UNPKG

@hyperlane-xyz/sdk

Version:

The official SDK for the Hyperlane Network

www.hyperlane.xyz

hyperlane-xyz/hyperlane-monorepo

171 lines 8.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
import { ethers, utils as ethersUtils } from 'ethers'; import { Ownable__factory } from '@hyperlane-xyz/core'; import { assert, eqAddress, rootLogger } from '@hyperlane-xyz/utils'; import { BytecodeHash } from '../consts/bytecode.js'; import { HyperlaneAppChecker } from '../deploy/HyperlaneAppChecker.js'; import { proxyImplementation } from '../deploy/proxy.js'; import { ViolationType } from '../deploy/types.js'; import { EvmIsmReader } from '../ism/EvmIsmReader.js'; import { collectValidators, moduleMatchesConfig } from '../ism/utils.js'; import { CoreViolationType, MailboxViolationType, } from './types.js'; export class HyperlaneCoreChecker extends HyperlaneAppChecker { ismFactory; chainAddresses; constructor(multiProvider, app, configMap, ismFactory, chainAddresses) { super(multiProvider, app, configMap); this.ismFactory = ismFactory; this.chainAddresses = chainAddresses; } async checkChain(chain) { const config = this.configMap[chain]; if (!config) { rootLogger.warn(`No config for chain ${chain}`); return; } // skip chains that are configured to be removed if (config.remove) { return; } await this.checkProxiedContracts(chain, config.owner, config.ownerOverrides); await this.checkMailbox(chain); await this.checkBytecodes(chain); await this.checkValidatorAnnounce(chain); if (config.upgrade) { await this.checkUpgrade(chain, config.upgrade); } await this.checkDomainOwnership(chain); } async checkDomainOwnership(chain) { const config = this.configMap[chain]; return this.checkOwnership(chain, config.owner, config.ownerOverrides); } async checkHook(chain, hookName, hookAddress, expectedHookOwner) { const hook = Ownable__factory.connect(hookAddress, this.multiProvider.getProvider(chain)); const hookOwner = await hook.owner(); if (!eqAddress(hookOwner, expectedHookOwner)) { const violation = { type: ViolationType.Owner, chain, name: hookName, actual: hookOwner, expected: expectedHookOwner, contract: hook, }; this.addViolation(violation); } } async checkMailbox(chain) { const contracts = this.app.getContracts(chain); const mailbox = contracts.mailbox; const localDomain = await mailbox.localDomain(); assert(localDomain === this.multiProvider.getDomainId(chain), `local domain ${localDomain} does not match expected domain ${this.multiProvider.getDomainId(chain)} for ${chain}`); const config = this.configMap[chain]; const expectedHookOwner = this.getOwner(config.owner, 'fallbackRoutingHook', config.ownerOverrides); await this.checkHook(chain, 'defaultHook', await mailbox.defaultHook(), expectedHookOwner); await this.checkHook(chain, 'requiredHook', await mailbox.requiredHook(), expectedHookOwner); const actualIsmAddress = await mailbox.defaultIsm(); const matches = await moduleMatchesConfig(chain, actualIsmAddress, config.defaultIsm, this.ismFactory.multiProvider, this.ismFactory.getContracts(chain)); if (!matches) { const registryIsmAddress = this.chainAddresses[chain].interchainSecurityModule; const registryIsmMatches = await moduleMatchesConfig(chain, registryIsmAddress, config.defaultIsm, this.ismFactory.multiProvider, this.ismFactory.getContracts(chain)); if (registryIsmMatches) { // if the ISM in registry matches the expected config, then we can assume // that the mailbox should be using that ISM instead of the current one // and we should report just an address violation const violation = { type: CoreViolationType.Mailbox, subType: MailboxViolationType.DefaultIsm, contract: mailbox, chain, actual: actualIsmAddress, expected: registryIsmAddress, }; this.addViolation(violation); } else { const ismReader = new EvmIsmReader(this.ismFactory.multiProvider, chain); let actualConfig = ethers.constants.AddressZero; if (actualIsmAddress !== ethers.constants.AddressZero) { actualConfig = await ismReader.deriveIsmConfig(actualIsmAddress); } // If the config doesn't match either onchain or the registry // then we have a full config violation, which the governor will need to // fix by deploying a new ISM const violation = { type: CoreViolationType.Mailbox, subType: MailboxViolationType.DefaultIsm, contract: mailbox, chain, actual: actualConfig, expected: config.defaultIsm, }; this.addViolation(violation); } } } async checkBytecodes(chain) { const contracts = this.app.getContracts(chain); const mailbox = contracts.mailbox; const localDomain = await mailbox.localDomain(); const implementation = await proxyImplementation(this.multiProvider.getProvider(chain), mailbox.address); if (implementation === ethers.constants.AddressZero) { const violation = { type: CoreViolationType.Mailbox, subType: MailboxViolationType.NotProxied, contract: mailbox, chain, actual: implementation, expected: 'non-zero address', }; this.addViolation(violation); } else { await this.checkBytecode(chain, 'Mailbox implementation', implementation, [ BytecodeHash.V3_MAILBOX_BYTECODE_HASH, BytecodeHash.OPT_V3_MAILBOX_BYTECODE_HASH, ], (bytecode) => // This is obviously super janky but basically we are searching // for the occurrences of localDomain in the bytecode and remove // that to compare, but some coincidental occurrences of // localDomain in the bytecode should be not be removed which // are just done via an offset guard bytecode .replaceAll(ethersUtils.defaultAbiCoder .encode(['uint32'], [localDomain]) .slice(2), (match, offset) => (offset > 8000 ? match : '')) // We persist the block number in the bytecode now too, so we have to strip it .replaceAll(/(00000000000000000000000000000000000000000000000000000000[a-f0-9]{0,22})81565/g, (match, _offset) => (match.length % 2 === 0 ? '' : '0')) .replaceAll(/(0000000000000000000000000000000000000000000000000000[a-f0-9]{0,22})6118123373/g, (match, _offset) => (match.length % 2 === 0 ? '' : '0')) .replaceAll(/(f167f00000000000000000000000000000000000000000000000000000[a-f0-9]{0,22})338989898/g, (match, _offset) => (match.length % 2 === 0 ? '' : '0'))); } await this.checkProxy(chain, 'Mailbox proxy', contracts.mailbox.address); await this.checkBytecode(chain, 'ProxyAdmin', contracts.proxyAdmin.address, [ BytecodeHash.PROXY_ADMIN_BYTECODE_HASH, BytecodeHash.V2_PROXY_ADMIN_BYTECODE_HASH, ]); } async checkValidatorAnnounce(chain) { const validators = new Set(); const remotes = Object.keys(this.configMap).filter((c) => c !== chain); const remoteOriginValidators = remotes.map((remote) => collectValidators(chain, this.configMap[remote].defaultIsm)); remoteOriginValidators.map((set) => { [...set].map((v) => validators.add(v)); }); const validatorAnnounce = this.app.getContracts(chain).validatorAnnounce; const announcedValidators = await validatorAnnounce.getAnnouncedValidators(); [...validators].forEach((validator) => { const matches = announcedValidators.filter((x) => eqAddress(x, validator)); if (matches.length == 0) { const violation = { type: CoreViolationType.ValidatorAnnounce, chain, validator, actual: false, expected: true, }; this.addViolation(violation); } }); } } //# sourceMappingURL=HyperlaneCoreChecker.js.map