While sending tokens to another address on the same chain via wormhole
is quite inefficient, it's not strictly disallowed and we do have some
VAAs on solana that do this. Explicitly check for this case and allow
it.
There are no restrictions on native tokens sent in this way but wrapped
transfers are still subject to some checks: the wrapped account for
the token must exist and it must have a balance larger than the amount
being transferred. If either of those checks fails then that means
that the sender acquired some wrapped tokens that did not go through
the accountant and so that transfer should be blocked and require manual
intervention.
Now that we can calculate the digest of an Observation there's no need
to store the whole thing on-chain. Instead only store the observation
digest, tx_hash, and emitter chain (the tx_hash is necessary because
it's not included in the digest and the emitter chain is used for
servicing missing observation queries). When adding new observations
we can check for equality by comparing the digests and tx hashes rather
than comparing the whole object.
This should further reduce the size of the on-chain state.
When submitting observations to the accounting contract, clients sign
the entire batch once. There's no point storing this signature in the
on-chain data for each observation because it's already stored as part
of the chain's transaction history and the signature would be different
if an observation was submitted as part of a different batch (or the
same batch in a different order) even if the observation itself didn't
change.
Also, nothing actually made use of this signature data. (Yes,
technically it was returned by some queries but the usefulness of
the signature by itself is questionable without the full batch of
observations that were signed).
All we really care about is the index of the guardian anyway so use
a bitset to keep track of the indices of all the guardians that have
signed an observation. We use a u128 for the bitset out of an abundance
of caution in case the number of guardians increases in the future.
Dealing with more than 128 guardians is left as a problem for future
wormhole contributors if we ever get to that point.
When submitting a batch of observations, we don't want an observation
for an already committed transfer to fail the entire batch. This leads
to more complexity in the guardian and also delays all the legitimate
observations by at least one more block (~5 seconds).
Fix this by returning the transfer status of each observation as part
of the response data. Observations for committed transfers will get
a `TransferStatus::Committed` response without failing the tx as long
as the digest of the observation matches the digest of the committed
transfer. Digest mismatches are still an error and will fail the entire
batch.
Add a test for digest calculation that uses a hardcoded digest. The
digest for this test was calculated using the `worm` CLI to ensure
interoperability.
Add the payload as an explicit field to the `TransferWithPayload` enum
variant. This is a generic parameter that defaults to `Box<RawMessage>`
for maximum flexibility (and to avoid leaking lifetimes higher up the
stack) but users are encouraged to replace this default type parameter
with an explicit `&RawMessage` in places where the serde_wormhole data
format is used.
The main benefit of this change is that the payload is now included as
part of the actual message and no longer requires callers to awkwardly
append it after serialization. This is especially useful in human-
readable formats like JSON (see the `transfer_with_payload` test in
token.rs for an example of this simplification).
The main downside is that this now requires explicit type annotations
when using the non-payload3 variants so that the compiler will pick up
the default generic parameter. This is a relatively minor inconvenience
and the benefit appears to be worth the cost.
There should be no functional change.
- updates terra2 devnet chain timeout_commit to "1s" since the timeout_commit of "0.5s" is too fast and leads to Terra2's clock going into the future.
- updates terra2 devnet chain unbonding_time to "1814400s" which is the default value and translates to a valid trusting period for IBC connectivity.
The RawMessage type provides a more flexible way to handle trailing
payloads so replace all usage of the `*_with_payload` functions to use
`RawMessage` instead.
There should be no functional change.
Add a RawMessage type that can be used to defer parsing parts of a
payload, similar to the `json.RawMessage` from Go. The implementation
is inspired by `serde_json::RawValue`, which does a similar thing.
When serializing, RawMessage will serialize to a base64-encoded string
if it detects that the data format is human readable (like JSON).
Otherwise it will simply forward the raw bytes to the serializer.
RawMessage has both borrowed and boxed versions. The borrowed version
is the most efficient as it enables zero-copy handling of the input data
but also requires that the input data already contains raw bytes and is
not suitable when dealing with human-readable formats like JSON.
The boxed version is more flexible as it supports byte slices, base64-
encoded strings, and byte sequences but is slightly less efficient as it
requires copying or decoding the input data.
* node: guardiand support for accounting
Change-Id: I97fe1f6d6d71a5803881ff4c793e3c30f22b14d8
* Node: Tie accounting into the guardian
Change-Id: I31600d18176f516b75b3eb046fd7ac6e54e1b133
* Node: accounting tests and metrics
Change-Id: Ieb139772edf464ed1ab202861babeaf0f857ad6b
* Node: minor tweak to accounting metrics
Change-Id: Iad2b7e34870734f0c5e5d538c0ac86269a9a4728
* Node: load accounting key
Change-Id: I228ce23e63b556d751000b97097202eda48650aa
* More work in progress
Change-Id: I85088d26c05cf02d26043cf6ee8c67efd13f2ea4
* Node: send observations to accounting contract
Change-Id: Ib90909c2ee705d5e2a7e6cf3a6ec4ba7519e2eb1
* Node: Fix lint error in accounting tests
Change-Id: Id73397cf45107243a9f68ba82bed3ccf2b0299b5
* Node: Need to copy libwasmvm.so
Change-Id: I2856c8964ca082f1f4014d6db9fb1b2dc4e64409
* Node: Rename wormchain to wormconn
Change-Id: I6782be733ebdd92b908228d3984a906aa4c795f7
* Node: moving accounting check after governor
Change-Id: I064c77d30514715c6f8b6b5da50806a5e1adf657
* Node: Add accounting status to heartbeat
Change-Id: I0ae3e476386cfaccc5c877ee1351dbe41c0358c7
* Node: start of accounting integration work
Change-Id: I8ad206eb7fc07aa9e1a2ebc321f2c490ec36b51e
* Node: More broadcast tx stuff
Change-Id: Id2cc83df859310c013665eaa9c6ce3033bb1d9c5
* Node: Can actually send a request to accounting
Change-Id: I6af5d59c53939f58b2f13ae501914bef260592f2
* Node: More accounting tx broadcast stuff
Change-Id: If758e49f8928807e87053320e9330c7208aad490
* Node: config changes for accounting
Change-Id: I2803cceb188d04c557a52aa9aa8ba7296da8879f
* Node: More accounting changes
Change-Id: Id979af0ec6ab8484bc094072f3febf39355351ca
* Node/Acct: Use new observation request format
* Node/acct: use new contract interface
* Node/acct: fix minor copy/paste error
* Node: Clean up comments and lint errors
* Node: disable accounting in dev by default
* Node: Fix test failure
* Remove test code
* Switch messages to debug, rename Run()
* check for "out of gas"
* Use worker routine to submit observations
* Rename mutex to reflect what it protects
* Create handleEvents func
* Remove FinalizeObservation
* Node/Acct: Trying to use tm library for watcher
* Node/acct: switch watcher to use tm library
* Node/Acct: Need separate WS parm for accounting
* Node/Acct: Fix compile error in tests
* Node/Acct: Minor rework
* Node: add wormchain as a dep to remove stale code
* Node/Acct: GS index is not correct in requests
* Node/Acct: Peg connection error metric
* Node/Acct: Add wormchain to node docker file
* Node/Acct: Fix for double base64 decode
* Node/Acct: Change public key to sender address
* Node/Acct: Fix lint error
* Node/Acct: key pass phrase change
* Node/Acct: Pass guardian index in obs req
* Node/Acct: No go on submit observation
* Node/Acct: Don't double encode tx_hash
* Node/Acct: Remove unneeded base64 encoding
* Node/Acct: handle submit channel overflow
* Node/Acct: Added a TODO to document a review issue
* Node/Acct: Fix for checking if channel is full
Co-authored-by: Conor Patrick <conorpp94@gmail.com>
Use cw_transcode to ensure that event attribute values are always
encoded as proper json, making it easier for clients to parse them back
into structured data.
This also lets us reuse the input messages for the events, reducing the
number of different structs that we need to track.
Rather than forcing clients to guess whether a transfer is pending or
committed use a single `TransferStatus` query that will return whether
the transfer is still pending or already committed.
This will make it easier for clients to keep the pending and committed
transfer state in sync to avoid unnecessary overhead.