* Node: Processor db write separation
* Handle additional update while writing to db
* Move the broadcasting of signed VAA to the worker
* Tweak signaturesToVaaFormat
* Eliminate map look up in HandleQuorum
* Remove unnecessary check for already submitted
* Use BadgerDB batch API to store VAAs
* Don't move broadcasting to worker
* Speed up processing our own observation
* Simplify handleMessage and broadastSignature
* Code review rework
- The script used to generate the updated token list was using an
outdated version of the TS SDK. This caused newer chains to return a
result of 'undefined' when they were converted to the custom ChainId
type as they were not encluded in the enum of valid chain IDs
- Update the local SDK version used by the script via `npm update @certusone/wormhole-sdk`
- Adds additional logging to the script to help troubleshoot similar
errors in the future
* CI: query-sdk-ci fails intermittently
* Make query-ci wait for more peers
* Add new key for accountant on guardian-0
* Force to run on instance-2
* Undo instance change
* Change accountant key for guardian 1 to ensure it's unique
* Restore log levels
* Fix solana query tests
* Enable logging
* Remove now-redundant query-ci tests
* node: Update token entries for devnet and testnet configs
The previous entries had incorrect CoinGecko symbol information. This
commit updates the values in these config files to use the same data as
their counterparts in the generated token list for mainnet.
* node: revert devnet/testnet token address changes
* node: Fix issue where transfers that were loaded from the DB did not add
a flow-cancel transfer on the TargetChain
Flow-canceling is done in the `ProcessMsgForTime` loop when a new
message occurs. However, this was not done when a node restarted and
reloaded transfers from the past 24 hours. As a result it was possible
for the node to calculate a result that showed that the outgoing
transfers for an emitter chain exceeded the daily limit. In effect this
is true but only with the condition that there was incoming flow to
allow this to happen. This appeared to violate an invariant and so the
node did not start properly.
node: Add unit tests when reloading flow cancel transactions from the
database
node: fix lint errors in governor_test.go
* node: Add a command-line flag to enable or disable flow-canceling on restart
Added a command-line flag to enable or disable flow-canceling when
starting the node. This should allow Guardians to disable flow canceling
in the case of future bugs or during a security incident. This should
prevent the need to rollback to earlier Guardian versions. (@mdulin2 )
* node: Use deterministic iteration order over chains when changing Governor state
- Adds a field that stores a sorted slice of chain IDs to the governor.
- Use this field to iterate in a determinstic order when performing
actions that change the state of the Governor
- This should help Guardians reach a more similar view of the Governor
in scenarios where iteration order might impact whether a transfer is
queued. (This is relevant especially in the case of Flow Canceling)
- Cases where only a single VAA is being modified were not changed.
Iteration order should not matter here and determinstic order may
may worse for performance when searching for a particular element.
* node: Fix tokenEntry when checking flow cancel for pending transfers
(Squash and merge bug fix from PR #4001)
Similar to a previous issue in the function `ProcessMsgForTime`, the
tokenEntry was not being generated properly.
This should result in queued "small transfers" being able to flow cancel
when they are released from the queue.
Also adds a comment on the CheckedInt64 function to indicate what its
error states mean and when they occur.
Add comments and change variable names for governor_monitoring
- Add function comments to explain what they do and what their error
states mean
- Adds governor logging to error cases
- Change variable names in publishStatus function. `value` was used
first to indicate the "governor usage" and then reused to indicate the
remaining available notional value for a chain. This refactor tries to
make it clear that these are different concepts
Add unit test for flow cancelling when a pending transfer is
released
- Add a unit test to ensure that, when a pending transfer is released,
it also does flow-cancelling on the TargetChain (previously we had a
bug here)
- Add documentation for CheckPendingForTime to clarify that it has
side-effects
* node: Modify error handling for CheckPending method in the Governor
Previous rollouts of the Flow Cancel feature contained issues when
calculating the Governor usage when usage was near the daily limit. This
caused an invariant to be violated. However, this was propagated to the
processor code and resulted in the processor restarting the entire
process. Instead, the Governor should simply fail-closed and report that
there is no remaining capacity, causing further VAAs to be queued until
the usage diminishes over time.
The circumstances leading to the invariant violations are not addressed
in this commit. Instead this commit reworks the way errors are handled
by the CheckPending, making careful choices about when the process
should or should not be killed.
- Change "invariant" error handling: instead of causing the process to
die, log an error and skip further for a single chain while allowing
processing for other chains to continue
- Remove 'invariant error' in TrimAndSumValueForChain as it can occur
somewhat regularly with the addition of the flow cancel feature
- Return dailyLimit in error condition rather than 0 so that future
transfers will be queued
- Do not cap the sum returned from TrimAndSumValueForChain: instead
allow it to exceed the daily limit.
- Modify unit tests to reflect this
- Add unit tests for overflow/underflow scenarios in the TrimAndSumValue
functions
- Change other less severe error cases to log warnings instead of
returning errors.
- Generally prevent flow-cancel related issues from affecting normal
Governor operations. Instead the flow cancel transfers should simply
not be populated and thus result in "GovernorV1" behavior.
- Add documentation to CheckPendingForTime to explain the dangers of
returning an error
- Reword error messages to be more precise and include more relevant
fields. Add documentation explaining when the process should and
should not die
* node: Add additional metrics for Governor status
Modify the monitoring code and protobuf files to make the status of the
Governor more legible when flow-canceling is enabled. This can be
consumed by Wormhole Dashboard to better reflect the effects of flow
cancelling.
On the level of the Governor:
- whether the Guardian has enabled flow cancel or not
On the level of the Governor's emitters, reports 24h metrics for:
- net value that has moved across the chain
- total outgoing amount
- total incoming flow cancel amount
Currently big transfers are not accounted for as they do not affect the
Governor's capacity. (They are always queued.)
* node: Add new flow cancel parameter to Governor in tests
* node: goimports formatting
* node: Bug fix in changes to governor monitoring
- Fix issue where stats weren't being populated unless flow cancel was
enabled
- Fix wrong return value used in unit test
- Fix typo in proto variable name
- Move sorting outside of a for loop for efficiency
- Restore unit test that was deleted in the process of rebasing
* node: address prealloc lint error in governor code
* node: Fix "generated proto differs from committed proto"
* node: Fix bug in chainIds allocation
- This resolves a mistake with allocating the chainIds in the governor
initialization that causes nil entries in the slice.
- Add unit tests to ensure that the chainIds slice matches the chains
map
- Add unit test to ensure that TrimAndSumValueForChain checks for a nil
pointer to avoid panics
* node: Fix returning nil on err in governor_test.go
* node: Cleanup comments in governor code
* node: fix governor comment
* node: enable flow cancel in governor_monitoring tests
* node: Add flow cancel information to p2p heartbeat features
* node: Remove outdated comment from governor
* node: Upgrade logs to Error from Warn when reloading transfers from
database
* node: Enable flow cancel in check_query test function
* node: Cleanup comments and redundant code in governor
* node: Refactor how the flow cancel token list gets populated
- Only populate the flow cancel tokens list once
- Change default behavior to use an empty flow cancel assets list, rather
than first populating the list and then clearing it
- Refactor the logic around enabling the flow cancel token field for
governed assets. Now it only executes if flow cancel is enabled,
rather than operating over an empty slice when flow cancel is disabled
- Modify devnet/testnet configs so that they are responsible for
returning the correct list of flow cancelling assets
* node: Add unit test for flow cancel feature flag
* node: Move new Governor status proto fields from Emitter to Chain
* node: lint governor_monitoring
---------
Co-authored-by: Maxwell Dulin <strikeout@maxwells-mbp.lan>
* node: Add test to ensure that governed chains also have governed assets
* node: Update test that checks if governed chains have governed assets
- Verify tokens against the Governor's mainnet chains rather than
querying against the values configured in the SDK. (These should be
the same but it avoid a package import and ties in more closely to the
Governor's functionality.)
- Add test message on failure to help with debugging
- Remove outdated exceptions to existing the unit test
- Merge test from previous commit into a similar unit test that already
existed
* node: Revert chainList() so that its scope is private
* Add input validation on the generated go code
* Change denylist and comment associated with it
* Add changes to the text file and more restrictive chars
* Removing unnecessary async code
---------
Co-authored-by: Maxwell Dulin <strikeout@maxwells-mbp.lan>
Co-authored-by: Maxwell Dulin <strikeout@Maxwells-MacBook-Pro.local>
These flags were previously not declared, which is now reported by
clippy.
Also fixed the docstring indentation, which clippy also complains about now.
node: Fix issue where transfers that were loaded from the DB did not add
a flow-cancel transfer on the TargetChain
Flow-canceling is done in the `ProcessMsgForTime` loop when a new
message occurs. However, this was not done when a node restarted and
reloaded transfers from the past 24 hours. As a result it was possible
for the node to calculate a result that showed that the outgoing
transfers for an emitter chain exceeded the daily limit. In effect this
is true but only with the condition that there was incoming flow to
allow this to happen. This appeared to violate an invariant and so the
node did not start properly.
Add unit tests when reloading flow cancel transactions from the
database
* node: add more unit tests for flow cancel
* node: Fix tokenEntry indexing issue in Governor flow cancel logic
- Indexes the tokenEntry for flow cancel tokens properly (using the
token's origin chain and origin address
- Add many more tests to check flow cancel logic in more detail and at
the resolution of the ProcessMsgForTime method.
Big thanks to Max for helping to debug the issue and the unit tests.
* node: add check to ensure the governor usage is not zero
* node: Change flow cancel test so that origin and emitter chain are different
* node: Add unit test for partial flow cancel
Add additional test for flow cancel mechanism where the numbers do not
cleanly cancel out.
* node: fix lint issues in governor test
bruce-riley
John Saigle
Evan Gray
André Claro
Paul Noel
Kaku
Charlton Liv
Bruce Riley
John Saigle
Maxwell "ꓘ" Dulin
Csongor Kiss
yukionfire
Adam
djb15
Dirk Brink
Jason Matthyser
Nikhil Suri