more work

2501babe · 2501babe · commit b24202f7d29a · 2026-04-07T02:15:14.000-07:00
diff --git a/program/src/processor.rs b/program/src/processor.rs
@@ -1015,9 +1015,8 @@ impl Processor {
             return Err(SinglePoolError::InvalidPoolStakeAccountUsage.into());
         }
 
-        let (_, pool_stake_state) = get_stake_state(pool_stake_info)?;
-
-        let (pool_is_active, pool_is_activating) = {
+        let (pre_pool_stake, pool_is_active, pool_is_activating) = {
+            let (_, pool_stake_state) = get_stake_state(pool_stake_info)?;
             let pool_stake_status = pool_stake_state
                 .delegation
                 .stake_activating_and_deactivating(
@@ -1027,6 +1026,7 @@ impl Processor {
                 );
 
             (
+                pool_stake_state.delegation.stake,
                 is_stake_fully_active(&pool_stake_status),
                 is_stake_newly_activating(&pool_stake_status),
             )
@@ -1050,10 +1050,7 @@ impl Processor {
         // tokens for deposit are determined off the total stakeable value of both pool-owned accounts
         let pre_total_nev = pool_net_asset_value(pool_stake_info, pool_onramp_info, rent);
 
-        // we use the pool stake account to determine non-stake lamports to return to the user
-        let pre_pool_stake = pool_stake_state.delegation.stake;
         let pre_user_lamports = user_stake_info.lamports();
-
         let (user_stake_meta, user_stake_status) = match deserialize_stake(user_stake_info) {
             Ok(StakeStateV2::Stake(meta, stake, _)) => (
                 meta,
@@ -1171,6 +1168,7 @@ impl Processor {
         let stake_program_info = next_account_info(account_info_iter)?;
 
         let rent = &Rent::get()?;
+        let minimum_delegation = stake::tools::get_minimum_delegation()?;
 
         SinglePool::from_account_info(pool_info, program_id)?;
 
@@ -1201,26 +1199,56 @@ impl Processor {
         // tokens for withdraw are determined off the total stakeable value of both pool-owned accounts
         let pre_total_nev = pool_net_asset_value(pool_stake_info, pool_onramp_info, rent);
 
-        // we deliberately do NOT validate the activation status of the pool account.
-        // neither snow nor rain nor warmup/cooldown nor validator delinquency prevents a user withdrawal
-        //
-        // NOTE this is fine for stake v4 but subtly wrong for stake v5 *if* the pool account was deactivated.
-        // stake v5 declines to (meaninglessly) adjust delegations of deactivated sources.
-        // this will (again) be correct with #581, which shifts to NEV accounting on lamports rather than stake.
-        // we should plan another SVSP release before stake v5 activation
-        let pre_pool_stake = get_stake_amount(pool_stake_info)?;
-        msg!("Available stake pre split {}", pre_pool_stake);
-
-        // withdraw amount is determined off stake just like deposit amount
-        let withdraw_stake = calculate_withdraw_amount(token_supply, pre_pool_nev, token_amount)
+        // note we deliberately do NOT validate the activation status of the pool account.
+        // neither warmup/cooldown nor validator delinquency prevent a user withdrawal.
+        // however, because we calculate NEV from all lamports in both pool accounts,
+        // but can only split stake from the main account (unless inactive), we must determine whether this is possible
+        let (withdrawable_value, pool_is_fully_inactive) = {
+            let (_, pool_stake_state) = get_stake_state(pool_stake_info)?;
+            let pool_stake_status = pool_stake_state
+                .delegation
+                .stake_activating_and_deactivating(
+                    clock.epoch,
+                    stake_history,
+                    PERPETUAL_NEW_WARMUP_COOLDOWN_RATE_EPOCH,
+                );
+
+            // if fully inactuve, we split on lamports; otherwise, on all delegation.
+            // the stake program works off delegation in this way *even* for a partially deactivated stake
+            if pool_stake_status == StakeActivationStatus::default() {
+                (
+                    pool_stake_info
+                        .lamports()
+                        .saturating_sub(rent.minimum_balance(pool_stake_info.data_len())),
+                    true,
+                )
+            } else {
+                (pool_stake_state.delegation.stake, false)
+            }
+        };
+
+        // withdraw amount is determined off pool NEV just like deposit amount
+        let stake_to_withdraw = calculate_withdraw_amount(token_supply, pre_pool_nev, token_amount)
             .ok_or(SinglePoolError::UnexpectedMathError)?;
 
-        if withdraw_stake == 0 {
+        // self-explanatory
+        if stake_to_withdraw == 0 {
             return Err(SinglePoolError::WithdrawalTooSmall.into());
         }
 
-        // the second case should never be true, but its best to be sure
-        if withdraw_stake > pre_pool_stake || withdraw_stake == pool_stake_info.lamports() {
+        // if the destination would be in any non-inactive state it must meet minimum delegation
+        if stake_to_withdraw < minimum_delegation {
+            return Err(SinglePoolError::WithdrawalTooSmall.into());
+        }
+
+        // if we do not have enough value to service this withdrawal, the user must wait a `ReplenishPool` cycle.
+        // this does *not* mean the value isnt in the pool, merely that it is not duly splittable
+        if stake_to_withdraw > withdrawable_value {
+            return Err(SinglePoolError::WithdrawalTooLarge.into());
+        }
+
+        // this is theoretically impossible but we guard becuase would put the pool in an unrecoverable state
+        if withdraw_stake == pool_stake_info.lamports() {
             return Err(SinglePoolError::WithdrawalTooLarge.into());
         }
 
@@ -1255,9 +1283,6 @@ impl Processor {
             clock_info.clone(),
         )?;
 
-        let post_pool_stake = get_stake_amount(pool_stake_info)?;
-        msg!("Available stake post split {}", post_pool_stake);
-
         Ok(())
     }
 
