CipherLabs
/
hyperlane-monorepo
mirror of https://github.com/hyperlane-xyz/hyperlane-monorepo
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
The home for Hyperlane core contracts, sdk packages, and other infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1622 Commits
486 Branches
328 Tags
231 MiB
Tag: Branch: Tree: 0ddaf1c5cc
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0ddaf1c5cc'
${ noResults }
hyperlane-monorepo/solidity/contracts/isms/multisig/LegacyMultisigIsm.sol

360 lines
13 KiB
Raw Normal View History Unescape

Add Multisig ISM (#1193)
2 years ago
// SPDX-License-Identifier: MIT OR Apache-2.0
pragma solidity >=0.8.0;
// ============ External Imports ============
import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
// ============ Internal Imports ============
Use interfaces in agents (#2022) ### Description Move agents to use contract interfaces artifacts rather than the artifacts themselves. This ensures we don't anything that we can't guarantee is in every implementation of that interface. Particularly relevant for IGPs and ISMs. ### Drive-by changes - Moves `solidity/interfaces` to `solidity/contracts/interfaces` so that their artifacts can be used in `update_abis.sh` ### Related issues - #1757 ### Backward compatibility _Are these changes backward compatible?_ Yes _Are there any infrastructure implications, e.g. changes that would prohibit deploying older commits using this infra tooling?_ None ### Testing _What kind of testing have these changes undergone?_ None
2 years ago
import {IInterchainSecurityModule} from "../../interfaces/IInterchainSecurityModule.sol";
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests
2 years ago
import {Message} from "../../libs/Message.sol";
Use interfaces in agents (#2022) ### Description Move agents to use contract interfaces artifacts rather than the artifacts themselves. This ensures we don't anything that we can't guarantee is in every implementation of that interface. Particularly relevant for IGPs and ISMs. ### Drive-by changes - Moves `solidity/interfaces` to `solidity/contracts/interfaces` so that their artifacts can be used in `update_abis.sh` ### Related issues - #1757 ### Backward compatibility _Are these changes backward compatible?_ Yes _Are there any infrastructure implications, e.g. changes that would prohibit deploying older commits using this infra tooling?_ None ### Testing _What kind of testing have these changes undergone?_ None
2 years ago
import {IMultisigIsm} from "../../interfaces/isms/IMultisigIsm.sol";
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests
2 years ago
import {LegacyMultisigIsmMetadata} from "../../libs/isms/LegacyMultisigIsmMetadata.sol";
import {MerkleLib} from "../../libs/Merkle.sol";
Make merkle proofs optional on multisig ISM (#2173) ### Description Validators currently sign `(root, index)` checkpoints and during verification, a `message` is passed as calldata, an `id()` is derived, and a `proof` of `id()` at `index` in `root` is verified This provides “all or nothing” censorship resistance guarantees because a validator can only sign roots to allow any contained messages to be processed. We have considered alternatives where validators sign `message` directly and we lose censorship resistance in exchange for eliminating merkle proof verification gas costs. However, if validators sign `(root, index, message)` tuples, we can skip merkle proof verification on the destination chain while still maintaining censorship resistance by providing two valid metadata formats: 1. existing validator signatures and merkle proof verification of inclusion 2. including merkle proof verification for pathway where validators are censoring `message` It’s worth noting the validator is required to index event data to produce this new signature format. However, this does not require historical indexing and new validators being spun up can simply begin indexing from tip. See https://github.com/hyperlane-xyz/hyperlane-monorepo/pull/2187 for validator changes See https://github.com/hyperlane-xyz/hyperlane-monorepo/pull/2248 for relayer and e2e test changes ### Drive-by changes Merkle index also optional ### Related issues - Fixes https://github.com/hyperlane-xyz/hyperlane-monorepo/issues/2192 ### Backward compatibility - new ISM deployment is necessary (we could upgrade implementation in theory) - Validator and relayer upgrades ### Testing Unit (fuzz) Tests, E2E tests
2 years ago
import {LegacyCheckpointLib} from "../../libs/LegacyCheckpointLib.sol";
Add Multisig ISM (#1193)
2 years ago
/**
* @title MultisigIsm
* @notice Manages an ownable set of validators that ECDSA sign checkpoints to
* reach a quorum.
*/
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests
2 years ago
contract LegacyMultisigIsm is IMultisigIsm, Ownable {
Add Multisig ISM (#1193)
2 years ago
// ============ Libraries ============
using EnumerableSet for EnumerableSet.AddressSet;
Adopt V2 throughout the solidity/typescript repo (#1196)
2 years ago
using Message for bytes;
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests
2 years ago
using LegacyMultisigIsmMetadata for bytes;
Add Multisig ISM (#1193)
2 years ago
using MerkleLib for MerkleLib.Tree;
Make MultisigIsm HIP compliant (#1478)
2 years ago
// ============ Constants ============
Merge audit v2 remediation to main (#1727) ### Description Merge [`audit-v2`](https://github.com/hyperlane-xyz/hyperlane-monorepo/releases/tag/audit-v2) into `main` See [changelog](https://github.com/hyperlane-xyz/hyperlane-monorepo/compare/034e75b6321b989d88e9c0a879018e8cbaf84f41...audit-v2)
2 years ago
// solhint-disable-next-line const-name-snakecase
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests
2 years ago
uint8 public constant moduleType =
uint8(IInterchainSecurityModule.Types.LEGACY_MULTISIG);
Make MultisigIsm HIP compliant (#1478)
2 years ago
Add Multisig ISM (#1193)
2 years ago
// ============ Mutable Storage ============
/// @notice The validator threshold for each remote domain.
Smaller MultisigMetadata (#1394)
2 years ago
mapping(uint32 => uint8) public threshold;
Add Multisig ISM (#1193)
2 years ago
/// @notice The validator set for each remote domain.
mapping(uint32 => EnumerableSet.AddressSet) private validatorSet;
/// @notice A succinct commitment to the validator set and threshold for each remote
/// domain.
mapping(uint32 => bytes32) public commitment;
// ============ Events ============
/**
* @notice Emitted when a validator is enrolled in a validator set.
* @param domain The remote domain of the validator set.
* @param validator The address of the validator.
* @param validatorCount The number of enrolled validators in the validator set.
*/
event ValidatorEnrolled(
uint32 indexed domain,
address indexed validator,
Consistent addresses for upgradable contracts (#1389)
2 years ago
uint256 validatorCount
Add Multisig ISM (#1193)
2 years ago
);
/**
* @notice Emitted when a validator is unenrolled from a validator set.
* @param domain The remote domain of the validator set.
* @param validator The address of the validator.
* @param validatorCount The number of enrolled validators in the validator set.
*/
event ValidatorUnenrolled(
uint32 indexed domain,
address indexed validator,
Consistent addresses for upgradable contracts (#1389)
2 years ago
uint256 validatorCount
Add Multisig ISM (#1193)
2 years ago
);
/**
* @notice Emitted when the quorum threshold is set.
* @param domain The remote domain of the validator set.
* @param threshold The new quorum threshold.
Consistent addresses for upgradable contracts (#1389)
2 years ago
*/
event ThresholdSet(uint32 indexed domain, uint8 threshold);
/**
* @notice Emitted when the validator set or threshold changes.
* @param domain The remote domain of the validator set.
Add Multisig ISM (#1193)
2 years ago
* @param commitment A commitment to the validator set and threshold.
*/
Consistent addresses for upgradable contracts (#1389)
2 years ago
event CommitmentUpdated(uint32 domain, bytes32 commitment);
Add Multisig ISM (#1193)
2 years ago
// ============ Constructor ============
// solhint-disable-next-line no-empty-blocks
constructor() Ownable() {}
// ============ External Functions ============
Consistent addresses for upgradable contracts (#1389)
2 years ago
/**
* @notice Enrolls multiple validators into a validator set.
* @dev Reverts if `_validator` is already in the validator set.
* @param _domains The remote domains of the validator sets.
* @param _validators The validators to add to the validator sets.
* @dev _validators[i] are the validators to enroll for _domains[i].
*/
function enrollValidators(
uint32[] calldata _domains,
address[][] calldata _validators
) external onlyOwner {
Merge audit v2 remediation to main (#1727) ### Description Merge [`audit-v2`](https://github.com/hyperlane-xyz/hyperlane-monorepo/releases/tag/audit-v2) into `main` See [changelog](https://github.com/hyperlane-xyz/hyperlane-monorepo/compare/034e75b6321b989d88e9c0a879018e8cbaf84f41...audit-v2)
2 years ago
uint256 domainsLength = _domains.length;
require(domainsLength == _validators.length, "!length");
for (uint256 i = 0; i < domainsLength; i += 1) {
Consistent addresses for upgradable contracts (#1389)
2 years ago
address[] calldata _domainValidators = _validators[i];
Merge audit v2 remediation to main (#1727) ### Description Merge [`audit-v2`](https://github.com/hyperlane-xyz/hyperlane-monorepo/releases/tag/audit-v2) into `main` See [changelog](https://github.com/hyperlane-xyz/hyperlane-monorepo/compare/034e75b6321b989d88e9c0a879018e8cbaf84f41...audit-v2)
2 years ago
uint256 validatorsLength = _domainValidators.length;
for (uint256 j = 0; j < validatorsLength; j += 1) {
Consistent addresses for upgradable contracts (#1389)
2 years ago
_enrollValidator(_domains[i], _domainValidators[j]);
}
_updateCommitment(_domains[i]);
}
}
Add Multisig ISM (#1193)
2 years ago
/**
* @notice Enrolls a validator into a validator set.
* @dev Reverts if `_validator` is already in the validator set.
* @param _domain The remote domain of the validator set.
* @param _validator The validator to add to the validator set.
*/
function enrollValidator(uint32 _domain, address _validator)
external
onlyOwner
{
Consistent addresses for upgradable contracts (#1389)
2 years ago
_enrollValidator(_domain, _validator);
_updateCommitment(_domain);
Add Multisig ISM (#1193)
2 years ago
}
/**
* @notice Unenrolls a validator from a validator set.
* @dev Reverts if `_validator` is not in the validator set.
* @param _domain The remote domain of the validator set.
* @param _validator The validator to remove from the validator set.
*/
function unenrollValidator(uint32 _domain, address _validator)
external
onlyOwner
{
require(validatorSet[_domain].remove(_validator), "!enrolled");
uint256 _validatorCount = validatorCount(_domain);
require(
_validatorCount >= threshold[_domain],
"violates quorum threshold"
);
Consistent addresses for upgradable contracts (#1389)
2 years ago
_updateCommitment(_domain);
emit ValidatorUnenrolled(_domain, _validator, _validatorCount);
Add Multisig ISM (#1193)
2 years ago
}
/**
Consistent addresses for upgradable contracts (#1389)
2 years ago
* @notice Sets the quorum threshold for multiple domains.
* @param _domains The remote domains of the validator sets.
* @param _thresholds The new quorum thresholds.
Add Multisig ISM (#1193)
2 years ago
*/
Consistent addresses for upgradable contracts (#1389)
2 years ago
function setThresholds(
uint32[] calldata _domains,
uint8[] calldata _thresholds
) external onlyOwner {
Merge audit v2 remediation to main (#1727) ### Description Merge [`audit-v2`](https://github.com/hyperlane-xyz/hyperlane-monorepo/releases/tag/audit-v2) into `main` See [changelog](https://github.com/hyperlane-xyz/hyperlane-monorepo/compare/034e75b6321b989d88e9c0a879018e8cbaf84f41...audit-v2)
2 years ago
uint256 length = _domains.length;
require(length == _thresholds.length, "!length");
for (uint256 i = 0; i < length; i += 1) {
Consistent addresses for upgradable contracts (#1389)
2 years ago
setThreshold(_domains[i], _thresholds[i]);
}
Add Multisig ISM (#1193)
2 years ago
}
/**
* @notice Returns whether an address is enrolled in a validator set.
* @param _domain The remote domain of the validator set.
* @param _address The address to test for set membership.
* @return True if the address is enrolled, false otherwise.
*/
function isEnrolled(uint32 _domain, address _address)
external
view
returns (bool)
{
EnumerableSet.AddressSet storage _validatorSet = validatorSet[_domain];
return _validatorSet.contains(_address);
}
// ============ Public Functions ============
Consistent addresses for upgradable contracts (#1389)
2 years ago
/**
* @notice Sets the quorum threshold.
* @param _domain The remote domain of the validator set.
* @param _threshold The new quorum threshold.
*/
function setThreshold(uint32 _domain, uint8 _threshold) public onlyOwner {
require(
_threshold > 0 && _threshold <= validatorCount(_domain),
"!range"
);
threshold[_domain] = _threshold;
emit ThresholdSet(_domain, _threshold);
_updateCommitment(_domain);
}
Add Multisig ISM (#1193)
2 years ago
/**
* @notice Verifies that a quorum of the origin domain's validators signed
* a checkpoint, and verifies the merkle proof of `_message` against that
* checkpoint.
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests
2 years ago
* @param _metadata ABI encoded module metadata (see LegacyMultisigIsmMetadata.sol)
Add Multisig ISM (#1193)
2 years ago
* @param _message Formatted Hyperlane message (see Message.sol).
*/
function verify(bytes calldata _metadata, bytes calldata _message)
Merge audit v2 remediation to main (#1727) ### Description Merge [`audit-v2`](https://github.com/hyperlane-xyz/hyperlane-monorepo/releases/tag/audit-v2) into `main` See [changelog](https://github.com/hyperlane-xyz/hyperlane-monorepo/compare/034e75b6321b989d88e9c0a879018e8cbaf84f41...audit-v2)
2 years ago
external
Add Multisig ISM (#1193)
2 years ago
view
returns (bool)
{
require(_verifyMerkleProof(_metadata, _message), "!merkle");
require(_verifyValidatorSignatures(_metadata, _message), "!sigs");
return true;
}
/**
* @notice Gets the current validator set
* @param _domain The remote domain of the validator set.
* @return The addresses of the validator set.
*/
function validators(uint32 _domain) public view returns (address[] memory) {
EnumerableSet.AddressSet storage _validatorSet = validatorSet[_domain];
uint256 _validatorCount = _validatorSet.length();
address[] memory _validators = new address[](_validatorCount);
for (uint256 i = 0; i < _validatorCount; i++) {
_validators[i] = _validatorSet.at(i);
}
return _validators;
}
Make MultisigIsm HIP compliant (#1478)
2 years ago
/**
* @notice Returns the set of validators responsible for verifying _message
* and the number of signatures required
* @dev Can change based on the content of _message
* @param _message Hyperlane formatted interchain message
* @return validators The array of validator addresses
* @return threshold The number of validator signatures needed
*/
function validatorsAndThreshold(bytes calldata _message)
external
view
returns (address[] memory, uint8)
{
uint32 _origin = _message.origin();
address[] memory _validators = validators(_origin);
uint8 _threshold = threshold[_origin];
return (_validators, _threshold);
}
Add Multisig ISM (#1193)
2 years ago
/**
* @notice Returns the number of validators enrolled in the validator set.
* @param _domain The remote domain of the validator set.
* @return The number of validators enrolled in the validator set.
*/
function validatorCount(uint32 _domain) public view returns (uint256) {
return validatorSet[_domain].length();
}
// ============ Internal Functions ============
Consistent addresses for upgradable contracts (#1389)
2 years ago
/**
* @notice Enrolls a validator into a validator set.
* @dev Reverts if `_validator` is already in the validator set.
* @param _domain The remote domain of the validator set.
* @param _validator The validator to add to the validator set.
*/
function _enrollValidator(uint32 _domain, address _validator) internal {
require(_validator != address(0), "zero address");
require(validatorSet[_domain].add(_validator), "already enrolled");
emit ValidatorEnrolled(_domain, _validator, validatorCount(_domain));
}
Add Multisig ISM (#1193)
2 years ago
/**
* @notice Updates the commitment to the validator set for `_domain`.
* @param _domain The remote domain of the validator set.
* @return The commitment to the validator set for `_domain`.
*/
function _updateCommitment(uint32 _domain) internal returns (bytes32) {
address[] memory _validators = validators(_domain);
Smaller MultisigMetadata (#1394)
2 years ago
uint8 _threshold = threshold[_domain];
Add Multisig ISM (#1193)
2 years ago
bytes32 _commitment = keccak256(
abi.encodePacked(_threshold, _validators)
);
commitment[_domain] = _commitment;
Consistent addresses for upgradable contracts (#1389)
2 years ago
emit CommitmentUpdated(_domain, _commitment);
Add Multisig ISM (#1193)
2 years ago
return _commitment;
}
/**
* @notice Verifies the merkle proof of `_message` against the provided
* checkpoint.
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests
2 years ago
* @param _metadata ABI encoded module metadata (see LegacyMultisigIsmMetadata.sol)
Add Multisig ISM (#1193)
2 years ago
* @param _message Formatted Hyperlane message (see Message.sol).
*/
function _verifyMerkleProof(
bytes calldata _metadata,
bytes calldata _message
) internal pure returns (bool) {
// calculate the expected root based on the proof
bytes32 _calculatedRoot = MerkleLib.branchRoot(
_message.id(),
_metadata.proof(),
_message.nonce()
);
return _calculatedRoot == _metadata.root();
}
/**
* @notice Verifies that a quorum of the origin domain's validators signed
* the provided checkpoint.
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests
2 years ago
* @param _metadata ABI encoded module metadata (see LegacyMultisigIsmMetadata.sol)
Add Multisig ISM (#1193)
2 years ago
* @param _message Formatted Hyperlane message (see Message.sol).
*/
function _verifyValidatorSignatures(
bytes calldata _metadata,
bytes calldata _message
) internal view returns (bool) {
Smaller MultisigMetadata (#1394)
2 years ago
uint8 _threshold = _metadata.threshold();
Add Multisig ISM (#1193)
2 years ago
bytes32 _digest;
{
uint32 _origin = _message.origin();
bytes32 _commitment = keccak256(
abi.encodePacked(_threshold, _metadata.validators())
);
// Ensures the validator set encoded in the metadata matches
// what we've stored on chain.
// NB: An empty validator set in `_metadata` will result in a
// non-zero computed commitment, and this check will fail
// as the commitment in storage will be zero.
require(_commitment == commitment[_origin], "!commitment");
Make merkle proofs optional on multisig ISM (#2173) ### Description Validators currently sign `(root, index)` checkpoints and during verification, a `message` is passed as calldata, an `id()` is derived, and a `proof` of `id()` at `index` in `root` is verified This provides “all or nothing” censorship resistance guarantees because a validator can only sign roots to allow any contained messages to be processed. We have considered alternatives where validators sign `message` directly and we lose censorship resistance in exchange for eliminating merkle proof verification gas costs. However, if validators sign `(root, index, message)` tuples, we can skip merkle proof verification on the destination chain while still maintaining censorship resistance by providing two valid metadata formats: 1. existing validator signatures and merkle proof verification of inclusion 2. including merkle proof verification for pathway where validators are censoring `message` It’s worth noting the validator is required to index event data to produce this new signature format. However, this does not require historical indexing and new validators being spun up can simply begin indexing from tip. See https://github.com/hyperlane-xyz/hyperlane-monorepo/pull/2187 for validator changes See https://github.com/hyperlane-xyz/hyperlane-monorepo/pull/2248 for relayer and e2e test changes ### Drive-by changes Merkle index also optional ### Related issues - Fixes https://github.com/hyperlane-xyz/hyperlane-monorepo/issues/2192 ### Backward compatibility - new ISM deployment is necessary (we could upgrade implementation in theory) - Validator and relayer upgrades ### Testing Unit (fuzz) Tests, E2E tests
2 years ago
_digest = LegacyCheckpointLib.digest(
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests
2 years ago
_origin,
LegacyMultisigIsmMetadata.originMailbox(_metadata),
LegacyMultisigIsmMetadata.root(_metadata),
LegacyMultisigIsmMetadata.index(_metadata)
);
Add Multisig ISM (#1193)
2 years ago
}
uint256 _validatorCount = _metadata.validatorCount();
uint256 _validatorIndex = 0;
// Assumes that signatures are ordered by validator
for (uint256 i = 0; i < _threshold; ++i) {
address _signer = ECDSA.recover(_digest, _metadata.signatureAt(i));
// Loop through remaining validators until we find a match
Merge audit v2 remediation to main (#1727) ### Description Merge [`audit-v2`](https://github.com/hyperlane-xyz/hyperlane-monorepo/releases/tag/audit-v2) into `main` See [changelog](https://github.com/hyperlane-xyz/hyperlane-monorepo/compare/034e75b6321b989d88e9c0a879018e8cbaf84f41...audit-v2)
2 years ago
while (
Add Multisig ISM (#1193)
2 years ago
_validatorIndex < _validatorCount &&
Merge audit v2 remediation to main (#1727) ### Description Merge [`audit-v2`](https://github.com/hyperlane-xyz/hyperlane-monorepo/releases/tag/audit-v2) into `main` See [changelog](https://github.com/hyperlane-xyz/hyperlane-monorepo/compare/034e75b6321b989d88e9c0a879018e8cbaf84f41...audit-v2)
2 years ago
_signer != _metadata.validatorAt(_validatorIndex)
) {
++_validatorIndex;
}
Add Multisig ISM (#1193)
2 years ago
// Fail if we never found a match
require(_validatorIndex < _validatorCount, "!threshold");
++_validatorIndex;
}
return true;
}
}