This allows forcibly submitting a failing VAA on-chain in cases where
the preflight check would hinder debugging.
It does not change behavior of guardiand.
Co-authored-by: Hendrik Hofstadt <hendrik@nexantic.com>
Change-Id: I63df22049ad27f659dc0638190edd20628b7a338
- Distribute raw heartbeats via new proto package publicrpc
- Manage channel subscription on client req/close.
- Expose publicprc endpoint in devnet Service.
Change-Id: Ic96d624733961aa56e00b03c3b5cff6af11523a4
This mitigates https://github.com/solana-labs/solana/issues/9909 by
polling GetProgramAccounts with a server-side filter. It also removes
the agent dependency for the lockup observation logic - the agent is now
used for transaction construction only.
* Terra fee payer key moved from environment variable into the separate file
* Removed closed issues from the comments, VAA submition made async
* Review comments fixed
This allows us to use UNIX filesystem permissions for access control.
Previously, any process in the network namespace could connect to it,
which is insecure for obvious reasons.
Verified that correct permissions are set:
```
# ls -lisa /run/bridge/
total 8
31996269 4 drwxrwxrwx 2 root root 4096 Nov 23 21:58 .
14676759 4 drwxr-xr-x 1 root root 4096 Nov 23 21:58 ..
31996306 0 srwx------ 1 root root 0 Nov 23 21:58 agent.sock
```
Fixes#119
Reviewer note: Does not touch any of the business logic. Avoided
renaming files whereever possible to make it easier to spot differences.
Verbatim migration, in a future CL, we could replace some of the
flag validation code with cobra features and eliminate the global vars.
Moved the dlv tool definition out of the way for the top-level wrapper.
tools/bin/cobra is a helper utility that generates boilerplate
(we slightly deviate from their default scheme by having guardiand
in a separate package, rather than stuffing everything into cmd/)
ghstack-source-id: caec9a38a6
Pull Request resolved: https://github.com/certusone/wormhole/pull/67
- Metrics tracked in #11.
- Timeout and retransmits covered in #21.
- Dependency injection doesn't make sense at this scale.
- `-1` on `GenerateKeyPair` means "this doesn't make sense for Ed25519,
please crash if anyone ever tried to generate RSA keys".
ghstack-source-id: 8951628351
Pull Request resolved: https://github.com/certusone/wormhole/pull/66
Supervisor does not back off tasks that failed in a healthy state.
There are a couple places where we rely on supervisor for
application-level backoff, so we always want back-off. The distinction
is meant to enable runnables to implement their own specific back-off
logic, which we don't, so we can safely ignore it.
Fixes#37
ghstack-source-id: c756381b1b
Pull Request resolved: https://github.com/certusone/wormhole/pull/64
VAAs are deduplicated by the on-chain contracts. For Ethereum,
submission happens outside of the bridge anyway, and for Solana, the
first tx to be confirmed wins. Subsequent attempts to submit it
will fail in preflight, so the fee won't be spent multiple times.
This eliminates the need for leader selection and fixes#20.
ghstack-source-id: 60388d532c
Pull Request resolved: https://github.com/certusone/wormhole/pull/51
This removes the special case in the processor. The initial guardian set
is now treated like a regular guardian set update, and the devnet
update check is executed on every update.
Fixes an edge case where processing a guardian set update would fail
with a spurious `abi: attempting to unmarshall an empty string while arguments are expected`
error, leaving the node in a bad state since restarting ethwatch
wouldn't cause the guardian set to be re-fetched.
ghstack-source-id: e580a65e90
Pull Request resolved: https://github.com/certusone/wormhole/pull/46
Any error that can be recovered by restarting a runnable
can also be recovered from by restarting the entire process.
If we encounter a panic, it's safer to restart the process than
attempting to limp along by restarting the runnable.
We always assume that an external process manager will restart
our process if it crashes. We already rely on this behavior for
libp2p errors which we handle by terminating the process, since libp2p
maintains global state that we can't clear.
ghstack-source-id: 2f20ef764d
Pull Request resolved: https://github.com/certusone/wormhole/pull/45
Hendrik Hofstadt
Leo
jschuldt
Yuriy Savchenko
Hendrik Hofstadt