Capabilities
Time-limited authorization tokens for maximum security
PercolatePerps uses a capability-based security model with time-limited authorization tokens to ensure maximum security.
// Capability Structure
pub struct Capability {
pub owner: Pubkey,
pub slab: Pubkey,
pub permissions: Permissions,
pub created_at: i64,
pub expires_at: i64, // Max 120 seconds from creation
pub nonce: u64,
}
#[derive(Clone, Copy)]
pub struct Permissions {
pub can_place_order: bool,
pub can_cancel_order: bool,
pub can_modify_position: bool,
}
impl Capability {
pub fn new(owner: Pubkey, slab: Pubkey) -> Self {
let now = Clock::get()?.unix_timestamp;
Self {
owner,
slab,
permissions: Permissions::default(),
created_at: now,
expires_at: now + 120, // 2 minutes max
nonce: rand::random(),
}
}
pub fn is_valid(&self) -> bool {
let now = Clock::get()?.unix_timestamp;
now < self.expires_at
}
}What are Capabilities?
Capabilities are temporary authorization tokens that grant specific permissions for a limited time. Each capability expires after a maximum of 2 minutes, preventing long-term exploitation of trading permissions.
Security Benefits
Time-Limited Access
All capabilities expire within 2 minutes, minimizing the window for potential attacks or unauthorized access.
Granular Permissions
Each capability grants specific permissions for particular operations, following the principle of least privilege.
Revocable Authorization
Capabilities can be revoked at any time, providing immediate security response in case of compromise.
// Using Capabilities in Trading
pub fn place_order_with_capability(
ctx: Context<PlaceOrder>,
capability: Capability,
order_params: OrderParams,
) -> Result<()> {
// Verify capability
require!(capability.is_valid(), ErrorCode::CapabilityExpired);
require!(
capability.owner == ctx.accounts.user.key(),
ErrorCode::InvalidOwner
);
require!(
capability.permissions.can_place_order,
ErrorCode::InsufficientPermissions
);
// Place order
let slab = &mut ctx.accounts.slab;
slab.place_order(order_params)?;
Ok(())
}