fix(transfer-sol): require payer signature + checked lamport math

[yukikm]

This fixes a dangerous footgun in the Anchor transfer-sol example.

Problem:

• transfer_sol_with_program mutates lamports of a program-owned payer account but previously did not require the payer to sign.
• If copied into production code, this pattern allows unauthorized SOL drain from program-owned accounts passed as payer.

Fix:

• Require payer: Signer<'info> while keeping owner = id() constraint.
• Use checked lamport arithmetic + explicit insufficient funds checks.
• Update the test to include .signers([payerAccount]).

[Copilot]

Pull request overview

This PR hardens the Anchor transfer_sol_with_program example to prevent unauthorized lamport drains by requiring the source (payer) to sign and by using checked lamport arithmetic with explicit error reporting.

Changes:

• Require payer to be a Signer<'info> (while still enforcing owner = id()).
• Add explicit insufficient-funds check plus checked sub/add for lamport math, returning custom errors.
• Update the Anchor TS test to include payerAccount as an explicit signer.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
basics/transfer-sol/anchor/programs/transfer-sol/src/lib.rs	Enforces payer signature + checked lamport mutation with custom error codes.
basics/transfer-sol/anchor/tests/test.ts	Updates the “Transfer SOL with Program” test to sign with the program-owned payer keypair.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

New failure modes are introduced here (missing payer signature, insufficient funds, arithmetic error), but the test suite only covers the success path. Add negative tests that (1) omit .signers([payerAccount]) and assert the instruction fails due to missing signature, and (2) attempt to transfer more than the payer balance and assert InsufficientFunds is returned (and balances remain unchanged).