* Add more comprehensive structs unit-tests
* Make VerifySignatures fail on duplicate addresses
* Adjust duplicate detection to guard on signatures instead of addresses
* Add monotonic check in VerifySignatures
* Move logic into VerifySignatures and add more test cases
* Add a paranoid check for duplicate signers
* Make VerifySignatures unit-tests less contrived
* Add more verify signature test cases
* Refactor VerifySignatures tests
* Add VerifySignature fuzz tests
* Add tc.result checking instead of hardcoded true
* Change comparison so it throws debug on failure for fuzz tests
* Add unit-tests for observation signature logic
* Fix comment typos
* Refactor observation tests
* Add missing test case
* Fix VAAInvalidSignatures test case label
* Clean up unit-tests for observation and structs
* Change errorString convention in test
* Format Signature Verification Test Cases
* Remove unnecessary casting
* Add multi-signer same key cases
* Fix err usage in test cases
* Remove duplicate getVAA
Fixes https://github.com/certusone/wormhole/issues/685.
Example occurrence this fixes: https://i.imgur.com/gZWKf1n.png
Possible future optimizations include:
- Ignore late messages in the processor (but we can only ignore
them post settlement time, so we need the cleanup logic regardless).
- Ignoring late observations from other nodes.
- Using the stored VAA to calculate misses.
- Drop incomplete local observations. However, this is not trivial
since we do not know the message ID for those.
commit-id:47e1e59f
This avoids gossip spam and false positive Discord notifications
when a connected node catches up and late observations are made.
Change-Id: If9562661487d3d3d5138d27298b005f278f9e9ce
This allows us to associate an observation from the log
for messages that the local node did not observe.
Change-Id: I6ece7bfe3e6b878bdb7ee4ac03c81cb424a329b3
Optional metadata for debugging. Allows tying a received observation
to an on-chain transaction even if the node missed the observation.
Change-Id: Ie50c10c8ab7f65469555674d90645f91092fb2e3
In cases where we observed a VAA, there is no possibility of gossip DoS.
Increase the timeout to 24 hours to facilitate manual interventions
(like submission of governance VAAs or node restarts/catchup).
Keep the existing five minute timeout for observation-less VAAs.
Change-Id: Ic626108190bd60cf812daadbe191b31cc48c7296
rustfmt appears to be a little more complicated since it wants to
download dependencies and needs nightly Rust.
Change-Id: Ia348def30a6459ae2ab6c29a8c3a413216f5eb4b
Ensure there's no core vs. token bridge ambiguity.
Breaking changes to the CLI:
* "guardiand bridge" CLI is now "guardiand node"
* --solanaBridgeAddress is now --solanaContract
* --bridgeKey is now --guardianKey
The Heartbeat proto message had one of its fields renamed from
BridgeAddress to ContractAddress, but this won't break the wire
format and the only consumer appears to be the CLI.
Change includes a "go mod tidy" - it insisted.
Change-Id: Id8b312827737f07f2d5f3944ebce469d946e7f51
Jonathan Claudius
justinschuldt
Hendrik Hofstadt
Leo
justinschuldt
