Lightprotocol
diff --git a/‎program-tests/compressed-token-test/tests/mint/cpi_context.rs‎
Lines changed: 37 additions & 35 deletions b/‎program-tests/compressed-token-test/tests/mint/cpi_context.rs‎
Lines changed: 37 additions & 35 deletions
diff --git a/‎programs/compressed-token/program/src/compressed_token/mint_action/accounts.rs‎
Lines changed: 22 additions & 10 deletions b/‎programs/compressed-token/program/src/compressed_token/mint_action/accounts.rs‎
Lines changed: 22 additions & 10 deletions
diff --git a/‎programs/compressed-token/program/src/compressed_token/mint_action/processor.rs‎
Lines changed: 31 additions & 18 deletions b/‎programs/compressed-token/program/src/compressed_token/mint_action/processor.rs‎
Lines changed: 31 additions & 18 deletions
diff --git a/‎programs/compressed-token/program/src/lib.rs‎
Lines changed: 4 additions & 0 deletions b/‎programs/compressed-token/program/src/lib.rs‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎programs/compressed-token/program/tests/mint_action.rs‎
Lines changed: 10 additions & 24 deletions b/‎programs/compressed-token/program/tests/mint_action.rs‎
Lines changed: 10 additions & 24 deletions
@@ -125,6 +125,8 @@ async fn test_write_to_cpi_context_create_mint() {
         output_queue_index,
     } = test_setup().await;
 
+    let rent_sponsor = rpc.test_accounts.funding_pool_config.rent_sponsor_pda;
+
     // Build instruction data using new builder API
     let instruction_data = MintActionCompressedInstructionData::new_mint(
         compressed_mint_inputs.root_index,
@@ -148,6 +150,7 @@ async fn test_write_to_cpi_context_create_mint() {
         fee_payer: payer.pubkey(),
         mint_signer: Some(mint_seed.pubkey()),
         authority: mint_authority.pubkey(),
+        rent_sponsor: Some(rent_sponsor),
         cpi_context: cpi_context_pubkey,
     };
 
@@ -181,22 +184,20 @@ async fn test_write_to_cpi_context_create_mint() {
         data: wrapper_ix_data.data(),
     };
 
-    // Execute wrapper instruction - should fail because create_mint + write_to_cpi_context
-    // is rejected (error 6035: CpiContextSetNotUsable).
-    let result = rpc
-        .create_and_send_transaction(
-            &[wrapper_instruction],
-            &payer.pubkey(),
-            &[&payer, &mint_seed, &mint_authority],
-        )
-        .await;
-
-    assert_rpc_error(result, 0, 6035).unwrap();
+    // create_mint + write_to_cpi_context is allowed. The mint creation fee is charged
+    // in write mode against the hardcoded RENT_SPONSOR_V1 constant.
+    rpc.create_and_send_transaction(
+        &[wrapper_instruction],
+        &payer.pubkey(),
+        &[&payer, &mint_seed, &mint_authority],
+    )
+    .await
+    .expect("create_mint + write_to_cpi_context should succeed");
 }
 
 #[tokio::test]
 #[serial]
-async fn test_write_to_cpi_context_invalid_address_tree() {
+async fn test_write_to_cpi_context_create_mint_invalid_rent_sponsor() {
     let TestSetup {
         mut rpc,
         compressed_mint_inputs,
@@ -205,16 +206,16 @@ async fn test_write_to_cpi_context_invalid_address_tree() {
         mint_authority,
         compressed_mint_address: _,
         cpi_context_pubkey,
-        address_tree: _,
+        address_tree,
         address_tree_index,
         output_queue: _,
         output_queue_index,
     } = test_setup().await;
 
-    // Swap the address tree pubkey to a random one (this should fail validation)
-    let invalid_address_tree = Pubkey::new_unique();
+    // Use a random pubkey as rent_sponsor (not the valid RENT_SPONSOR_V1)
+    let invalid_rent_sponsor = Pubkey::new_unique();
 
-    // Build instruction data with invalid address tree
+    // Build instruction data
     let instruction_data = MintActionCompressedInstructionData::new_mint(
         compressed_mint_inputs.root_index,
         CompressedProof::default(),
@@ -229,14 +230,15 @@ async fn test_write_to_cpi_context_invalid_address_tree() {
         token_out_queue_index: 0,
         assigned_account_index: 0,
         read_only_address_trees: [0; 4],
-        address_tree_pubkey: invalid_address_tree.to_bytes(),
+        address_tree_pubkey: address_tree.to_bytes(),
     });
 
-    // Build account metas using helper
+    // Build account metas with invalid rent_sponsor
     let config = MintActionMetaConfigCpiWrite {
         fee_payer: payer.pubkey(),
         mint_signer: Some(mint_seed.pubkey()),
         authority: mint_authority.pubkey(),
+        rent_sponsor: Some(invalid_rent_sponsor),
         cpi_context: cpi_context_pubkey,
     };
 
@@ -270,8 +272,8 @@ async fn test_write_to_cpi_context_invalid_address_tree() {
         data: wrapper_ix_data.data(),
     };
 
-    // Execute wrapper instruction - should fail because create_mint + write_to_cpi_context
-    // is rejected (error 6035: CpiContextSetNotUsable) before address tree validation.
+    // Should fail with InvalidRentSponsor because rent_sponsor doesn't match RENT_SPONSOR_V1
+    // Error code 6100 = InvalidRentSponsor
     let result = rpc
         .create_and_send_transaction(
             &[wrapper_instruction],
@@ -280,12 +282,12 @@ async fn test_write_to_cpi_context_invalid_address_tree() {
         )
         .await;
 
-    assert_rpc_error(result, 0, 6035).unwrap();
+    assert_rpc_error(result, 0, 6099).unwrap();
 }
 
 #[tokio::test]
 #[serial]
-async fn test_write_to_cpi_context_invalid_compressed_address() {
+async fn test_write_to_cpi_context_create_mint_missing_rent_sponsor() {
     let TestSetup {
         mut rpc,
         compressed_mint_inputs,
@@ -300,18 +302,11 @@ async fn test_write_to_cpi_context_invalid_compressed_address() {
         output_queue_index,
     } = test_setup().await;
 
-    // Swap the mint_signer to an invalid one (this should fail validation)
-    // The compressed address will be derived from the invalid mint_signer
-    let invalid_mint_signer = [42u8; 32];
-
-    // Build instruction data with invalid mint_signer in metadata
-    let mut invalid_mint = compressed_mint_inputs.mint.clone().unwrap();
-    invalid_mint.metadata.mint_signer = invalid_mint_signer;
-
+    // Build instruction data with create_mint
     let instruction_data = MintActionCompressedInstructionData::new_mint(
         compressed_mint_inputs.root_index,
         CompressedProof::default(),
-        invalid_mint,
+        compressed_mint_inputs.mint.clone().unwrap(),
     )
     .with_cpi_context(CpiContext {
         set_context: false,
@@ -325,11 +320,14 @@ async fn test_write_to_cpi_context_invalid_compressed_address() {
         address_tree_pubkey: address_tree.to_bytes(),
     });
 
-    // Build account metas using helper
+    // Build account metas WITHOUT rent_sponsor (None).
+    // The program expects rent_sponsor when create_mint is true in write mode,
+    // so not providing it will cause the account iterator to misparse accounts.
     let config = MintActionMetaConfigCpiWrite {
         fee_payer: payer.pubkey(),
         mint_signer: Some(mint_seed.pubkey()),
         authority: mint_authority.pubkey(),
+        rent_sponsor: None,
         cpi_context: cpi_context_pubkey,
     };
 
@@ -363,8 +361,9 @@ async fn test_write_to_cpi_context_invalid_compressed_address() {
         data: wrapper_ix_data.data(),
     };
 
-    // Execute wrapper instruction - should fail because create_mint + write_to_cpi_context
-    // is rejected (error 6035: CpiContextSetNotUsable) before mint signer validation.
+    // Should fail - when rent_sponsor is missing, the account iterator shifts:
+    // fee_payer is parsed as rent_sponsor, then CpiContextLightSystemAccounts
+    // runs out of accounts. Error 20009 is from the account iterator.
     let result = rpc
         .create_and_send_transaction(
             &[wrapper_instruction],
@@ -373,7 +372,7 @@ async fn test_write_to_cpi_context_invalid_compressed_address() {
         )
         .await;
 
-    assert_rpc_error(result, 0, 6035).unwrap();
+    assert_rpc_error(result, 0, 20009).unwrap();
 }
 
 #[tokio::test]
@@ -519,6 +518,7 @@ async fn test_write_to_cpi_context_decompressed_mint_fails() {
         fee_payer: payer.pubkey(),
         mint_signer: None,
         authority: mint_authority.pubkey(),
+        rent_sponsor: None,
         cpi_context: cpi_context_pubkey,
     };
 
@@ -611,6 +611,7 @@ async fn test_write_to_cpi_context_mint_to_ctoken_fails() {
         fee_payer: payer.pubkey(),
         mint_signer: Some(mint_seed.pubkey()),
         authority: mint_authority.pubkey(),
+        rent_sponsor: None,
         cpi_context: cpi_context_pubkey,
     };
 
@@ -703,6 +704,7 @@ async fn test_write_to_cpi_context_decompress_mint_action_fails() {
         fee_payer: payer.pubkey(),
         mint_signer: Some(mint_seed.pubkey()),
         authority: mint_authority.pubkey(),
+        rent_sponsor: None,
         cpi_context: cpi_context_pubkey,
     };
 
 
@@ -21,8 +21,7 @@ pub struct MintActionAccounts<'info> {
     /// Seed for mint PDA derivation.
     /// Required only for compressed mint creation.
     /// Note: mint_signer is not in executing accounts since it is parsed
-    /// before the executing/cpi-write branch. create_mint is NOT allowed
-    /// in combination with write to cpi context (rejected in AccountsConfig::new).
+    /// before the executing/cpi-write branch.
     pub mint_signer: Option<&'info AccountInfo>,
     pub authority: &'info AccountInfo,
     /// Required accounts to execute an instruction
@@ -32,6 +31,9 @@ pub struct MintActionAccounts<'info> {
     /// Required accounts to write into a cpi context account.
     /// - executing is None
     pub write_to_cpi_context_system: Option<CpiContextLightSystemAccounts<'info>>,
+    /// Rent sponsor account in write mode (when create_mint + write_to_cpi_context).
+    /// Validated against hardcoded RENT_SPONSOR_V1 constant.
+    pub write_mode_rent_sponsor: Option<&'info AccountInfo>,
     /// Packed accounts contain
     /// [
     ///     ..tree_accounts,
@@ -86,7 +88,18 @@ impl<'info> MintActionAccounts<'info> {
         // Authority is always required to sign
         let authority = iter.next_signer("authority")?;
         if config.write_to_cpi_context {
+            let write_mode_rent_sponsor = if config.create_mint {
+                Some(iter.next_account("rent_sponsor")?)
+            } else {
+                None
+            };
             let write_to_cpi_context_system = CpiContextLightSystemAccounts::new(&mut iter)?;
+            // System program is needed for the fee transfer CPI when creating mint in write mode.
+            // It's placed after all parsed accounts - the account iterator consumes it here,
+            // but it's available for the system program CPI via the transaction accounts.
+            if config.create_mint {
+                let _system_program = iter.next_account("system_program")?;
+            }
 
             if !iter.iterator_is_empty() {
                 msg!("Too many accounts for write to cpi context.");
@@ -98,6 +111,7 @@ impl<'info> MintActionAccounts<'info> {
                 authority,
                 executing: None,
                 write_to_cpi_context_system: Some(write_to_cpi_context_system),
+                write_mode_rent_sponsor,
                 packed_accounts: ProgramPackedAccounts { accounts: &[] },
             })
         } else {
@@ -156,6 +170,7 @@ impl<'info> MintActionAccounts<'info> {
                     tokens_out_queue,
                 }),
                 write_to_cpi_context_system: None,
+                write_mode_rent_sponsor: None,
                 packed_accounts: ProgramPackedAccounts {
                     accounts: iter.remaining_unchecked()?,
                 },
@@ -214,6 +229,11 @@ impl<'info> MintActionAccounts<'info> {
             offset += 1;
         }
 
+        // write_mode_rent_sponsor (optional) - when create_mint + write_to_cpi_context
+        if self.write_mode_rent_sponsor.is_some() {
+            offset += 1;
+        }
+
         if let Some(executing) = &self.executing {
             // compressible_config (optional) - when creating mint or CMint
             if executing.compressible_config.is_some() {
@@ -467,14 +487,6 @@ impl AccountsConfig {
         let cmint_decompressed = parsed_instruction_data.mint.is_none();
 
         if write_to_cpi_context {
-            // Cannot create a compressed mint when writing to CPI context.
-            // Mint creation charges the creation fee and requires the rent_sponsor account,
-            // which is not available in the CPI context write path.
-            if parsed_instruction_data.create_mint.is_some() {
-                msg!("Compressed mint creation not allowed when writing to cpi context");
-                return Err(ErrorCode::CpiContextSetNotUsable.into());
-            }
-
             // Must not have any MintToCToken actions
             let has_mint_to_ctoken_actions = parsed_instruction_data
                 .actions
 
@@ -45,26 +45,39 @@ pub fn process_mint_action(
     let validated_accounts =
         MintActionAccounts::validate_and_parse(accounts, &accounts_config, cmint_pubkey.as_ref())?;
 
-    // Charge mint creation fee. create_mint is rejected in CPI context write path
-    // (validated in AccountsConfig::new), so executing and rent_sponsor are always present here.
+    // Charge mint creation fee in both execute and write modes.
     if accounts_config.create_mint {
-        let executing = validated_accounts
-            .executing
-            .as_ref()
-            .ok_or(ErrorCode::MintActionMissingExecutingAccounts)?;
-        let rent_sponsor = executing
-            .rent_sponsor
-            .ok_or(ErrorCode::MintActionMissingExecutingAccounts)?;
-        // Validate rent_sponsor matches config to prevent fee bypass.
-        let config = executing
-            .compressible_config
-            .ok_or(ErrorCode::MintActionMissingExecutingAccounts)?;
-        if rent_sponsor.key() != &config.rent_sponsor.to_bytes() {
-            msg!("Rent sponsor account does not match config");
-            return Err(ErrorCode::InvalidRentSponsor.into());
+        if let Some(executing) = validated_accounts.executing.as_ref() {
+            // Execute mode: validate rent_sponsor against compressible_config.
+            let rent_sponsor = executing
+                .rent_sponsor
+                .ok_or(ErrorCode::MintActionMissingExecutingAccounts)?;
+            let config = executing
+                .compressible_config
+                .ok_or(ErrorCode::MintActionMissingExecutingAccounts)?;
+            if rent_sponsor.key() != &config.rent_sponsor.to_bytes() {
+                msg!("Rent sponsor account does not match config");
+                return Err(ErrorCode::InvalidRentSponsor.into());
+            }
+            transfer_lamports_via_cpi(MINT_CREATION_FEE, executing.system.fee_payer, rent_sponsor)
+                .map_err(convert_program_error)?;
+        } else {
+            // Write mode: validate rent_sponsor against hardcoded RENT_SPONSOR_V1.
+            let rent_sponsor = validated_accounts
+                .write_mode_rent_sponsor
+                .ok_or(ErrorCode::MintActionMissingExecutingAccounts)?;
+            if rent_sponsor.key() != &crate::RENT_SPONSOR_V1 {
+                msg!("Rent sponsor account does not match RENT_SPONSOR_V1");
+                return Err(ErrorCode::InvalidRentSponsor.into());
+            }
+            let fee_payer = validated_accounts
+                .write_to_cpi_context_system
+                .as_ref()
+                .ok_or(ErrorCode::MintActionMissingExecutingAccounts)?
+                .fee_payer;
+            transfer_lamports_via_cpi(MINT_CREATION_FEE, fee_payer, rent_sponsor)
+                .map_err(convert_program_error)?;
         }
-        transfer_lamports_via_cpi(MINT_CREATION_FEE, executing.system.fee_payer, rent_sponsor)
-            .map_err(convert_program_error)?;
     }
 
     // Get mint data based on source:
 
@@ -37,6 +37,10 @@ pub const LIGHT_CPI_SIGNER: CpiSigner =
 
 pub const MAX_ACCOUNTS: usize = 30;
 pub const MINT_CREATION_FEE: u64 = 50_000;
+/// Hardcoded rent sponsor PDA for write-mode mint creation fee validation.
+/// Same value as LIGHT_TOKEN_RENT_SPONSOR in sdk-types/src/constants.rs.
+pub const RENT_SPONSOR_V1: pinocchio::pubkey::Pubkey =
+    light_macros::pubkey_array!("r18WwUxfG8kQ69bQPAB2jV6zGNKy3GosFGctjQoV4ti");
 pub(crate) const MAX_PACKED_ACCOUNTS: usize = 40;
 /// Maximum number of compression operations per instruction.
 /// Used for compression_to_input lookup array sizing.
 
@@ -325,41 +325,27 @@ fn check_if_config_should_error(instruction_data: &MintActionCompressedInstructi
         .unwrap_or_default();
 
     if write_to_cpi_context {
-        // Check for MintToCToken actions
+        // Check for MintToCToken actions (not allowed in write mode)
         let has_mint_to_ctoken = instruction_data
             .actions
             .iter()
             .any(|action| matches!(action, Action::MintTo(_)));
 
-        // Check for MintToCompressed actions
-        let require_token_output_queue = instruction_data
+        // Check for DecompressMint actions (not allowed in write mode)
+        let has_decompress_mint = instruction_data
             .actions
             .iter()
-            .any(|action| matches!(action, Action::MintToCompressed(_)));
+            .any(|action| matches!(action, Action::DecompressMint(_)));
 
-        // mint_decompressed is only from metadata flag (matches AccountsConfig::new)
-        let mint_decompressed = instruction_data
-            .mint
-            .as_ref()
-            .unwrap()
-            .metadata
-            .mint_decompressed;
-
-        // Check if this is creating a new mint (not from an existing compressed mint)
-        let is_creating_mint = instruction_data.mint.is_none();
-
-        // Check if create_mint is set (create_mint + write_to_cpi_context not allowed)
-        let create_mint_with_cpi_write = instruction_data.create_mint.is_some();
+        // cmint_decompressed (mint.is_none()) not allowed in write mode
+        let cmint_decompressed = instruction_data.mint.is_none();
 
         // Error conditions matching AccountsConfig::new:
         // 1. has_mint_to_ctoken (MintToCToken actions not allowed)
-        // 2. mint_decompressed && require_token_output_queue (mint decompressed + MintToCompressed not allowed)
-        // 3. is_creating_mint (mint creation not allowed when writing to cpi context)
-        // 4. create_mint_with_cpi_write (create_mint + write_to_cpi_context not allowed)
-        has_mint_to_ctoken
-            || (mint_decompressed && require_token_output_queue)
-            || is_creating_mint
-            || create_mint_with_cpi_write
+        // 2. has_decompress_mint (DecompressMint not allowed)
+        // 3. cmint_decompressed (decompressed mint not allowed)
+        // Note: create_mint IS allowed in write mode (fee charged to rent_sponsor)
+        has_mint_to_ctoken || has_decompress_mint || cmint_decompressed
     } else {
         false
     }