Gated mint program (#456)

* wip

* wip

* implementation of initiation of new optimistic governance proposal

* add finalize optimistic proposal ix

* launch_proposal should only be able to challenge an optimistic proposal if one exists

* minor cleanups

* tests for optimistic vault transaction proposal initiation

* optimistic proposal finalization tests

* prevent initialization of futarchy proposal when optimistic governance proposal has already passed but not been finalized yet

* add missing check

* team can't sponsor a challenge to an optimistic governance proposal

* work-in-progress PR comments

* address review comments

* reintroduce resize_dao crankable instruction with scripts

* reintroduce resize_dao crankable instruction with scripts (#400)

* remove duplicate optimistic proposal check

* initiate vault spend optimistic proposal won't fail due to reentrancy from squads

* increase payer usdc balance to prevent tests from depleting entire balance

* prevent udapte_dao during active optimistic proposal

* prevent admin execution of multisig proposals when there is an active optimistic governance proposal

* prevent deadlock from optimistic proposal staleness

* ensure squads vault transaction is created by permissionless account

* additional checks for proper transaction in vault spend optimistic proposals

* finalize resize dao logic, add scripts for dumping and resizing daos

* initial layout for v2 SDK

* add more programs to new SDK

* new sdk - performance package v2

* new sdk - launchpad v6 program

* proper exports for all sdk v2 types

* proper re-exports

* add pricemath

* move tests to v2 sdk

* fix minor ts issues

* add relevant 0.5 clients to sdk v2

* add 0.4 clients to sdk v2

* update all new functionality to sdk v2

* init launchpad v8

* launchpad v8 scaffolding

* sdk scaffolding

* tests scaffolding

* initialize launch ix

* init launch sdk

* init launch tests

* start launch ix

* fund ix

* close launch ix

* update sdk ixs

* start launch test

* fund tests

* close launch tests

* set funding record approval ix

* set funding record approval sdk

* set funding record tests

* settle launch ix

* settle launch sdk

* settle launch ix tests + finalization

* return of the set funding record approval test

* claim ix

* refund ix

* claim additional tokens ix

* claim refund and claim addtional ixs

* claim tests

* refund tests

* claim additional tokens tests

* finalize launch ix

* finalize launch ix

* finalize launch tests

* extend launch ix

* exten launch sdk

* extend launch tests

* launchpad v8 integration test

* kill vibes dir

* kill vibes dir

* apply latest program changes to new SDK

* remove unnecessary logic from initialize_launch

* remove unnecessary event field, formatting

* proper naming, more checks

* add immediate ability to mint to dao's squads multisig vault

* add sdk2 to CI

* enable optimistic governance by default for DAOs initialized with a team address

* remove unused account

* reintroduce disabling of optimistic governance on dao initialization and migration

* final cleanup pass

* update sdk

* update sdkv2 with changes from old sdk

* rename autocrat to futarchy in v0.6 clients

* rename autocratClient to futarchyClient

* sdk2 is now main sdk

* fix up typescript errors in tests

* add v0.3 clients, fix autocomplete behavior for imports

* update scripts

* restore legacy v0.6.0 IDLs and v0.5 simulateSwap helper

* replace old SDK dir with new one

* update workflow to not include sdk2 anymore

* redeploy SDK under new name

* remove unused dependencies

* update sdk package version

* remove unused files

* adds full lifecycle launchpad_v8 -> performance_package_v2 + mint_governor test

* prepare specs and ralph loop

* init gated_token

* gated_token scaffold

* init gated mint

* add whitelisted user

* disable gating

* permissionless account thaw

* gated invoke

* add launchpad_v8 support, clean up tests

* rename to gated_mint

* add gh workflows

* add whitelist_admin

* add remove_whitelisted_user ix

* update ackee audit report

* exact versions in gated_mint Cargo.toml

* add gated_mint to README

---------

Co-authored-by: Pileks <jure@metadao.fi>

Author: pileks

Anchor.toml

@@ -9,6 +9,7 @@ skip-lint = false
 bid_wall = "WALL8ucBuUyL46QYxwYJjidaFYhdvxUFrgvBxPshERx"
 conditional_vault = "VLTX1ishMBbcX3rdBWGssxawAo1Q2X2qxYFYqiGodVg"
 futarchy = "FUTARELBfJfQ8RDGhg1wdhddq1odMAJUePHFuBYfUxKq"
+gated_mint = "GaTEjZy6eMdHg2BcL8dk3iE78jkJ9sPtyw1q2tMNi8PA"
 launchpad = "MooNyh4CBUYEKyXVnjGYQ8mEiJDpGvJMdvrZx1iGeHV"
 launchpad_v7 = "moontUzsdepotRGe5xsfip7vLPTJnVuafqdUWexVnPM"
 launchpad_v8 = "moonDJUoHteKkGATejA5bdJVwJ6V6Dg74gyqyJTx73n"

Cargo.lock

@@ -8,6 +8,7 @@ Programs for unruggable capital formation and market-driven governance.
 
 | program           | tag  | program ID                                   |
 | ----------------- | ---- | -------------------------------------------- |
+| gated_mint        | v0.1.0 | GaTEjZy6eMdHg2BcL8dk3iE78jkJ9sPtyw1q2tMNi8PA |
 | launchpad         | v0.8.0 | moonDJUoHteKkGATejA5bdJVwJ6V6Dg74gyqyJTx73n |
 | launchpad         | v0.7.0 | moontUzsdepotRGe5xsfip7vLPTJnVuafqdUWexVnPM |
 | bid_wall          | v0.7.0 | WALL8ucBuUyL46QYxwYJjidaFYhdvxUFrgvBxPshERx |

README.md

@@ -0,0 +1,24 @@
+[package]
+name = "gated_mint"
+version = "0.1.0"
+description = "Created with Anchor"
+edition = "2021"
+
+[lib]
+crate-type = ["cdylib", "lib"]
+name = "gated_mint"
+
+[features]
+no-entrypoint = []
+no-idl = []
+no-log-ix-name = []
+cpi = ["no-entrypoint"]
+default = []
+production = []
+
+[dependencies]
+anchor-lang = { version = "=0.29.0", features = ["init-if-needed", "event-cpi"] }
+anchor-spl = "=0.29.0"
+solana-program = "=1.17.14"
+spl-token = "=4.0.0"
+solana-security-txt = "=1.1.1"

…adao-the-fundraising-and-report-v2-1.pdf …adao-the-fundraising-and-report-v4-1.pdfaudits/2026-ackee-blockchain-metadao-the-fundraising-and-report-v2-1.pdf renamed to audits/2026-ackee-blockchain-metadao-the-fundraising-and-report-v4-1.pdf audits/2026-ackee-blockchain-metadao-the-fundraising-and-report-v2-1.pdf renamed to audits/2026-ackee-blockchain-metadao-the-fundraising-and-report-v4-1.pdf

@@ -0,0 +1,20 @@
+use anchor_lang::prelude::Pubkey;
+use anchor_lang::solana_program::pubkey;
+
+pub const WHITELISTED_PROGRAMS: &[Pubkey] = &[
+    pubkey!("TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA"),
+    pubkey!("FUTARELBfJfQ8RDGhg1wdhddq1odMAJUePHFuBYfUxKq"),
+    pubkey!("moonDJUoHteKkGATejA5bdJVwJ6V6Dg74gyqyJTx73n"),
+    pubkey!("VLTX1ishMBbcX3rdBWGssxawAo1Q2X2qxYFYqiGodVg"),
+    pubkey!("WALL8ucBuUyL46QYxwYJjidaFYhdvxUFrgvBxPshERx"),
+    pubkey!("gvnr27cVeyW3AVf3acL7VCJ5WjGAphytnsgcK1feHyH"),
+    pubkey!("cpamdpZCGKUy5JxQXB4dcpGPiikHawvSWAd6mEn1sGG"),
+];
+
+pub const TOKEN_ACCOUNT_LEN: usize = 165;
+pub const TOKEN_ACCOUNT_MINT_OFFSET: usize = 0;
+pub const TOKEN_ACCOUNT_STATE_OFFSET: usize = 108;
+
+pub const TOKEN_STATE_UNINITIALIZED: u8 = 0;
+pub const TOKEN_STATE_INITIALIZED: u8 = 1;
+pub const TOKEN_STATE_FROZEN: u8 = 2;

programs/gated_mint/Cargo.toml

@@ -0,0 +1,25 @@
+use anchor_lang::prelude::*;
+
+#[error_code]
+pub enum GatedMintError {
+    #[msg("Unauthorized: signer is not the gated mint admin")]
+    UnauthorizedAdmin,
+    #[msg("Unauthorized: signer is not the current freeze authority of the mint")]
+    UnauthorizedFreezeAuthority,
+    #[msg("Mint mismatch: account does not match the expected gated mint")]
+    MintMismatch,
+    #[msg("Gating is already disabled for this mint")]
+    GatingDisabled,
+    #[msg("Gating must be disabled to call this instruction")]
+    GatingNotDisabled,
+    #[msg("Target program is not on the gated_mint whitelist")]
+    TargetProgramNotWhitelisted,
+    #[msg("Target program may not be the gated_mint program itself")]
+    SelfInvocation,
+    #[msg("Invalid token account: account is not a valid SPL Token account of the gated mint")]
+    InvalidTokenAccount,
+    #[msg("Unauthorized: signer is neither admin nor whitelist admin")]
+    UnauthorizedWhitelistAuthority,
+    #[msg("Whitelist admin may not equal admin")]
+    InvalidWhitelistAdmin,
+}

programs/gated_mint/src/constants.rs

@@ -0,0 +1,84 @@
+use anchor_lang::prelude::*;
+
+#[derive(AnchorSerialize, AnchorDeserialize, Clone)]
+pub struct CommonFields {
+    pub slot: u64,
+    pub unix_timestamp: i64,
+    pub gated_mint_config_seq_num: u64,
+}
+
+impl CommonFields {
+    pub fn new(clock: &Clock, seq_num: u64) -> Self {
+        Self {
+            slot: clock.slot,
+            unix_timestamp: clock.unix_timestamp,
+            gated_mint_config_seq_num: seq_num,
+        }
+    }
+}
+
+#[event]
+pub struct GatedMintInitializedEvent {
+    pub common: CommonFields,
+    pub gated_mint_config: Pubkey,
+    pub mint: Pubkey,
+    pub admin: Pubkey,
+    pub whitelist_admin: Option<Pubkey>,
+    pub previous_freeze_authority: Pubkey,
+    pub pda_bump: u8,
+}
+
+#[event]
+pub struct WhitelistedUserAddedEvent {
+    pub common: CommonFields,
+    pub gated_mint_config: Pubkey,
+    pub whitelisted_user: Pubkey,
+    pub mint: Pubkey,
+    pub user: Pubkey,
+    pub authority: Pubkey,
+}
+
+#[event]
+pub struct WhitelistedUserRemovedEvent {
+    pub common: CommonFields,
+    pub gated_mint_config: Pubkey,
+    pub whitelisted_user: Pubkey,
+    pub mint: Pubkey,
+    pub user: Pubkey,
+    pub authority: Pubkey,
+}
+
+#[event]
+pub struct WhitelistAdminSetEvent {
+    pub common: CommonFields,
+    pub gated_mint_config: Pubkey,
+    pub mint: Pubkey,
+    pub previous_whitelist_admin: Option<Pubkey>,
+    pub new_whitelist_admin: Option<Pubkey>,
+}
+
+#[event]
+pub struct GatedInvokeEvent {
+    pub common: CommonFields,
+    pub gated_mint_config: Pubkey,
+    pub mint: Pubkey,
+    pub caller: Pubkey,
+    pub target_program: Pubkey,
+    pub thawed_count: u32,
+    pub frozen_count: u32,
+}
+
+#[event]
+pub struct GatingDisabledEvent {
+    pub common: CommonFields,
+    pub gated_mint_config: Pubkey,
+    pub mint: Pubkey,
+}
+
+#[event]
+pub struct AccountThawedEvent {
+    pub common: CommonFields,
+    pub gated_mint_config: Pubkey,
+    pub mint: Pubkey,
+    pub token_account: Pubkey,
+}

programs/gated_mint/src/error.rs

@@ -0,0 +1,79 @@
+use anchor_lang::prelude::*;
+use anchor_spl::token::Mint;
+
+use crate::{
+    CommonFields, GatedMintConfig, GatedMintError, WhitelistedUser, WhitelistedUserAddedEvent,
+    WHITELISTED_USER_SEED,
+};
+
+#[event_cpi]
+#[derive(Accounts)]
+pub struct AddWhitelistedUser<'info> {
+    #[account(
+        mut,
+        has_one = mint @ GatedMintError::MintMismatch,
+        constraint = !gated_mint_config.gating_disabled @ GatedMintError::GatingDisabled,
+    )]
+    pub gated_mint_config: Account<'info, GatedMintConfig>,
+
+    pub authority: Signer<'info>,
+
+    pub mint: Account<'info, Mint>,
+
+    /// CHECK: any pubkey may be whitelisted; not signed.
+    pub user: UncheckedAccount<'info>,
+
+    #[account(
+        init,
+        payer = payer,
+        space = 8 + WhitelistedUser::INIT_SPACE,
+        seeds = [WHITELISTED_USER_SEED, mint.key().as_ref(), user.key().as_ref()],
+        bump,
+    )]
+    pub whitelisted_user: Account<'info, WhitelistedUser>,
+
+    #[account(mut)]
+    pub payer: Signer<'info>,
+
+    pub system_program: Program<'info, System>,
+}
+
+impl AddWhitelistedUser<'_> {
+    pub fn validate(&self) -> Result<()> {
+        let signer = self.authority.key();
+        let is_admin = signer.eq(&self.gated_mint_config.admin);
+        let is_whitelist_admin = self
+            .gated_mint_config
+            .whitelist_admin
+            .map(|wa| wa.eq(&signer))
+            .unwrap_or(false);
+        require!(
+            is_admin || is_whitelist_admin,
+            GatedMintError::UnauthorizedWhitelistAuthority
+        );
+        Ok(())
+    }
+
+    pub fn handle(ctx: Context<Self>) -> Result<()> {
+        let cfg = &mut ctx.accounts.gated_mint_config;
+        cfg.seq_num += 1;
+
+        ctx.accounts.whitelisted_user.set_inner(WhitelistedUser {
+            mint: ctx.accounts.mint.key(),
+            user: ctx.accounts.user.key(),
+            bump: ctx.bumps.whitelisted_user,
+        });
+
+        let clock = Clock::get()?;
+        emit_cpi!(WhitelistedUserAddedEvent {
+            common: CommonFields::new(&clock, cfg.seq_num),
+            gated_mint_config: cfg.key(),
+            whitelisted_user: ctx.accounts.whitelisted_user.key(),
+            mint: ctx.accounts.mint.key(),
+            user: ctx.accounts.user.key(),
+            authority: ctx.accounts.authority.key(),
+        });
+
+        Ok(())
+    }
+}

programs/gated_mint/src/events.rs

@@ -0,0 +1,37 @@
+use anchor_lang::prelude::*;
+
+use crate::{CommonFields, GatedMintConfig, GatedMintError, GatingDisabledEvent};
+
+#[event_cpi]
+#[derive(Accounts)]
+pub struct DisableGating<'info> {
+    #[account(
+        mut,
+        constraint = !gated_mint_config.gating_disabled @ GatedMintError::GatingDisabled,
+    )]
+    pub gated_mint_config: Account<'info, GatedMintConfig>,
+
+    #[account(address = gated_mint_config.admin @ GatedMintError::UnauthorizedAdmin)]
+    pub admin: Signer<'info>,
+}
+
+impl DisableGating<'_> {
+    pub fn validate(&self) -> Result<()> {
+        Ok(())
+    }
+
+    pub fn handle(ctx: Context<Self>) -> Result<()> {
+        let cfg = &mut ctx.accounts.gated_mint_config;
+        cfg.gating_disabled = true;
+        cfg.seq_num += 1;
+
+        let clock = Clock::get()?;
+        emit_cpi!(GatingDisabledEvent {
+            common: CommonFields::new(&clock, cfg.seq_num),
+            gated_mint_config: cfg.key(),
+            mint: cfg.mint,
+        });
+
+        Ok(())
+    }
+}