Description
There are cases when the SOL required for rent at the creation of an SPL token account will be subsidized by a 3rd party.
However upon assigning ownership of the token account to the targeted user, the subsidizer loses control of their rent payment. This opens the door for a financial attack where users request token accounts from the subsidizer only to immediately close them in order to drain SOL from the subsidizer:
The subsidizer can perform rate limiting or employ other techniques to limit the number of newly created token accounts, and should do so regardless. However taking away the incentive for users to close their token accounts to obtain rent SOL would be a nice additional protection against abuse.
The ability of the subsidizer to reclaim the SOL would also incentivize them to "garbage collect" abandoned token accounts of 0 balance.
Adding a new CloseAccount authority to a token account would resolve the above concerns: close_authority: Option<Pubkey>. If close_authority is None (default), the token account holder may close the account (current behaviour). However the SetAuthority instruction (going in via #297) could be used to change the CloseAccount authority to any other address.
Activity