The first transaction acquires a pseudo-lock by setting
initial_creation = true, which will fail if a signature account
already exists. However, this is unsafe since the operation
consists of multiple operations and is not atomic - if the first
validator fails to submit a full set of signature transactions,
other guardians will not retry submitting signature verification txs.
We disable this mechanism to never set initial_creation, which
causes guardians to spend more fees in exchange for fault tolerance.
Instead of failing with an AlreadyExists error, duplicate transactions
will now succeed as a no-op and all nodes will attempt to submit
the full series of signature transactions.
Co-authored-by: Hendrik Hofstadt <hendrik@nexantic.com>
Change-Id: I0c418497f19cc97c9ae7a11b206035d6e70c1b66
This allows forcibly submitting a failing VAA on-chain in cases where
the preflight check would hinder debugging.
It does not change behavior of guardiand.
Co-authored-by: Hendrik Hofstadt <hendrik@nexantic.com>
Change-Id: I63df22049ad27f659dc0638190edd20628b7a338
We no longer need to carry a patch and build Solana, and can use
solana-test-validator (with sleepy PoH!) instead. This significantly reduces
build times and will make downstream testing much easier.
Also remove the remnants of do.sh and the old BPF toolchain.
Test Plan: Ran E2E tests.
* Tiltfile: Make the guardian k8s_resource depend on solana-devnet
This makes guardian network convergence faster as the guardian pods
don't have to suffer from increasing redeploy back-off delays. This
should impact performance neglibibly as solana-devnet is still the
heaviest build we perform (at the time of this writing saturating a
32-thread Ryzen 9 CPU on my build machine.)
* hotfix bpf-sdk: bump bpf-sdk; use cargo-build-bpf
* don't subsidize guardian set creation
This works around https://github.com/solana-labs/solana/issues/9711 which causes issues when the guardian set creation is subsidized and another CPI call is done subsequently
* upgrade solana sdk version
Commitment levels were deprecated and the fastest confirmation level is `Processed`.
Also the upgradeable loader now requires the program to be writeable.
* Add deprecation comment
* update agent commitment level
This mitigates https://github.com/solana-labs/solana/issues/9909 by
polling GetProgramAccounts with a server-side filter. It also removes
the agent dependency for the lockup observation logic - the agent is now
used for transaction construction only.
There's a bit of a chicken-and-egg problem here - the liveness probe
cannot succeed until all containers in the pod are ready, and the
service load balancer won't work until it's ready.
... while keeping the borrowing fixes. Please review carefully whether
any of the remaining changes should've been reverted as well.
Fails due to account ownership check for debits, new tests caught it.
This allows us to use UNIX filesystem permissions for access control.
Previously, any process in the network namespace could connect to it,
which is insecure for obvious reasons.
Verified that correct permissions are set:
```
# ls -lisa /run/bridge/
total 8
31996269 4 drwxrwxrwx 2 root root 4096 Nov 23 21:58 .
14676759 4 drwxr-xr-x 1 root root 4096 Nov 23 21:58 ..
31996306 0 srwx------ 1 root root 0 Nov 23 21:58 agent.sock
```
Fixes#119
If there's a reason they are missing, then I didn't realize :-)
Ref #29
ghstack-source-id: 9052f64e7624fb32b50a46d24f66c618476dbfc2
Pull Request resolved: https://github.com/certusone/wormhole/pull/68
This allows us to distinguish between temporary and permanent failure.
Unless we check the instruction error that occured, we can't know
whether the submission error is a permanent failure and Internal
is therefore the appropriate code to use.
ghstack-source-id: aff1de9516
Pull Request resolved: https://github.com/certusone/wormhole/pull/47
This allows multiple guardians to submit the signatures in parallel without causing costs with all transactions because conflicting txs won't be mined.
* bridge: add secp check instruction
* solana: update to secp solana upstream
* solana: iteration on secp
* solana: fix secp instruction
serialization indices were off and secp ix data was serialized twice
* solana: optimize ix serialization
* agent: send multiple chunks of signatures
* doc: update protocol spec
* solana: store signatures in siginfo; reconstruct signed VAA in webinterface
* solana: reformat
* solana: add rustfmt config