diff --git a/bridge/pkg/common/guardianset.go b/bridge/pkg/common/guardianset.go index 9186c91bc..a3ed9e74d 100644 --- a/bridge/pkg/common/guardianset.go +++ b/bridge/pkg/common/guardianset.go @@ -12,7 +12,7 @@ import ( const MaxGuardianCount = 19 type GuardianSet struct { - // Guardian's public keys truncated by the ETH standard hashing mechanism (20 bytes). + // Guardian's public key hashes truncated by the ETH standard hashing mechanism (20 bytes). Keys []common.Address // On-chain set index Index uint32 diff --git a/bridge/pkg/vaa/structs.go b/bridge/pkg/vaa/structs.go index 46697ef10..2953491f3 100644 --- a/bridge/pkg/vaa/structs.go +++ b/bridge/pkg/vaa/structs.go @@ -219,7 +219,7 @@ func (v *VAA) SigningMsg() (common.Hash, error) { return hash, nil } -// VerifySignature verifies the signature of the VAA given a public key +// VerifySignature verifies the signature of the VAA given the signer addresses. func (v *VAA) VerifySignatures(addresses []common.Address) bool { if len(addresses) < len(v.Signatures) { return false diff --git a/docs/operations.md b/docs/operations.md index 65844fa43..11dc37a64 100644 --- a/docs/operations.md +++ b/docs/operations.md @@ -111,7 +111,7 @@ Generate a new key using the `keygen` subcommand: guardiand keygen --desc "Testnet key foo" /path/to/your.key -The key file includes a human-readable part that includes the public key and the description. +The key file includes a human-readable part which includes the public key hashes and the description. ## Deploying @@ -208,7 +208,7 @@ deployment on a dedicated instance - it's easier to understand and troubleshoot. You'll have to manage the following keys: - The **guardian key**, which is the bridge consensus key. This key is very critical - your node uses it to certify - VAA messages. The public key is stored in the guardian set on all connected chains. It does not accrue rewards. + VAA messages. The public key's hash is stored in the guardian set on all connected chains. It does not accrue rewards. It's your share of the multisig mechanism that protect the Wormhole network. The guardian set can be replaced if a majority of the guardians agree to sign and publish a new guardian set. diff --git a/docs/protocol.md b/docs/protocol.md index fa97e0286..32ddd76c3 100644 --- a/docs/protocol.md +++ b/docs/protocol.md @@ -125,9 +125,8 @@ uint8 action ``` The `guardian set index` does not need to be in the signed body since it is verifiable using the signature itself which -is created using the guardian set's key. -It is a monotonically number that's increased every time a validator set update happens and tracks the public key of the -set. +is created using the guardian set's key. It is a number that's monotonically increasing every time a validator set +update happens and tracks the public key hashes of the set. #### Actions diff --git a/docs/solana_program.md b/docs/solana_program.md index a11754895..d683152d0 100644 --- a/docs/solana_program.md +++ b/docs/solana_program.md @@ -223,7 +223,7 @@ until the `VAA_EXPIRATION_TIME` has passed and can then be evicted using `IEvict > > **index**: Index of the guardian set -This account is created when a new guardian set is set. It tracks the public key, creation time and expiration time of +This account is created when a new guardian set is set. It tracks the public key hash, creation time and expiration time of this set. The expiration time is set when this guardian set is abandoned. When a switchover happens, the guardian-issued VAAs will still be valid until the expiration time. diff --git a/solana/bridge/src/state.rs b/solana/bridge/src/state.rs index 35f137627..aeba74baf 100644 --- a/solana/bridge/src/state.rs +++ b/solana/bridge/src/state.rs @@ -32,7 +32,7 @@ pub struct GuardianSet { pub index: u32, /// number of keys stored pub len_keys: u8, - /// public key of the threshold schnorr set + /// public key hashes of the guardian set pub keys: [[u8; 20]; MAX_LEN_GUARDIAN_KEYS], /// creation time pub creation_time: u32, diff --git a/solana/cli/src/main.rs b/solana/cli/src/main.rs index 78dc222b7..8aa0063ae 100644 --- a/solana/cli/src/main.rs +++ b/solana/cli/src/main.rs @@ -935,7 +935,7 @@ fn main() { .index(1) .required(true) .help( - "Specify the bridge program public key" + "Specify the bridge program address" ), ) .arg( @@ -959,7 +959,7 @@ fn main() { .index(1) .required(true) .help( - "Specify the bridge program public key" + "Specify the bridge program address" ), ) .arg( @@ -1029,7 +1029,7 @@ fn main() { .index(1) .required(true) .help( - "Specify the bridge program public key" + "Specify the bridge program address" ), ) .arg( @@ -1054,7 +1054,7 @@ fn main() { .index(1) .required(true) .help( - "Specify the bridge program public key" + "Specify the bridge program address" ), ) .arg( @@ -1082,7 +1082,7 @@ fn main() { .index(1) .required(true) .help( - "Specify the bridge program public key" + "Specify the bridge program address" ), ) .arg( @@ -1125,7 +1125,7 @@ fn main() { .index(1) .required(true) .help( - "Specify the bridge program public key" + "Specify the bridge program address" ), ) .arg( diff --git a/terra/contracts/README.md b/terra/contracts/README.md index 22926f503..d17eee645 100644 --- a/terra/contracts/README.md +++ b/terra/contracts/README.md @@ -23,7 +23,8 @@ This contract mostly wraps functionality of the `cw20-base` contract with the fo ### `wormhole` -This contract controls token transfers, minting and burning as well as maintaining the list of guardians: off-chain entities identified by their public keys, majority of whom can issue commands to the contract. +This contract controls token transfers, minting and burning as well as maintaining the list of guardians: off-chain +entities identified by their public key hashes, majority of whom can issue commands to the contract. `wormhole` bridge processes the following instructions.