blockworks-foundation
/
pyth-crosschain
mirror of https://github.com/blockworks-foundation/pyth-crosschain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Implement initial solana program (#3) 

* add rust program

* update rust program

* first VAA actions

* implement full transfer

* remove token copy

* restructure and copy
This commit is contained in:
Hendrik Hofstadt 2020-08-03 14:55:58 +02:00 committed by GitHub
parent 72cbb2aec2
commit 7ddf910faa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 4491 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -3,3 +3,5 @@ node_modules
.idea
.arcconfig
*.iml
target
bin

60
docs/solana_program.md
View File

@ -10,8 +10,10 @@ Initializes a new Bridge at `bridge`.
| Index | Name | Type | signer | writeable | empty | derived |
| ----- | ------ | ------------ | ------ | --------- | ----- | ------- |
| 0 | owner | Account | ✅️ | | | |
| 0 | bridge | BridgeConfig | | | ✅️ | ✅️ |
| 1 | clock | Sysvar | | | | ✅ |
| 2 | guardian_set | GuardianSet | | ✅ | ✅ | ✅ |
| 3 | sender | Account | ✅ | | | |
#### TransferOut
@ -24,9 +26,10 @@ Parameters:
| Index | Name | Type | signer | writeable | empty | derived |
| ----- | -------- | ------------------- | ------ | --------- | ----- | ------- |
| 0 | sender | TokenAccount | | ✅ | | |
| 1 | bridge | BridgeConfig | | | | |
| 2 | proposal | TransferOutProposal | | ✅ | ✅ | ✅ |
| 3 | token | WrappedAsset | | ✅ | | ✅ |
| 1 | clock | Sysvar | | | | ✅ |
| 2 | bridge | BridgeConfig | | | | |
| 3 | proposal | TransferOutProposal | | ✅ | ✅ | ✅ |
| 4 | token | WrappedAsset | | ✅ | | ✅ |
#### TransferOutNative
@ -41,7 +44,8 @@ The transfer proposal will be tracked at a new account `proposal` where a VAA wi
| 1 | bridge | BridgeConfig | | | | |
| 2 | proposal | TransferOutProposal | | ✅ | ✅ | ✅ |
| 3 | token | Mint | | ✅ | | |
| 4 | custody_account | Mint | | ✅ | opt | ✅ |
| 4 | custody_account | TokenAccount | | ✅ | opt | ✅ |
| 5-n | sender_owner | Account | ✅ | | | |
#### EvictTransferOut
@ -50,8 +54,10 @@ Deletes a `proposal` after the `VAA_EXPIRATION_TIME` to free up space on chain.
| Index | Name | Type | signer | writeable | empty | derived |
| ----- | -------- | ------------------- | ------ | --------- | ----- | ------- |
| 0 | guardian | Account | ✅ | | | |
| 1 | bridge | BridgeConfig | | | | |
| 2 | proposal | TransferOutProposal | | ✅ | | ✅ |
| 1 | clock | Sysvar | | | | ✅ |
| 2 | bridge | BridgeConfig | | | | |
| 3 | proposal | TransferOutProposal | | ✅ | | ✅ |
| 4-n | sender_owner | Account | ✅ | | | |
#### EvictExecutedVAA
@ -60,8 +66,9 @@ Deletes a `ExecutedVAA` after the `VAA_EXPIRATION_TIME` to free up space on chai
| Index | Name | Type | signer | writeable | empty | derived |
| ----- | -------- | ------------------- | ------ | --------- | ----- | ------- |
| 0 | guardian | Account | ✅ | | | |
| 1 | bridge | BridgeConfig | | | | |
| 2 | proposal | ExecutedVAA | | ✅ | | ✅ |
| 1 | clock | Sysvar | | | | ✅ |
| 2 | bridge | BridgeConfig | | | | |
| 3 | proposal | ExecutedVAA | | ✅ | | ✅ |
#### PostVAA
@ -74,38 +81,45 @@ The required accounts depend on the `action` of the VAA:
| Index | Name | Type | signer | writeable | empty | derived |
| ----- | ------------ | ------------------- | ------ | --------- | ----- | ------- |
| 0 | bridge | BridgeConfig | | ✅ | | |
| 1 | guardian_set | GuardianSet | | ✅ | ✅ | ✅ |
| 2 | claim | ExecutedVAA | | ✅ | ✅ | ✅ |
| 1 | clock | Sysvar | | | | ✅ |
| 2 | guardian_set_old | GuardianSet | | ✅ | | ✅ |
| 3 | claim | ExecutedVAA | | ✅ | ✅ | ✅ |
| 4 | guardian_set | GuardianSet | | ✅ | ✅ | ✅ |
##### Transfer: Ethereum (native) -> Solana (wrapped)
| Index | Name | Type | signer | writeable | empty | derived |
| ----- | ------------ | ------------ | ------ | --------- | ----- | ------- |
| 0 | bridge | BridgeConfig | | | | |
| 1 | guardian_set | GuardianSet | | | | |
| 2 | claim | ExecutedVAA | | ✅ | ✅ | ✅ |
| 3 | token | WrappedAsset | | | opt | ✅ |
| 4 | destination | TokenAccount | | ✅ | opt | |
| 1 | clock | Sysvar | | | | ✅ |
| 2 | guardian_set | GuardianSet | | | | |
| 3 | claim | ExecutedVAA | | ✅ | ✅ | ✅ |
| 4 | token | WrappedAsset | | | opt | ✅ |
| 5 | destination | TokenAccount | | ✅ | opt | |
| 6 | sender | Account | ✅ | | | |
##### Transfer: Ethereum (wrapped) -> Solana (native)
| Index | Name | Type | signer | writeable | empty | derived |
| ----- | ------------ | ------------ | ------ | --------- | ----- | ------- |
| 0 | bridge | BridgeConfig | | | | |
| 1 | guardian_set | GuardianSet | | | | |
| 2 | claim | ExecutedVAA | | ✅ | ✅ | ✅ |
| 3 | token | Mint | | | | ✅ |
| 4 | custody_src | TokenAccount | | ✅ | | ✅ |
| 5 | destination | TokenAccount | | ✅ | opt | |
| 1 | clock | Sysvar | | | | ✅ |
| 2 | guardian_set | GuardianSet | | | | |
| 3 | claim | ExecutedVAA | | ✅ | ✅ | ✅ |
| 4 | token | Mint | | | | ✅ |
| 6 | destination | TokenAccount | | ✅ | opt | |
| 5 | custody_src | TokenAccount | | ✅ | | ✅ |
##### Transfer: Solana (any) -> Ethereum (any)
| Index | Name | Type | signer | writeable | empty | derived |
| ----- | ------------ | ------------------- | ------ | --------- | ----- | ------- |
| 0 | bridge | BridgeConfig | | | | |
| 1 | guardian_set | GuardianSet | | | | |
| 2 | claim | ExecutedVAA | | ✅ | ✅ | ✅ |
| 3 | out_proposal | TransferOutProposal | | ✅ | | ✅ |
| 1 | clock | Sysvar | | | | ✅ |
| 2 | guardian_set | GuardianSet | | | | |
| 3 | claim | ExecutedVAA | | ✅ | ✅ | ✅ |
| 4 | out_proposal | TransferOutProposal | | ✅ | | ✅ |
| 5 | sender | Account | ✅ | | | |
## Accounts

22
solana/bpf-sdk-install.sh Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env bash
set -e
installDir=$1
channel=beta
if [[ -n $2 ]]; then
channel=$2
fi
echo "Installing $channel BPF SDK into $installDir"
set -x
cd "$installDir/"
curl -L --retry 5 --retry-delay 2 -o bpf-sdk.tar.bz2 \
http://solana-sdk.s3.amazonaws.com/"$channel"/bpf-sdk.tar.bz2
rm -rf bpf-sdk
mkdir -p bpf-sdk
tar jxf bpf-sdk.tar.bz2
rm -f bpf-sdk.tar.bz2
cat bpf-sdk/version.txt

2283
solana/bridge/Cargo.lock generated Normal file
View File

File diff suppressed because it is too large Load Diff

36
solana/bridge/Cargo.toml Normal file
View File

@ -0,0 +1,36 @@
# Note: This crate must be built using do.sh
[package]
name = "wormhole-bridge"
version = "0.1.0"
description = "Solana Program Library Token Swap"
authors = ["Certus One Team <info@certus.one>"]
repository = "https://github.com/solana-labs/solana-program-library"
license = "Apache-2.0"
edition = "2018"
[features]
no-entrypoint = []
skip-no-mangle = ["solana-sdk/skip-no-mangle"]
program = ["solana-sdk/program", "spl-token/program", "spl-token/no-entrypoint"]
default = ["solana-sdk/default", "spl-token/default"]
[dependencies]
num-derive = "0.2"
num-traits = "0.2"
remove_dir_all = "=0.5.0"
solana-sdk = { version = "=1.2.17", default-features = false, optional = true }
spl-token = { package = "spl-token", version = "1.0.6", default-features = false, optional = true }
thiserror = "1.0"
arrayref = "0.3.6"
byteorder = "1.3.4"
zerocopy = "0.3.0"
sha3 = "0.9.1"
[dev-dependencies]
rand = { version = "0.7.0" }
hex = "0.4.2"
[lib]
name = "spl_bridge"
crate-type = ["cdylib", "lib"]

4
solana/bridge/Dockerfile Normal file
View File

@ -0,0 +1,4 @@
FROM centos:8
RUN dnf install -y dnf install bzip2 git gcc wget
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

2
solana/bridge/Xargo.toml Normal file
View File

@ -0,0 +1,2 @@
[target.bpfel-unknown-unknown.dependencies.std]
features = []

24
solana/bridge/src/entrypoint.rs Normal file
View File

@ -0,0 +1,24 @@
//! Program entrypoint definitions
#![cfg(feature = "program")]
#![cfg(not(feature = "no-entrypoint"))]
use solana_sdk::{
account_info::AccountInfo, entrypoint, entrypoint::ProgramResult,
program_error::PrintProgramError, pubkey::Pubkey,
};
use crate::{error::Error, state::Bridge};
entrypoint!(process_instruction);
fn process_instruction<'a>(
program_id: &Pubkey,
accounts: &'a [AccountInfo<'a>],
instruction_data: &[u8],
) -> ProgramResult {
if let Err(error) = Bridge::process(program_id, accounts, instruction_data) {
// catch the error so we can print it
error.print::<Error>();
return Err(error);
}
Ok(())
}

153
solana/bridge/src/error.rs Normal file
View File

@ -0,0 +1,153 @@
//! Error types
use std::io;
use num_derive::FromPrimitive;
use num_traits::FromPrimitive;
use solana_sdk::{
decode_error::DecodeError,
info,
program_error::{PrintProgramError, ProgramError},
};
use thiserror::Error;
/// Errors that may be returned by the TokenSwap program.
#[derive(Clone, Debug, Eq, Error, FromPrimitive, PartialEq)]
pub enum VAAError {
/// The given action is unknown or invalid
#[error("InvalidAction")]
InvalidAction,
/// An io error occurred
#[error("IOError")]
IOError,
}
/// Errors that may be returned by the TokenSwap program.
#[derive(Clone, Debug, Eq, Error, FromPrimitive, PartialEq)]
pub enum Error {
/// The deserialization of the Token state returned something besides State::Token.
#[error("ExpectedToken")]
ExpectedToken,
/// The deserialization of the Bridge returned something besides State::Bridge.
#[error("ExpectedBridge")]
ExpectedBridge,
/// The deserialization of the Token state returned something besides State::Account.
#[error("ExpectedAccount")]
ExpectedAccount,
/// The deserialization of the GuardianSet state returned something besides State::GuardianSet.
#[error("ExpectedGuardianSet")]
ExpectedGuardianSet,
/// The deserialization of the TransferOutProposal state returned something besides State::TransferOutProposal.
#[error("ExpectedTransferOutProposal")]
ExpectedTransferOutProposal,
/// State is uninitialized.
#[error("State is unititialized")]
UninitializedState,
/// The program address provided doesn't match the value generated by the program.
#[error("InvalidProgramAddress")]
InvalidProgramAddress,
/// The submitted VAA is invalid
#[error("InvalidVAAFormat")]
InvalidVAAFormat,
/// The submitted VAA is invalid form
#[error("InvalidVAAAction")]
InvalidVAAAction,
/// The submitted VAA has an invalid signature
#[error("InvalidVAASignature")]
InvalidVAASignature,
/// The account is already initialized
#[error("AlreadyExists")]
AlreadyExists,
/// An account was not derived correctly
#[error("InvalidDerivedAccount")]
InvalidDerivedAccount,
/// A given token account does not belong to the given mint
#[error("TokenMintMismatch")]
TokenMintMismatch,
/// A given mint account does not belong to the program
#[error("WrongMintOwner")]
WrongMintOwner,
/// A given bridge account does not belong to the program
#[error("WrongBridgeOwner")]
WrongBridgeOwner,
/// A given token account does not belong to the program
#[error("WrongTokenAccountOwner")]
WrongTokenAccountOwner,
/// A parsing operation failed
#[error("ParseFailed")]
ParseFailed,
/// The guardian set that signed this VAA has expired
#[error("GuardianSetExpired")]
GuardianSetExpired,
/// The given VAA has expired
#[error("VAAExpired")]
VAAExpired,
/// The given VAA has already been claimed
#[error("VAAClaimed")]
VAAClaimed,
/// The given VAA was not signed by the latest guardian set
#[error("OldGuardianSet")]
OldGuardianSet,
/// The guardian set index must increase on update
#[error("GuardianIndexNotIncreasing")]
GuardianIndexNotIncreasing,
/// The given VAA does not match the proposal
#[error("VAAProposalMismatch")]
VAAProposalMismatch,
/// Invalid transfer with src=dst
#[error("SameChainTransfer")]
SameChainTransfer,
}
impl From<Error> for ProgramError {
fn from(e: Error) -> Self {
ProgramError::Custom(e as u32)
}
}
impl From<std::io::Error> for Error {
fn from(_: std::io::Error) -> Self {
Error::ParseFailed
}
}
impl<T> DecodeError<T> for Error {
fn type_of() -> &'static str {
"Swap Error"
}
}
impl PrintProgramError for Error {
fn print<E>(&self)
where
E: 'static + std::error::Error + DecodeError<E> + PrintProgramError + FromPrimitive,
{
match self {
Error::ExpectedToken => info!("Error: ExpectedToken"),
Error::ExpectedAccount => info!("Error: ExpectedAccount"),
Error::ExpectedBridge => info!("Error: ExpectedBridge"),
Error::ExpectedGuardianSet => info!("Error: ExpectedGuardianSet"),
Error::UninitializedState => info!("Error: State is unititialized"),
Error::InvalidProgramAddress => info!("Error: InvalidProgramAddress"),
Error::InvalidVAAFormat => info!("Error: InvalidVAAFormat"),
Error::InvalidVAAAction => info!("Error: InvalidVAAAction"),
Error::InvalidVAASignature => info!("Error: InvalidVAASignature"),
Error::AlreadyExists => info!("Error: AlreadyExists"),
Error::InvalidDerivedAccount => info!("Error: InvalidDerivedAccount"),
Error::TokenMintMismatch => info!("Error: TokenMintMismatch"),
Error::WrongMintOwner => info!("Error: WrongMintOwner"),
Error::WrongTokenAccountOwner => info!("Error: WrongTokenAccountOwner"),
Error::ParseFailed => info!("Error: ParseFailed"),
Error::GuardianSetExpired => info!("Error: GuardianSetExpired"),
Error::VAAExpired => info!("Error: VAAExpired"),
Error::VAAClaimed => info!("Error: VAAClaimed"),
Error::WrongBridgeOwner => info!("Error: WrongBridgeOwner"),
Error::OldGuardianSet => info!("Error: OldGuardianSet"),
Error::GuardianIndexNotIncreasing => info!("Error: GuardianIndexNotIncreasing"),
Error::ExpectedTransferOutProposal => info!("Error: ExpectedTransferOutProposal"),
Error::VAAProposalMismatch => info!("Error: VAAProposalMismatch"),
Error::SameChainTransfer => info!("Error: SameChainTransfer"),
}
}
}

175
solana/bridge/src/instruction.rs Normal file
View File

@ -0,0 +1,175 @@
#![allow(clippy::too_many_arguments)]
//! Instruction types
use std::io::Write;
use std::mem::size_of;
use solana_sdk::{
instruction::{AccountMeta, Instruction},
program_error::ProgramError,
pubkey::Pubkey,
};
use zerocopy::{AsBytes, FromBytes};
use crate::error::Error;
use crate::instruction::BridgeInstruction::Initialize;
use crate::state::{AssetMeta, BridgeConfig};
use crate::syscalls::RawKey;
/// chain id of this chain
pub const CHAIN_ID_SOLANA: u8 = 1;
/// size of a VAA in bytes
const VAA_SIZE: usize = 100;
/// size of a foreign address in bytes
const FOREIGN_ADDRESS_SIZE: usize = 32;
/// validator payment approval
pub type VAA_BODY = [u8; VAA_SIZE];
/// X and Y point of P for guardians
pub type GuardianKey = [u8; 64];
/// address on a foreign chain
pub type ForeignAddress = [u8; FOREIGN_ADDRESS_SIZE];
#[repr(C)]
#[derive(Clone, Copy)]
pub struct InitializePayload {
/// guardians that are allowed to sign mints
pub initial_guardian: RawKey,
/// config for the bridge
pub config: BridgeConfig,
}
#[repr(C)]
#[derive(Clone, Copy)]
pub struct TransferOutPayload {
/// amount to transfer
pub amount: u64,
/// chain id to transfer to
pub chain_id: u8,
/// Information about the asset to be transferred
pub asset: AssetMeta,
/// address on the foreign chain to transfer to
pub target: ForeignAddress,
}
/// Instructions supported by the SwapInfo program.
#[repr(C)]
pub enum BridgeInstruction {
/// Initializes a new Bridge
/// Accounts expected by this instruction:
///
/// 0. `[writable, derived]` The bridge to initialize.
/// 1. `[]` The clock SysVar
/// 2. `[writable, derived]` The initial guardian set account
/// 3. `[signer]` The fee payer for new account creation
Initialize(InitializePayload),
/// Burns or locks a (wrapped) asset `token` from `sender` on the Solana chain.
TransferOut(TransferOutPayload),
/// Submits a VAA signed by `guardian` on a valid `proposal`.
PostVAA(VAA_BODY),
/// Deletes a `proposal` after the `VAA_EXPIRATION_TIME` is over to free up space on chain.
/// This returns the rent to the sender.
EvictTransferOut(),
/// Deletes a `ExecutedVAA` after the `VAA_EXPIRATION_TIME` is over to free up space on chain.
/// This returns the rent to the sender.
EvictExecutedVAA(),
}
impl BridgeInstruction {
/// Deserializes a byte buffer into a BridgeInstruction
pub fn deserialize(input: &[u8]) -> Result<Self, ProgramError> {
if input.len() < size_of::<u8>() {
return Err(ProgramError::InvalidAccountData);
}
Ok(match input[0] {
0 => {
let payload: &InitializePayload = unpack(input)?;
Initialize(*payload)
}
_ => return Err(ProgramError::InvalidInstructionData),
})
}
/// Serializes a BridgeInstruction into a byte buffer.
pub fn serialize(self: Self) -> Result<Vec<u8>, ProgramError> {
let mut output = vec![0u8; size_of::<BridgeInstruction>()];
match self {
Self::Initialize(payload) => {
output[0] = 0;
#[allow(clippy::cast_ptr_alignment)]
let value = unsafe {
&mut *(&mut output[size_of::<u8>()] as *mut u8 as *mut InitializePayload)
};
*value = payload;
}
Self::TransferOut(payload) => {
output[0] = 1;
#[allow(clippy::cast_ptr_alignment)]
let value = unsafe {
&mut *(&mut output[size_of::<u8>()] as *mut u8 as *mut TransferOutPayload)
};
*value = payload;
}
Self::PostVAA(payload) => {
output[0] = 2;
#[allow(clippy::cast_ptr_alignment)]
let value =
unsafe { &mut *(&mut output[size_of::<u8>()] as *mut u8 as *mut VAA_BODY) };
*value = payload;
}
Self::EvictTransferOut() => {
output[0] = 3;
}
Self::EvictExecutedVAA() => {
output[0] = 4;
}
_ => panic!(""),
}
Ok(output)
}
}
/// Creates an 'initialize' instruction.
pub fn initialize(
program_id: &Pubkey,
sender: &Pubkey,
bridge: &Pubkey,
initial_guardian: RawKey,
config: &BridgeConfig,
) -> Result<Instruction, ProgramError> {
let data = BridgeInstruction::Initialize(InitializePayload {
config: *config,
initial_guardian,
})
.serialize()?;
let accounts = vec![
AccountMeta::new(*sender, true),
AccountMeta::new(*bridge, false),
];
Ok(Instruction {
program_id: *program_id,
accounts,
data,
})
}
/// Unpacks a reference from a bytes buffer.
pub fn unpack<T>(input: &[u8]) -> Result<&T, ProgramError> {
if input.len() < size_of::<u8>() + size_of::<T>() {
return Err(ProgramError::InvalidAccountData);
}
#[allow(clippy::cast_ptr_alignment)]
let val: &T = unsafe { &*(&input[1] as *const u8 as *const T) };
Ok(val)
}

12
solana/bridge/src/lib.rs Normal file
View File

@ -0,0 +1,12 @@
#[macro_use]
extern crate arrayref;
#[macro_use]
extern crate zerocopy;
pub mod entrypoint;
pub mod error;
pub mod instruction;
pub mod processor;
pub mod state;
pub mod syscalls;
pub mod vaa;

702
solana/bridge/src/processor.rs Normal file
View File

@ -0,0 +1,702 @@
//! Program instruction processing logic
use std::io::Write;
use std::mem::size_of;
use std::slice::Iter;
use std::str;
use num_traits::AsPrimitive;
use sha3::Digest;
use solana_sdk::clock::Clock;
use solana_sdk::hash::hash;
#[cfg(not(target_arch = "bpf"))]
use solana_sdk::instruction::Instruction;
use solana_sdk::log::sol_log;
#[cfg(target_arch = "bpf")]
use solana_sdk::program::invoke_signed;
use solana_sdk::rent::Rent;
use solana_sdk::system_instruction::{create_account, SystemInstruction};
use solana_sdk::sysvar::Sysvar;
use solana_sdk::{
account_info::next_account_info, account_info::AccountInfo, entrypoint::ProgramResult, info,
program_error::ProgramError, pubkey::bs58, pubkey::Pubkey,
};
use spl_token::state::Mint;
use crate::instruction::BridgeInstruction::*;
use crate::instruction::{
BridgeInstruction, ForeignAddress, GuardianKey, TransferOutPayload, CHAIN_ID_SOLANA, VAA_BODY,
};
use crate::state::*;
use crate::syscalls::{sol_verify_schnorr, RawKey, SchnorrifyInput};
use crate::vaa::{BodyTransfer, BodyUpdateGuardianSet, VAABody, VAA};
use crate::{error::Error, instruction::unpack};
/// Instruction processing logic
impl Bridge {
/// Processes an [Instruction](enum.Instruction.html).
pub fn process(program_id: &Pubkey, accounts: &[AccountInfo], input: &[u8]) -> ProgramResult {
let instruction = BridgeInstruction::deserialize(input)?;
match instruction {
Initialize(payload) => {
info!("Instruction: Initialize");
Self::process_initialize(
program_id,
accounts,
payload.initial_guardian,
payload.config,
)
}
TransferOut(p) => {
info!("Instruction: TransferOut");
if p.asset.chain == CHAIN_ID_SOLANA {
Self::process_transfer_native_out(program_id, accounts, &p)
} else {
Self::process_transfer_out(program_id, accounts, &p)
}
}
PostVAA(vaa_body) => {
info!("Instruction: PostVAA");
let len = vaa_body[0] as usize;
let vaa_data = &vaa_body[..len];
let vaa = VAA::deserialize(vaa_data)?;
let mut k = sha3::Keccak256::default();
if let Err(_) = k.write(vaa_data) {
return Err(Error::ParseFailed.into());
};
let hash = k.finalize();
Self::process_vaa(program_id, accounts, &vaa_body, &vaa, hash.as_ref())
}
_ => panic!(""),
}
}
/// Unpacks a token state from a bytes buffer while assuring that the state is initialized.
pub fn process_initialize(
program_id: &Pubkey,
accounts: &[AccountInfo],
initial_guardian_key: RawKey,
config: BridgeConfig,
) -> ProgramResult {
let account_info_iter = &mut accounts.iter();
let new_account_info = next_account_info(account_info_iter)?;
let new_guardian_info = next_account_info(account_info_iter)?;
let clock_info = next_account_info(account_info_iter)?;
let clock = Clock::from_account_info(clock_info)?;
let mut new_account_data = new_account_info.data.borrow_mut();
let mut bridge: &mut Bridge = Self::unpack_unchecked(&mut new_account_data)?;
if bridge.is_initialized {
return Err(Error::AlreadyExists.into());
}
let expected_bridge_key = Bridge::derive_bridge_id(program_id)?;
if expected_bridge_key != *new_account_info.key {
return Err(Error::InvalidDerivedAccount.into());
}
let expected_guardian_set_key =
Bridge::derive_guardian_set_id(program_id, new_account_info.key, 0)?;
if expected_guardian_set_key != *new_guardian_info.key {
return Err(Error::InvalidDerivedAccount.into());
}
let mut new_guardian_data = new_guardian_info.data.borrow_mut();
let mut guardian_info: &mut GuardianSet = Self::unpack_unchecked(&mut new_guardian_data)?;
if guardian_info.is_initialized {
return Err(Error::AlreadyExists.into());
}
// Initialize bridge params
bridge.is_initialized = true;
bridge.guardian_set_index = 0;
bridge.config = config;
// Initialize the initial guardian set
guardian_info.is_initialized = true;
guardian_info.index = 0;
guardian_info.creation_time = clock.unix_timestamp.as_();
guardian_info.pubkey = initial_guardian_key;
Ok(())
}
/// Transfers a wrapped asset out
pub fn process_transfer_out(
program_id: &Pubkey,
accounts: &[AccountInfo],
t: &TransferOutPayload,
) -> ProgramResult {
let account_info_iter = &mut accounts.iter();
let sender_account_info = next_account_info(account_info_iter)?;
let clock_info = next_account_info(account_info_iter)?;
let bridge_info = next_account_info(account_info_iter)?;
let proposal_info = next_account_info(account_info_iter)?;
let mint_info = next_account_info(account_info_iter)?;
let sender_info = next_account_info(account_info_iter)?;
let clock = Clock::from_account_info(clock_info)?;
let sender = Bridge::token_account_deserialize(sender_account_info)?;
let bridge = Bridge::bridge_deserialize(bridge_info)?;
let mint = Bridge::mint_deserialize(mint_info)?;
// Does the token belong to the mint
if sender.mint != *mint_info.key {
return Err(Error::TokenMintMismatch.into());
}
// Is the mint owned by the program
if mint.owner.unwrap() != *program_id {
return Err(Error::WrongMintOwner.into());
}
// Check that the mint is actually a wrapped asset belonging to *this* bridge instance
let expected_mint_address = Bridge::derive_wrapped_asset_id(
program_id,
bridge_info.key,
t.asset.chain,
t.asset.address,
)?;
if expected_mint_address != *mint_info.key {
return Err(Error::InvalidDerivedAccount.into());
}
// Check that the transfer account was derived correctly
let expected_transfer_id = Bridge::derive_transfer_id(
program_id,
bridge_info.key,
t.asset.chain,
t.asset.address,
t.chain_id,
t.target,
sender.owner.to_bytes(),
clock.slot.as_(),
)?;
if expected_transfer_id != *proposal_info.key {
return Err(Error::InvalidDerivedAccount.into());
}
// Load proposal account
let mut proposal_data = proposal_info.data.borrow_mut();
let proposal: &mut TransferOutProposal = Bridge::unpack_unchecked(&mut proposal_data)?;
if proposal.is_initialized {
return Err(Error::AlreadyExists.into());
}
// Burn tokens
Bridge::wrapped_burn(
accounts,
&bridge.config.token_program,
sender_info.key,
sender_account_info.key,
t.amount,
)?;
// Initialize proposal
proposal.is_initialized = true;
proposal.foreign_address = t.target;
proposal.amount = t.amount;
proposal.to_chain_id = t.chain_id;
proposal.asset = t.asset;
Ok(())
}
/// Transfers a native token to a foreign chain
pub fn process_transfer_native_out(
program_id: &Pubkey,
accounts: &[AccountInfo],
t: &TransferOutPayload,
) -> ProgramResult {
let account_info_iter = &mut accounts.iter();
let sender_account_info = next_account_info(account_info_iter)?;
let clock_info = next_account_info(account_info_iter)?;
let bridge_info = next_account_info(account_info_iter)?;
let proposal_info = next_account_info(account_info_iter)?;
let mint_info = next_account_info(account_info_iter)?;
let custody_info = next_account_info(account_info_iter)?;
let sender_info = next_account_info(account_info_iter)?;
let clock = Clock::from_account_info(clock_info)?;
let sender = Bridge::token_account_deserialize(sender_account_info)?;
let bridge = Bridge::bridge_deserialize(bridge_info)?;
let mint = Bridge::mint_deserialize(mint_info)?;
// Does the token belong to the mint
if sender.mint != *mint_info.key {
return Err(Error::TokenMintMismatch.into());
}
// If the mint is owned by the program, it's a wrapped asset
if mint.owner.unwrap() == *program_id {
return Err(Error::WrongMintOwner.into());
}
// Check that the transfer account was derived correctly
let expected_transfer_id = Bridge::derive_transfer_id(
program_id,
bridge_info.key,
t.asset.chain,
t.asset.address,
t.chain_id,
t.target,
sender.owner.to_bytes(),
clock.slot.as_(),
)?;
if expected_transfer_id != *proposal_info.key {
return Err(Error::InvalidDerivedAccount.into());
}
// Load proposal account
let mut proposal_data = proposal_info.data.borrow_mut();
let proposal: &mut TransferOutProposal = Bridge::unpack_unchecked(&mut proposal_data)?;
if proposal.is_initialized {
return Err(Error::AlreadyExists.into());
}
let expected_custody_id =
Bridge::derive_custody_id(program_id, bridge_info.key, mint_info.key)?;
if expected_custody_id != *custody_info.key {
return Err(Error::InvalidDerivedAccount.into());
}
// Create the account if it does not exist
if custody_info.data_is_empty() {
Bridge::create_custody_account(
program_id,
accounts,
&bridge.config.token_program,
bridge_info.key,
custody_info.key,
mint_info.key,
sender_info.key,
)?;
}
// Check that the custody token account is owned by the derived key
let custody = Self::token_account_deserialize(custody_info)?;
if custody.owner != *bridge_info.key {
return Err(Error::WrongTokenAccountOwner.into());
}
// Transfer tokens to custody
Bridge::token_transfer_caller(
accounts,
&bridge.config.token_program,
sender_account_info.key,
custody_info.key,
sender_info.key,
t.amount,
)?;
// Initialize proposal
proposal.is_initialized = true;
proposal.foreign_address = t.target;
proposal.amount = t.amount;
proposal.to_chain_id = t.chain_id;
// Don't use the user-given data as we don't check mint = AssetMeta.address
proposal.asset = AssetMeta {
chain: CHAIN_ID_SOLANA,
address: mint_info.key.to_bytes(),
};
Ok(())
}
/// Processes a VAA
pub fn process_vaa(
program_id: &Pubkey,
accounts: &[AccountInfo],
vaa_data: &[u8; 100],
vaa: &VAA,
hash: &[u8; 32],
) -> ProgramResult {
let account_info_iter = &mut accounts.iter();
let bridge_info = next_account_info(account_info_iter)?;
let clock_info = next_account_info(account_info_iter)?;
let guardian_set_info = next_account_info(account_info_iter)?;
let claim_info = next_account_info(account_info_iter)?;
let mut bridge = Bridge::bridge_deserialize(bridge_info)?;
let clock = Clock::from_account_info(clock_info)?;
let mut guardian_set = Bridge::guardian_set_deserialize(guardian_set_info)?;
// Check that the guardian set is valid
let expected_guardian_set =
Bridge::derive_guardian_set_id(program_id, bridge_info.key, vaa.guardian_set_index)?;
if expected_guardian_set != *guardian_set_info.key {
return Err(Error::InvalidDerivedAccount.into());
}
// Check that the claim is valid
let expected_claim = Bridge::derive_claim_id(program_id, bridge_info.key, hash)?;
if expected_claim != *claim_info.key {
return Err(Error::InvalidDerivedAccount.into());
}
// Check that the guardian set is still active
if (guardian_set.expiration_time as i64) < clock.unix_timestamp {
return Err(Error::GuardianSetExpired.into());
}
// Check that the VAA is still valid
if (guardian_set.expiration_time as i64) + (bridge.config.vaa_expiration_time as i64)
< clock.unix_timestamp
{
return Err(Error::VAAExpired.into());
}
// Verify VAA signature
if !vaa.verify(&guardian_set.pubkey) {
return Err(Error::InvalidVAASignature.into());
}
let payload = vaa.payload.ok_or(Error::InvalidVAAAction)?;
match payload {
VAABody::UpdateGuardianSet(v) => Self::process_vaa_set_update(
program_id,
account_info_iter,
&clock,
bridge_info,
&mut bridge,
&mut guardian_set,
&v,
),
VAABody::Transfer(v) => {
if v.source_chain == CHAIN_ID_SOLANA {
Self::process_vaa_transfer(
program_id,
accounts,
account_info_iter,
bridge_info,
&mut bridge,
&v,
)
} else {
Self::process_vaa_transfer_post(
program_id,
account_info_iter,
bridge_info,
vaa,
&v,
vaa_data,
)
}
}
}?;
// Load proposal account
let mut claim_data = claim_info.data.borrow_mut();
let claim: &mut ClaimedVAA = Bridge::unpack_unchecked(&mut claim_data)?;
if claim.is_initialized {
return Err(Error::VAAClaimed.into());
}
// Set claimed
claim.is_initialized = true;
claim.vaa_time = clock.unix_timestamp as u32;
Ok(())
}
/// Processes a Guardian set update
pub fn process_vaa_set_update(
program_id: &Pubkey,
account_info_iter: &mut Iter<AccountInfo>,
clock: &Clock,
bridge_info: &AccountInfo,
bridge: &mut Bridge,
old_guardian_set: &mut GuardianSet,
b: &BodyUpdateGuardianSet,
) -> ProgramResult {
let guardian_set_new_info = next_account_info(account_info_iter)?;
// TODO this could deadlock the bridge if an update is performed with an invalid key
// The new guardian set must be signed by the current one
if bridge.guardian_set_index != old_guardian_set.index {
return Err(Error::OldGuardianSet.into());
}
// The new guardian set must have an index > current
// We don't check +1 because we trust the set to not set something close to max(u32)
if bridge.guardian_set_index >= b.new_index {
return Err(Error::GuardianIndexNotIncreasing.into());
}
// Set the exirity on the old guardian set
// The guardian set will expire once all currently issues vaas have expired
old_guardian_set.expiration_time =
(clock.unix_timestamp as u32) + bridge.config.vaa_expiration_time;
// Check whether the new guardian set was derived correctly
let expected_guardian_set =
Bridge::derive_guardian_set_id(program_id, bridge_info.key, b.new_index)?;
if expected_guardian_set != *guardian_set_new_info.key {
return Err(Error::InvalidDerivedAccount.into());
}
let mut guardian_set_new_data = guardian_set_new_info.data.borrow_mut();
let guardian_set_new: &mut GuardianSet =
Bridge::unpack_unchecked(&mut guardian_set_new_data)?;
// The new guardian set must not exist
if guardian_set_new.is_initialized {
return Err(Error::AlreadyExists.into());
}
// Set values on the new guardian set
guardian_set_new.is_initialized = true;
guardian_set_new.index = b.new_index;
guardian_set_new.pubkey = b.new_key;
guardian_set_new.creation_time = clock.unix_timestamp as u32;
// Update the bridge guardian set id
bridge.guardian_set_index = b.new_index;
Ok(())
}
/// Processes a VAA transfer in
pub fn process_vaa_transfer(
program_id: &Pubkey,
accounts: &[AccountInfo],
account_info_iter: &mut Iter<AccountInfo>,
bridge_info: &AccountInfo,
bridge: &mut Bridge,
b: &BodyTransfer,
) -> ProgramResult {
let mint_info = next_account_info(account_info_iter)?;
let destination_info = next_account_info(account_info_iter)?;
let destination = Self::token_account_deserialize(destination_info)?;
if destination.mint != *mint_info.key {
return Err(Error::TokenMintMismatch.into());
}
if b.asset.chain == CHAIN_ID_SOLANA {
let custody_info = next_account_info(account_info_iter)?;
let expected_custody_id =
Bridge::derive_custody_id(program_id, bridge_info.key, mint_info.key)?;
if expected_custody_id != *custody_info.key {
return Err(Error::InvalidDerivedAccount.into());
}
// Native Solana asset, transfer from custody
Bridge::token_transfer_custody(
accounts,
&bridge.config.token_program,
bridge_info.key,
custody_info.key,
destination_info.key,
b.amount,
)?;
} else {
// Foreign chain asset, mint wrapped asset
let expected_mint_address = Bridge::derive_wrapped_asset_id(
program_id,
bridge_info.key,
b.asset.chain,
b.asset.address,
)?;
if expected_mint_address != *mint_info.key {
return Err(Error::InvalidDerivedAccount.into());
}
// If wrapped mint does not exist, create it
if mint_info.data_is_empty() {
let sender_info = next_account_info(account_info_iter)?;
Self::create_wrapped_mint(
program_id,
accounts,
&bridge.config.token_program,
mint_info.key,
bridge_info.key,
sender_info.key,
&b.asset,
)?;
}
Bridge::wrapped_mint_to(
accounts,
&bridge.config.token_program,
mint_info.key,
destination_info.key,
bridge_info.key,
b.amount,
)?;
}
Ok(())
}
/// Processes a VAA post for data availability (for Solana -> foreign transfers)
pub fn process_vaa_transfer_post(
program_id: &Pubkey,
account_info_iter: &mut Iter<AccountInfo>,
bridge_info: &AccountInfo,
vaa: &VAA,
b: &BodyTransfer,
vaa_data: &[u8; 100],
) -> ProgramResult {
let proposal_info = next_account_info(account_info_iter)?;
// Check whether the proposal was derived correctly
let expected_proposal = Bridge::derive_transfer_id(
program_id,
bridge_info.key,
b.asset.chain,
b.asset.address,
b.target_chain,
b.target_address,
b.source_address,
b.ref_block,
)?;
if expected_proposal != *proposal_info.key {
return Err(Error::InvalidDerivedAccount.into());
}
let mut proposal = Self::transfer_out_proposal_deserialize(proposal_info)?;
if !proposal.matches_vaa(b) {
return Err(Error::VAAProposalMismatch.into());
}
// Set vaa
proposal.vaa = *vaa_data;
proposal.vaa_time = vaa.timestamp;
Ok(())
}
}
// Test program id for the swap program.
#[cfg(not(target_arch = "bpf"))]
const WORMHOLE_PROGRAM_ID: Pubkey = Pubkey::new_from_array([2u8; 32]);
const TOKEN_PROGRAM_ID: Pubkey = Pubkey::new_from_array([2u8; 32]);
/// Routes invokes to the token program, used for testing.
#[cfg(not(target_arch = "bpf"))]
pub fn invoke_signed<'a>(
instruction: &Instruction,
account_infos: &[AccountInfo<'a>],
signers_seeds: &[&[&[u8]]],
) -> ProgramResult {
let mut new_account_infos = vec![];
for meta in instruction.accounts.iter() {
for account_info in account_infos.iter() {
if meta.pubkey == *account_info.key {
let mut new_account_info = account_info.clone();
for seeds in signers_seeds.iter() {
let signer =
Pubkey::create_program_address(seeds, &WORMHOLE_PROGRAM_ID).unwrap();
if *account_info.key == signer {
new_account_info.is_signer = true;
}
}
new_account_infos.push(new_account_info);
}
}
}
match instruction.program_id {
TOKEN_PROGRAM_ID => spl_token::state::State::process(
&instruction.program_id,
&new_account_infos,
&instruction.data,
),
_ => panic!(),
}
}
#[cfg(test)]
mod tests {
use solana_sdk::{
account::Account, account_info::create_is_signer_account_infos, instruction::Instruction,
};
use spl_token::{
instruction::{initialize_account, initialize_mint},
state::{Account as SplAccount, Mint as SplMint, State as SplState},
};
use crate::instruction::initialize;
use super::*;
const TOKEN_PROGRAM_ID: Pubkey = Pubkey::new_from_array([1u8; 32]);
// Pulls in the stubs required for `info!()`
#[cfg(not(target_arch = "bpf"))]
solana_sdk::program_stubs!();
fn pubkey_rand() -> Pubkey {
Pubkey::new(&rand::random::<[u8; 32]>())
}
fn do_process_instruction(
instruction: Instruction,
accounts: Vec<&mut Account>,
) -> ProgramResult {
let mut meta = instruction
.accounts
.iter()
.zip(accounts)
.map(|(account_meta, account)| (&account_meta.pubkey, account_meta.is_signer, account))
.collect::<Vec<_>>();
let account_infos = create_is_signer_account_infos(&mut meta);
if instruction.program_id == WORMHOLE_PROGRAM_ID {
Bridge::process(&instruction.program_id, &account_infos, &instruction.data)
} else {
SplState::process(&instruction.program_id, &account_infos, &instruction.data)
}
}
fn create_bridge(
program_id: &Pubkey,
config: &BridgeConfig,
initial_guardians: &RawKey,
) -> (Pubkey, Account) {
let token_key = pubkey_rand();
let mut token_account = Account::new(0, size_of::<SplMint>(), &program_id);
let account_key = pubkey_rand();
let mut account_account = Account::new(0, size_of::<SplAccount>(), &program_id);
// create pool and pool account
do_process_instruction(
initialize_account(&program_id, &account_key, &token_key, &authority_key).unwrap(),
vec![
&mut account_account,
&mut Account::default(),
&mut token_account,
],
)
.unwrap();
let mut authority_account = Account::default();
do_process_instruction(
initialize_mint(
&program_id,
&token_key,
Some(&account_key),
Some(&authority_key),
amount,
2,
)
.unwrap(),
if amount == 0 {
vec![&mut token_account, &mut authority_account]
} else {
vec![
&mut token_account,
&mut account_account,
&mut authority_account,
]
},
)
.unwrap();
return ((account_key, account_account));
}
}

528
solana/bridge/src/state.rs Normal file
View File

@ -0,0 +1,528 @@
//! Bridge transition types
use std::io::Write;
use std::mem::size_of;
use std::slice::Iter;
use std::str;
use num_traits::AsPrimitive;
use sha3::Digest;
use solana_sdk::clock::Clock;
use solana_sdk::hash::hash;
#[cfg(not(target_arch = "bpf"))]
use solana_sdk::instruction::Instruction;
use solana_sdk::log::sol_log;
#[cfg(target_arch = "bpf")]
use solana_sdk::program::invoke_signed;
use solana_sdk::rent::Rent;
use solana_sdk::system_instruction::{create_account, SystemInstruction};
use solana_sdk::sysvar::Sysvar;
use solana_sdk::{
account_info::next_account_info, account_info::AccountInfo, entrypoint::ProgramResult, info,
program_error::ProgramError, pubkey::bs58, pubkey::Pubkey,
};
use spl_token::state::Mint;
use crate::instruction::BridgeInstruction::*;
use crate::instruction::{
BridgeInstruction, ForeignAddress, GuardianKey, TransferOutPayload, CHAIN_ID_SOLANA, VAA_BODY,
};
#[cfg(not(target_arch = "bpf"))]
use crate::processor::invoke_signed;
use crate::syscalls::{sol_verify_schnorr, RawKey, SchnorrifyInput};
use crate::vaa::{BodyTransfer, BodyUpdateGuardianSet, VAABody, VAA};
use crate::{error::Error, instruction::unpack};
use zerocopy::AsBytes;
/// fee rate as a ratio
#[repr(C)]
#[derive(Clone, Copy)]
pub struct Fee {
/// denominator of the fee ratio
pub denominator: u64,
/// numerator of the fee ratio
pub numerator: u64,
}
/// guardian set
#[repr(C)]
#[derive(Clone, Copy)]
pub struct GuardianSet {
/// index of the set
pub index: u32,
/// public key of the threshold schnorr set
pub pubkey: RawKey,
/// creation time
pub creation_time: u32,
/// expiration time when VAAs issued by this set are no longer valid
pub expiration_time: u32,
/// Is `true` if this structure has been initialized.
pub is_initialized: bool,
}
impl IsInitialized for GuardianSet {
fn is_initialized(&self) -> bool {
self.is_initialized
}
}
/// proposal to transfer tokens to a foreign chain
#[repr(C)]
#[derive(Clone, Copy)]
pub struct TransferOutProposal {
/// amount to transfer
pub amount: u64,
/// chain id to transfer to
pub to_chain_id: u8,
/// address on the foreign chain to transfer to
pub foreign_address: ForeignAddress,
/// asset that is being transferred
pub asset: AssetMeta,
/// vaa to unlock the tokens on the foreign chain
pub vaa: VAA_BODY,
/// time the vaa was submitted
pub vaa_time: u32,
/// Is `true` if this structure has been initialized.
pub is_initialized: bool,
}
impl IsInitialized for TransferOutProposal {
fn is_initialized(&self) -> bool {
self.is_initialized
}
}
impl TransferOutProposal {
pub fn matches_vaa(&self, b: &BodyTransfer) -> bool {
return b.amount == self.amount
&& b.target_address == self.foreign_address
&& b.target_chain == self.to_chain_id
&& b.asset == self.asset;
}
}
/// record of a claimed VAA
#[repr(C)]
#[derive(Clone, Copy, Debug, Default, PartialEq)]
pub struct ClaimedVAA {
/// hash of the vaa
pub hash: [u8; 32],
/// time the vaa was submitted
pub vaa_time: u32,
/// Is `true` if this structure has been initialized.
pub is_initialized: bool,
}
impl IsInitialized for ClaimedVAA {
fn is_initialized(&self) -> bool {
self.is_initialized
}
}
/// Metadata about an asset
#[repr(C)]
#[derive(Clone, Copy, Debug, Default, PartialEq)]
pub struct AssetMeta {
/// Address of the token
pub address: ForeignAddress,
/// Chain of the token
pub chain: u8,
}
/// Config for a bridge.
#[repr(C)]
#[derive(Clone, Copy, Debug, Default, PartialEq)]
pub struct BridgeConfig {
/// Period for how long a VAA is valid. This is also the period after a valid VAA has been
/// published to a `TransferOutProposal` or `ClaimedVAA` after which the account can be evicted.
/// This exists to guarantee data availability and prevent replays.
pub vaa_expiration_time: u32,
/// Token program that is used for this bridge
pub token_program: Pubkey,
}
/// Bridge state.
#[repr(C)]
#[derive(Clone, Copy, Debug, PartialEq)]
pub struct Bridge {
/// the currently active guardian set
pub guardian_set_index: u32,
/// read-only config parameters for a bridge instance.
pub config: BridgeConfig,
/// Is `true` if this structure has been initialized.
pub is_initialized: bool,
}
impl IsInitialized for Bridge {
fn is_initialized(&self) -> bool {
self.is_initialized
}
}
/// Implementation of serialization functions
impl Bridge {
/// Deserializes a spl_token `Account`.
pub fn token_account_deserialize(
info: &AccountInfo,
) -> Result<spl_token::state::Account, Error> {
Ok(*spl_token::state::unpack(&mut info.data.borrow_mut())
.map_err(|_| Error::ExpectedAccount)?)
}
/// Deserializes a spl_token `Mint`.
pub fn mint_deserialize(info: &AccountInfo) -> Result<spl_token::state::Mint, Error> {
Ok(*spl_token::state::unpack(&mut info.data.borrow_mut())
.map_err(|_| Error::ExpectedToken)?)
}
/// Deserializes a `Bridge`.
pub fn bridge_deserialize(info: &AccountInfo) -> Result<Bridge, Error> {
Ok(*Bridge::unpack(&mut info.data.borrow_mut()).map_err(|_| Error::ExpectedBridge)?)
}
/// Deserializes a `GuardianSet`.
pub fn guardian_set_deserialize(info: &AccountInfo) -> Result<GuardianSet, Error> {
Ok(*Bridge::unpack(&mut info.data.borrow_mut()).map_err(|_| Error::ExpectedGuardianSet)?)
}
/// Deserializes a `TransferOutProposal`.
pub fn transfer_out_proposal_deserialize(
info: &AccountInfo,
) -> Result<TransferOutProposal, Error> {
Ok(*Bridge::unpack(&mut info.data.borrow_mut())
.map_err(|_| Error::ExpectedTransferOutProposal)?)
}
/// Unpacks a token state from a bytes buffer while assuring that the state is initialized.
pub fn unpack<T: IsInitialized>(input: &mut [u8]) -> Result<&mut T, ProgramError> {
let mut_ref: &mut T = Self::unpack_unchecked(input)?;
if !mut_ref.is_initialized() {
return Err(Error::UninitializedState.into());
}
Ok(mut_ref)
}
/// Unpacks a token state from a bytes buffer without checking that the state is initialized.
pub fn unpack_unchecked<T: IsInitialized>(input: &mut [u8]) -> Result<&mut T, ProgramError> {
if input.len() != size_of::<T>() {
return Err(ProgramError::InvalidAccountData);
}
#[allow(clippy::cast_ptr_alignment)]
Ok(unsafe { &mut *(&mut input[0] as *mut u8 as *mut T) })
}
}
/// Implementation of actions
impl Bridge {
/// Burn a wrapped asset from account
pub fn wrapped_burn(
accounts: &[AccountInfo],
token_program_id: &Pubkey,
authority: &Pubkey,
token_account: &Pubkey,
amount: u64,
) -> Result<(), ProgramError> {
let all_signers: Vec<&Pubkey> = accounts
.iter()
.filter_map(|item| if item.is_signer { Some(item.key) } else { None })
.collect();
let ix = spl_token::instruction::burn(
token_program_id,
token_account,
authority,
all_signers.as_slice(),
amount,
)?;
invoke_signed(&ix, accounts, &[])
}
/// Mint a wrapped asset to account
pub fn wrapped_mint_to(
accounts: &[AccountInfo],
token_program_id: &Pubkey,
mint: &Pubkey,
destination: &Pubkey,
bridge: &Pubkey,
amount: u64,
) -> Result<(), ProgramError> {
let ix = spl_token::instruction::mint_to(
token_program_id,
mint,
destination,
bridge,
&[],
amount,
)?;
invoke_signed(&ix, accounts, &[&[&bridge.to_bytes()[..32]][..]])
}
/// Transfer tokens from a caller
pub fn token_transfer_caller(
accounts: &[AccountInfo],
token_program_id: &Pubkey,
source: &Pubkey,
destination: &Pubkey,
authority: &Pubkey,
amount: u64,
) -> Result<(), ProgramError> {
let all_signers: Vec<&Pubkey> = accounts
.iter()
.filter_map(|item| if item.is_signer { Some(item.key) } else { None })
.collect();
let ix = spl_token::instruction::transfer(
token_program_id,
source,
destination,
authority,
all_signers.as_slice(),
amount,
)?;
invoke_signed(&ix, accounts, &[])
}
/// Transfer tokens from a custody account
pub fn token_transfer_custody(
accounts: &[AccountInfo],
token_program_id: &Pubkey,
bridge: &Pubkey,
source: &Pubkey,
destination: &Pubkey,
amount: u64,
) -> Result<(), ProgramError> {
let ix = spl_token::instruction::transfer(
token_program_id,
source,
destination,
bridge,
&[],
amount,
)?;
invoke_signed(&ix, accounts, &[&[&bridge.to_bytes()[..32]][..]])
}
/// Create a new account
pub fn create_custody_account(
program_id: &Pubkey,
accounts: &[AccountInfo],
token_program: &Pubkey,
bridge: &Pubkey,
account: &Pubkey,
mint: &Pubkey,
payer: &Pubkey,
) -> Result<(), ProgramError> {
Self::create_account::<Mint>(
program_id,
accounts,
mint,
payer,
Self::derive_custody_seeds(bridge, mint),
)?;
let ix = spl_token::instruction::initialize_account(token_program, account, mint, bridge)?;
invoke_signed(&ix, accounts, &[&[&bridge.to_bytes()[..32]][..]])
}
/// Create a mint for a wrapped asset
pub fn create_wrapped_mint(
program_id: &Pubkey,
accounts: &[AccountInfo],
token_program: &Pubkey,
mint: &Pubkey,
bridge: &Pubkey,
payer: &Pubkey,
asset: &AssetMeta,
) -> Result<(), ProgramError> {
Self::create_account::<Mint>(
program_id,
accounts,
mint,
payer,
Self::derive_wrapped_asset_seeds(bridge, asset.chain, asset.address),
)?;
let ix =
spl_token::instruction::initialize_mint(token_program, mint, None, Some(bridge), 0, 8)?;
invoke_signed(&ix, accounts, &[&[&bridge.to_bytes()[..32]][..]])
}
/// Create a new account
pub fn create_account<T: Sized>(
program_id: &Pubkey,
accounts: &[AccountInfo],
new_account: &Pubkey,
payer: &Pubkey,
seeds: Vec<Vec<u8>>,
) -> Result<(), ProgramError> {
let size = size_of::<T>();
let ix = create_account(
payer,
new_account,
Rent::default().minimum_balance(size as usize),
size as u64,
program_id,
);
let s: Vec<_> = seeds.iter().map(|item| item.as_slice()).collect();
invoke_signed(&ix, accounts, &[s.as_slice()])
}
}
/// Implementation of derivations
impl Bridge {
/// Calculates derived seeds for a guardian set
pub fn derive_guardian_set_seeds(bridge_key: &Pubkey, guardian_set_index: u32) -> Vec<Vec<u8>> {
vec![
"guardian".as_bytes().to_vec(),
bridge_key.to_bytes().to_vec(),
guardian_set_index.as_bytes().to_vec(),
]
}
/// Calculates derived seeds for a wrapped asset
pub fn derive_wrapped_asset_seeds(
bridge_key: &Pubkey,
asset_chain: u8,
asset: ForeignAddress,
) -> Vec<Vec<u8>> {
vec![
"wrapped".as_bytes().to_vec(),
bridge_key.to_bytes().to_vec(),
asset_chain.as_bytes().to_vec(),
asset.as_bytes().to_vec(),
]
}
/// Calculates derived seeds for a transfer out
pub fn derive_transfer_id_seeds(
bridge_key: &Pubkey,
asset_chain: u8,
asset: ForeignAddress,
target_chain: u8,
target_address: ForeignAddress,
user: ForeignAddress,
slot: u64,
) -> Vec<Vec<u8>> {
vec![
"transfer".as_bytes().to_vec(),
bridge_key.to_bytes().to_vec(),
asset_chain.as_bytes().to_vec(),
asset.as_bytes().to_vec(),
target_chain.as_bytes().to_vec(),
target_address.as_bytes().to_vec(),
user.as_bytes().to_vec(),
slot.as_bytes().to_vec(),
]
}
/// Calculates derived seeds for a bridge
pub fn derive_bridge_seeds(program_id: &Pubkey) -> Vec<Vec<u8>> {
vec![program_id.to_bytes().to_vec()]
}
/// Calculates derived seeds for a custody account
pub fn derive_custody_seeds<'a>(bridge: &Pubkey, mint: &Pubkey) -> Vec<Vec<u8>> {
vec![
"custody".as_bytes().to_vec(),
bridge.to_bytes().to_vec(),
mint.to_bytes().to_vec(),
]
}
/// Calculates derived seeds for a claim
pub fn derive_claim_seeds<'a>(bridge: &Pubkey, hash: &[u8; 32]) -> Vec<Vec<u8>> {
vec![
"claim".as_bytes().to_vec(),
bridge.to_bytes().to_vec(),
hash.as_bytes().to_vec(),
]
}
/// Calculates a derived address for this program
pub fn derive_bridge_id(program_id: &Pubkey) -> Result<Pubkey, Error> {
Self::derive_key(program_id, Self::derive_bridge_seeds(program_id))
}
/// Calculates a derived address for a custody account
pub fn derive_custody_id(
program_id: &Pubkey,
bridge: &Pubkey,
mint: &Pubkey,
) -> Result<Pubkey, Error> {
Self::derive_key(program_id, Self::derive_custody_seeds(bridge, mint))
}
/// Calculates a derived address for a claim account
pub fn derive_claim_id(
program_id: &Pubkey,
bridge: &Pubkey,
hash: &[u8; 32],
) -> Result<Pubkey, Error> {
Self::derive_key(program_id, Self::derive_claim_seeds(bridge, hash))
}
/// Calculates a derived address for this program
pub fn derive_guardian_set_id(
program_id: &Pubkey,
bridge_key: &Pubkey,
guardian_set_index: u32,
) -> Result<Pubkey, Error> {
Self::derive_key(
program_id,
Self::derive_guardian_set_seeds(bridge_key, guardian_set_index),
)
}
/// Calculates a derived seeds for a wrapped asset
pub fn derive_wrapped_asset_id(
program_id: &Pubkey,
bridge_key: &Pubkey,
asset_chain: u8,
asset: ForeignAddress,
) -> Result<Pubkey, Error> {
Self::derive_key(
program_id,
Self::derive_wrapped_asset_seeds(bridge_key, asset_chain, asset),
)
}
/// Calculates a derived address for a transfer out
pub fn derive_transfer_id(
program_id: &Pubkey,
bridge_key: &Pubkey,
asset_chain: u8,
asset: ForeignAddress,
target_chain: u8,
target_address: ForeignAddress,
user: ForeignAddress,
slot: u64,
) -> Result<Pubkey, Error> {
Self::derive_key(
program_id,
Self::derive_transfer_id_seeds(
bridge_key,
asset_chain,
asset,
target_chain,
target_address,
user,
slot,
),
)
}
fn derive_key(program_id: &Pubkey, seeds: Vec<Vec<u8>>) -> Result<Pubkey, Error> {
let s: Vec<_> = seeds.iter().map(|item| item.as_slice()).collect();
Pubkey::create_program_address(s.as_slice(), program_id)
.or(Err(Error::InvalidProgramAddress))
}
}
/// Check is a token state is initialized
pub trait IsInitialized {
/// Is initialized
fn is_initialized(&self) -> bool;
}

41
solana/bridge/src/syscalls.rs Normal file
View File

@ -0,0 +1,41 @@
#[repr(C)]
pub struct SchnorrifyInput {
message: [u8; 32],
addr: [u8; 20],
signature: [u8; 32],
pub_key: RawKey,
}
#[repr(C)]
#[derive(Copy, Clone, Debug, PartialOrd, PartialEq)]
pub struct RawKey {
pub x: [u8; 32],
pub y: [u8; 32],
}
impl SchnorrifyInput {
pub fn new(pub_key: RawKey, message: [u8; 32], signature: [u8; 32], addr: [u8; 20]) -> SchnorrifyInput {
SchnorrifyInput {
message,
addr,
signature,
pub_key,
}
}
}
/// Verify an ETH optimized Schnorr signature
///
/// @param input - Input for signature verification
#[inline]
pub fn sol_verify_schnorr(input: &SchnorrifyInput) -> bool {
let res = unsafe {
sol_verify_ethschnorr(input as *const _ as *const u8)
};
res == 1
}
extern "C" {
fn sol_verify_ethschnorr(input: *const u8) -> u64;
}

299
solana/bridge/src/vaa.rs Normal file
View File

@ -0,0 +1,299 @@
use std::any::Any;
use std::io::{Cursor, Read, Write};
use std::mem::size_of;
use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt};
use sha3::Digest;
use solana_sdk::program_error::ProgramError;
use crate::error::Error;
use crate::error::Error::InvalidVAAFormat;
use crate::instruction::unpack;
use crate::state::AssetMeta;
use crate::syscalls::{RawKey, SchnorrifyInput, sol_verify_schnorr};
use crate::vaa::VAABody::UpdateGuardianSet;
pub type ForeignAddress = [u8; 32];
#[derive(Clone, Debug, Default, PartialEq)]
pub struct VAA {
// Header part
pub version: u8,
pub guardian_set_index: u32,
pub signature_sig: [u8; 32],
pub signature_addr: [u8; 20],
// Body part
pub timestamp: u32,
pub payload: Option<VAABody>,
}
impl VAA {
pub fn new() -> VAA {
return VAA {
version: 0,
guardian_set_index: 0,
signature_sig: [0; 32],
signature_addr: [0; 20],
timestamp: 0,
payload: None,
};
}
pub fn verify(&self, guardian_key: &RawKey) -> bool {
let body = match self.signature_body() {
Ok(v) => { v }
Err(_) => { return false; }
};
let mut h = sha3::Keccak256::default();
if let Err(_) = h.write(body.as_slice()) { return false; };
let hash = h.finalize().into();
let schnorr_input = SchnorrifyInput::new(*guardian_key, hash,
self.signature_sig, self.signature_addr);
sol_verify_schnorr(&schnorr_input)
}
pub fn serialize(&self) -> Result<Vec<u8>, Error> {
let mut v = Cursor::new(Vec::new());
v.write_u8(self.version)?;
v.write_u32::<BigEndian>(self.guardian_set_index)?;
v.write(self.signature_sig.as_ref())?;
v.write(self.signature_addr.as_ref())?;
v.write_u32::<BigEndian>(self.timestamp)?;
let payload = self.payload.as_ref().ok_or(Error::InvalidVAAAction)?;
v.write_u8(payload.action_id())?;
let payload_data = payload.serialize()?;
v.write(payload_data.as_slice())?;
Ok(v.into_inner())
}
pub fn signature_body(&self) -> Result<Vec<u8>, Error> {
let mut v = Cursor::new(Vec::new());
v.write_u32::<BigEndian>(self.timestamp)?;
let payload = self.payload.as_ref().ok_or(Error::InvalidVAAAction)?;
v.write_u8(payload.action_id())?;
let payload_data = payload.serialize()?;
v.write_u8(payload_data.len() as u8)?;
v.write(payload_data.as_slice())?;
Ok(v.into_inner())
}
pub fn deserialize(data: &[u8]) -> Result<VAA, Error> {
let mut rdr = Cursor::new(data);
let mut v = VAA::new();
v.version = rdr.read_u8()?;
v.guardian_set_index = rdr.read_u32::<BigEndian>()?;
rdr.read_exact(&mut v.signature_sig)?;
rdr.read_exact(&mut v.signature_addr)?;
v.timestamp = rdr.read_u32::<BigEndian>()?;
let mut payload_d = Vec::new();
rdr.read_to_end(&mut payload_d)?;
v.payload = Some(VAABody::deserialize(&payload_d)?);
Ok(v)
}
}
#[derive(Clone, Copy, Debug, PartialEq)]
pub enum VAABody {
UpdateGuardianSet(BodyUpdateGuardianSet),
Transfer(BodyTransfer),
}
impl VAABody {
fn action_id(&self) -> u8 {
match self {
VAABody::UpdateGuardianSet(_) => 0x01,
VAABody::Transfer(_) => 0x10,
}
}
fn deserialize(data: &Vec<u8>) -> Result<VAABody, Error> {
let mut payload_data = Cursor::new(data);
let action = payload_data.read_u8()?;
let payload = match action {
0x01 => {
VAABody::UpdateGuardianSet(BodyUpdateGuardianSet::deserialize(&mut payload_data)?)
}
0x10 => {
VAABody::Transfer(BodyTransfer::deserialize(&mut payload_data)?)
}
_ => {
return Err(Error::InvalidVAAAction);
}
};
Ok(payload)
}
fn serialize(&self) -> Result<Vec<u8>, Error> {
match self {
VAABody::Transfer(b) => {
b.serialize()
}
VAABody::UpdateGuardianSet(b) => {
b.serialize()
}
}
}
}
#[derive(Copy, Clone, Debug, PartialEq)]
pub struct BodyUpdateGuardianSet {
pub new_index: u32,
pub new_key: RawKey,
}
#[derive(Copy, Clone, Debug, PartialEq)]
pub struct BodyTransfer {
pub ref_block: u64,
pub source_chain: u8,
pub source_address: ForeignAddress,
pub target_chain: u8,
pub target_address: ForeignAddress,
pub asset: AssetMeta,
pub amount: u64,
}
impl BodyUpdateGuardianSet {
fn deserialize(data: &mut Cursor<&Vec<u8>>) -> Result<BodyUpdateGuardianSet, Error> {
let new_index = data.read_u32::<BigEndian>()?;
let mut new_key_x: [u8; 32] = [0; 32];
data.read(&mut new_key_x)?;
let mut new_key_y: [u8; 32] = [0; 32];
data.read(&mut new_key_y)?;
Ok(BodyUpdateGuardianSet {
new_index,
new_key: RawKey {
x: new_key_x,
y: new_key_y,
},
})
}
fn serialize(&self) -> Result<Vec<u8>, Error> {
let mut v: Cursor<Vec<u8>> = Cursor::new(Vec::new());
v.write_u32::<BigEndian>(self.new_index)?;
v.write(&self.new_key.x)?;
v.write(&self.new_key.y)?;
Ok(v.into_inner())
}
}
impl BodyTransfer {
fn deserialize(data: &mut Cursor<&Vec<u8>>) -> Result<BodyTransfer, Error> {
let ref_block = data.read_u64::<BigEndian>()?;
let source_chain = data.read_u8()?;
let mut source_address: ForeignAddress = ForeignAddress::default();
data.read(&mut source_address)?;
let target_chain = data.read_u8()?;
let mut target_address: ForeignAddress = ForeignAddress::default();
data.read(&mut target_address)?;
let token_chain = data.read_u8()?;
let mut token_address: ForeignAddress = ForeignAddress::default();
data.read(&mut token_address)?;
let amount = data.read_u64::<BigEndian>()?;
Ok(BodyTransfer {
ref_block,
source_chain,
source_address,
target_chain,
target_address,
asset: AssetMeta {
address: target_address,
chain: token_chain,
},
amount,
})
}
fn serialize(&self) -> Result<Vec<u8>, Error> {
let mut v: Cursor<Vec<u8>> = Cursor::new(Vec::new());
v.write_u8(self.source_chain)?;
v.write_u8(self.target_chain)?;
v.write(&self.target_address)?;
v.write_u8(self.asset.chain)?;
v.write(&self.asset.address)?;
v.write_u64::<BigEndian>(self.amount)?;
Ok(v.into_inner())
}
}
#[cfg(test)]
mod tests {
use std::io::Write;
use hex;
use crate::error::Error;
use crate::state::AssetMeta;
use crate::syscalls::RawKey;
use crate::vaa::{BodyTransfer, BodyUpdateGuardianSet, VAA, VAABody};
#[test]
fn serialize_deserialize_vaa_transfer() {
let vaa = VAA {
version: 8,
guardian_set_index: 3,
signature_sig: [7; 32],
signature_addr: [9; 20],
timestamp: 83,
payload: Some(VAABody::Transfer(BodyTransfer {
ref_block: 28,
source_chain: 1,
source_address: [9; 32],
target_chain: 2,
target_address: [1; 32],
asset: AssetMeta {
address: [2; 32],
chain: 8,
},
amount: 4,
})),
};
let data = vaa.serialize().unwrap();
let parsed_vaa = VAA::deserialize(data.as_slice()).unwrap();
assert_eq!(vaa, parsed_vaa)
}
#[test]
fn serialize_deserialize_vaa_guardian() {
let vaa = VAA {
version: 8,
guardian_set_index: 3,
signature_sig: [7; 32],
signature_addr: [9; 20],
timestamp: 83,
payload: Some(VAABody::UpdateGuardianSet(BodyUpdateGuardianSet {
new_index: 29,
new_key: RawKey {
x: [2; 32],
y: [3; 32],
},
})),
};
let data = vaa.serialize().unwrap();
let parsed_vaa = VAA::deserialize(data.as_slice()).unwrap();
assert_eq!(vaa, parsed_vaa)
}
}

171
solana/do.sh Executable file
View File

@ -0,0 +1,171 @@
#!/usr/bin/env bash
cd "$(dirname "$0")"
usage() {
cat <<EOF
Usage: do.sh <action> <project> <action specific arguments>
Supported actions:
build
build-lib
clean
clippy
doc
dump
fmt
test
update
Supported projects:
all
any directory containing a Cargo.toml file
EOF
}
sdkParentDir=bin
sdkDir="$sdkParentDir"/bpf-sdk
profile=bpfel-unknown-unknown/release
perform_action() {
set -e
projectDir="$PWD"/$2
targetDir="$projectDir"/target
case "$1" in
build)
if [[ -f "$projectDir"/Xargo.toml ]]; then
"$sdkDir"/rust/build.sh "$projectDir"
so_path="$targetDir/$profile"
so_name="spl_${2//\-/_}"
cp "$so_path/${so_name}.so" "$so_path/${so_name}_debug.so"
"$sdkDir"/dependencies/llvm-native/bin/llvm-objcopy --strip-all "$so_path/${so_name}.so" "$so_path/$so_name.so"
else
echo "$projectDir does not contain a program, skipping"
fi
;;
build-lib)
(
cd "$projectDir"
echo "build $projectDir"
export RUSTFLAGS="${@:3}"
cargo build
)
;;
clean)
"$sdkDir"/rust/clean.sh "$projectDir"
;;
clippy)
(
cd "$projectDir"
echo "clippy $projectDir"
cargo +nightly clippy --features=program ${@:3}
)
;;
doc)
(
cd "$projectDir"
echo "generating docs $projectDir"
cargo doc ${@:3}
)
;;
dump)
# Dump depends on tools that are not installed by default and must be installed manually
# - greadelf
# - rustfilt
(
pwd
"$0" build "$2"
so_path="$targetDir/$profile"
so_name="spl_${2//\-/_}"
so="$so_path/${so_name}_debug.so"
dump="$so_path/${so_name}_dump"
echo $so_path
echo $so_name
echo $so
echo $dump
if [ -f "$so" ]; then
ls \
-la \
"$so" \
>"${dump}_mangled.txt"
greadelf \
-aW \
"$so" \
>>"${dump}_mangled.txt"
"$sdkDir/dependencies/llvm-native/bin/llvm-objdump" \
-print-imm-hex \
--source \
--disassemble \
"$so" \
>>"${dump}_mangled.txt"
sed \
s/://g \
<"${dump}_mangled.txt" |
rustfilt \
>"${dump}.txt"
else
echo "Warning: No dump created, cannot find: $so"
fi
)
;;
fmt)
(
cd "$projectDir"
echo "formatting $projectDir"
cargo fmt ${@:3}
)
;;
help)
usage
exit
;;
test)
(
cd "$projectDir"
echo "test $projectDir"
cargo test --features=program ${@:3}
)
;;
update)
mkdir -p $sdkParentDir
./bpf-sdk-install.sh $sdkParentDir
./do.sh clean all
;;
*)
echo "Error: Unknown command"
usage
exit
;;
esac
}
set -e
if [[ $1 == "update" ]]; then
perform_action "$1"
exit
else
if [[ "$#" -lt 2 ]]; then
usage
exit
fi
if [[ ! -d "$sdkDir" ]]; then
./do.sh update
fi
fi
if [[ $2 == "all" ]]; then
# Perform operation on all projects
for project in */; do
if [[ -f "$project"Cargo.toml ]]; then
perform_action "$1" "${project%/}" ${@:3}
else
continue
fi
done
else
# Perform operation on requested project
perform_action "$1" "$2" "${@:3}"
fi