CI: use working docker image for anvil in upgrade simulation testing

2022-07-29 17:00:32 -05:00 · 2022-07-29 17:00:32 -05:00 · ebdf66c8c4
parent 5c1a2fe182
commit ebdf66c8c4
3 changed files with 59 additions and 4 deletions
--- a/ethereum/anvil_fork
+++ b/ethereum/anvil_fork
@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# This script forks a chain using anvil with the mnemonic that is used in the
+# testing environment.
+
+# It's a wrapper around anvil using Docker.
+# In an ideal world, we could just use anvil directly, but there are regular
+# upstream breaking changes in the nightly builds, and binaries of older
+# versions are deleted frequently from their GitHub. The Docker releases are
+# available for longer, so we just use those here.
+
+if [ -z "$1" ]; then
+  echo "Usage: $0 <chain name>" >&2
+  exit 1
+fi
+
+CHAIN_NAME="$1"
+
+# This is a known-to-be-working build.
+DOCKER_IMAGE="ghcr.io/foundry-rs/foundry:nightly-0d4468765c264d00ac961275fe176ce003d3e4ca@sha256:88fe2ea1005b9a3a7f8068645fef4cfb0fa7c16a5dd3b35582c70a1e36d16c25"
+
+docker run --rm -i -p 8545:8545 $DOCKER_IMAGE  "anvil --host 0.0.0.0 --base-fee 0 --fork-url $(worm rpc mainnet $CHAIN_NAME) --mnemonic 'myth like bonus scare over problem client lizard pioneer submit female collect'"
--- a/ethereum/simulate_upgrade
+++ b/ethereum/simulate_upgrade
@ -2,6 +2,15 @@

 set -euo pipefail

+# This script ensures that the EVM contracts can be safely upgraded to without
+# bricking the contracts. It does this by simulating contract upgrades against
+# the mainnet state, and checks that the state is consistent after the upgrade.
+#
+# By default, the script will compile the contracts and run the upgrade. It's
+# possible to simulate an upgrade against an already deployed implementation
+# contract (which is useful for independent verification of a governance
+# proposal) -- see the usage instructions below.
+
 function usage() {
 cat <<EOF >&2
 Usage:
@ -61,13 +70,15 @@ while getopts ':hm:c:a:xkdl:' option; do
 done
 shift $((OPTIND - 1))

+# Check that we have the required arguments
 [ -z "$chain_name" ] && usage
 [ -z "$module" ] && usage

+# Get core contract address
 CORE=$(worm contract mainnet "$chain_name" Core)
 echo "core: $CORE"

-
+# Use the local devnet guardian key (this is not a production key)
 GUARDIAN_ADDRESS=0xbeFA429d57cD18b7F8A4d91A2da9AB4AF05d0FBe
 GUARDIAN_SECRET=cfb12303a19cde580bb4dd771639b0d26bc68353645571a8cff516ab2ee113a0

@ -82,12 +93,12 @@ trap clean_up EXIT


 #TODO: make RPC an optional argument
-HOST="http://localhost"
+HOST="http://0.0.0.0"
 PORT="8545"
 RPC="$HOST:$PORT"

 if [[ $run_anvil = true ]]; then
-    anvil --port $PORT --fork-url "$(worm rpc mainnet $chain_name)" --mnemonic "myth like bonus scare over problem client lizard pioneer submit female collect" > "$anvil_out" &
+    ./anvil_fork "$chain_name"
    ANVIL_PID=$!
    echo "🍴 Forking mainnet..."
    echo "Anvil logs in $anvil_out"
@ -117,6 +128,8 @@ esac

 CONTRACT=$(worm contract mainnet "$chain_name" "$MODULE")

+# Step 1) Figure out the contract address depending on the flags -- either use
+# an address passed in as an argument, or use the most recent contract in the repo.
 if [[ -n "$address" ]]; then
    new_implementation="$address"
 else
@ -129,20 +142,33 @@ else
    new_implementation=$(echo "$deploy_output" | grep "address:" | cut -d' ' -f3)
 fi
 printf " %s\n" "$new_implementation"
+
+# Step 2) generate upgrade VAA using the local guardian key
 vaa=$(worm generate upgrade -c "$chain_name" -a "$new_implementation" -m $MODULE -g "$GUARDIAN_SECRET")

+# Step 3) the VAA we just signed in Step 2) is not compatible with the guardian
+# set on mainnet (since that corresponds to a mainnet guardian network). We need
+# to thus locally replace the guardian set with the local guardian key.
 echo "💂 Overriding guardian set with $GUARDIAN_ADDRESS"
 worm evm hijack -g "$GUARDIAN_ADDRESS" -i 0 -a "$CORE" --rpc "$RPC"> /dev/null

+# Step 4) query state before upgrade
 echo "🔍 Querying old contract state"
 worm evm info -c "$chain_name" -m $MODULE -n devnet -a "$CONTRACT" --rpc "$RPC" | grep -v '"implementation":' > "$before"
+
+# Step 5) upgrade contract
 echo "🤝 Submitting VAA"
 worm submit "$vaa" -n devnet -a "$CONTRACT" --rpc "$RPC" > /dev/null
+
+# Step 6) query state after upgrade
 echo "🔍 Querying new contract state"
 worm evm info -c "$chain_name" -m $MODULE -n devnet -a "$CONTRACT" --rpc "$RPC" | grep -v '"implementation":' > "$after"

+# Step 7) compare old and new state and exit with error if they differ
 git diff --no-index "$before" "$after" --exit-code && echo "✅ Upgrade simulation successful" || exit 1

+# Anvil can be kept alive by setting the -k flag. This is useful for interacting
+# with the contract after it has been upgraded.
 if [[ $keepalive_anvil = true ]]; then
    echo "Listening on $RPC"
    # tail -f "$anvil_out"
--- a/ethereum/simulate_upgrades
+++ b/ethereum/simulate_upgrades
@ -2,6 +2,10 @@

 set -euo pipefail

+# Run the upgrade simulation (./simulate_upgrade) against each contract twice
+# against the ethereum mainnet state. Running the upgrade twice ensures that the
+# contract is still upgradeable after the first upgrade.
+
 ANVIL_PID=""
 function clean_up () {
    ARG=$?
@ -11,9 +15,10 @@ function clean_up () {
 trap clean_up EXIT

 echo "🍴 Forking mainnet..."
-anvil --base-fee 0 --fork-url "$(worm rpc mainnet ethereum)" --mnemonic "myth like bonus scare over problem client lizard pioneer submit female collect" > /dev/null &
+./anvil_fork ethereum > /dev/null &
 ANVIL_PID=$!

+# Sleep for 10 seconds here to give some time for the fork to complete.
 sleep 10

 echo "========================= Updating core contract #1 ============================"