When submitting a batch of observations, we don't want an observation
for an already committed transfer to fail the entire batch. This leads
to more complexity in the guardian and also delays all the legitimate
observations by at least one more block (~5 seconds).
Fix this by returning the transfer status of each observation as part
of the response data. Observations for committed transfers will get
a `TransferStatus::Committed` response without failing the tx as long
as the digest of the observation matches the digest of the committed
transfer. Digest mismatches are still an error and will fail the entire
batch.
Add the payload as an explicit field to the `TransferWithPayload` enum
variant. This is a generic parameter that defaults to `Box<RawMessage>`
for maximum flexibility (and to avoid leaking lifetimes higher up the
stack) but users are encouraged to replace this default type parameter
with an explicit `&RawMessage` in places where the serde_wormhole data
format is used.
The main benefit of this change is that the payload is now included as
part of the actual message and no longer requires callers to awkwardly
append it after serialization. This is especially useful in human-
readable formats like JSON (see the `transfer_with_payload` test in
token.rs for an example of this simplification).
The main downside is that this now requires explicit type annotations
when using the non-payload3 variants so that the compiler will pick up
the default generic parameter. This is a relatively minor inconvenience
and the benefit appears to be worth the cost.
There should be no functional change.
Use cw_transcode to ensure that event attribute values are always
encoded as proper json, making it easier for clients to parse them back
into structured data.
This also lets us reuse the input messages for the events, reducing the
number of different structs that we need to track.
Rather than forcing clients to guess whether a transfer is pending or
committed use a single `TransferStatus` query that will return whether
the transfer is still pending or already committed.
This will make it easier for clients to keep the pending and committed
transfer state in sync to avoid unnecessary overhead.
Add a query for guardians to check if there are any pending transfers
with missing observations. The guardians can use this information to
trigger re-observations of those transactions.
Now that we're keeping track of transfer digests, initializing any on-
chain state through the `InstantiateMsg` doesn't make a lot of sense:
any state initialized this way is unverified and this message doesn't
contain enough information to generate the transfer digests.
Rather than trying to add in the necessary fields, just drop the message
completely since it won't be used in production. It's currently only
used to initialize on-chain state for tests but the same thing can be
accomplished through the `ModifyBalance` and `SubmitVAAs` methods.
Keep track of the digests of committed transfers so that they can be
used later when handling duplicate observations / VAAs. When processing
an observation or VAA with the same (chain, address, sequence) tuple as
a committed transfer, return a "message already processed" error when
the digests match and a "digest mismatch" error when they don't. The
latter implies a very serious issue because transfer details shouldn't
change once they have been observed by a quorum of guardians.
Now that the accounting contract can handle chain registrations on
its own, there's no need to query the tokenbridge contract. Remove
references to it from `InstantiateMsg` and the internal state.
Add support for handling chain registration VAAs for the tokenbridge
contract. This will let us deploy accounting without also having to
deploy the tokenbridge.
Add a mechanism to backfill missing transfer messages by submitting
signed VAAs. This will also be used to initialize the on-chain state
as there is too much data to initialize the contract via the normal
`instantiate` mechanism.
Fixes#1883, fixes#1884.
Use the `Signature` type from the core SDK to avoid unnecessary
type conversions. Cosmwasm requires its message types to implement
`JsonSchema` so also derive that impl for the `Signature` type behind a
feature flag.
This change uncovered a separate issue where the fake `WormholeKeeper`
was using regular ecdsa signatures rather than recoverable signatures
so fix the signing and verification methods to use the recoverable
signatures.
* sdk/rust: Move profile settings to workspace
* sdk/rust: Add serde_wormhole crate
The serde_wormhole crate implements the wormhole wire format as a serde
data format. This will let us replace all the hand-rolled
serialization with auto-generated code, which is less error-prone and
easier to review.
* sdk/rust: Add serde-based struct defintions
Refactor the core crate to add serde-based struct definitions for the
various messages used by the different wormhole smart contracts. This
will also make it easier to use alternate data formats (like json) for
client-side tooling.
Co-authored-by: Reisen <reisen@morphism.org>
* sdk/rust: Drop references to `de::Unexpected`
The `de::Unexpected` enum from serde has a `Float(f64)` variant.
Referencing this enum anywhere in the code will cause the compiler to
emit its `fmt::Display` impl, which includes an `f64.load` instruction
on wasm targets. Even if this instruction is never executed, its mere
existence will cause cosmos chains to reject any cosmwasm contract that
has it.
Fix this by removing all references to `de::Unexpected`.
* cosmwasm: Use cargo resolver version "2"
Enable the new feature resolver for the entire workspace. This
prevents features that are enabled only for dev builds from also being
enabled in normal builds.
* Move cosmwasm Dockerfile to root directory
The cosmwasm contracts now also depend on the rust sdk so the docker
build context needs to be set to the root directory rather than the
cosmwasm/ directory.
* cosmwasm: Add wormchain-accounting contract
This contract implements tokenbridge accounting specifically for the
wormchain environment.
Fixes#1880.
* cosmwasm/accounting: Drop references to `de::Unexpected`
The `de::Unexpected` enum from serde has a `Float(f64)` variant.
Referencing this enum anywhere in the code will cause the compiler to
emit its `fmt::Display` impl, which includes an `f64.load` instruction
on wasm targets. Even if this instruction is never executed, its mere
existence will cause cosmos chains to reject any cosmwasm contracts that
contain it.
Fix this by removing references to `de::Unexpected`.
Co-authored-by: Reisen <reisen@morphism.org>
Chirantan Ekbote