The current guardian set index is 2, so the `guardiand` template command
should generate prototxt files accordingly.
Co-authored-by: Csongor Kiss <ckiss@jumptrading.com>
* Added the `User-Agent` header to all requests to the block explorer
so cloudflare's browser check is happier.
* Add an option to sleep between loops hitting the block explorer. More
than 1 / second on polygonscan gets you blocked temporarily.
These changes are required to repair missed messages on polygon.
* Initial Celo support
Change-Id: Iee98ee29a8b09af9ca76945792b750d96a170702
* Watcher support
* Fix high level make file
* Remove node binary committed by mistake
* Port change from EthWatcher to CeloWatcher
* Use docker to build ABIs
* Refactor watcher to eliminate massive redunancy
* Fix lint-and-tests to handle multiple defs on link
* Minor code cleanup
* Celo should use ganache in devnet
* Prep for mainnet deploy
* Code review rework
* Remove celo from sdk package.json
* node/hack/repair_eth: use a cookiejar for http
Otherwise, explorers like polygonscan, which implement a cloudflare WAF,
will block all requests.
* node/hack/repair_eth: add -showError flag
When an explorer is having problems or blocks a repair http request, it returns an error like:
Failed to get current height: failed to decode response: invalid character '<' looking for beginning of value
This allows showing the actual response body to better troubleshoot the problem.
The 'timestamp' field is now allowed in a governance prototxt, which
applies to all the messages in the struct. If the timestamp is not
specified, then it defaults to 0, which is identical to the existing
behaviour.
* Add more comprehensive structs unit-tests
* Make VerifySignatures fail on duplicate addresses
* Adjust duplicate detection to guard on signatures instead of addresses
* Add monotonic check in VerifySignatures
* Move logic into VerifySignatures and add more test cases
* Add a paranoid check for duplicate signers
* Make VerifySignatures unit-tests less contrived
* Add more verify signature test cases
* Refactor VerifySignatures tests
* Add VerifySignature fuzz tests
* Add tc.result checking instead of hardcoded true
* Change comparison so it throws debug on failure for fuzz tests
* Add unit-tests for observation signature logic
* Fix comment typos
* Refactor observation tests
* Add missing test case
* Fix VAAInvalidSignatures test case label
* Clean up unit-tests for observation and structs
* Change errorString convention in test
* Format Signature Verification Test Cases
* Remove unnecessary casting
* Add multi-signer same key cases
* Fix err usage in test cases
* Remove duplicate getVAA
* Klaytn support for testnet
Change-Id: Id0647fd6c603ab298f860c2cae20481555467315
* token_bridge client changes
Change-Id: If49ba994a67041044bdec054f19e69b4cfc2785b
* Get rid of special handling
* More cleanup
* Need to add Klaytn to structs tests
* Update SDK version
* Add SDK version
* fix klaytn bridge chain id
Co-authored-by: Evan Gray <battledingo@gmail.com>
* Aurora and Fantom handled wrong in a couple cases
Change-Id: I09b7d2da46507e219bd99d945256e63fefad529c
* Original test covered upper / lower case
Change-Id: I0384b0aac6f63bf9782d393fcd4e4e67f353775a
This retrieves a single transaction's MessagePublication events. This
has the same security assumptions than listening to the log events -
namely, ensuring the right contract has emitted them.
Tested locally with a mainnet transaction.
commit-id:64347ecc
It appears that in spite of exceeding the recommended value by 2x,
256 offers insufficient safety margin given that we saw two reorgs
of depths 178 and 187 recently: https://polygonscan.com/blocks_forked
This will increase confirmation delay from ~10 minutes to ~20 minutes.
commit-id:cf2b1503
Avoid unnecessary RPC calls/retries.
Makes no difference for safety, which relies on VAA accounts rather than
any transaction metadata.
commit-id:0cd82ed4
Fetches the list of missing Solana messages, finds the corresponding
on-chain transactions, sends an ObservationRequest to the network
and waits for consensus.
Hacky one-off script with a couple of edge cases (doesn't filter
failed txs, crashes if the boundary is not a valid tx). We can later
refactor this and add it to the find-missing-messages admin command
if we keep needing it.
commit-id:9b338dfa
Limitations:
- Only supported for Solana and for confirmation level Finalized,
which the token/NFT bridges use. Need to take a close look before
enabling it for both (since we're bypassing the tx fetcher and would
fetch and process accounts of the "wrong" confirmation levels).
- Rate limiting not implemented yet, will be done in a future release
when things are not currently on fire.
Test: https://gist.github.com/leoluk/bab3a18e922057109facea1cf1f26b2f
commit-id:6a0d4c32
It appears that GCP Cloud Logging cannot handle the volume of logs
we're throwing at it... full text search slows to a crawl (LOL)
Reduce log level until we can move to something else.
commit-id:b71c3467
Fixes https://github.com/certusone/wormhole/issues/685.
Example occurrence this fixes: https://i.imgur.com/gZWKf1n.png
Possible future optimizations include:
- Ignore late messages in the processor (but we can only ignore
them post settlement time, so we need the cleanup logic regardless).
- Ignoring late observations from other nodes.
- Using the stored VAA to calculate misses.
- Drop incomplete local observations. However, this is not trivial
since we do not know the message ID for those.
commit-id:47e1e59f
This cannot currently happen the way TransactionReceipt is implemented,
but make sure to check the tx != nil case anyway in case the API
is changed in future releases of go-ethereum.
commit-id:b721f0be
* Stub out algorand support in wormhole
1) Introduce the algorand chain constant in all the appropriate places
2) Deploy pyth/hernandc algorand smart contracts into devnet
3) Fund all the correct contracts for devnet testing
Change-Id: I6e4402b5b21223b32ea89653f8c7606f5c7f2843
* pr/jsiegel/algorand-v1: ALGORAND is not a EVM chain @ gusc1a-ossdev-jsl1
* pr/jsiegel/algorand-v1: fix lint @ gusc1a-ossdev-jsl1
* pr/jsiegel/algorand-v1: put the requirements into the image @ gusc1a-ossdev-jsl1
* jsiegel/algorand: make the watcher hang forever @ gusc1a-ossdev-jsl1
* jsiegel/algorand: comment these out @ gusc1a-ossdev-jsl1
* jsiegel/algorand: put this back in @ gusc1a-ossdev-jsl1
* jsiegel/algorand: fix guardian example @ gusc1a-ossdev-jsl1
* Generate teal source code
commit-id:a537a109
* jsiegel/algorand: it builds @ gusc1a-ossdev-jsl1
* pr/jsiegel/algorand-v1: add Dockerfile.teal @ gusc1a-ossdev-jsl1
* jsiegel/algorand: improve the dependencies @ gusc1a-ossdev-jsl1
* pr/jsiegel/algorand-v1: Fix up build @ gusc1a-ossdev-jsl1
* dead file
* pr/jsiegel/algorand-v1: remove more stuff @ gusc1a-ossdev-jsl1
* pr/jsiegel/algorand-v1: fix build @ gusc1a-ossdev-jsl1
* pr/jsiegel/algorand-v1: freeze the requirements @ gusc1a-ossdev-jsl1
* pr/jsiegel/algorand-v1: Fix teal to use pipenv @ gusc1a-ossdev-jsl1
* pr/jsiegel/algorand-v1: fix miss-merge @ gusc1a-ossdev-jsl1
Co-authored-by: Leo <leo@certus.one>
This should reduce the number of misses during periods of heavy weather
and high winds, at the expense of increasing load on the RPC nodes.
commit-id:98704274
This avoids gossip spam and false positive Discord notifications
when a connected node catches up and late observations are made.
Change-Id: If9562661487d3d3d5138d27298b005f278f9e9ce
Fixes https://github.com/certusone/wormhole/issues/305
The logic to do this seemingly simple task is hilariously complex
due to the version string being attacker-controlled.
Change-Id: Ia1758418a67c082595affe0b7f2bb801e9434733
The template commands now support generating full governance messages
with all required fields. Outputs to stdout instead of a file.
Change-Id: I3837107c3075363a54d31f9dfb4d6dc07c79daa5
- Add Cloud Functions:
- "Recent" gap list, can filter and/or group by chain or address.
- "Totals" counts 24h, 30d, rolling daily. can filter and group.
- "Transaction" lookup row by chain-native transaction identifier.
- Pad sequence in rowkey to fixed length, for sequential row order.
- Add Cloud Function deploy instructions.
- Fix#410 Buildpack image cleanup
Change-Id: Ifa3110a3d58e2f94adb48ccb451c27ab3add0611
This allows us to associate an observation from the log
for messages that the local node did not observe.
Change-Id: I6ece7bfe3e6b878bdb7ee4ac03c81cb424a329b3
Adds extra logging to validate hypothesis that we've found a bug in
GetConfirmedBlocks, rather than a general issue.
Change-Id: Ia3acfd7fa393091a3892c453433255cfbe38e4a0
We encountered a bug on mainnet where GetConfirmedBlocks with
commitment level Finalized would fail to return a valid block.
Remove the optimization and simply fetch every slot.
Change-Id: Idce939c6c5f3303a5046efdfd31833fab3d465ba
Optional metadata for debugging. Allows tying a received observation
to an on-chain transaction even if the node missed the observation.
Change-Id: Ie50c10c8ab7f65469555674d90645f91092fb2e3
In cases where we observed a VAA, there is no possibility of gossip DoS.
Increase the timeout to 24 hours to facilitate manual interventions
(like submission of governance VAAs or node restarts/catchup).
Keep the existing five minute timeout for observation-less VAAs.
Change-Id: Ic626108190bd60cf812daadbe191b31cc48c7296
Chances are that more requests will fail until the scheduled
recovery date, so we can't hardcode them.
Change-Id: Ief45c1f7a455827b32e154fae5c8eed366dd3ff7
Surfaced by the retry code:
https://gist.github.com/leoluk/b5d05ed27269b077b834eda771a50058
Accessing s.logger from a goroutine will cause a data race. We didn't
previously encounter this since supervisor would wait for Run() to
return before rescheduling it.
Change-Id: I56a7503081485e58975103d0e25e0c2baf19ca08
rustfmt appears to be a little more complicated since it wants to
download dependencies and needs nightly Rust.
Change-Id: Ia348def30a6459ae2ab6c29a8c3a413216f5eb4b