From 596ede864b20b9c4b9119d286dd4553ec27402ae Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Sat, 10 Oct 2020 06:50:58 +0000
Subject: [PATCH] document program address collisions (bp #12774) (#12781)

* document program address collisions (#12774)

(cherry picked from commit 9ac8db3533a94b3625c2cfaedd5ac1eadd7966a0)

# Conflicts:
#	sdk/src/pubkey.rs

* Update pubkey.rs

* Update pubkey.rs

Co-authored-by: Jack May <jack@solana.com>
Co-authored-by: Michael Vines <mvines@gmail.com>
---
 sdk/src/pubkey.rs | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/sdk/src/pubkey.rs b/sdk/src/pubkey.rs
index 06e86123c6..cebe0ce3bd 100644
--- a/sdk/src/pubkey.rs
+++ b/sdk/src/pubkey.rs
@@ -99,8 +99,29 @@ impl Pubkey {
         ))
     }
 
-    /// Create a program address, valid program address must not be on the
-    /// ed25519 curve
+    /// Create a program address
+    ///
+    /// Program addresses are account keys that only the program has the
+    /// authority to sign.  The address is of the same form as a Solana
+    /// `Pubkey`, except they are ensured to not be on the ed25519 curve and
+    /// thus have no associated private key.  When performing cross-program
+    /// invocations the program can "sign" for the key by calling
+    /// `invoke_signed` and passing the same seeds used to generate the address.
+    /// The runtime will check that indeed the program associated with this
+    /// address is the caller and thus authorized to be the signer.
+    ///
+    /// Because the program address cannot lie on the ed25519 curve there may be
+    /// seed and program id combinations that are invalid.  In these cases an
+    /// extra seed (nonce) can be calculated that results in a point off the
+    /// curve.  Use `find_program_address` to calculate that nonce.
+    ///
+    /// Warning: Because of the way the seeds are hashed there is a potential
+    /// for program address collisions for the same program id.  The seeds are
+    /// hashed sequentially which means that seeds {"abcdef"}, {"abc", "def"},
+    /// and {"ab", "cd", "ef"} will all result in the same program address given
+    /// the same program id.  Since the change of collision is local to a given
+    /// program id the developer of that program must take care to choose seeds
+    /// that do not collide with themselves.
     pub fn create_program_address(
         seeds: &[&[u8]],
         program_id: &Pubkey,