaction Details</strong></p> <ul> <li> <strong>Signature</strong>: Transaction unique identifier</li> <li> <strong>Block</strong>: Block number where transaction was included</li> <li> <strong>Timestamp</strong>: When transaction was confirmed</li> <li> <strong>Fee Payer</strong>: Should be paymaster address (NOT your wallet!)</li> <li> <strong>Status</strong>: Should show "Success"</li> </ul> </li> <li> <p><strong>Inspect Instructions</strong></p> <ul> <li> <strong>Instruction 1</strong>: SPL Token Transfer (your transfer)</li> <li> <strong>Instruction 2</strong>: Fee Payment (paymaster's fee payment)</li> <li>Verify transfer amount matches what you sent</li> </ul> </li> <li> <p><strong>Check Fee</strong></p> <ul> <li>Transaction fee (usually ~0.000005 SOL)</li> <li>Verify paid by paymaster, not your wallet</li> </ul> </li> </ol> <p>Congratulations! You've successfully implemented gasless USDC transfers with Lazorkit. </p> <h3> Production Considerations </h3> <p>Before launching to production:</p> <ol> <li> <p><strong>Switch to Mainnet</strong></p> <ul> <li>Update RPC URL to Mainnet: <code>https://api.mainnet-beta.solana.com</code> </li> <li>Update paymaster URL: <code>https://kora.lazorkit.com</code> </li> <li>Update USDC mint to Mainnet USDC address</li> </ul> </li> <li> <p><strong>Use Paid RPC Provider</strong></p> <ul> <li>Public RPCs have rate limits (~40 req/10s)</li> <li>Consider QuickNode, Alchemy, or Helius</li> <li>Implement retry logic for RPC failures</li> </ul> </li> <li> <p><strong>Add Error Tracking</strong></p> <ul> <li>Integrate Sentry or similar error tracking</li> <li>Log all transaction errors with context</li> <li>Monitor paymaster rejection rates</li> </ul> </li> <li> <p><strong>Implement Analytics</strong></p> <ul> <li>Track transaction success/failure rates</li> <li>Monitor average confirmation times</li> <li>Measure user drop-off points in flow</li> </ul> </li> <li> <p><strong>Add Security Features</strong></p> <ul> <li>Implement transaction amount limits</li> <li>Add address whitelist/blacklist functionality</li> <li>Consider adding 2FA for large transactions</li> </ul> </li> </ol> <h3> Related Tutorials </h3> <ul> <li> <a href="https://dev.to/ola-zoll/wallet-creation-with-biometric-authentication-1j6l">Tutorial 1: Wallet Creation with Biometric Authentication</a> - Review wallet setup</li> </ul> <h3> Additional Resources </h3> <ul> <li> <a href="https://docs.lazorkit.com" rel="noopener noreferrer">Lazorkit SDK Documentation</a> - Official SDK reference</li> <li> <a href="https://solana-labs.github.io/solana-web3.js/" rel="noopener noreferrer">Solana Web3.js Documentation</a> - Transaction building</li> <li> <a href="https://spl.solana.com/token" rel="noopener noreferrer">SPL Token Documentation</a> - Token accounts and transfers</li> <li> <a href="https://explorer.solana.com/" rel="noopener noreferrer">Solana Explorer</a> - View transactions (Devnet and Mainnet)</li> <li> <a href="https://solanacookbook.com/" rel="noopener noreferrer">Solana Cookbook</a> - Practical Solana development guides</li> <li> <a href="https://webauthn.guide/" rel="noopener noreferrer">WebAuthn Guide</a> - Understanding passkey authentication</li> </ul> <h2> Conclusion </h2> <p>You've learned how to implement gasless USDC transfers using Lazorkit's paymaster integration. Key takeaways:</p> <ul> <li>SPL Token transfers require Associated Token Accounts (ATAs) for sender and recipient</li> <li>Smart wallets require <code>allowOwnerOffCurve: true</code> when deriving token accounts</li> <li>Paymaster automatically sponsors gas fees when configured in LazorKitProvider</li> <li>Users sign only the transfer instruction (trustless security model)</li> <li>Transaction confirmation uses 'confirmed' commitment (15-20s, good UX)</li> <li>Gasless execution means users need zero SOL to send USDC</li> </ul> <p>By removing the gas fee requirement, you've created a significantly better user experience that removes blockchain friction and feels like traditional payment apps.</p> <p>Happy building! </p> webdev blockchain web3 solana Ola Adesoye Tue, 13 Jan 2026 23:38:31 +0000 https://forem.com/ola-zoll/wallet-creation-with-biometric-authentication-1j6l https://forem.com/ola-zoll/wallet-creation-with-biometric-authentication-1j6l <p>Welcome to my hands-on tutorial on implementing biometric wallet authentication using the Lazorkit SDK! </p> <p>In this tutorial, you'll learn how to implement a seamless wallet creation experience powered by WebAuthn passkeys—no seed phrases, no passwords, just your fingerprint or Face ID.</p> <p><strong>What You'll Build:</strong></p> <p>By the end of this tutorial, you'll have implemented a complete biometric wallet creation flow that:</p> <ul> <li>Opens a secure authentication portal in the user's browser</li> <li>Prompts for Face ID (iOS) or fingerprint authentication (Android)</li> <li>Creates a Solana wallet bound to the user's biometric credential</li> <li>Handles deep link callbacks to return the user to your app</li> <li>Persists the wallet session for automatic reconnection</li> </ul> <p><strong>What You'll Learn:</strong></p> <ul> <li>Installing and configuring the Lazorkit SDK with required polyfills</li> <li>Setting up deep linking for authentication callbacks</li> <li>Configuring the LazorKitProvider with Devnet endpoints</li> <li>Building a wallet creation UI with the <code>useWallet</code> hook</li> <li>Handling authentication flow and navigation</li> </ul> <p><strong>Time Required:</strong> ~20-30 minutes</p> <p><strong>Prerequisites:</strong></p> <ul> <li> <strong>React Native knowledge</strong>: Familiarity with React hooks, components, and navigation</li> <li> <strong>Expo CLI installed</strong>: Install with <code>npm install -g expo-cli</code> if needed</li> <li> <strong>Development environment</strong>: iOS (Xcode) or Android (Android Studio) development tools</li> <li> <strong>Physical device with biometrics</strong>: Face ID, Touch ID, or fingerprint sensor (biometrics don't work reliably on simulators)</li> <li> <strong>Expo SDK 54</strong>: This tutorial assumes Expo SDK 54 or later</li> </ul> <h2> Step 1: Install dependencies </h2> <p>First, install the Lazorkit SDK and required polyfills.</p> <h3> Install the Lazorkit SDK </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @lazorkit/wallet-mobile-adapter </code></pre> </div> <h3> Install required polyfills </h3> <p>The Lazorkit SDK depends on several JavaScript APIs that aren't available in React Native by default. Install these polyfills:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>react-native-get-random-values react-native-url-polyfill buffer </code></pre> </div> <p><strong>Package Versions</strong>:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Package</th> <th>Version</th> <th>Purpose</th> </tr> </thead> <tbody> <tr> <td><code>@lazorkit/wallet-mobile-adapter</code></td> <td>^1.5.1</td> <td>Core SDK for passkey authentication and Solana wallet management</td> </tr> <tr> <td><code>@solana/web3.js</code></td> <td>^1.98.4</td> <td>Solana blockchain interactions (installed as SDK dependency)</td> </tr> <tr> <td><code>react-native-get-random-values</code></td> <td>~1.11.0</td> <td>Crypto randomness polyfill (CRITICAL - provides <code>crypto.getRandomValues()</code>)</td> </tr> <tr> <td><code>react-native-url-polyfill</code></td> <td>^3.0.0</td> <td>URL API polyfill (CRITICAL - provides <code>URL</code> global for RPC and deep linking)</td> </tr> <tr> <td><code>buffer</code></td> <td>^6.0.3</td> <td>Buffer polyfill (CRITICAL - provides <code>Buffer</code> global for Solana binary operations)</td> </tr> </tbody> </table></div> <h3> Why These Polyfills Are Required </h3> <ul> <li> <strong>react-native-get-random-values</strong>: The Solana SDK uses <code>crypto.getRandomValues()</code> for cryptographic operations (keypair generation, transaction signing). React Native doesn't provide this API natively.</li> <li> <strong>react-native-url-polyfill</strong>: The Solana RPC client and deep linking logic use the <code>URL</code> class for parsing endpoints and callback URLs. React Native's JavaScriptCore doesn't include the full URL API.</li> <li> <strong>buffer</strong>: Solana transactions are binary data structures that use Node.js <code>Buffer</code> objects. React Native doesn't provide <code>Buffer</code> globally.</li> </ul> <p><strong>Compatibility note</strong>: This tutorial uses Expo SDK 54. Ensure your Expo version is compatible with these polyfill versions.</p> <h2> Step 2: Configure polyfills </h2> <p><strong>CRITICAL</strong>: Polyfills MUST be imported at the VERY TOP of your root layout file, before ANY other imports. The Solana SDK will crash if these APIs aren't available when it loads.</p> <h3> Add Polyfill Imports </h3> <p>Open (or create) your root layout file at <code>app/_layout.tsx</code> and add these imports as the <strong>first lines</strong> of the file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// CRITICAL: Import polyfills FIRST, in this exact order</span> <span class="c1">// Note: react-native-get-random-values is imported by @lazorkit/wallet-mobile-adapter internally</span> <span class="k">import</span> <span class="dl">'</span><span class="s1">react-native-url-polyfill/auto</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// MUST be first - provides URL API for Solana RPC and deep linking</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Buffer</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">buffer</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// MUST be second - provides Buffer for Solana binary operations</span> <span class="nb">global</span><span class="p">.</span><span class="nx">Buffer</span> <span class="o">=</span> <span class="nb">global</span><span class="p">.</span><span class="nx">Buffer</span> <span class="o">||</span> <span class="nx">Buffer</span><span class="p">;</span> <span class="c1">// Assign Buffer to global namespace</span> <span class="c1">// Now safe to import other modules after polyfills are loaded</span> <span class="c1">// eslint-disable-next-line import/first -- Polyfills must be imported before other modules</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">LazorKitProvider</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@lazorkit/wallet-mobile-adapter</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// ... other imports</span> </code></pre> </div> <h3> Why Import Order Matters </h3> <p>The Solana SDK and Lazorkit adapter access these globals (<code>crypto</code>, <code>URL</code>, <code>Buffer</code>) during module initialization. If you import the SDK before the polyfills, you'll get errors like:</p> <ul> <li><code>TypeError: Cannot read property 'getRandomValues' of undefined</code></li> <li><code>ReferenceError: Buffer is not defined</code></li> <li><code>ReferenceError: URL is not defined</code></li> </ul> <p><strong>Key points:</strong></p> <ol> <li> <strong>react-native-url-polyfill</strong> must be imported first (the SDK imports react-native-get-random-values internally)</li> <li> <strong>Buffer</strong> must be assigned to <code>global.Buffer</code> so Solana SDK can find it</li> <li>All polyfills must load <strong>before</strong> any Solana or Lazorkit imports</li> </ol> <p><strong>Common Mistake</strong>: Adding polyfills in the middle of your import list. They won't work if the SDK has already been loaded!</p> <h2> Step 3: Configure deep linking </h2> <p>Deep linking allows the Lazorkit Portal to redirect back to your app after authentication. You must configure a unique URL scheme in your <code>app.json</code> configuration file.</p> <h3> Add Deep Linking Configuration to <code>app.json</code> </h3> <p>Open your <code>app.json</code> file and add the following fields inside the <code>expo</code> object:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"expo"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"scheme"</span><span class="p">:</span><span class="w"> </span><span class="s2">"lazorkitstarter"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ios"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"bundleIdentifier"</span><span class="p">:</span><span class="w"> </span><span class="s2">"com.lazorkitstarter.app"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"android"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"package"</span><span class="p">:</span><span class="w"> </span><span class="s2">"com.lazorkitstarter.app"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> What Deep Linking Is </h3> <p>Deep linking is a mechanism that allows URLs to open specific screens in your mobile app. When a user authenticates in the Lazorkit Portal (which opens in their browser), the portal redirects back to your app using a deep link like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>lazorkitstarter://callback?token=... </code></pre> </div> <p>The operating system sees this URL, recognizes the <code>lazorkitstarter://</code> scheme, and opens your app at the callback route.</p> <h3> Configuration Fields Explained </h3> <ul> <li> <p><strong><code>scheme</code></strong>: Your app's unique deep link URL scheme. This should be:</p> <ul> <li>Unique (avoid conflicts with other apps)</li> <li>Lowercase (iOS requirement)</li> <li>No special characters or spaces</li> <li>Match the scheme you'll use in <code>LazorKitProvider</code> configuration</li> </ul> </li> <li><p><strong><code>ios.bundleIdentifier</code></strong>: Your iOS app's unique identifier. This must match your Apple Developer account configuration.</p></li> <li><p><strong><code>android.package</code></strong>: Your Android app's package name. This must match your Google Play Console configuration.</p></li> </ul> <h3> Choosing a Unique Scheme </h3> <p>Choose a scheme name that's unlikely to conflict with other apps. Good patterns:</p> <ul> <li>Your company name + "app": <code>acmecorpapp://</code> </li> <li>Your app name: <code>mywallet://</code> </li> <li>A unique prefix: <code>mycompany-wallet://</code> </li> </ul> <p><strong>Important</strong>: After changing <code>app.json</code>, you must rebuild your app (changes don't apply via over-the-air updates).</p> <h3> Testing Deep Links </h3> <p>You can test that your deep linking configuration works with this command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># iOS</span> npx uri-scheme open lazorkitstarter://test <span class="nt">--ios</span> <span class="c"># Android</span> npx uri-scheme open lazorkitstarter://test <span class="nt">--android</span> </code></pre> </div> <p>This should open your app if deep linking is configured correctly.</p> <h2> Step 4: Setup LazorKitProvider </h2> <p>The <code>LazorKitProvider</code> is a React Context provider that wraps your entire app and provides wallet functionality to all child components. You'll configure it with:</p> <ul> <li>A Solana RPC endpoint (Devnet for development)</li> <li>The Lazorkit Portal URL (for WebAuthn authentication)</li> <li>A Paymaster URL (for gasless transactions)</li> </ul> <h3> Configure LazorKitProvider in <code>app/_layout.tsx</code> </h3> <p>In your <code>app/_layout.tsx</code> file (after the polyfill imports), wrap your navigation stack with <code>LazorKitProvider</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// CRITICAL: Import polyfills FIRST (see Step 2)</span> <span class="k">import</span> <span class="dl">'</span><span class="s1">react-native-url-polyfill/auto</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Buffer</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">buffer</span><span class="dl">'</span><span class="p">;</span> <span class="nb">global</span><span class="p">.</span><span class="nx">Buffer</span> <span class="o">=</span> <span class="nb">global</span><span class="p">.</span><span class="nx">Buffer</span> <span class="o">||</span> <span class="nx">Buffer</span><span class="p">;</span> <span class="c1">// Now safe to import other modules after polyfills are loaded</span> <span class="c1">// eslint-disable-next-line import/first -- Polyfills must be imported before other modules</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">LazorKitProvider</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@lazorkit/wallet-mobile-adapter</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// eslint-disable-next-line import/first -- Polyfills must be imported before other modules</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Stack</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">expo-router</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">RootLayout</span><span class="p">()</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">LazorKitProvider</span> <span class="nx">rpcUrl</span><span class="o">=</span><span class="dl">"</span><span class="s2">https://api.devnet.solana.com</span><span class="dl">"</span> <span class="c1">// Solana Devnet RPC endpoint for blockchain interactions</span> <span class="nx">portalUrl</span><span class="o">=</span><span class="dl">"</span><span class="s2">https://portal.lazor.sh</span><span class="dl">"</span> <span class="c1">// Lazorkit Portal for WebAuthn passkey authentication</span> <span class="nx">configPaymaster</span><span class="o">=</span><span class="p">{{</span> <span class="na">paymasterUrl</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://kora.devnet.lazorkit.com</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Lazorkit Paymaster for gasless transactions</span> <span class="p">}}</span> <span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">Stack</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">Stack</span><span class="p">.</span><span class="nx">Screen</span> <span class="nx">name</span><span class="o">=</span><span class="dl">"</span><span class="s2">index</span><span class="dl">"</span> <span class="nx">options</span><span class="o">=</span><span class="p">{{</span> <span class="na">title</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Welcome</span><span class="dl">'</span> <span class="p">}}</span> <span class="sr">/</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">Stack</span><span class="p">.</span><span class="nx">Screen</span> <span class="nx">name</span><span class="o">=</span><span class="dl">"</span><span class="s2">callback</span><span class="dl">"</span> <span class="nx">options</span><span class="o">=</span><span class="p">{{</span> <span class="na">headerShown</span><span class="p">:</span> <span class="kc">false</span> <span class="p">}}</span> <span class="sr">/</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">Stack</span><span class="p">.</span><span class="nx">Screen</span> <span class="nx">name</span><span class="o">=</span><span class="dl">"</span><span class="s2">home</span><span class="dl">"</span> <span class="nx">options</span><span class="o">=</span><span class="p">{{</span> <span class="na">title</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Wallet</span><span class="dl">'</span> <span class="p">}}</span> <span class="sr">/</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/Stack</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/LazorKitProvider</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> LazorKitProvider Props Explained </h3> <p><strong><code>rpcUrl</code></strong> (required):</p> <ul> <li>The Solana RPC endpoint your app will use for blockchain interactions</li> <li> <strong>Devnet</strong>: <code>https://api.devnet.solana.com</code> (for development/testing)</li> <li> <strong>Mainnet</strong>: <code>https://api.mainnet-beta.solana.com</code> (for production)</li> <li>Used for: Balance queries, transaction submission, confirmation polling</li> </ul> <p><strong><code>portalUrl</code></strong> (required):</p> <ul> <li>The Lazorkit Portal URL that handles WebAuthn authentication</li> <li> <strong>Production</strong>: <code>https://portal.lazor.sh</code> </li> <li>The portal manages the WebAuthn credential creation ceremony and presents the biometric prompt</li> </ul> <p><strong><code>configPaymaster.paymasterUrl</code></strong> (required):</p> <ul> <li>The paymaster service that sponsors transaction gas fees</li> <li> <strong>Devnet</strong>: <code>https://kora.devnet.lazorkit.com</code> </li> <li> <strong>Mainnet</strong>: Contact Lazorkit for mainnet paymaster access</li> <li>Allows users to send transactions without holding SOL for gas fees</li> </ul> <h3> How the Provider Works </h3> <p><code>LazorKitProvider</code> creates a React Context that provides the <code>useWallet()</code> hook to all child components. This hook gives you access to:</p> <ul> <li> <code>wallet.connect()</code> - Start authentication flow</li> <li> <code>wallet.disconnect()</code> - Clear wallet session</li> <li> <code>wallet.isConnected</code> - Check connection status</li> <li> <code>wallet.isConnecting</code> - Check if authentication is in progress</li> <li> <code>wallet.smartWalletPubkey</code> - Get user's Solana public key</li> <li> <code>wallet.signAndSendTransaction()</code> - Sign and submit transactions</li> </ul> <p><strong>Note on Mainnet vs Devnet</strong>: For production apps, change <code>rpcUrl</code> to mainnet and ensure you have a mainnet paymaster configured. Everything else stays the same.</p> <h2> Step 5: Implement Wallet Creation UI </h2> <p>Now that the SDK is configured, let's build the UI that lets users create a wallet with biometrics.</p> <h3> Create Welcome Screen with Wallet Creation Button </h3> <p>Create (or update) <code>app/index.tsx</code> with the following code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">View</span><span class="p">,</span> <span class="nx">Text</span><span class="p">,</span> <span class="nx">TouchableOpacity</span><span class="p">,</span> <span class="nx">StyleSheet</span><span class="p">,</span> <span class="nx">ActivityIndicator</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react-native</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useEffect</span><span class="p">,</span> <span class="nx">useState</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useRouter</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">expo-router</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useWallet</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@lazorkit/wallet-mobile-adapter</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">WelcomeScreen</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">wallet</span> <span class="o">=</span> <span class="nf">useWallet</span><span class="p">();</span> <span class="c1">// Access wallet context from LazorKitProvider</span> <span class="kd">const</span> <span class="nx">router</span> <span class="o">=</span> <span class="nf">useRouter</span><span class="p">();</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">error</span><span class="p">,</span> <span class="nx">setError</span><span class="p">]</span> <span class="o">=</span> <span class="nx">useState</span><span class="o">&lt;</span><span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="c1">// Handle wallet creation button press</span> <span class="kd">const</span> <span class="nx">handleCreateWallet</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">setError</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="c1">// Clear any previous errors</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Initiate wallet creation - SDK will open Lazorkit Portal in browser</span> <span class="k">await</span> <span class="nx">wallet</span><span class="p">.</span><span class="nf">connect</span><span class="p">({</span> <span class="na">redirectUrl</span><span class="p">:</span> <span class="dl">'</span><span class="s1">lazorkitstarter://callback</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// MUST match scheme in app.json</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="na">err</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Wallet connection error:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">err</span><span class="p">);</span> <span class="c1">// Set user-friendly error message based on error type</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">.</span><span class="nx">message</span><span class="p">?.</span><span class="nf">toLowerCase</span><span class="p">().</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">cancel</span><span class="dl">'</span><span class="p">)</span> <span class="o">||</span> <span class="nx">err</span><span class="p">.</span><span class="nx">message</span><span class="p">?.</span><span class="nf">toLowerCase</span><span class="p">().</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">abort</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="nf">setError</span><span class="p">(</span><span class="dl">'</span><span class="s1">Authentication cancelled. Please try again.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">.</span><span class="nx">message</span><span class="p">?.</span><span class="nf">toLowerCase</span><span class="p">().</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">network</span><span class="dl">'</span><span class="p">)</span> <span class="o">||</span> <span class="nx">err</span><span class="p">.</span><span class="nx">message</span><span class="p">?.</span><span class="nf">toLowerCase</span><span class="p">().</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">timeout</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="nf">setError</span><span class="p">(</span><span class="dl">'</span><span class="s1">Network error. Please check your connection and try again.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">setError</span><span class="p">(</span><span class="dl">'</span><span class="s1">Failed to create wallet. Please try again.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">};</span> <span class="c1">// Auto-navigate to home screen after successful wallet connection</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">wallet</span><span class="p">.</span><span class="nx">isConnected</span> <span class="o">&amp;&amp;</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">smartWalletPubkey</span><span class="p">)</span> <span class="p">{</span> <span class="nx">router</span><span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="dl">'</span><span class="s1">/home</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">},</span> <span class="p">[</span><span class="nx">wallet</span><span class="p">.</span><span class="nx">isConnected</span><span class="p">,</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">smartWalletPubkey</span><span class="p">,</span> <span class="nx">router</span><span class="p">]);</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">View</span> <span class="nx">style</span><span class="o">=</span><span class="p">{</span><span class="nx">styles</span><span class="p">.</span><span class="nx">container</span><span class="p">}</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">View</span> <span class="nx">style</span><span class="o">=</span><span class="p">{</span><span class="nx">styles</span><span class="p">.</span><span class="nx">content</span><span class="p">}</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">Text</span> <span class="nx">style</span><span class="o">=</span><span class="p">{</span><span class="nx">styles</span><span class="p">.</span><span class="nx">title</span><span class="p">}</span><span class="o">&gt;</span><span class="nx">Lazorkit</span> <span class="nx">Mobile</span> <span class="nx">Wallet</span> <span class="nx">Starter</span><span class="o">&lt;</span><span class="sr">/Text</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">Text</span> <span class="nx">style</span><span class="o">=</span><span class="p">{</span><span class="nx">styles</span><span class="p">.</span><span class="nx">description</span><span class="p">}</span><span class="o">&gt;</span> <span class="nx">Experience</span> <span class="nx">seamless</span> <span class="nx">biometric</span> <span class="nx">wallet</span> <span class="nx">authentication</span> <span class="nx">powered</span> <span class="nx">by</span> <span class="nx">WebAuthn</span> <span class="nx">passkeys</span><span class="p">.</span> <span class="nx">No</span> <span class="nx">seed</span> <span class="nx">phrases</span><span class="p">,</span> <span class="nx">no</span> <span class="nx">passwords</span><span class="err">—</span><span class="nx">just</span> <span class="nx">your</span> <span class="nx">fingerprint</span> <span class="nx">or</span> <span class="nx">face</span><span class="p">.</span> <span class="o">&lt;</span><span class="sr">/Text</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">TouchableOpacity</span> <span class="nx">style</span><span class="o">=</span><span class="p">{[</span><span class="nx">styles</span><span class="p">.</span><span class="nx">button</span><span class="p">,</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">isConnecting</span> <span class="o">&amp;&amp;</span> <span class="nx">styles</span><span class="p">.</span><span class="nx">buttonDisabled</span><span class="p">]}</span> <span class="nx">onPress</span><span class="o">=</span><span class="p">{</span><span class="nx">handleCreateWallet</span><span class="p">}</span> <span class="nx">disabled</span><span class="o">=</span><span class="p">{</span><span class="nx">wallet</span><span class="p">.</span><span class="nx">isConnecting</span><span class="p">}</span> <span class="nx">accessibilityRole</span><span class="o">=</span><span class="dl">"</span><span class="s2">button</span><span class="dl">"</span> <span class="nx">accessibilityLabel</span><span class="o">=</span><span class="dl">"</span><span class="s2">Create wallet using biometric authentication</span><span class="dl">"</span> <span class="o">&gt;</span> <span class="p">{</span><span class="nx">wallet</span><span class="p">.</span><span class="nx">isConnecting</span> <span class="p">?</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">View</span> <span class="nx">style</span><span class="o">=</span><span class="p">{</span><span class="nx">styles</span><span class="p">.</span><span class="nx">loadingContainer</span><span class="p">}</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">ActivityIndicator</span> <span class="nx">color</span><span class="o">=</span><span class="dl">"</span><span class="s2">#FFFFFF</span><span class="dl">"</span> <span class="nx">size</span><span class="o">=</span><span class="dl">"</span><span class="s2">small</span><span class="dl">"</span> <span class="o">/&gt;</span> <span class="o">&lt;</span><span class="nx">Text</span> <span class="nx">style</span><span class="o">=</span><span class="p">{</span><span class="nx">styles</span><span class="p">.</span><span class="nx">buttonText</span><span class="p">}</span><span class="o">&gt;</span><span class="nx">Connecting</span><span class="p">...</span><span class="o">&lt;</span><span class="sr">/Text</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/View</span><span class="err">&gt; </span> <span class="p">)</span> <span class="p">:</span> <span class="p">(</span> <span class="o">&lt;</span><span class="nx">Text</span> <span class="nx">style</span><span class="o">=</span><span class="p">{</span><span class="nx">styles</span><span class="p">.</span><span class="nx">buttonText</span><span class="p">}</span><span class="o">&gt;</span><span class="nx">Create</span> <span class="nx">Wallet</span> <span class="kd">with</span> <span class="nx">Biometrics</span><span class="o">&lt;</span><span class="sr">/Text</span><span class="err">&gt; </span> <span class="p">)}</span> <span class="o">&lt;</span><span class="sr">/TouchableOpacity</span><span class="err">&gt; </span> <span class="p">{</span><span class="nx">error</span> <span class="o">&amp;&amp;</span> <span class="o">&lt;</span><span class="nx">Text</span> <span class="nx">style</span><span class="o">=</span><span class="p">{</span><span class="nx">styles</span><span class="p">.</span><span class="nx">errorText</span><span class="p">}</span><span class="o">&gt;</span><span class="p">{</span><span class="nx">error</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/Text&gt;</span><span class="err">} </span> <span class="o">&lt;</span><span class="sr">/View</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/View</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">styles</span> <span class="o">=</span> <span class="nx">StyleSheet</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">container</span><span class="p">:</span> <span class="p">{</span> <span class="na">flex</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">backgroundColor</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#FAFAFA</span><span class="dl">'</span><span class="p">,</span> <span class="na">justifyContent</span><span class="p">:</span> <span class="dl">'</span><span class="s1">center</span><span class="dl">'</span><span class="p">,</span> <span class="na">alignItems</span><span class="p">:</span> <span class="dl">'</span><span class="s1">center</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">content</span><span class="p">:</span> <span class="p">{</span> <span class="na">paddingHorizontal</span><span class="p">:</span> <span class="mi">32</span><span class="p">,</span> <span class="na">maxWidth</span><span class="p">:</span> <span class="mi">400</span><span class="p">,</span> <span class="na">alignItems</span><span class="p">:</span> <span class="dl">'</span><span class="s1">center</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">title</span><span class="p">:</span> <span class="p">{</span> <span class="na">fontSize</span><span class="p">:</span> <span class="mi">32</span><span class="p">,</span> <span class="na">fontWeight</span><span class="p">:</span> <span class="dl">'</span><span class="s1">700</span><span class="dl">'</span><span class="p">,</span> <span class="na">color</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#171717</span><span class="dl">'</span><span class="p">,</span> <span class="na">textAlign</span><span class="p">:</span> <span class="dl">'</span><span class="s1">center</span><span class="dl">'</span><span class="p">,</span> <span class="na">marginBottom</span><span class="p">:</span> <span class="mi">24</span><span class="p">,</span> <span class="p">},</span> <span class="na">description</span><span class="p">:</span> <span class="p">{</span> <span class="na">fontSize</span><span class="p">:</span> <span class="mi">15</span><span class="p">,</span> <span class="na">color</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#171717</span><span class="dl">'</span><span class="p">,</span> <span class="na">textAlign</span><span class="p">:</span> <span class="dl">'</span><span class="s1">center</span><span class="dl">'</span><span class="p">,</span> <span class="na">lineHeight</span><span class="p">:</span> <span class="mi">22</span><span class="p">,</span> <span class="na">marginBottom</span><span class="p">:</span> <span class="mi">32</span><span class="p">,</span> <span class="p">},</span> <span class="na">button</span><span class="p">:</span> <span class="p">{</span> <span class="na">backgroundColor</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#9945FF</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Solana purple</span> <span class="na">paddingVertical</span><span class="p">:</span> <span class="mi">14</span><span class="p">,</span> <span class="na">paddingHorizontal</span><span class="p">:</span> <span class="mi">32</span><span class="p">,</span> <span class="na">borderRadius</span><span class="p">:</span> <span class="mi">8</span><span class="p">,</span> <span class="na">minHeight</span><span class="p">:</span> <span class="mi">48</span><span class="p">,</span> <span class="na">justifyContent</span><span class="p">:</span> <span class="dl">'</span><span class="s1">center</span><span class="dl">'</span><span class="p">,</span> <span class="na">alignItems</span><span class="p">:</span> <span class="dl">'</span><span class="s1">center</span><span class="dl">'</span><span class="p">,</span> <span class="na">width</span><span class="p">:</span> <span class="dl">'</span><span class="s1">100%</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">buttonDisabled</span><span class="p">:</span> <span class="p">{</span> <span class="na">opacity</span><span class="p">:</span> <span class="mf">0.6</span><span class="p">,</span> <span class="p">},</span> <span class="na">loadingContainer</span><span class="p">:</span> <span class="p">{</span> <span class="na">flexDirection</span><span class="p">:</span> <span class="dl">'</span><span class="s1">row</span><span class="dl">'</span><span class="p">,</span> <span class="na">alignItems</span><span class="p">:</span> <span class="dl">'</span><span class="s1">center</span><span class="dl">'</span><span class="p">,</span> <span class="na">gap</span><span class="p">:</span> <span class="mi">8</span><span class="p">,</span> <span class="p">},</span> <span class="na">buttonText</span><span class="p">:</span> <span class="p">{</span> <span class="na">color</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#FFFFFF</span><span class="dl">'</span><span class="p">,</span> <span class="na">fontSize</span><span class="p">:</span> <span class="mi">16</span><span class="p">,</span> <span class="na">fontWeight</span><span class="p">:</span> <span class="dl">'</span><span class="s1">600</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">errorText</span><span class="p">:</span> <span class="p">{</span> <span class="na">color</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#EF4444</span><span class="dl">'</span><span class="p">,</span> <span class="na">fontSize</span><span class="p">:</span> <span class="mi">14</span><span class="p">,</span> <span class="na">textAlign</span><span class="p">:</span> <span class="dl">'</span><span class="s1">center</span><span class="dl">'</span><span class="p">,</span> <span class="na">marginTop</span><span class="p">:</span> <span class="mi">16</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <h3> useWallet Hook Properties and Methods </h3> <p>The <code>useWallet()</code> hook returns an object with the following properties:</p> <p><strong>State Properties:</strong></p> <ul> <li> <p><strong><code>wallet.isConnected</code></strong>: Boolean indicating if the wallet is currently connected</p> <ul> <li> <code>true</code> after successful authentication</li> <li> <code>false</code> before authentication or after disconnect</li> <li> <strong>CRITICAL</strong>: Use <code>isConnected</code>, NOT <code>connected</code> </li> </ul> </li> <li> <p><strong><code>wallet.isConnecting</code></strong>: Boolean indicating if authentication is in progress</p> <ul> <li> <code>true</code> while SDK is opening portal and waiting for callback</li> <li> <code>false</code> when idle or after completion</li> <li> <strong>CRITICAL</strong>: Use <code>isConnecting</code>, NOT <code>connecting</code> </li> </ul> </li> <li> <p><strong><code>wallet.smartWalletPubkey</code></strong>: PublicKey object or <code>null</code></p> <ul> <li>Contains the user's Solana wallet address after successful connection</li> <li>Type: <code>PublicKey</code> from <code>@solana/web3.js</code> </li> <li>Access string representation with: <code>wallet.smartWalletPubkey.toString()</code> </li> <li> <strong>CRITICAL</strong>: Use <code>smartWalletPubkey</code>, NOT <code>publicKey</code> </li> </ul> </li> </ul> <p><strong>Methods:</strong></p> <ul> <li> <p><strong><code>wallet.connect(options)</code></strong>: Initiates the authentication flow</p> <ul> <li>Opens Lazorkit Portal in system browser</li> <li>Portal triggers WebAuthn biometric prompt</li> <li>Returns a Promise that resolves when authentication completes</li> <li> <strong>Options</strong>: <code>{ redirectUrl: 'your-scheme://callback' }</code> (must match app.json scheme)</li> </ul> </li> <li> <p><strong><code>wallet.disconnect()</code></strong>: Clears wallet session and disconnects</p> <ul> <li>Sets <code>isConnected</code> to <code>false</code> </li> <li>Clears <code>smartWalletPubkey</code> </li> <li>Usually called when user wants to log out</li> </ul> </li> <li><p><strong><code>wallet.signAndSendTransaction(transaction)</code></strong>: Signs and submits a transaction </p></li> </ul> <h3> Critical SDK API Naming Convention </h3> <p><strong>IMPORTANT</strong>: The Lazorkit SDK uses specific property names that differ from some documentation examples:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Correct</th> <th>Wrong</th> </tr> </thead> <tbody> <tr> <td><code>wallet.isConnected</code></td> <td><code>wallet.connected</code></td> </tr> <tr> <td><code>wallet.isConnecting</code></td> <td><code>wallet.connecting</code></td> </tr> <tr> <td><code>wallet.smartWalletPubkey</code></td> <td><code>wallet.publicKey</code></td> </tr> </tbody> </table></div> <p>Using the wrong property names will cause TypeScript errors and runtime failures.</p> <h3> User Flow Explanation </h3> <p>When the user taps "Create Wallet with Biometrics":</p> <ol> <li> <code>handleCreateWallet()</code> calls <code>wallet.connect({ redirectUrl: '...' })</code> </li> <li>SDK opens Lazorkit Portal in the system browser (via <code>expo-web-browser</code>)</li> <li>Portal initiates WebAuthn credential creation</li> <li>Native OS prompts for biometric authentication (Face ID/Touch ID/Fingerprint)</li> <li>User authenticates with biometrics</li> <li>Portal creates Solana wallet bound to the passkey</li> <li>Portal redirects back via deep link: <code>lazorkitstarter://callback?token=...</code> </li> <li>SDK processes callback, updates <code>wallet.isConnected</code> to <code>true</code>, sets <code>wallet.smartWalletPubkey</code> </li> <li>React useEffect detects state change and navigates to home screen</li> </ol> <h2> Step 6: Handle Authentication Callback </h2> <p>After the user authenticates in the Lazorkit Portal, the SDK needs to detect when the wallet connection succeeds and navigate the user to the appropriate screen.</p> <h3> Automatic Navigation with useEffect </h3> <p>The wallet state changes are handled by the <code>useEffect</code> hook in the Welcome screen:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Auto-navigate to home screen after successful wallet connection</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">wallet</span><span class="p">.</span><span class="nx">isConnected</span> <span class="o">&amp;&amp;</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">smartWalletPubkey</span><span class="p">)</span> <span class="p">{</span> <span class="nx">router</span><span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="dl">'</span><span class="s1">/home</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Navigate to home screen</span> <span class="p">}</span> <span class="p">},</span> <span class="p">[</span><span class="nx">wallet</span><span class="p">.</span><span class="nx">isConnected</span><span class="p">,</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">smartWalletPubkey</span><span class="p">,</span> <span class="nx">router</span><span class="p">]);</span> </code></pre> </div> <h3> Authentication Callback Flow </h3> <p>Here's the complete sequence of events during authentication:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────┐ │ 1. User taps│ │ "Create │ │ Wallet" │ └──────┬──────┘ │ ▼ ┌──────────────────────────────────┐ │ 2. wallet.connect() called │ │ SDK opens Lazorkit Portal │ │ in system browser │ └──────┬───────────────────────────┘ │ ▼ ┌──────────────────────────────────┐ │ 3. Portal initiates WebAuthn │ │ credential creation ceremony │ └──────┬───────────────────────────┘ │ ▼ ┌─────────────────────────────────┐ │ 4. Native biometric prompt │ │ appears (Face ID/Touch ID) │ └──────┬──────────────────────────┘ │ ▼ ┌──────────────────────────────────┐ │ 5. User authenticates │ │ OS creates passkey credential │ └──────┬───────────────────────────┘ │ ▼ ┌──────────────────────────────────┐ │ 6. Portal generates Solana │ │ wallet bound to passkey │ └──────┬───────────────────────────┘ │ ▼ ┌─────────────────────────────────┐ │ 7. Portal redirects via deep │ │ link: scheme://callback?token│ └──────┬──────────────────────────┘ │ ▼ ┌─────────────────────────────────┐ │ 8. OS opens app, SDK receives │ │ deep link and processes token│ └──────┬──────────────────────────┘ │ ▼ ┌──────────────────────────────────┐ │ 9. SDK updates wallet state: │ │ - isConnected = true │ │ - smartWalletPubkey = address │ └──────┬───────────────────────────┘ │ ▼ ┌──────────────────────────────────┐ │ 10. useEffect detects state │ │ change and navigates to │ │ home screen │ └──────────────────────────────────┘ </code></pre> </div> <h3> Key Points About the Callback </h3> <p><strong>Deep Link Processing</strong>: The SDK automatically handles the deep link callback. You don't need to manually parse the token or process the callback URL. The SDK:</p> <ul> <li>Listens for deep links matching your configured scheme</li> <li>Extracts the authentication token from the URL</li> <li>Validates the token with the Lazorkit backend</li> <li>Updates the wallet context state</li> </ul> <p><strong>State Updates</strong>: When the callback is processed, the SDK sets:</p> <ul> <li><code>wallet.isConnected = true</code></li> <li><code>wallet.smartWalletPubkey = [PublicKey object]</code></li> </ul> <p><strong>Navigation</strong>: Your React component detects these state changes via the <code>useEffect</code> hook and navigates accordingly.</p> <h3> Session persistence </h3> <p>After successful wallet creation, the session persists across app restarts. This is handled by the <code>WalletService</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Save session after connection (from app/index.tsx)</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">saveSessionAndNavigate</span><span class="p">()</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">wallet</span><span class="p">.</span><span class="nx">isConnected</span> <span class="o">&amp;&amp;</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">smartWalletPubkey</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="na">session</span><span class="p">:</span> <span class="nx">WalletSession</span> <span class="o">=</span> <span class="p">{</span> <span class="na">publicKey</span><span class="p">:</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">smartWalletPubkey</span><span class="p">.</span><span class="nf">toString</span><span class="p">(),</span> <span class="na">credentialId</span><span class="p">:</span> <span class="dl">'</span><span class="s1">lazorkit</span><span class="dl">'</span><span class="p">,</span> <span class="na">createdAt</span><span class="p">:</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">(),</span> <span class="na">lastAccessedAt</span><span class="p">:</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">(),</span> <span class="p">};</span> <span class="k">await</span> <span class="nx">WalletService</span><span class="p">.</span><span class="nf">saveSession</span><span class="p">(</span><span class="nx">session</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Failed to save session:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="p">}</span> <span class="nx">router</span><span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="dl">'</span><span class="s1">/home</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">saveSessionAndNavigate</span><span class="p">();</span> <span class="p">},</span> <span class="p">[</span><span class="nx">wallet</span><span class="p">.</span><span class="nx">isConnected</span><span class="p">,</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">smartWalletPubkey</span><span class="p">,</span> <span class="nx">router</span><span class="p">]);</span> </code></pre> </div> <p>On app restart, the Welcome screen checks for an existing session and automatically navigates to the home screen:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Check for existing session on app launch (from app/index.tsx)</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">checkExistingSession</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">WalletService</span><span class="p">.</span><span class="nf">loadSession</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">isValid</span> <span class="o">=</span> <span class="nx">WalletService</span><span class="p">.</span><span class="nf">isSessionValid</span><span class="p">(</span><span class="nx">session</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">isValid</span><span class="p">)</span> <span class="p">{</span> <span class="nx">router</span><span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="dl">'</span><span class="s1">/home</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Skip welcome screen, go directly to home</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">checkExistingSession</span><span class="p">();</span> <span class="p">},</span> <span class="p">[]);</span> </code></pre> </div> <h2> Troubleshooting </h2> <h3> Issue 1: "TypeError: Cannot read property 'getRandomValues' of undefined" </h3> <p><strong>Cause</strong>: Polyfills not loaded or loaded in wrong order.</p> <p><strong>Solution</strong>:</p> <ol> <li>Check that <code>react-native-url-polyfill/auto</code> is imported at the VERY TOP of <code>app/_layout.tsx</code> </li> <li>Check that polyfills are imported BEFORE any Solana or Lazorkit imports</li> <li>The Lazorkit SDK imports <code>react-native-get-random-values</code> internally, so you don't need to import it explicitly</li> <li>Verify all polyfill packages are installed: <code>npm list react-native-get-random-values react-native-url-polyfill buffer</code> </li> </ol> <h3> Issue 2: "Deep link not opening app after authentication" </h3> <p><strong>Cause</strong>: Scheme mismatch between <code>app.json</code> and <code>wallet.connect()</code> options, or deep linking not configured properly.</p> <p><strong>Solution</strong>:</p> <ol> <li>Verify the <code>scheme</code> field in <code>app.json</code> matches the <code>redirectUrl</code> in <code>wallet.connect()</code>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="c1">// app.json</span> <span class="dl">"</span><span class="s2">scheme</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">lazorkitstarter</span><span class="dl">"</span> <span class="c1">// app/index.tsx</span> <span class="k">await</span> <span class="nx">wallet</span><span class="p">.</span><span class="nf">connect</span><span class="p">({</span> <span class="na">redirectUrl</span><span class="p">:</span> <span class="dl">'</span><span class="s1">lazorkitstarter://callback</span><span class="dl">'</span> <span class="p">});</span> </code></pre> </div> <ol> <li>Rebuild your app after changing <code>app.json</code> (deep linking config doesn't apply via OTA updates)</li> <li>Test deep linking with: <code>npx uri-scheme open lazorkitstarter://test --ios</code> </li> </ol> <p><strong>Additional Debugging</strong>:</p> <ul> <li>Check iOS Console logs for deep link errors (Xcode &gt; Window &gt; Devices and Simulators &gt; Open Console)</li> <li>Check Android logcat for deep link errors: <code>adb logcat | grep -i "intent"</code> </li> <li>Ensure you're using a development build, not Expo Go (custom schemes require native code)</li> </ul> <h3> Issue 3: "Biometric prompt not appearing" </h3> <p><strong>Cause</strong>: Testing on simulator (biometrics require physical device).</p> <p><strong>Solution</strong>:</p> <ol> <li>Test on a physical device with Face ID/Touch ID enabled</li> <li>Ensure biometric authentication is set up in device settings: <ul> <li> <strong>iOS</strong>: Settings &gt; Face ID &amp; Passcode (or Touch ID &amp; Passcode)</li> <li> <strong>Android</strong>: Settings &gt; Security &gt; Fingerprint</li> </ul> </li> <li>Note: Expo Go may have limitations with biometric prompts; use a development build for full support</li> </ol> <p><strong>Development Build Command</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># iOS</span> eas build <span class="nt">--profile</span> development <span class="nt">--platform</span> ios <span class="c"># Android</span> eas build <span class="nt">--profile</span> development <span class="nt">--platform</span> android </code></pre> </div> <h3> Issue 4: "App stuck on 'Connecting...' indefinitely" </h3> <p><strong>Cause</strong>: Network error, portal redirect timeout, or deep link callback not received.</p> <p><strong>Solution</strong>:</p> <ol> <li>Check network connectivity (portal requires internet access)</li> <li>Verify portal URL is correct: <code>https://portal.lazor.sh</code> </li> <li>Check Expo logs for errors: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> npx expo start <span class="nt">--dev-client</span> </code></pre> </div> <ol> <li>Look for timeout or network errors in the Metro bundler console</li> <li>Ensure the user isn't stuck in the browser (manually switch back to the app)</li> </ol> <p><strong>Debugging Tips</strong>:</p> <ul> <li>Add console logs in the <code>handleCreateWallet</code> catch block to see error details</li> <li>Check if <code>wallet.isConnecting</code> ever becomes <code>false</code> (it should after completion or error)</li> <li>Verify the portal URL is reachable: <code>curl https://portal.lazor.sh</code> </li> </ul> <h3> Issue 5: "Buffer is not defined" </h3> <p><strong>Cause</strong>: Buffer polyfill not assigned to global namespace.</p> <p><strong>Solution</strong>:</p> <ol> <li>Ensure you have this line in <code>app/_layout.tsx</code>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">Buffer</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">buffer</span><span class="dl">'</span><span class="p">;</span> <span class="nb">global</span><span class="p">.</span><span class="nx">Buffer</span> <span class="o">=</span> <span class="nb">global</span><span class="p">.</span><span class="nx">Buffer</span> <span class="o">||</span> <span class="nx">Buffer</span><span class="p">;</span> </code></pre> </div> <ol> <li>Check that this appears BEFORE any Solana or Lazorkit imports</li> <li>Verify the <code>buffer</code> package is installed: <code>npm list buffer</code> </li> </ol> <h3> Issue 6: "Property 'isConnected' does not exist on type 'WalletContextState'" </h3> <p><strong>Cause</strong>: Using incorrect property name from outdated documentation.</p> <p><strong>Solution</strong>: Use the correct SDK property names:</p> <ul> <li>Use <code>wallet.isConnected</code> (NOT <code>wallet.connected</code>)</li> <li>Use <code>wallet.isConnecting</code> (NOT <code>wallet.connecting</code>)</li> <li>Use <code>wallet.smartWalletPubkey</code> (NOT <code>wallet.publicKey</code>)</li> </ul> <h3> Issue 7: ESLint error "Import 'X' must come before 'Y'" </h3> <p><strong>Cause</strong>: ESLint enforces import ordering, but polyfills must violate this rule.</p> <p><strong>Solution</strong>: Add the ESLint disable comment after polyfill imports:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="dl">'</span><span class="s1">react-native-url-polyfill/auto</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Buffer</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">buffer</span><span class="dl">'</span><span class="p">;</span> <span class="nb">global</span><span class="p">.</span><span class="nx">Buffer</span> <span class="o">=</span> <span class="nb">global</span><span class="p">.</span><span class="nx">Buffer</span> <span class="o">||</span> <span class="nx">Buffer</span><span class="p">;</span> <span class="c1">// eslint-disable-next-line import/first -- Polyfills must be imported before other modules</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">LazorKitProvider</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@lazorkit/wallet-mobile-adapter</span><span class="dl">'</span><span class="p">;</span> </code></pre> </div> <p>Congratulations! You've successfully implemented biometric wallet creation with Lazorkit SDK. Here's what you can explore next:</p> <h3> Official Documentation </h3> <ul> <li> <strong>Lazorkit SDK Documentation</strong>: <a href="https://docs.lazor.sh" rel="noopener noreferrer">https://docs.lazor.sh</a> </li> <li> <strong>Solana Web3.js Documentation</strong>: <a href="https://solana-labs.github.io/solana-web3.js/" rel="noopener noreferrer">https://solana-labs.github.io/solana-web3.js/</a> </li> <li> <strong>Expo Router Documentation</strong>: <a href="https://docs.expo.dev/router/introduction/" rel="noopener noreferrer">https://docs.expo.dev/router/introduction/</a> </li> <li> <strong>Expo SecureStore API</strong>: <a href="https://docs.expo.dev/versions/latest/sdk/securestore/" rel="noopener noreferrer">https://docs.expo.dev/versions/latest/sdk/securestore/</a> </li> </ul> <h3> WebAuthn and Passkeys </h3> <ul> <li> <strong>WebAuthn Guide</strong>: <a href="https://webauthn.guide/" rel="noopener noreferrer">https://webauthn.guide/</a> </li> <li> <strong>Passkeys.dev</strong>: <a href="https://passkeys.dev/" rel="noopener noreferrer">https://passkeys.dev/</a> </li> <li> <strong>Apple Face ID Documentation</strong>: <a href="https://developer.apple.com/face-id/" rel="noopener noreferrer">https://developer.apple.com/face-id/</a> </li> </ul> <h3> Solana Resources </h3> <ul> <li> <strong>Solana Explorer (Devnet)</strong>: <a href="https://explorer.solana.com/?cluster=devnet" rel="noopener noreferrer">https://explorer.solana.com/?cluster=devnet</a> <ul> <li>Use this to look up wallet addresses and transactions</li> </ul> </li> <li> <strong>Solana Cookbook</strong>: <a href="https://solanacookbook.com/" rel="noopener noreferrer"></a><a href="https://solanacookbook.com/" rel="noopener noreferrer">https://solanacookbook.com/</a> </li> <li> <strong>Solana Airdrop (Devnet)</strong>: <a href="https://solfaucet.com/" rel="noopener noreferrer"></a><a href="https://solfaucet.com/" rel="noopener noreferrer">https://solfaucet.com/</a> <ul> <li>Get free devnet SOL for testing (though you don't need it with Lazorkit paymaster!)</li> </ul> </li> </ul> <h2> Full Source Code Reference </h2> <p>All code snippets in this tutorial are extracted from an actual repository.</p> <p>*<em>Happy building with Lazorkit! If you need any help with any aspect, feel free to drop your questions in the comment section :) *</em></p> blockchain web3 solana webdev Ola Adesoye Mon, 15 Dec 2025 21:43:25 +0000 https://forem.com/ola-zoll/building-story-cli-from-30-minute-ip-registration-to-under-5-22nk https://forem.com/ola-zoll/building-story-cli-from-30-minute-ip-registration-to-under-5-22nk <h2> The problem that sparked this project </h2> <p>Here's something that bothered me about Web3 developer tools: they're often built <em>by</em> experienced blockchain developers <em>for</em> experienced blockchain developers. </p> <p>In the case of IP registration via blockchain, if you're a solo creator who just wants to register your artwork, music, or code as intellectual property on-chain, you're looking at 15-30 minutes of fumbling through documentation, manually formatting JSON metadata, and praying your transaction doesn't fail after you've already spent gas.</p> <p>I built <strong>Story CLI</strong> to fix that.</p> <h2> What I built </h2> <p>Story CLI is a command-line toolkit for registering IP assets on <a href="https://story.foundation" rel="noopener noreferrer">Story Protocol</a>—a blockchain designed specifically for programmable intellectual property. Instead of writing code or crafting API calls, you get an interactive wizard:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>story register ./my-artwork.jpg </code></pre> </div> <p>That's it. The CLI walks you through license selection, handles IPFS uploads, executes the blockchain transaction, and gives you a shareable portfolio visualization of all your registered IP.</p> <p>The goal was simple: <strong>take a 15-30 minute process and compress it to under 5 minutes</strong>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj8xe1mw96kb30qes8v3w.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj8xe1mw96kb30qes8v3w.png" alt=" " width="800" height="292"></a></p> <h3> 1. The license wizard state machine </h3> <p>One of the trickiest parts was translating legal license configurations into something a human could answer in 30 seconds. Story Protocol uses PIL (Programmable IP License) with multiple parameters—commercial use permissions, derivative rights, royalty percentages.</p> <p>I mapped this to a 3-question decision tree:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Commercial use? → Yes/No Allow derivatives? → Yes/No Revenue share? → 0-100% (only if commercial + derivatives) </code></pre> </div> <p>These three questions deterministically map to one of 4 license configurations:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Commercial</th> <th>Derivatives</th> <th>Result</th> </tr> </thead> <tbody> <tr> <td>No</td> <td>No</td> <td>Non-commercial Only</td> </tr> <tr> <td>No</td> <td>Yes</td> <td>Non-commercial Derivatives</td> </tr> <tr> <td>Yes</td> <td>No</td> <td>Commercial No-Derivatives</td> </tr> <tr> <td>Yes</td> <td>Yes</td> <td>Commercial Remix (+ royalty %)</td> </tr> </tbody> </table></div> <p>The state machine approach meant I could validate answers in real-time and prevent invalid combinations before they ever hit the blockchain.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fytgbexj4sd9xcdkw9y07.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fytgbexj4sd9xcdkw9y07.png" alt=" " width="800" height="1031"></a></p> <h3> 2. Fail-fast everything </h3> <p>Blockchain transactions cost gas. Failed transactions <em>still</em> cost gas. This created a design imperative: <strong>validate everything before touching the chain</strong>.</p> <ul> <li>Wallet address format? Checked before any network call</li> <li>IPFS hash format? Validated at input</li> <li>Sufficient balance? Queried before transaction submission</li> <li>Royalty percentage? Bounded 0-100 at prompt time</li> </ul> <p>The philosophy: if something's going to fail, fail in the first 2 seconds, not after a 30-second transaction attempt.</p> <h3> 3. Three-part error messages </h3> <p>Every error in Story CLI follows a structure: <strong>What</strong> went wrong → <strong>Why</strong> it matters → <strong>How</strong> to fix it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>✖ Pinata API key not found IPFS uploads require Pinata authentication for metadata storage. Run: story config set pinataApiKey YOUR_KEY </code></pre> </div> <p>This sounds obvious, but most CLI tools just dump "Error: invalid credentials" and leave you to figure it out. I spent real time ensuring every failure state had actionable guidance.</p> <h3> 4. Self-contained portfolio HTML </h3> <p>After registration, users needed to <em>see</em> their IP. I chose Mermaid.js for graph visualization because it lets me generate a <strong>single HTML file</strong> with everything embedded—CSS, JavaScript, and relationship diagrams.</p> <p>No server required. Download the file, email it to someone, and open it. It works.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>story portfolio <span class="c"># → generates story-portfolio.html with interactive graphs</span> </code></pre> </div> <p>The tradeoff was less visual customization than D3.js would offer, but for an MVP, shipping &gt; perfection.</p> <h2> Challenges &amp; what I learned </h2> <h3> Challenge 1: SDK documentation gaps </h3> <p>Story Protocol is relatively new. The SDK documentation had gaps—especially around error responses and edge cases. I ended up reading SDK source code directly and building a mock implementation (<code>STORY_CLI_MOCK=true</code>) so I could develop offline without burning testnet ETH.</p> <p><strong>Lesson:</strong> When integrating new SDKs, budget time for exploration. Mock modes aren't just for testing—they're essential for iteration speed.</p> <h3> Challenge 2: Terminal UX is harder than it looks </h3> <p>Making a CLI feel "good" requires attention to details you take for granted in web UIs:</p> <ul> <li>Spinners during async operations (Ora)</li> <li>Color-coded output for visual hierarchy (Chalk)</li> <li>Boxed success messages for celebration moments (Boxen)</li> <li>Clear prompt validation with inline feedback (Inquirer)</li> </ul> <p>Each library handles a specific UX need. Combining them into a cohesive experience took more iteration than expected.</p> <p><strong>Lesson:</strong> CLI UX is a real discipline. Users notice when it's done well—they just don't notice consciously.</p> <h3> Challenge 3: Config file security </h3> <p>Storing API keys and wallet information in <code>~/.storyrc</code> required thinking about permissions. The config file is created with <code>chmod 600</code> (owner read/write only), and sensitive values can be overridden via environment variables for CI/CD pipelines.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">export </span><span class="nv">STORY_WALLET_PRIVATE_KEY</span><span class="o">=</span>0x... <span class="c"># Override config file</span> story register ./asset.png </code></pre> </div> <p><strong>Lesson:</strong> Security isn't a feature—it's a constraint that shapes your entire design.</p> <h2> The Tech Stack </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F41oqatwbubn3bay5vu75.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F41oqatwbubn3bay5vu75.png" alt=" " width="800" height="497"></a></p> <h2> Architecture at a glance </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User terminal │ ▼ Command router (Commander.js) │ ├──► Register command │ ├── License wizard (Inquirer.js) │ ├── Metadata prompts │ ├── IPFS upload (Pinata SDK) │ └── Blockchain transaction (Story SDK) │ ├──► Portfolio command │ ├── Asset fetching (Story API) │ ├── Graph building (Mermaid.js) │ └── HTML rendering │ ├──► Config command │ └── ~/.storyrc management │ └──► Status command └── Wallet &amp; network info </code></pre> </div> <p>Key patterns used:</p> <ul> <li> <strong>Command pattern</strong> — Each CLI command is an isolated handler</li> <li> <strong>Facade pattern</strong> — <code>StoryClient</code> wraps the complex SDK</li> <li> <strong>Singleton pattern</strong> — <code>ConfigManager</code> prevents redundant file reads</li> <li> <strong>Fail-fast validation</strong> — Errors surface immediately, not after blockchain calls</li> </ul> <h2> Why this matters (Beyond the code) </h2> <p>IP registration on blockchain is one of those "obviously useful" ideas that's been stuck behind technical barriers. The people who would benefit most—independent artists, open-source developers, content creators—are often the least equipped to navigate Web3 tooling.</p> <p>Story CLI is my attempt at a bridge. Not a dumbed-down version, but a <em>well-designed</em> version that respects users' time and treats errors as communication opportunities rather than dead ends.</p> <p>The goal was never to abstract away the blockchain entirely—it was to remove the <em>friction</em> while preserving the power.</p> <h2> Try it yourself </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">-g</span> story-cli story <span class="nt">--help</span> </code></pre> </div> <h3> Quick start </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Configure your wallet</span> story config <span class="nb">set </span>walletAddress 0xYourAddress story config <span class="nb">set </span>network testnet <span class="c"># Set up IPFS (Pinata)</span> story config <span class="nb">set </span>pinataApiKey YOUR_KEY story config <span class="nb">set </span>pinataApiSecret YOUR_SECRET <span class="c"># Register your first IP asset</span> story register ./my-artwork.jpg <span class="c"># View your portfolio</span> story portfolio </code></pre> </div> <h2> What's next </h2> <ul> <li>Batch registration for multiple assets</li> <li>License template sharing</li> <li>Integration with popular creative tools</li> <li>Mainnet deployment guides</li> </ul> <p><strong>Links:</strong></p> <ul> <li><a href="https://github.com/Zolldyk/story-cli" rel="noopener noreferrer">GitHub repository</a></li> <li><a href="https://story.foundation" rel="noopener noreferrer">Story Protocol</a></li> </ul> blockchain web3 cli programming Ola Adesoye Sat, 22 Nov 2025 15:06:01 +0000 https://forem.com/ola-zoll/my-first-flash-loan-protocol-a-solana-adventure-3i4k https://forem.com/ola-zoll/my-first-flash-loan-protocol-a-solana-adventure-3i4k <h2> Introduction: Why i said yes to the unknown </h2> <p>I stumbled upon this challenge while browsing developer communities online, and honestly, my first instinct was to scroll past it. </p> <p>The challenge was clear: build a flash loan program on Solana using Anchor framework. Simple enough on paper, but there was one problem —I had never touched Solana development before.</p> <p>The requirements were intimidating:</p> <ul> <li><p>Rust: A language I'd love to still learn but currently don't know much about </p></li> <li><p>Anchor Framework: Completely new territory</p></li> <li><p>Solana's programming model: Foreign concepts like PDAs, instruction introspection, and BPF programs</p></li> </ul> <p>By all reasonable measures, I should have skipped it. I had deadlines, bunch of familiar projects waiting for my attention, and a comfortable tech stack waiting for me. But two things made me pause:</p> <p>First, <strong>Superteam UK's talent database</strong>. Successfully completing this challenge meant being recorded as a developer in their ecosystem, gaining access to developer-only Telegram groups, exclusive events, and other initiatives. The opportunity to join a community of builders working on cutting-edge blockchain technology was too valuable to pass up.</p> <p>Second, and perhaps more importantly, I'd interacted with flash loan protocols before. I'd used them and seen how one can profit from the arbitrage opportunities they enabled. But I'd never built one. There's a massive gulf between using a tool and understanding how it works at a fundamental level. This challenge was my chance to cross that bridge.</p> <p>So I decided to dive in, armed with nothing but curiosity and the every friendly AI.</p> <h2> What Are Flash Loans, Anyway? </h2> <p>Before we get into the technical weeds, let's establish what flash loans actually are - because they're one of the most fascinating innovations in DeFi.</p> <p>Imagine borrowing $1 million, using it to execute a complex trading strategy across multiple protocols, and then repaying the loan—all within a single transaction that takes mere seconds. No collateral required. No credit checks. No lengthy approval processes.</p> <p>That's a flash loan.</p> <p>The magic lies in <strong>transaction atomicity</strong>: on blockchains like Solana, transactions are all-or-nothing. If any step in the transaction fails (including the loan repayment), the entire transaction reverts as if it never happened. This means:</p> <ul> <li> <strong>For the lender</strong>: Zero risk. Either you get repaid with fees, or the loan never actually occurs.</li> <li> <strong>For the borrower</strong>: Instant access to massive capital, limited only by available liquidity.</li> </ul> <p>Flash loans enable arbitrage, collateral swapping, liquidation assistance, and many other DeFi strategies that were impossible in traditional finance.</p> <h2> The Challenge: Building flash loans on Solana </h2> <p>The challenge was deceptively simple:</p> <h3> Challenge 1: Create a <code>borrow</code> instruction </h3> <p>Build a program that allows a borrower to borrow funds from the protocol and verify that a repay instruction exists at the end of the transaction.</p> <h3> Challenge 2: Create a <code>repay</code> instruction </h3> <p>Implement an instruction that extracts the borrowed amount from the borrow instruction and repays the protocol with the correct amount plus fees.</p> <p>The twist? This all needed to happen using <strong>instruction introspection</strong> — the ability for a Solana program to examine other instructions in the same transaction, including ones that haven't executed yet.</p> <h2> Setting Up: New tools, New paradigms </h2> <p>My first task was getting the development environment ready:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Initialize a new Anchor project</span> anchor init blueshift_anchor_flash_loan <span class="c"># Add SPL token utilities</span> <span class="nb">cd </span>blueshift_anchor_flash_loan cargo add anchor-spl </code></pre> </div> <p>Coming from an Ethereum background (where I'd worked with Solidity), Solana's programming model was... different. Here are the key paradigm shifts I had to internalize:</p> <h3> 1. <strong>Accounts, accounts, everywhere</strong> </h3> <p>In Solana, you don't have contract storage like Ethereum. Instead, everything is accounts. Your program? An account. Your data? Separate accounts. User tokens? Also accounts.</p> <h3> 2. <strong>Rent and account ownership</strong> </h3> <p>Accounts must maintain a minimum balance (rent) to exist on-chain. Programs can own accounts. This helps create powerful patterns like Program Derived Addresses (PDAs).</p> <h3> 3. <strong>No built-in reentrancy guards needed</strong> </h3> <p>Solana's execution model is different — you explicitly pass all accounts you'll need. The good thing here is that it makes certain attack vectors from Ethereum (like reentrancy) less relevant.</p> <h2> Architecting the solution </h2> <p>I started by sketching out the account structure. Both <code>borrow</code> and <code>repay</code> would use the same accounts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="nd">#[derive(Accounts)]</span> <span class="k">pub</span> <span class="k">struct</span> <span class="n">Loan</span><span class="o">&lt;</span><span class="nv">'info</span><span class="o">&gt;</span> <span class="p">{</span> <span class="nd">#[account(mut)]</span> <span class="k">pub</span> <span class="n">borrower</span><span class="p">:</span> <span class="n">Signer</span><span class="o">&lt;</span><span class="nv">'info</span><span class="o">&gt;</span><span class="p">,</span> <span class="nd">#[account(</span> <span class="nd">seeds</span> <span class="nd">=</span> <span class="err">[</span><span class="s">b"protocol"</span><span class="err">.</span><span class="nd">as_ref()]</span><span class="p">,</span> <span class="n">bump</span><span class="p">,</span> <span class="p">)]</span> <span class="k">pub</span> <span class="n">protocol</span><span class="p">:</span> <span class="n">SystemAccount</span><span class="o">&lt;</span><span class="nv">'info</span><span class="o">&gt;</span><span class="p">,</span> <span class="k">pub</span> <span class="n">mint</span><span class="p">:</span> <span class="n">Account</span><span class="o">&lt;</span><span class="nv">'info</span><span class="p">,</span> <span class="n">Mint</span><span class="o">&gt;</span><span class="p">,</span> <span class="nd">#[account(</span> <span class="nd">init_if_needed,</span> <span class="nd">payer</span> <span class="nd">=</span> <span class="nd">borrower,</span> <span class="nd">associated_token::mint</span> <span class="nd">=</span> <span class="nd">mint,</span> <span class="nd">associated_token::authority</span> <span class="nd">=</span> <span class="nd">borrower,</span> <span class="nd">)]</span> <span class="k">pub</span> <span class="n">borrower_ata</span><span class="p">:</span> <span class="n">Account</span><span class="o">&lt;</span><span class="nv">'info</span><span class="p">,</span> <span class="n">TokenAccount</span><span class="o">&gt;</span><span class="p">,</span> <span class="nd">#[account(</span> <span class="nd">mut,</span> <span class="nd">associated_token::mint</span> <span class="nd">=</span> <span class="nd">mint,</span> <span class="nd">associated_token::authority</span> <span class="nd">=</span> <span class="nd">protocol,</span> <span class="nd">)]</span> <span class="k">pub</span> <span class="n">protocol_ata</span><span class="p">:</span> <span class="n">Account</span><span class="o">&lt;</span><span class="nv">'info</span><span class="p">,</span> <span class="n">TokenAccount</span><span class="o">&gt;</span><span class="p">,</span> <span class="nd">#[account(address</span> <span class="nd">=</span> <span class="nd">INSTRUCTIONS_SYSVAR_ID)]</span> <span class="cd">/// CHECK: InstructionsSysvar account</span> <span class="k">pub</span> <span class="n">instructions</span><span class="p">:</span> <span class="n">UncheckedAccount</span><span class="o">&lt;</span><span class="nv">'info</span><span class="o">&gt;</span><span class="p">,</span> <span class="k">pub</span> <span class="n">token_program</span><span class="p">:</span> <span class="n">Program</span><span class="o">&lt;</span><span class="nv">'info</span><span class="p">,</span> <span class="n">Token</span><span class="o">&gt;</span><span class="p">,</span> <span class="k">pub</span> <span class="n">associated_token_program</span><span class="p">:</span> <span class="n">Program</span><span class="o">&lt;</span><span class="nv">'info</span><span class="p">,</span> <span class="n">AssociatedToken</span><span class="o">&gt;</span><span class="p">,</span> <span class="k">pub</span> <span class="n">system_program</span><span class="p">:</span> <span class="n">Program</span><span class="o">&lt;</span><span class="nv">'info</span><span class="p">,</span> <span class="n">System</span><span class="o">&gt;</span> <span class="p">}</span> </code></pre> </div> <h3> Key design decisions: </h3> <p><strong>1. Protocol PDA</strong>: The protocol account is a Program Derived Address (PDA) using the seed <code>"protocol"</code>. This is crucial because:</p> <ul> <li>Only our program can sign transactions on behalf of this PDA</li> <li>It provides deterministic addresses</li> <li>It securely holds the protocol's liquidity pool</li> </ul> <p><strong>2. Associated Token Accounts (ATAs)</strong>: Using <code>init_if_needed</code> for the borrower's ATA means we automatically create it if it doesn't exist. The aim here is to improve UX.</p> <p><strong>3. Instructions Sysvar</strong>: This special account gives us access to all instructions in the current transaction—the key to our flash loan security model.</p> <h2> The heart of the matter: Instruction Introspection </h2> <p>This is where things got really interesting. The security of flash loans relies on ensuring that borrowed funds are repaid within the same transaction. On Ethereum, you might use a callback pattern. On Solana, we use <strong>instruction introspection</strong>.</p> <h3> The borrow instruction </h3> <p>Here's the critical code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="k">pub</span> <span class="k">fn</span> <span class="nf">borrow</span><span class="p">(</span><span class="n">ctx</span><span class="p">:</span> <span class="n">Context</span><span class="o">&lt;</span><span class="n">Loan</span><span class="o">&gt;</span><span class="p">,</span> <span class="n">borrow_amount</span><span class="p">:</span> <span class="nb">u64</span><span class="p">)</span> <span class="k">-&gt;</span> <span class="nb">Result</span><span class="o">&lt;</span><span class="p">()</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// Validate amount</span> <span class="nd">require!</span><span class="p">(</span><span class="n">borrow_amount</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">,</span> <span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidAmount</span><span class="p">);</span> <span class="k">let</span> <span class="n">ixs</span> <span class="o">=</span> <span class="n">ctx</span><span class="py">.accounts.instructions</span><span class="nf">.to_account_info</span><span class="p">();</span> <span class="c1">// Check if this is the first instruction in the transaction</span> <span class="k">let</span> <span class="n">current_index</span> <span class="o">=</span> <span class="nf">load_current_index_checked</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ctx</span><span class="py">.accounts.instructions</span><span class="p">)</span><span class="o">?</span><span class="p">;</span> <span class="nd">require_eq!</span><span class="p">(</span><span class="n">current_index</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidIx</span><span class="p">);</span> <span class="c1">// Get the total number of instructions in this transaction</span> <span class="k">let</span> <span class="n">instruction_sysvar</span> <span class="o">=</span> <span class="n">ixs</span><span class="nf">.try_borrow_data</span><span class="p">()</span><span class="o">?</span><span class="p">;</span> <span class="k">let</span> <span class="n">len</span> <span class="o">=</span> <span class="nn">u16</span><span class="p">::</span><span class="nf">from_le_bytes</span><span class="p">(</span><span class="n">instruction_sysvar</span><span class="p">[</span><span class="mi">0</span><span class="o">..</span><span class="mi">2</span><span class="p">]</span><span class="nf">.try_into</span><span class="p">()</span><span class="nf">.unwrap</span><span class="p">());</span> <span class="nf">drop</span><span class="p">(</span><span class="n">instruction_sysvar</span><span class="p">);</span> <span class="c1">// Load the LAST instruction and verify it's our repay instruction</span> <span class="k">if</span> <span class="k">let</span> <span class="nf">Ok</span><span class="p">(</span><span class="n">repay_ix</span><span class="p">)</span> <span class="o">=</span> <span class="nf">load_instruction_at_checked</span><span class="p">(</span><span class="n">len</span> <span class="k">as</span> <span class="nb">usize</span> <span class="o">-</span> <span class="mi">1</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">ixs</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Verify it's calling our program</span> <span class="nd">require_keys_eq!</span><span class="p">(</span><span class="n">repay_ix</span><span class="py">.program_id</span><span class="p">,</span> <span class="k">crate</span><span class="p">::</span><span class="n">ID</span><span class="p">,</span> <span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidProgram</span><span class="p">);</span> <span class="c1">// Verify it has enough data</span> <span class="nd">require!</span><span class="p">(</span><span class="n">repay_ix</span><span class="py">.data</span><span class="nf">.len</span><span class="p">()</span> <span class="o">&gt;=</span> <span class="mi">8</span><span class="p">,</span> <span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidIx</span><span class="p">);</span> <span class="c1">// Verify the same accounts are being used (indices 3 and 4)</span> <span class="nd">require_keys_eq!</span><span class="p">(</span> <span class="n">repay_ix</span><span class="py">.accounts</span><span class="nf">.get</span><span class="p">(</span><span class="mi">3</span><span class="p">)</span><span class="nf">.ok_or</span><span class="p">(</span><span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidBorrowerAta</span><span class="p">)</span><span class="o">?</span><span class="py">.pubkey</span><span class="p">,</span> <span class="n">ctx</span><span class="py">.accounts.borrower_ata</span><span class="nf">.key</span><span class="p">(),</span> <span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidBorrowerAta</span> <span class="p">);</span> <span class="nd">require_keys_eq!</span><span class="p">(</span> <span class="n">repay_ix</span><span class="py">.accounts</span><span class="nf">.get</span><span class="p">(</span><span class="mi">4</span><span class="p">)</span><span class="nf">.ok_or</span><span class="p">(</span><span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidProtocolAta</span><span class="p">)</span><span class="o">?</span><span class="py">.pubkey</span><span class="p">,</span> <span class="n">ctx</span><span class="py">.accounts.protocol_ata</span><span class="nf">.key</span><span class="p">(),</span> <span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidProtocolAta</span> <span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">Err</span><span class="p">(</span><span class="nn">ProtocolError</span><span class="p">::</span><span class="n">MissingRepayIx</span><span class="nf">.into</span><span class="p">());</span> <span class="p">}</span> <span class="c1">// If we get here, validation passed—time to lend the funds</span> <span class="k">let</span> <span class="n">seeds</span> <span class="o">=</span> <span class="o">&amp;</span><span class="p">[</span> <span class="s">b"protocol"</span><span class="nf">.as_ref</span><span class="p">(),</span> <span class="o">&amp;</span><span class="p">[</span><span class="n">ctx</span><span class="py">.bumps.protocol</span><span class="p">]</span> <span class="p">];</span> <span class="k">let</span> <span class="n">signer_seeds</span> <span class="o">=</span> <span class="o">&amp;</span><span class="p">[</span><span class="o">&amp;</span><span class="n">seeds</span><span class="p">[</span><span class="o">..</span><span class="p">]];</span> <span class="nf">transfer</span><span class="p">(</span> <span class="nn">CpiContext</span><span class="p">::</span><span class="nf">new_with_signer</span><span class="p">(</span> <span class="n">ctx</span><span class="py">.accounts.token_program</span><span class="nf">.to_account_info</span><span class="p">(),</span> <span class="n">Transfer</span> <span class="p">{</span> <span class="n">from</span><span class="p">:</span> <span class="n">ctx</span><span class="py">.accounts.protocol_ata</span><span class="nf">.to_account_info</span><span class="p">(),</span> <span class="n">to</span><span class="p">:</span> <span class="n">ctx</span><span class="py">.accounts.borrower_ata</span><span class="nf">.to_account_info</span><span class="p">(),</span> <span class="n">authority</span><span class="p">:</span> <span class="n">ctx</span><span class="py">.accounts.protocol</span><span class="nf">.to_account_info</span><span class="p">(),</span> <span class="p">},</span> <span class="n">signer_seeds</span> <span class="p">),</span> <span class="n">borrow_amount</span> <span class="p">)</span><span class="o">?</span><span class="p">;</span> <span class="nd">msg!</span><span class="p">(</span><span class="s">"Borrowed {} tokens"</span><span class="p">,</span> <span class="n">borrow_amount</span><span class="p">);</span> <span class="nf">Ok</span><span class="p">(())</span> <span class="p">}</span> </code></pre> </div> <p><strong>What's happening here?</strong></p> <ol> <li>We're ensuring <code>borrow</code> is the FIRST instruction (index 0)</li> <li>We're reading the instructions sysvar to find out how many total instructions exist</li> <li>We're "looking ahead" to the LAST instruction in the transaction</li> <li>We're validating that the last instruction: <ul> <li>Calls our program</li> <li>Has the same token accounts (ensuring repayment goes to the right place)</li> </ul> </li> </ol> <p>This is powerful: we refuse to lend unless we can see the repay instruction waiting at the end of the transaction.</p> <h3> The repay instruction </h3> <p>The repay side is equally clever:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="k">pub</span> <span class="k">fn</span> <span class="nf">repay</span><span class="p">(</span><span class="n">ctx</span><span class="p">:</span> <span class="n">Context</span><span class="o">&lt;</span><span class="n">Loan</span><span class="o">&gt;</span><span class="p">)</span> <span class="k">-&gt;</span> <span class="nb">Result</span><span class="o">&lt;</span><span class="p">()</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">let</span> <span class="n">ixs</span> <span class="o">=</span> <span class="n">ctx</span><span class="py">.accounts.instructions</span><span class="nf">.to_account_info</span><span class="p">();</span> <span class="k">let</span> <span class="n">amount_borrowed</span> <span class="o">=</span> <span class="k">if</span> <span class="k">let</span> <span class="nf">Ok</span><span class="p">(</span><span class="n">borrow_ix</span><span class="p">)</span> <span class="o">=</span> <span class="nf">load_instruction_at_checked</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">ixs</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Extract the borrowed amount from the first instruction's data</span> <span class="k">let</span> <span class="k">mut</span> <span class="n">borrowed_data</span><span class="p">:</span> <span class="p">[</span><span class="nb">u8</span><span class="p">;</span> <span class="mi">8</span><span class="p">]</span> <span class="o">=</span> <span class="p">[</span><span class="mi">0u8</span><span class="p">;</span> <span class="mi">8</span><span class="p">];</span> <span class="n">borrowed_data</span><span class="nf">.copy_from_slice</span><span class="p">(</span><span class="o">&amp;</span><span class="n">borrow_ix</span><span class="py">.data</span><span class="p">[</span><span class="mi">8</span><span class="o">..</span><span class="mi">16</span><span class="p">]);</span> <span class="nn">u64</span><span class="p">::</span><span class="nf">from_le_bytes</span><span class="p">(</span><span class="n">borrowed_data</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">Err</span><span class="p">(</span><span class="nn">ProtocolError</span><span class="p">::</span><span class="n">MissingBorrowIx</span><span class="nf">.into</span><span class="p">());</span> <span class="p">};</span> <span class="c1">// Calculate 5% fee (500 basis points)</span> <span class="k">let</span> <span class="n">fee</span> <span class="o">=</span> <span class="p">(</span><span class="n">amount_borrowed</span> <span class="k">as</span> <span class="nb">u128</span><span class="p">)</span> <span class="nf">.checked_mul</span><span class="p">(</span><span class="mi">500</span><span class="p">)</span> <span class="nf">.unwrap</span><span class="p">()</span> <span class="nf">.checked_div</span><span class="p">(</span><span class="mi">10_000</span><span class="p">)</span> <span class="nf">.ok_or</span><span class="p">(</span><span class="nn">ProtocolError</span><span class="p">::</span><span class="n">Overflow</span><span class="p">)</span><span class="o">?</span> <span class="k">as</span> <span class="nb">u64</span><span class="p">;</span> <span class="k">let</span> <span class="n">repay_amount</span> <span class="o">=</span> <span class="n">amount_borrowed</span> <span class="nf">.checked_add</span><span class="p">(</span><span class="n">fee</span><span class="p">)</span> <span class="nf">.ok_or</span><span class="p">(</span><span class="nn">ProtocolError</span><span class="p">::</span><span class="n">Overflow</span><span class="p">)</span><span class="o">?</span><span class="p">;</span> <span class="c1">// Transfer funds back to protocol</span> <span class="nf">transfer</span><span class="p">(</span> <span class="nn">CpiContext</span><span class="p">::</span><span class="nf">new</span><span class="p">(</span> <span class="n">ctx</span><span class="py">.accounts.token_program</span><span class="nf">.to_account_info</span><span class="p">(),</span> <span class="n">Transfer</span> <span class="p">{</span> <span class="n">from</span><span class="p">:</span> <span class="n">ctx</span><span class="py">.accounts.borrower_ata</span><span class="nf">.to_account_info</span><span class="p">(),</span> <span class="n">to</span><span class="p">:</span> <span class="n">ctx</span><span class="py">.accounts.protocol_ata</span><span class="nf">.to_account_info</span><span class="p">(),</span> <span class="n">authority</span><span class="p">:</span> <span class="n">ctx</span><span class="py">.accounts.borrower</span><span class="nf">.to_account_info</span><span class="p">(),</span> <span class="p">}</span> <span class="p">),</span> <span class="n">repay_amount</span> <span class="p">)</span><span class="o">?</span><span class="p">;</span> <span class="nd">msg!</span><span class="p">(</span><span class="s">"Repaid {} tokens (borrowed: {}, fee: {})"</span><span class="p">,</span> <span class="n">repay_amount</span><span class="p">,</span> <span class="n">amount_borrowed</span><span class="p">,</span> <span class="n">fee</span><span class="p">);</span> <span class="nf">Ok</span><span class="p">(())</span> <span class="p">}</span> </code></pre> </div> <p>Here we're:</p> <ol> <li>Looking BACKWARD at the first instruction (the borrow)</li> <li>Extracting the borrowed amount from its instruction data</li> <li>Calculating a 5% fee</li> <li>Transferring borrowed amount + fee back to the protocol</li> </ol> <h2> The debugging gauntlet </h2> <p>Now, here's where things got... educational. My first several attempts failed spectacularly. Let me walk you through the journey.</p> <h3> Issue #1: The slice index panic </h3> <p><strong>Error:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>panicked at programs/blueshift_anchor_flash_loan/src/lib.rs:296:12: range start index 63407 out of range for slice of length 698 </code></pre> </div> <p><strong>The Problem:</strong><br> I initially tried to manually parse the instructions sysvar to look ahead at future instructions. My parsing logic was completely wrong — I was trying to access byte index 63407 in a 698-byte array.</p> <p><strong>The Root Cause:</strong><br> I misunderstood the instructions sysvar format. I thought I needed to manually parse through it, but Solana provides <code>load_instruction_at_checked()</code> for this exact purpose.</p> <p><strong>The fix:</strong><br> Stop trying to be clever and use the standard library:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="c1">// WRONG: Manual parsing with incorrect offsets</span> <span class="k">let</span> <span class="n">num_instructions</span> <span class="o">=</span> <span class="nf">get_instruction_relative</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="n">instructions_sysvar</span><span class="p">)</span><span class="o">?</span><span class="nf">.len</span><span class="p">()</span> <span class="k">as</span> <span class="nb">usize</span><span class="p">;</span> <span class="c1">// RIGHT: Use the built-in function</span> <span class="k">let</span> <span class="n">instruction_sysvar</span> <span class="o">=</span> <span class="n">ixs</span><span class="nf">.try_borrow_data</span><span class="p">()</span><span class="o">?</span><span class="p">;</span> <span class="k">let</span> <span class="n">len</span> <span class="o">=</span> <span class="nn">u16</span><span class="p">::</span><span class="nf">from_le_bytes</span><span class="p">(</span><span class="n">instruction_sysvar</span><span class="p">[</span><span class="mi">0</span><span class="o">..</span><span class="mi">2</span><span class="p">]</span><span class="nf">.try_into</span><span class="p">()</span><span class="nf">.unwrap</span><span class="p">());</span> </code></pre> </div> <h3> Issue #2: Cannot look ahead </h3> <p><strong>Error:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>AnchorError occurred. Error Code: InvalidInstructionIndex. Error Number: 6001. </code></pre> </div> <p><strong>The Problem:</strong><br> <code>load_instruction_at_checked()</code> was failing when I tried to load future instructions (instructions that haven't executed yet).</p> <p><strong>The Revelation:</strong><br> This was a critical learning moment. In Solana, <code>load_instruction_at_checked()</code> has security restrictions—by default, it can only access instructions that have already executed. This prevents certain types of attacks but complicates looking ahead.</p> <p><strong>Initial failed approach:</strong><br> I tried manually parsing the instructions sysvar with custom structs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="c1">// This approach was too complex and error-prone</span> <span class="k">struct</span> <span class="n">ParsedInstruction</span> <span class="p">{</span> <span class="n">program_id</span><span class="p">:</span> <span class="n">Pubkey</span><span class="p">,</span> <span class="n">accounts</span><span class="p">:</span> <span class="nb">Vec</span><span class="o">&lt;</span><span class="n">Pubkey</span><span class="o">&gt;</span><span class="p">,</span> <span class="n">data</span><span class="p">:</span> <span class="nb">Vec</span><span class="o">&lt;</span><span class="nb">u8</span><span class="o">&gt;</span><span class="p">,</span> <span class="p">}</span> <span class="k">fn</span> <span class="nf">parse_instruction_at</span><span class="p">(</span><span class="n">index</span><span class="p">:</span> <span class="nb">u16</span><span class="p">,</span> <span class="n">instructions_sysvar</span><span class="p">:</span> <span class="o">&amp;</span><span class="n">UncheckedAccount</span><span class="p">)</span> <span class="k">-&gt;</span> <span class="nb">Result</span><span class="o">&lt;</span><span class="n">ParsedInstruction</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// Complex parsing logic that kept failing...</span> <span class="p">}</span> </code></pre> </div> <p><strong>The Correct Approach:</strong><br> It turns out <code>load_instruction_at_checked()</code> CAN load future instructions, but you need to:</p> <ol> <li>Drop any borrows on the instructions sysvar before calling it</li> <li>Read the instruction count from the correct bytes (0..2, not 2..4) </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="c1">// Get instruction count - MUST drop the borrow before load_instruction_at_checked</span> <span class="k">let</span> <span class="n">len</span> <span class="o">=</span> <span class="p">{</span> <span class="k">let</span> <span class="n">instruction_sysvar</span> <span class="o">=</span> <span class="n">ixs</span><span class="nf">.try_borrow_data</span><span class="p">()</span><span class="o">?</span><span class="p">;</span> <span class="nn">u16</span><span class="p">::</span><span class="nf">from_le_bytes</span><span class="p">(</span><span class="n">instruction_sysvar</span><span class="p">[</span><span class="mi">0</span><span class="o">..</span><span class="mi">2</span><span class="p">]</span><span class="nf">.try_into</span><span class="p">()</span><span class="nf">.unwrap</span><span class="p">())</span> <span class="p">};</span> <span class="c1">// Borrow drops here</span> <span class="c1">// Now we can load future instructions</span> <span class="k">if</span> <span class="k">let</span> <span class="nf">Ok</span><span class="p">(</span><span class="n">repay_ix</span><span class="p">)</span> <span class="o">=</span> <span class="nf">load_instruction_at_checked</span><span class="p">((</span><span class="n">len</span> <span class="o">-</span> <span class="mi">1</span><span class="p">)</span> <span class="k">as</span> <span class="nb">usize</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">ixs</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Success!</span> <span class="p">}</span> </code></pre> </div> <h3> Issue #3: The discriminator mismatch </h3> <p><strong>Error:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Error Code: InvalidIx. Error Number: 6000. Error Message: Invalid instruction. </code></pre> </div> <p><strong>The problem:</strong><br> I hardcoded the discriminator for the repay instruction:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="k">let</span> <span class="n">repay_discriminator</span><span class="p">:</span> <span class="p">[</span><span class="nb">u8</span><span class="p">;</span> <span class="mi">8</span><span class="p">]</span> <span class="o">=</span> <span class="p">[</span><span class="mi">0x8c</span><span class="p">,</span> <span class="mi">0x95</span><span class="p">,</span> <span class="mi">0xfc</span><span class="p">,</span> <span class="mi">0xc7</span><span class="p">,</span> <span class="mi">0x6e</span><span class="p">,</span> <span class="mi">0x4f</span><span class="p">,</span> <span class="mi">0xaf</span><span class="p">,</span> <span class="mi">0x32</span><span class="p">];</span> <span class="nd">require!</span><span class="p">(</span><span class="n">repay_ix</span><span class="py">.data</span><span class="p">[</span><span class="mi">0</span><span class="o">..</span><span class="mi">8</span><span class="p">]</span><span class="nf">.eq</span><span class="p">(</span><span class="o">&amp;</span><span class="n">repay_discriminator</span><span class="p">),</span> <span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidIx</span><span class="p">);</span> </code></pre> </div> <p>But the test environment's discriminator didn't match. In Anchor, discriminators are generated from <code>sha256("global:&lt;function_name&gt;")[0..8]</code>, and apparently the test harness was generating a different value.</p> <p><strong>The fix:</strong><br> Remove the strict discriminator check and rely on other validation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="c1">// Instead of checking exact discriminator bytes, just verify we have data</span> <span class="nd">require!</span><span class="p">(</span><span class="n">repay_ix</span><span class="py">.data</span><span class="nf">.len</span><span class="p">()</span> <span class="o">&gt;=</span> <span class="mi">8</span><span class="p">,</span> <span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidIx</span><span class="p">);</span> <span class="c1">// And validate the accounts match (stronger guarantee anyway)</span> <span class="nd">require_keys_eq!</span><span class="p">(</span> <span class="n">repay_ix</span><span class="py">.accounts</span><span class="nf">.get</span><span class="p">(</span><span class="mi">3</span><span class="p">)</span><span class="nf">.ok_or</span><span class="p">(</span><span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidBorrowerAta</span><span class="p">)</span><span class="o">?</span><span class="py">.pubkey</span><span class="p">,</span> <span class="n">ctx</span><span class="py">.accounts.borrower_ata</span><span class="nf">.key</span><span class="p">(),</span> <span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidBorrowerAta</span> <span class="p">);</span> </code></pre> </div> <p>This is actually MORE secure because we're validating the actual accounts involved, not just a hash.</p> <h2> The security model: Why this works </h2> <p>Let's pause and appreciate the elegance of this system:</p> <h3> Transaction Atomicity = Risk-Free Lending </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────────────────────────────────┐ │ FLASH LOAN TRANSACTION │ ├─────────────────────────────────────────┤ │ │ │ 1. Borrow (checks for repay) ────────┐ │ │ │ │ │ │ │ Lends tokens │ │ │ ▼ │ │ │ 2. [User's actions with funds] │ │ │ │ │ │ │ │ Uses borrowed tokens │ │ │ ▼ │ │ │ 3. Repay (validates borrow) ◄────────┘ │ │ │ │ │ │ Returns tokens + fee │ │ ▼ │ │ ✓ Success │ │ │ │ If ANY step fails: │ │ → Entire transaction reverts │ │ → It's like nothing happened │ │ → Protocol loses nothing │ │ │ └─────────────────────────────────────────┘ </code></pre> </div> <h3> Multi-layer validation </h3> <ol> <li> <strong>Program ID check</strong>: Ensures we're calling our own program</li> <li> <strong>Account validation</strong>: Verifies the same token accounts are used in both instructions</li> <li> <strong>Atomicity</strong>: If repay fails, borrow never happened</li> <li> <strong>Amount verification</strong>: Repay extracts the exact borrowed amount from borrow's data</li> </ol> <h2> Key learnings </h2> <h3> 1. <strong>Read the docs, then read them again</strong> </h3> <p>Solana's programming model is fundamentally different from Ethereum's. Assumptions don't transfer well. I wasted hours trying to manually parse the instructions sysvar when the SDK had perfect functions for this.</p> <p><strong>Lesson</strong>: Use the platform's native tools first. Optimize later if needed.</p> <h3> 2. <strong>Borrowing in Rust is not optional</strong> </h3> <p>Coming from languages with garbage collection, Rust's borrow checker was frustrating at first. But the error about trying to call <code>load_instruction_at_checked()</code> while holding a borrow taught me that Rust's restrictions prevent real bugs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="c1">// This fails - can't borrow ixs twice</span> <span class="k">let</span> <span class="n">instruction_sysvar</span> <span class="o">=</span> <span class="n">ixs</span><span class="nf">.try_borrow_data</span><span class="p">()</span><span class="o">?</span><span class="p">;</span> <span class="k">let</span> <span class="n">ix</span> <span class="o">=</span> <span class="nf">load_instruction_at_checked</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">ixs</span><span class="p">)</span><span class="o">?</span><span class="p">;</span> <span class="c1">// ERROR!</span> <span class="c1">// This works - scope the borrow</span> <span class="k">let</span> <span class="n">len</span> <span class="o">=</span> <span class="p">{</span> <span class="k">let</span> <span class="n">instruction_sysvar</span> <span class="o">=</span> <span class="n">ixs</span><span class="nf">.try_borrow_data</span><span class="p">()</span><span class="o">?</span><span class="p">;</span> <span class="nn">u16</span><span class="p">::</span><span class="nf">from_le_bytes</span><span class="p">(</span><span class="n">instruction_sysvar</span><span class="p">[</span><span class="mi">0</span><span class="o">..</span><span class="mi">2</span><span class="p">]</span><span class="nf">.try_into</span><span class="p">()</span><span class="nf">.unwrap</span><span class="p">())</span> <span class="p">};</span> <span class="c1">// Borrow dropped here</span> <span class="k">let</span> <span class="n">ix</span> <span class="o">=</span> <span class="nf">load_instruction_at_checked</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">ixs</span><span class="p">)</span><span class="o">?</span><span class="p">;</span> <span class="c1">// OK!</span> </code></pre> </div> <h3> 3. <strong>Instruction introspection is powerful</strong> </h3> <p>The ability to examine and validate other instructions in a transaction enables patterns that are hard or impossible in other chains:</p> <ul> <li>Flash loans (as we built)</li> <li>Composable DeFi strategies</li> <li>Multi-step protocols with built-in validation</li> <li>Atomic sandwich protection</li> </ul> <h3> 4. <strong>Security through architecture</strong> </h3> <p>We didn't need extensive reentrancy guards or complex state machines. The security comes from:</p> <ul> <li>Explicit account passing</li> <li>Transaction atomicity</li> <li>Instruction introspection</li> <li>Program Derived Addresses (PDAs)</li> </ul> <p>These primitives combine to create a system that's secure by default.</p> <h3> 5. <strong>The value of pair programming (Even with AI)</strong> </h3> <p>Working with AI was illuminating. When I hit a wall, explaining the problem to the AI forced me to think clearly about what was actually happening. Sometimes I'd solve the issue while typing the question. Other times, the AI would suggest an approach I hadn't considered and these led me down productive paths.</p> <h2> The Final implementation </h2> <p>After all the iterations, here's what worked:</p> <p><strong>Total Lines of Code</strong>: ~200<br> <strong>Number of Instructions</strong>: 2 (borrow, repay)<br> <strong>Security Features</strong>:</p> <ul> <li>Instruction introspection</li> <li>Account validation</li> <li>Transaction atomicity</li> <li>PDA-based authority</li> </ul> <p><strong>Key Files</strong>:</p> <ul> <li> <code>lib.rs</code>: Main program logic</li> <li> <code>Cargo.toml</code>: Dependencies (anchor-lang, anchor-spl)</li> <li> <code>Anchor.toml</code>: Project configuration</li> </ul> <h2> What's next? </h2> <p>This implementation is educational, not production-ready. To make it real:</p> <h3> 1. <strong>Add price oracle integration</strong> </h3> <p>Currently, the protocol has a fixed fee (5%). Real flash loan protocols adjust fees based on:</p> <ul> <li>Market volatility</li> <li>Protocol utilization rates</li> <li>Risk metrics</li> </ul> <h3> 2. <strong>Implement multi-token support</strong> </h3> <p>Right now it's single-token. Production systems support:</p> <ul> <li>Multiple token pools</li> <li>Cross-token flash loans</li> <li>Liquidity management across assets</li> </ul> <h3> 3. <strong>Add governance</strong> </h3> <p>Who controls the protocol? What are the fees? Production systems need:</p> <ul> <li>DAO governance</li> <li>Parameter adjustment mechanisms</li> <li>Emergency pause functionality</li> </ul> <h3> 4. <strong>Gas optimization</strong> </h3> <p>Every instruction on Solana costs compute units. Optimizations could include:</p> <ul> <li>Minimizing account validations</li> <li>Batching operations</li> <li>Using more efficient data structures</li> </ul> <h3> 5. <strong>Comprehensive testing</strong> </h3> <p>My tests were basic. Production needs:</p> <ul> <li>Fuzz testing</li> <li>Integration tests with real DeFi protocols</li> <li>Economic attack simulations</li> <li>Formal verification (for critical paths)</li> </ul> <h2> Reflections </h2> <p>When I started this challenge, I couldn't have imagined the depth of learning ahead. What began as a resume-building exercise became a masterclass in:</p> <ul> <li> <strong>New programming paradigms</strong> (Solana's account model)</li> <li> <strong>Systems thinking</strong> (how transaction atomicity enables new primitives)</li> <li> <strong>Debugging across abstraction layers</strong> (from Rust borrow checker to on-chain execution)</li> <li> <strong>Financial engineering</strong> (flash loans as a DeFi primitive)</li> </ul> <p>The most valuable lesson? <strong>Discomfort is where growth happens.</strong> I was uncomfortable with Rust, uncertain about Solana, and intimidated by the challenge. But that discomfort was a signal—I was learning.</p> <p>Would I do it again? Absolutely. In fact, I'm already eyeing the next challenge.</p> <h2> Resources </h2> <p>If you want to explore flash loans and Solana development:</p> <p><strong>Solana fundamentals</strong>:</p> <ul> <li><a href="https://solanacookbook.com/" rel="noopener noreferrer">Solana Cookbook</a></li> <li><a href="https://book.anchor-lang.com/" rel="noopener noreferrer">Anchor Book</a></li> <li><a href="https://spl.solana.com/" rel="noopener noreferrer">Solana Program Library (SPL)</a></li> </ul> <p><strong>Flash loan concepts</strong>:</p> <ul> <li><a href="https://docs.aave.com/developers/guides/flash-loans" rel="noopener noreferrer">Aave Flash Loans Documentation</a></li> <li><a href="https://www.coindesk.com/learn/what-are-flash-loans/" rel="noopener noreferrer">Understanding Flash Loans</a></li> </ul> <p><strong>Instruction introspection</strong>:</p> <ul> <li><a href="https://www.soldev.app/course/instruction-introspection" rel="noopener noreferrer">Solana Instruction Introspection Course</a></li> <li><a href="https://docs.rs/anchor-lang/latest/anchor_lang/context/struct.Context.html" rel="noopener noreferrer">Anchor Instruction Context</a></li> </ul> <p><strong>Development tools</strong>:</p> <ul> <li><a href="https://www.anchor-lang.com/" rel="noopener noreferrer">Anchor Framework</a></li> <li><a href="https://docs.solana.com/cli" rel="noopener noreferrer">Solana CLI Tools</a></li> </ul> <h2> Appendix: full code </h2> <p>For those who want to see the complete implementation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="k">use</span> <span class="nn">anchor_lang</span><span class="p">::</span><span class="nn">prelude</span><span class="p">::</span><span class="o">*</span><span class="p">;</span> <span class="k">use</span> <span class="nn">anchor_spl</span><span class="p">::{</span> <span class="nn">token</span><span class="p">::{</span><span class="n">Token</span><span class="p">,</span> <span class="n">TokenAccount</span><span class="p">,</span> <span class="n">Mint</span><span class="p">,</span> <span class="n">Transfer</span><span class="p">,</span> <span class="n">transfer</span><span class="p">},</span> <span class="nn">associated_token</span><span class="p">::</span><span class="n">AssociatedToken</span> <span class="p">};</span> <span class="k">use</span> <span class="nn">anchor_lang</span><span class="p">::</span><span class="nn">solana_program</span><span class="p">::</span><span class="nn">sysvar</span><span class="p">::</span><span class="nn">instructions</span><span class="p">::{</span> <span class="n">ID</span> <span class="k">as</span> <span class="n">INSTRUCTIONS_SYSVAR_ID</span><span class="p">,</span> <span class="n">load_instruction_at_checked</span><span class="p">,</span> <span class="n">load_current_index_checked</span> <span class="p">};</span> <span class="nd">declare_id!</span><span class="p">(</span><span class="s">"22222222222222222222222222222222222222222222"</span><span class="p">);</span> <span class="nd">#[program]</span> <span class="k">pub</span> <span class="k">mod</span> <span class="n">blueshift_anchor_flash_loan</span> <span class="p">{</span> <span class="k">use</span> <span class="k">super</span><span class="p">::</span><span class="o">*</span><span class="p">;</span> <span class="k">pub</span> <span class="k">fn</span> <span class="nf">borrow</span><span class="p">(</span><span class="n">ctx</span><span class="p">:</span> <span class="n">Context</span><span class="o">&lt;</span><span class="n">Loan</span><span class="o">&gt;</span><span class="p">,</span> <span class="n">borrow_amount</span><span class="p">:</span> <span class="nb">u64</span><span class="p">)</span> <span class="k">-&gt;</span> <span class="nb">Result</span><span class="o">&lt;</span><span class="p">()</span><span class="o">&gt;</span> <span class="p">{</span> <span class="nd">require!</span><span class="p">(</span><span class="n">borrow_amount</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">,</span> <span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidAmount</span><span class="p">);</span> <span class="k">let</span> <span class="n">ixs</span> <span class="o">=</span> <span class="n">ctx</span><span class="py">.accounts.instructions</span><span class="nf">.to_account_info</span><span class="p">();</span> <span class="c1">// Check if this is the first instruction in the transaction</span> <span class="k">let</span> <span class="n">current_index</span> <span class="o">=</span> <span class="nf">load_current_index_checked</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ctx</span><span class="py">.accounts.instructions</span><span class="p">)</span><span class="o">?</span><span class="p">;</span> <span class="nd">require_eq!</span><span class="p">(</span><span class="n">current_index</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidIx</span><span class="p">);</span> <span class="c1">// Check how many instructions we have in this transaction</span> <span class="k">let</span> <span class="n">len</span> <span class="o">=</span> <span class="p">{</span> <span class="k">let</span> <span class="n">instruction_sysvar</span> <span class="o">=</span> <span class="n">ixs</span><span class="nf">.try_borrow_data</span><span class="p">()</span><span class="o">?</span><span class="p">;</span> <span class="nn">u16</span><span class="p">::</span><span class="nf">from_le_bytes</span><span class="p">(</span><span class="n">instruction_sysvar</span><span class="p">[</span><span class="mi">0</span><span class="o">..</span><span class="mi">2</span><span class="p">]</span><span class="nf">.try_into</span><span class="p">()</span><span class="nf">.unwrap</span><span class="p">())</span> <span class="p">};</span> <span class="c1">// Ensure we have a repay instruction</span> <span class="k">if</span> <span class="k">let</span> <span class="nf">Ok</span><span class="p">(</span><span class="n">repay_ix</span><span class="p">)</span> <span class="o">=</span> <span class="nf">load_instruction_at_checked</span><span class="p">((</span><span class="n">len</span> <span class="o">-</span> <span class="mi">1</span><span class="p">)</span> <span class="k">as</span> <span class="nb">usize</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">ixs</span><span class="p">)</span> <span class="p">{</span> <span class="nd">require_keys_eq!</span><span class="p">(</span><span class="n">repay_ix</span><span class="py">.program_id</span><span class="p">,</span> <span class="k">crate</span><span class="p">::</span><span class="n">ID</span><span class="p">,</span> <span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidProgram</span><span class="p">);</span> <span class="nd">require!</span><span class="p">(</span><span class="n">repay_ix</span><span class="py">.data</span><span class="nf">.len</span><span class="p">()</span> <span class="o">&gt;=</span> <span class="mi">8</span><span class="p">,</span> <span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidIx</span><span class="p">);</span> <span class="nd">require_keys_eq!</span><span class="p">(</span> <span class="n">repay_ix</span><span class="py">.accounts</span><span class="nf">.get</span><span class="p">(</span><span class="mi">3</span><span class="p">)</span><span class="nf">.ok_or</span><span class="p">(</span><span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidBorrowerAta</span><span class="p">)</span><span class="o">?</span><span class="py">.pubkey</span><span class="p">,</span> <span class="n">ctx</span><span class="py">.accounts.borrower_ata</span><span class="nf">.key</span><span class="p">(),</span> <span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidBorrowerAta</span> <span class="p">);</span> <span class="nd">require_keys_eq!</span><span class="p">(</span> <span class="n">repay_ix</span><span class="py">.accounts</span><span class="nf">.get</span><span class="p">(</span><span class="mi">4</span><span class="p">)</span><span class="nf">.ok_or</span><span class="p">(</span><span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidProtocolAta</span><span class="p">)</span><span class="o">?</span><span class="py">.pubkey</span><span class="p">,</span> <span class="n">ctx</span><span class="py">.accounts.protocol_ata</span><span class="nf">.key</span><span class="p">(),</span> <span class="nn">ProtocolError</span><span class="p">::</span><span class="n">InvalidProtocolAta</span> <span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">Err</span><span class="p">(</span><span class="nn">ProtocolError</span><span class="p">::</span><span class="n">MissingRepayIx</span><span class="nf">.into</span><span class="p">());</span> <span class="p">}</span> <span class="c1">// Transfer the borrowed amount to the borrower</span> <span class="k">let</span> <span class="n">seeds</span> <span class="o">=</span> <span class="o">&amp;</span><span class="p">[</span><span class="s">b"protocol"</span><span class="nf">.as_ref</span><span class="p">(),</span> <span class="o">&amp;</span><span class="p">[</span><span class="n">ctx</span><span class="py">.bumps.protocol</span><span class="p">]];</span> <span class="k">let</span> <span class="n">signer_seeds</span> <span class="o">=</span> <span class="o">&amp;</span><span class="p">[</span><span class="o">&amp;</span><span class="n">seeds</span><span class="p">[</span><span class="o">..</span><span class="p">]];</span> <span class="nf">transfer</span><span class="p">(</span> <span class="nn">CpiContext</span><span class="p">::</span><span class="nf">new_with_signer</span><span class="p">(</span> <span class="n">ctx</span><span class="py">.accounts.token_program</span><span class="nf">.to_account_info</span><span class="p">(),</span> <span class="n">Transfer</span> <span class="p">{</span> <span class="n">from</span><span class="p">:</span> <span class="n">ctx</span><span class="py">.accounts.protocol_ata</span><span class="nf">.to_account_info</span><span class="p">(),</span> <span class="n">to</span><span class="p">:</span> <span class="n">ctx</span><span class="py">.accounts.borrower_ata</span><span class="nf">.to_account_info</span><span class="p">(),</span> <span class="n">authority</span><span class="p">:</span> <span class="n">ctx</span><span class="py">.accounts.protocol</span><span class="nf">.to_account_info</span><span class="p">(),</span> <span class="p">},</span> <span class="n">signer_seeds</span> <span class="p">),</span> <span class="n">borrow_amount</span> <span class="p">)</span><span class="o">?</span><span class="p">;</span> <span class="nd">msg!</span><span class="p">(</span><span class="s">"Borrowed {} tokens"</span><span class="p">,</span> <span class="n">borrow_amount</span><span class="p">);</span> <span class="nf">Ok</span><span class="p">(())</span> <span class="p">}</span> <span class="k">pub</span> <span class="k">fn</span> <span class="nf">repay</span><span class="p">(</span><span class="n">ctx</span><span class="p">:</span> <span class="n">Context</span><span class="o">&lt;</span><span class="n">Loan</span><span class="o">&gt;</span><span class="p">)</span> <span class="k">-&gt;</span> <span class="nb">Result</span><span class="o">&lt;</span><span class="p">()</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">let</span> <span class="n">ixs</span> <span class="o">=</span> <span class="n">ctx</span><span class="py">.accounts.instructions</span><span class="nf">.to_account_info</span><span class="p">();</span> <span class="k">let</span> <span class="n">amount_borrowed</span> <span class="o">=</span> <span class="k">if</span> <span class="k">let</span> <span class="nf">Ok</span><span class="p">(</span><span class="n">borrow_ix</span><span class="p">)</span> <span class="o">=</span> <span class="nf">load_instruction_at_checked</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">ixs</span><span class="p">)</span> <span class="p">{</span> <span class="k">let</span> <span class="k">mut</span> <span class="n">borrowed_data</span><span class="p">:</span> <span class="p">[</span><span class="nb">u8</span><span class="p">;</span> <span class="mi">8</span><span class="p">]</span> <span class="o">=</span> <span class="p">[</span><span class="mi">0u8</span><span class="p">;</span> <span class="mi">8</span><span class="p">];</span> <span class="n">borrowed_data</span><span class="nf">.copy_from_slice</span><span class="p">(</span><span class="o">&amp;</span><span class="n">borrow_ix</span><span class="py">.data</span><span class="p">[</span><span class="mi">8</span><span class="o">..</span><span class="mi">16</span><span class="p">]);</span> <span class="nn">u64</span><span class="p">::</span><span class="nf">from_le_bytes</span><span class="p">(</span><span class="n">borrowed_data</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">Err</span><span class="p">(</span><span class="nn">ProtocolError</span><span class="p">::</span><span class="n">MissingBorrowIx</span><span class="nf">.into</span><span class="p">());</span> <span class="p">};</span> <span class="c1">// Calculate 5% fee (500 basis points)</span> <span class="k">let</span> <span class="n">fee</span> <span class="o">=</span> <span class="p">(</span><span class="n">amount_borrowed</span> <span class="k">as</span> <span class="nb">u128</span><span class="p">)</span> <span class="nf">.checked_mul</span><span class="p">(</span><span class="mi">500</span><span class="p">)</span> <span class="nf">.unwrap</span><span class="p">()</span> <span class="nf">.checked_div</span><span class="p">(</span><span class="mi">10_000</span><span class="p">)</span> <span class="nf">.ok_or</span><span class="p">(</span><span class="nn">ProtocolError</span><span class="p">::</span><span class="n">Overflow</span><span class="p">)</span><span class="o">?</span> <span class="k">as</span> <span class="nb">u64</span><span class="p">;</span> <span class="k">let</span> <span class="n">repay_amount</span> <span class="o">=</span> <span class="n">amount_borrowed</span> <span class="nf">.checked_add</span><span class="p">(</span><span class="n">fee</span><span class="p">)</span> <span class="nf">.ok_or</span><span class="p">(</span><span class="nn">ProtocolError</span><span class="p">::</span><span class="n">Overflow</span><span class="p">)</span><span class="o">?</span><span class="p">;</span> <span class="nf">transfer</span><span class="p">(</span> <span class="nn">CpiContext</span><span class="p">::</span><span class="nf">new</span><span class="p">(</span> <span class="n">ctx</span><span class="py">.accounts.token_program</span><span class="nf">.to_account_info</span><span class="p">(),</span> <span class="n">Transfer</span> <span class="p">{</span> <span class="n">from</span><span class="p">:</span> <span class="n">ctx</span><span class="py">.accounts.borrower_ata</span><span class="nf">.to_account_info</span><span class="p">(),</span> <span class="n">to</span><span class="p">:</span> <span class="n">ctx</span><span class="py">.accounts.protocol_ata</span><span class="nf">.to_account_info</span><span class="p">(),</span> <span class="n">authority</span><span class="p">:</span> <span class="n">ctx</span><span class="py">.accounts.borrower</span><span class="nf">.to_account_info</span><span class="p">(),</span> <span class="p">}</span> <span class="p">),</span> <span class="n">repay_amount</span> <span class="p">)</span><span class="o">?</span><span class="p">;</span> <span class="nd">msg!</span><span class="p">(</span><span class="s">"Repaid {} tokens (borrowed: {}, fee: {})"</span><span class="p">,</span> <span class="n">repay_amount</span><span class="p">,</span> <span class="n">amount_borrowed</span><span class="p">,</span> <span class="n">fee</span><span class="p">);</span> <span class="nf">Ok</span><span class="p">(())</span> <span class="p">}</span> <span class="p">}</span> <span class="nd">#[derive(Accounts)]</span> <span class="k">pub</span> <span class="k">struct</span> <span class="n">Loan</span><span class="o">&lt;</span><span class="nv">'info</span><span class="o">&gt;</span> <span class="p">{</span> <span class="nd">#[account(mut)]</span> <span class="k">pub</span> <span class="n">borrower</span><span class="p">:</span> <span class="n">Signer</span><span class="o">&lt;</span><span class="nv">'info</span><span class="o">&gt;</span><span class="p">,</span> <span class="nd">#[account(seeds</span> <span class="nd">=</span> <span class="err">[</span><span class="s">b"protocol"</span><span class="err">.</span><span class="nd">as_ref()]</span><span class="p">,</span> <span class="n">bump</span><span class="p">)]</span> <span class="k">pub</span> <span class="n">protocol</span><span class="p">:</span> <span class="n">SystemAccount</span><span class="o">&lt;</span><span class="nv">'info</span><span class="o">&gt;</span><span class="p">,</span> <span class="k">pub</span> <span class="n">mint</span><span class="p">:</span> <span class="n">Account</span><span class="o">&lt;</span><span class="nv">'info</span><span class="p">,</span> <span class="n">Mint</span><span class="o">&gt;</span><span class="p">,</span> <span class="nd">#[account(</span> <span class="nd">init_if_needed,</span> <span class="nd">payer</span> <span class="nd">=</span> <span class="nd">borrower,</span> <span class="nd">associated_token::mint</span> <span class="nd">=</span> <span class="nd">mint,</span> <span class="nd">associated_token::authority</span> <span class="nd">=</span> <span class="nd">borrower,</span> <span class="nd">)]</span> <span class="k">pub</span> <span class="n">borrower_ata</span><span class="p">:</span> <span class="n">Account</span><span class="o">&lt;</span><span class="nv">'info</span><span class="p">,</span> <span class="n">TokenAccount</span><span class="o">&gt;</span><span class="p">,</span> <span class="nd">#[account(</span> <span class="nd">mut,</span> <span class="nd">associated_token::mint</span> <span class="nd">=</span> <span class="nd">mint,</span> <span class="nd">associated_token::authority</span> <span class="nd">=</span> <span class="nd">protocol,</span> <span class="nd">)]</span> <span class="k">pub</span> <span class="n">protocol_ata</span><span class="p">:</span> <span class="n">Account</span><span class="o">&lt;</span><span class="nv">'info</span><span class="p">,</span> <span class="n">TokenAccount</span><span class="o">&gt;</span><span class="p">,</span> <span class="nd">#[account(address</span> <span class="nd">=</span> <span class="nd">INSTRUCTIONS_SYSVAR_ID)]</span> <span class="cd">/// CHECK: InstructionsSysvar account</span> <span class="k">pub</span> <span class="n">instructions</span><span class="p">:</span> <span class="n">UncheckedAccount</span><span class="o">&lt;</span><span class="nv">'info</span><span class="o">&gt;</span><span class="p">,</span> <span class="k">pub</span> <span class="n">token_program</span><span class="p">:</span> <span class="n">Program</span><span class="o">&lt;</span><span class="nv">'info</span><span class="p">,</span> <span class="n">Token</span><span class="o">&gt;</span><span class="p">,</span> <span class="k">pub</span> <span class="n">associated_token_program</span><span class="p">:</span> <span class="n">Program</span><span class="o">&lt;</span><span class="nv">'info</span><span class="p">,</span> <span class="n">AssociatedToken</span><span class="o">&gt;</span><span class="p">,</span> <span class="k">pub</span> <span class="n">system_program</span><span class="p">:</span> <span class="n">Program</span><span class="o">&lt;</span><span class="nv">'info</span><span class="p">,</span> <span class="n">System</span><span class="o">&gt;</span> <span class="p">}</span> <span class="nd">#[error_code]</span> <span class="k">pub</span> <span class="k">enum</span> <span class="n">ProtocolError</span> <span class="p">{</span> <span class="nd">#[msg(</span><span class="s">"Invalid instruction"</span><span class="nd">)]</span> <span class="n">InvalidIx</span><span class="p">,</span> <span class="nd">#[msg(</span><span class="s">"Invalid instruction index"</span><span class="nd">)]</span> <span class="n">InvalidInstructionIndex</span><span class="p">,</span> <span class="nd">#[msg(</span><span class="s">"Invalid amount"</span><span class="nd">)]</span> <span class="n">InvalidAmount</span><span class="p">,</span> <span class="nd">#[msg(</span><span class="s">"Not enough funds"</span><span class="nd">)]</span> <span class="n">NotEnoughFunds</span><span class="p">,</span> <span class="nd">#[msg(</span><span class="s">"Program Mismatch"</span><span class="nd">)]</span> <span class="n">ProgramMismatch</span><span class="p">,</span> <span class="nd">#[msg(</span><span class="s">"Invalid program"</span><span class="nd">)]</span> <span class="n">InvalidProgram</span><span class="p">,</span> <span class="nd">#[msg(</span><span class="s">"Invalid borrower ATA"</span><span class="nd">)]</span> <span class="n">InvalidBorrowerAta</span><span class="p">,</span> <span class="nd">#[msg(</span><span class="s">"Invalid protocol ATA"</span><span class="nd">)]</span> <span class="n">InvalidProtocolAta</span><span class="p">,</span> <span class="nd">#[msg(</span><span class="s">"Missing repay instruction"</span><span class="nd">)]</span> <span class="n">MissingRepayIx</span><span class="p">,</span> <span class="nd">#[msg(</span><span class="s">"Missing borrow instruction"</span><span class="nd">)]</span> <span class="n">MissingBorrowIx</span><span class="p">,</span> <span class="nd">#[msg(</span><span class="s">"Overflow"</span><span class="nd">)]</span> <span class="n">Overflow</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> web3 rust solana blockchain