Commit Graph

818 Commits

Author SHA1 Message Date
Leo d3875ba523 bridge: do not log errors for duplicate VAA submissions
No functional change, just nicer log output.

ghstack-source-id: f946cbe71d
Pull Request resolved: https://github.com/certusone/wormhole/pull/52
2020-10-22 12:20:13 +02:00
Leo e5e6690f35 bridge: have all nodes submit VAAs to Solana
VAAs are deduplicated by the on-chain contracts. For Ethereum,
submission happens outside of the bridge anyway, and for Solana, the
first tx to be confirmed wins. Subsequent attempts to submit it
will fail in preflight, so the fee won't be spent multiple times.

This eliminates the need for leader selection and fixes #20.

ghstack-source-id: 60388d532c
Pull Request resolved: https://github.com/certusone/wormhole/pull/51
2020-10-22 12:20:13 +02:00
Leo 91241ee852 bridge/pkg/solana: retry VAA submission on transient errors
In particular, this fixes a race condition where the Solana devnet would
take longer to deploy than the ETH devnet to deploy and we'd end up
with an outdated guardian set on Solana.

We currently create a Goroutine for every pending resubmission, which
waits and blocks on the channel until solwatch is processing requests
again. This is effectively an unbounded queue. An alternative approach
would be a channel with sufficient capacity plus backoff.

Test Plan: Deployed without solana-devnet, waited for initial guardian
set change VAA to be requeued, then deployed solana-devnet.

The VAA was successfully submitted once the transient error resolved:

```
[...]
21:08:44.712Z	ERROR	wormhole-guardian-0.supervisor	Runnable died	{"dn": "root.solwatch", "error": "returned error when NODE_STATE_HEALTHY: failed to receive message from agent: EOF"}
21:08:44.712Z	INFO	wormhole-guardian-0.supervisor	rescheduling supervised node	{"dn": "root.solwatch", "backoff": 0.737286432}
21:08:45.451Z	INFO	wormhole-guardian-0.root.solwatch	watching for on-chain events
21:08:50.031Z	ERROR	wormhole-guardian-0.root.solwatch	failed to submit VAA	{"error": "rpc error: code = Canceled desc = stream terminated by RST_STREAM with error code: CANCEL", "digest": "79[...]"}
21:08:50.031Z	ERROR	wormhole-guardian-0.root.solwatch	requeuing VAA	{"error": "rpc error: code = Canceled desc = stream terminated by RST_STREAM with error code: CANCEL", "digest": "79[...]"}
21:09:02.062Z	INFO	wormhole-guardian-0.root.solwatch	submitted VAA	{"tx_sig": "4EKmH[...]", "digest": "79[...]"}
```

ghstack-source-id: 1b1d05a4cb
Pull Request resolved: https://github.com/certusone/wormhole/pull/48
2020-10-22 12:20:12 +02:00
Leo faf9a71cef agent: return gRPC Internal error on submission failure
This allows us to distinguish between temporary and permanent failure.

Unless we check the instruction error that occured, we can't know
whether the submission error is a permanent failure and Internal
is therefore the appropriate code to use.

ghstack-source-id: aff1de9516
Pull Request resolved: https://github.com/certusone/wormhole/pull/47
2020-10-22 12:20:12 +02:00
Leo 08156ca438 bridge: move initial guardian set fetching to pkg/ethereum/watcher.go
This removes the special case in the processor. The initial guardian set
is now treated like a regular guardian set update, and the devnet
update check is executed on every update.

Fixes an edge case where processing a guardian set update would fail
with a spurious `abi: attempting to unmarshall an empty string while arguments are expected`
error, leaving the node in a bad state since restarting ethwatch
wouldn't cause the guardian set to be re-fetched.

ghstack-source-id: e580a65e90
Pull Request resolved: https://github.com/certusone/wormhole/pull/46
2020-10-22 12:20:12 +02:00
Leo 3b35ddc1ce bridge: propagate panics from runnables
Any error that can be recovered by restarting a runnable
can also be recovered from by restarting the entire process.

If we encounter a panic, it's safer to restart the process than
attempting to limp along by restarting the runnable.

We always assume that an external process manager will restart
our process if it crashes. We already rely on this behavior for
libp2p errors which we handle by terminating the process, since libp2p
maintains global state that we can't clear.

ghstack-source-id: 2f20ef764d
Pull Request resolved: https://github.com/certusone/wormhole/pull/45
2020-10-22 12:20:11 +02:00
Leo c698d4e3b9 bridge: in-place debugging using dlv
Optional support for in-place debugging using an external
IDE debugger. Disabled by default.

The dlv binary is always compiled in the Dockerfile -
this is cheap due to it only depending on go.mod.

ghstack-source-id: 58532e3017
Pull Request resolved: https://github.com/certusone/wormhole/pull/44
2020-10-22 12:20:11 +02:00
Leo 01a864f532 Update DEVELOP.md 2020-10-20 16:40:52 +02:00
Leo 7e366b5da6 Update all Go dependencies to latest
...except for libp2p, which broke compatibility
between go-libp2p and go-libp2p-core:

https://github.com/libp2p/go-libp2p-core/issues/168

I explicitly updated all transitive dependencies using
go get -u ./..., so the top-level go.mod file grew to include those.
2020-10-16 20:48:53 +02:00
Leo 6ba9462d0a Source local_go.sh 2020-10-16 19:39:36 +02:00
Leo 2b3c022ce5 trustless -> decentralized
Wormhole is not trustless according to the commonly
accepted definition of the word. Wormhole itself is trusted,
unlike approaches like NEAR's Rainbow Bridge, which represent
a different set of tradeoffs.
2020-10-15 13:49:46 +02:00
Leo 39155e5af5 Update README.md 2020-10-15 13:40:03 +02:00
Leo d7d76854c0 Merge remote-tracking branch 'origin/master' 2020-10-15 13:39:10 +02:00
Hendrik Hofstadt e266bf1a7c
Implement assistant & Reimplement wrapped asset precreation (#42)
* all: readd early wrapped meta creation; initial transfer wizard

* web: complete transfer assistant

* web: allow multiple accounts per wrapped mint
2020-10-14 11:49:13 +02:00
Leo 26387f43f5 Improve a log message for better comprehensibility 2020-10-08 18:00:37 +02:00
Leopold Schabel a0b3b1bf0c Fix send-lockups.js to use new lockAssets ABI 2020-10-08 17:44:33 +02:00
Leopold Schabel bf83461f6d tools: actually build buf 2020-10-08 17:24:09 +02:00
Leopold Schabel 3298e3c265
Update README.md 2020-10-07 19:55:59 +02:00
Hendrik Hofstadt ddd2c901bd solana: create sig verify account in instruction
This allows multiple guardians to submit the signatures in parallel without causing costs with all transactions because conflicting txs won't be mined.
2020-10-03 21:20:24 +02:00
Hendrik Hofstadt 25533f0264
bridge: add secp check instruction (#41)
* bridge: add secp check instruction

* solana: update to secp solana upstream

* solana: iteration on secp

* solana: fix secp instruction

serialization indices were off and secp ix data was serialized twice

* solana: optimize ix serialization

* agent: send multiple chunks of signatures

* doc: update protocol spec

* solana: store signatures in siginfo; reconstruct signed VAA in webinterface

* solana: reformat

* solana: add rustfmt config
2020-10-01 16:42:45 +02:00
Leopold Schabel 3701d16b84
Update DEVELOP.md 2020-09-25 01:33:29 +02:00
Leopold Schabel 74f5f46b17
Update DEVELOP.md 2020-09-25 01:07:31 +02:00
Leopold Schabel 990106c01b
Update README.md
Resolve emoji assymetry
2020-09-01 17:24:32 +02:00
Hendrik Hofstadt 4ba7885c62 solana: add retry/poking mechanism
Closes #6
2020-08-31 21:05:38 +02:00
Hendrik Hofstadt 2747839bd4 bridge: use hash instead of big for signingMsg
Using Big could truncate padding which lead to hashes of len != 32

Closes #10
2020-08-31 20:17:51 +02:00
Hendrik Hofstadt 941220bc85 bridge: optimize VAA claim derivation
Instead of hashing the body manually, we pass the body to the address derivation syscall.
2020-08-31 20:09:06 +02:00
Hendrik Hofstadt 4347926264 web: client-side VAA submission
Closes #36
2020-08-31 20:07:26 +02:00
Hendrik Hofstadt d537f976f9 bridge: setup pubsub before connecting to bootnodes; buffer observations 2020-08-31 16:11:09 +02:00
Hendrik Hofstadt fb603d468c agent: remove keepalive routine 2020-08-31 14:20:36 +02:00
Leo dfa3739de7 Add docs/security.md stub 2020-08-31 12:18:07 +02:00
Hendrik Hofstadt 45a25e0386 bridge: prevent multiple signatures from single guardian 2020-08-31 09:26:38 +02:00
Hendrik Hofstadt b4b0c61dfc bridge: require single step guardian set index changes 2020-08-31 09:25:41 +02:00
Hendrik Hofstadt 3e88ed023e ethereum: properly realign transfer decimals, handle decimals on ETH transfers, don't allow same-chain transfers
Co-authored-by: Valentin von Albrecht <valentinvonalbrecht@yahoo.de>
2020-08-30 19:25:31 +02:00
Hendrik Hofstadt 770d396c61 web: update yarn lock 2020-08-30 17:36:56 +02:00
Hendrik Hofstadt 4871022fee ethereum: prevent invalid guardian sets or same signer signatures
Co-authored-by: valentin <valentinvonalbrecht@yahoo.de>
2020-08-30 17:30:43 +02:00
Hendrik Hofstadt 7dc309c490 web: update ABI 2020-08-30 11:25:02 +02:00
Hendrik Hofstadt a2bd5fbb11 ethereum: truncate decimals to 9 2020-08-30 11:21:45 +02:00
Hendrik Hofstadt a1387dafea agent: print errors 2020-08-28 17:14:32 +02:00
Leo cb757192b3 bridge: wrap agent recv errors 2020-08-28 17:12:16 +02:00
Hendrik Hofstadt 5fc1065f0b Merge branch 'master' of github.com:certusone/wormhole 2020-08-28 16:44:08 +02:00
Hendrik Hofstadt 7a5373a8cc web: properly parse pending transfer for client-side submission 2020-08-28 16:44:00 +02:00
Leo 072b4c4ddf Add repo overview to README.md 2020-08-28 15:34:42 +02:00
Hendrik Hofstadt f6750a3762 all: consider decimals on wrapped assets, fix VAA posting, fix solana account parsing 2020-08-28 15:10:42 +02:00
Hendrik Hofstadt 8e6dc495dc bridge: remove VAA timeout
Closes #35
2020-08-28 08:49:46 +02:00
Hendrik Hofstadt ed0a6d4b2e bridge: use proper source address 2020-08-28 08:36:33 +02:00
Hendrik Hofstadt 1eef0b3bce bridge: use full token address 2020-08-28 08:35:59 +02:00
Hendrik Hofstadt a9dee7da99 ethereum: use create2 for wrapped assets 2020-08-28 08:35:00 +02:00
Leo 5a72d9029a VAA guardian devnet submission 2020-08-27 17:46:40 +02:00
Leo ed6b8d23de Update supervisor library to fix negative backoff
Fixes #9
2020-08-24 21:06:12 +02:00
Leo afa70fd473 Submit ETH VAAs to Solana for data availability 2020-08-24 16:13:27 +02:00