This allows forcibly submitting a failing VAA on-chain in cases where
the preflight check would hinder debugging.
It does not change behavior of guardiand.
Co-authored-by: Hendrik Hofstadt <hendrik@nexantic.com>
Change-Id: I63df22049ad27f659dc0638190edd20628b7a338
- Distribute raw heartbeats via new proto package publicrpc
- Manage channel subscription on client req/close.
- Expose publicprc endpoint in devnet Service.
Change-Id: Ic96d624733961aa56e00b03c3b5cff6af11523a4
* upgrade solana sdk version
Commitment levels were deprecated and the fastest confirmation level is `Processed`.
Also the upgradeable loader now requires the program to be writeable.
* Add deprecation comment
* update agent commitment level
This fixes#160 by making sure that nodes will sign *any*
lockup they see using their guardian key, and storing
the gs in the aggregation state when we see a lockup.
This mitigates https://github.com/solana-labs/solana/issues/9909 by
polling GetProgramAccounts with a server-side filter. It also removes
the agent dependency for the lockup observation logic - the agent is now
used for transaction construction only.
* Terra fee payer key moved from environment variable into the separate file
* Removed closed issues from the comments, VAA submition made async
* Review comments fixed
This allows us to use UNIX filesystem permissions for access control.
Previously, any process in the network namespace could connect to it,
which is insecure for obvious reasons.
Verified that correct permissions are set:
```
# ls -lisa /run/bridge/
total 8
31996269 4 drwxrwxrwx 2 root root 4096 Nov 23 21:58 .
14676759 4 drwxr-xr-x 1 root root 4096 Nov 23 21:58 ..
31996306 0 srwx------ 1 root root 0 Nov 23 21:58 agent.sock
```
Fixes#119
Unsubscribe() does blocking I/O that ignores the runnable context
and can block forever: #107
It would appear that removing the Unsubscribe calls is the only
way to work around this go-ethereum bug.
ghstack-source-id: 93f287efc0
Pull Request resolved: https://github.com/certusone/wormhole/pull/109
- Metrics tracked in #11.
- Timeout and retransmits covered in #21.
- Dependency injection doesn't make sense at this scale.
- `-1` on `GenerateKeyPair` means "this doesn't make sense for Ed25519,
please crash if anyone ever tried to generate RSA keys".
ghstack-source-id: 8951628351
Pull Request resolved: https://github.com/certusone/wormhole/pull/66
Supervisor does not back off tasks that failed in a healthy state.
There are a couple places where we rely on supervisor for
application-level backoff, so we always want back-off. The distinction
is meant to enable runnables to implement their own specific back-off
logic, which we don't, so we can safely ignore it.
Fixes#37
ghstack-source-id: c756381b1b
Pull Request resolved: https://github.com/certusone/wormhole/pull/64
In particular, this fixes a race condition where the Solana devnet would
take longer to deploy than the ETH devnet to deploy and we'd end up
with an outdated guardian set on Solana.
We currently create a Goroutine for every pending resubmission, which
waits and blocks on the channel until solwatch is processing requests
again. This is effectively an unbounded queue. An alternative approach
would be a channel with sufficient capacity plus backoff.
Test Plan: Deployed without solana-devnet, waited for initial guardian
set change VAA to be requeued, then deployed solana-devnet.
The VAA was successfully submitted once the transient error resolved:
```
[...]
21:08:44.712Z ERROR wormhole-guardian-0.supervisor Runnable died {"dn": "root.solwatch", "error": "returned error when NODE_STATE_HEALTHY: failed to receive message from agent: EOF"}
21:08:44.712Z INFO wormhole-guardian-0.supervisor rescheduling supervised node {"dn": "root.solwatch", "backoff": 0.737286432}
21:08:45.451Z INFO wormhole-guardian-0.root.solwatch watching for on-chain events
21:08:50.031Z ERROR wormhole-guardian-0.root.solwatch failed to submit VAA {"error": "rpc error: code = Canceled desc = stream terminated by RST_STREAM with error code: CANCEL", "digest": "79[...]"}
21:08:50.031Z ERROR wormhole-guardian-0.root.solwatch requeuing VAA {"error": "rpc error: code = Canceled desc = stream terminated by RST_STREAM with error code: CANCEL", "digest": "79[...]"}
21:09:02.062Z INFO wormhole-guardian-0.root.solwatch submitted VAA {"tx_sig": "4EKmH[...]", "digest": "79[...]"}
```
ghstack-source-id: 1b1d05a4cb
Pull Request resolved: https://github.com/certusone/wormhole/pull/48
This removes the special case in the processor. The initial guardian set
is now treated like a regular guardian set update, and the devnet
update check is executed on every update.
Fixes an edge case where processing a guardian set update would fail
with a spurious `abi: attempting to unmarshall an empty string while arguments are expected`
error, leaving the node in a bad state since restarting ethwatch
wouldn't cause the guardian set to be re-fetched.
ghstack-source-id: e580a65e90
Pull Request resolved: https://github.com/certusone/wormhole/pull/46
...except for libp2p, which broke compatibility
between go-libp2p and go-libp2p-core:
https://github.com/libp2p/go-libp2p-core/issues/168
I explicitly updated all transitive dependencies using
go get -u ./..., so the top-level go.mod file grew to include those.
Improved devnet setup to generate deterministic node and guardian keys.
Devnet setup routine that configures a dynamic guardian set on Ethereum.
Configurable number of nodes in Tiltfile.
Hendrik Hofstadt
Leo
jschuldt
Yuriy Savchenko
Hendrik Hofstadt