When submitting a batch of observations, we don't want an observation
for an already committed transfer to fail the entire batch. This leads
to more complexity in the guardian and also delays all the legitimate
observations by at least one more block (~5 seconds).
Fix this by returning the transfer status of each observation as part
of the response data. Observations for committed transfers will get
a `TransferStatus::Committed` response without failing the tx as long
as the digest of the observation matches the digest of the committed
transfer. Digest mismatches are still an error and will fail the entire
batch.
Add the payload as an explicit field to the `TransferWithPayload` enum
variant. This is a generic parameter that defaults to `Box<RawMessage>`
for maximum flexibility (and to avoid leaking lifetimes higher up the
stack) but users are encouraged to replace this default type parameter
with an explicit `&RawMessage` in places where the serde_wormhole data
format is used.
The main benefit of this change is that the payload is now included as
part of the actual message and no longer requires callers to awkwardly
append it after serialization. This is especially useful in human-
readable formats like JSON (see the `transfer_with_payload` test in
token.rs for an example of this simplification).
The main downside is that this now requires explicit type annotations
when using the non-payload3 variants so that the compiler will pick up
the default generic parameter. This is a relatively minor inconvenience
and the benefit appears to be worth the cost.
There should be no functional change.
- updates terra2 devnet chain timeout_commit to "1s" since the timeout_commit of "0.5s" is too fast and leads to Terra2's clock going into the future.
- updates terra2 devnet chain unbonding_time to "1814400s" which is the default value and translates to a valid trusting period for IBC connectivity.
The RawMessage type provides a more flexible way to handle trailing
payloads so replace all usage of the `*_with_payload` functions to use
`RawMessage` instead.
There should be no functional change.
Add a RawMessage type that can be used to defer parsing parts of a
payload, similar to the `json.RawMessage` from Go. The implementation
is inspired by `serde_json::RawValue`, which does a similar thing.
When serializing, RawMessage will serialize to a base64-encoded string
if it detects that the data format is human readable (like JSON).
Otherwise it will simply forward the raw bytes to the serializer.
RawMessage has both borrowed and boxed versions. The borrowed version
is the most efficient as it enables zero-copy handling of the input data
but also requires that the input data already contains raw bytes and is
not suitable when dealing with human-readable formats like JSON.
The boxed version is more flexible as it supports byte slices, base64-
encoded strings, and byte sequences but is slightly less efficient as it
requires copying or decoding the input data.
Use cw_transcode to ensure that event attribute values are always
encoded as proper json, making it easier for clients to parse them back
into structured data.
This also lets us reuse the input messages for the events, reducing the
number of different structs that we need to track.
Rather than forcing clients to guess whether a transfer is pending or
committed use a single `TransferStatus` query that will return whether
the transfer is still pending or already committed.
This will make it easier for clients to keep the pending and committed
transfer state in sync to avoid unnecessary overhead.
The cw_transcode crate provides a way to transcode any arbitrary rust
struct into a `cosmwasm_std::Event` via that struct's `Serialize` impl,
ensuring that the event attribute values are encoded as proper json.
This will make it easier for client code to parse the event back into
structured data without having to write custom parsing code for each
individual event type.
When we fail to handle an observation in a batch, include the transfer
key as part of the error context so that it's easier to figure out which
observation caused the error.
Add a query for guardians to check if there are any pending transfers
with missing observations. The guardians can use this information to
trigger re-observations of those transactions.
Ensure that converting `Chain` to/from a u16 or to/from a string is
always isomorphic. This requires changing the `FromStr` impl so that in
can handle strings like "Unknown(27)".
Now that we're keeping track of transfer digests, initializing any on-
chain state through the `InstantiateMsg` doesn't make a lot of sense:
any state initialized this way is unverified and this message doesn't
contain enough information to generate the transfer digests.
Rather than trying to add in the necessary fields, just drop the message
completely since it won't be used in production. It's currently only
used to initialize on-chain state for tests but the same thing can be
accomplished through the `ModifyBalance` and `SubmitVAAs` methods.
Keep track of the digests of committed transfers so that they can be
used later when handling duplicate observations / VAAs. When processing
an observation or VAA with the same (chain, address, sequence) tuple as
a committed transfer, return a "message already processed" error when
the digests match and a "digest mismatch" error when they don't. The
latter implies a very serious issue because transfer details shouldn't
change once they have been observed by a quorum of guardians.
Now that the accounting contract can handle chain registrations on
its own, there's no need to query the tokenbridge contract. Remove
references to it from `InstantiateMsg` and the internal state.
Add support for handling chain registration VAAs for the tokenbridge
contract. This will let us deploy accounting without also having to
deploy the tokenbridge.
The tokenbridge chain registration query returns a
`ChainRegistrationResponse` struct and not a `Vec<u8>`. Use the proper
return type when sending the query.
Add a mechanism to backfill missing transfer messages by submitting
signed VAAs. This will also be used to initialize the on-chain state
as there is too much data to initialize the contract via the normal
`instantiate` mechanism.
Fixes#1883, fixes#1884.
Use the `Signature` type from the core SDK to avoid unnecessary
type conversions. Cosmwasm requires its message types to implement
`JsonSchema` so also derive that impl for the `Signature` type behind a
feature flag.
This change uncovered a separate issue where the fake `WormholeKeeper`
was using regular ecdsa signatures rather than recoverable signatures
so fix the signing and verification methods to use the recoverable
signatures.
* sdk/rust: Move profile settings to workspace
* sdk/rust: Add serde_wormhole crate
The serde_wormhole crate implements the wormhole wire format as a serde
data format. This will let us replace all the hand-rolled
serialization with auto-generated code, which is less error-prone and
easier to review.
* sdk/rust: Add serde-based struct defintions
Refactor the core crate to add serde-based struct definitions for the
various messages used by the different wormhole smart contracts. This
will also make it easier to use alternate data formats (like json) for
client-side tooling.
Co-authored-by: Reisen <reisen@morphism.org>
* sdk/rust: Drop references to `de::Unexpected`
The `de::Unexpected` enum from serde has a `Float(f64)` variant.
Referencing this enum anywhere in the code will cause the compiler to
emit its `fmt::Display` impl, which includes an `f64.load` instruction
on wasm targets. Even if this instruction is never executed, its mere
existence will cause cosmos chains to reject any cosmwasm contract that
has it.
Fix this by removing all references to `de::Unexpected`.
* cosmwasm: Use cargo resolver version "2"
Enable the new feature resolver for the entire workspace. This
prevents features that are enabled only for dev builds from also being
enabled in normal builds.
* Move cosmwasm Dockerfile to root directory
The cosmwasm contracts now also depend on the rust sdk so the docker
build context needs to be set to the root directory rather than the
cosmwasm/ directory.
* cosmwasm: Add wormchain-accounting contract
This contract implements tokenbridge accounting specifically for the
wormchain environment.
Fixes#1880.
* cosmwasm/accounting: Drop references to `de::Unexpected`
The `de::Unexpected` enum from serde has a `Float(f64)` variant.
Referencing this enum anywhere in the code will cause the compiler to
emit its `fmt::Display` impl, which includes an `f64.load` instruction
on wasm targets. Even if this instruction is never executed, its mere
existence will cause cosmos chains to reject any cosmwasm contracts that
contain it.
Fix this by removing references to `de::Unexpected`.
Co-authored-by: Reisen <reisen@morphism.org>
Put all the local overrides at the workspace level rather than having
to specify the path in each individual crate. This will also make it
easier for us to publish to crates.io when that time comes.
* tob-worm-4-panics: using options rather than unwrap
* removed mock dependencies argument
* added test to make file
* use ok or else
* fmt
* ok
* errors resolved
* Prepare to deploy Xpla to mainnet
* Update SDK version
* Fix messed up error message
* Allow tests to pass with no XPLA tokens
* Make deploy script support testnet
* Update token bridge addresses after redeploy
* near-sdk-refactor: Fix attest
: Fix missing function calls
: make near on near
: renamed tryHexToNativeStringNear
* near-sdk-refactor: bumped near-sdk-js version
Co-authored-by: Josh Siegel <jsiegel@jumptrading.com>
Prior to this change, these values were hardcode in the contract, as
the only supported chain was terra 2. This change allows the contract to
be deployed to other cosmwasm chains without having to recompile the
contract for each one.
The migration code ensures that terra2 is upgraded appropriately.