diff --git a/evm/README.md b/evm/README.md index 031cb0d48..91a3a9d81 100644 --- a/evm/README.md +++ b/evm/README.md @@ -5,7 +5,8 @@ A client calls on [`transfer`] to initiate an NTT transfer. The client must specify at minimum, the amount of the transfer, the recipient chain, and the recipient address on the recipient chain. [`transfer`] also supports a flag to specify whether the `NttManager` should queue rate-limited transfers or revert. Clients can also include additional instructions to forward along to the Transceiver on the source chain. Depending on mode set in the initial configuration of the `NttManager` contract, transfers are either "locked" or "burned". Once the transfer has been forwarded to the Transceiver, the `NttManager` emits the `TransferSent` event. _Events_ -``` solidity + +```solidity /// @notice Emitted when a message is sent from the nttManager. /// @dev Topic0 /// 0x9716fe52fe4e02cf924ae28f19f5748ef59877c6496041b986fbad3dae6a8ecf @@ -30,7 +31,8 @@ Similarly, transfers that are rate-limited on the destination chain are added to If the client attempts to release the transfer from the queue before the expiry of the `rateLimitDuration`, the contract reverts with a `InboundQueuedTransferStillQueued` error. _Events_ -``` solidity + +```solidity /// @notice Emitted whenn an outbound transfer is queued. /// @dev Topic0 /// 0x69add1952a6a6b9cb86f04d05f0cb605cbb469a50ae916139d34495a9991481f. @@ -38,7 +40,7 @@ _Events_ event OutboundTransferQueued(uint64 queueSequence); ``` -``` solidity +```solidity /// @notice Emitted when an outbound transfer is rate limited. /// @dev Topic0 /// 0x754d657d1363ee47d967b415652b739bfe96d5729ccf2f26625dcdbc147db68b. @@ -50,7 +52,7 @@ event OutboundTransferRateLimited( ); ``` -``` solidity +```solidity /// @notice Emitted when an inbound transfer is queued /// @dev Topic0 /// 0x7f63c9251d82a933210c2b6d0b0f116252c3c116788120e64e8e8215df6f3162. @@ -65,7 +67,8 @@ Once the `NttManager` forwards the message to the Transceiver, the message is tr Once the message has been transmitted, the contract emits the `SendTransceiverMessage` event. _Events_ -``` solidity + +```solidity /// @notice Emitted when a message is sent from the transceiver. /// @dev Topic0 /// 0x53b3e029c5ead7bffc739118953883859d30b1aaa086e0dca4d0a1c99cd9c3f5. @@ -90,7 +93,8 @@ NTT implements replay protection, so if a given Transceiver attempts to deliver If a message had already been executed, the contract ends execution early and emits the `MessageAlreadyExecuted` event instead of reverting via an error. This mitigates the possibility of race conditions from transceivers attempting to deliver the same message when the threshold is less than the total number of available of Transceivers (i.e. threshold < totalTransceivers) and notifies the client (off-chain process) so they don't attempt redundant message delivery. _Events_ -``` solidity + +```solidity /// @notice Emitted when a relayed message is received. /// @dev Topic0 /// 0xf557dbbb087662f52c815f6c7ee350628a37a51eae9608ff840d996b65f87475 @@ -128,6 +132,7 @@ event MessageAlreadyExecuted(bytes32 indexed sourceNttManager, bytes32 indexed m Once a transfer has been successfully verified, the tokens can be minted (if the mode is "burning") or unlocked (if the mode is "locking") to the recipient on the destination chain. Note that the source token decimals are bounded betweeen 0 and `TRIMMED_DECIMALS` as enforced in the wire format. The transfer amount is untrimmed (scaled-up) if the destination chain token decimals exceed `TRIMMED_DECIMALS`. Once the approriate number of tokens have been minted or unlocked to the recipient, the `TransferRedeemed` event is emitted. _Events_ + ```solidity /// @notice Emitted when a transfer has been redeemed /// (either minted or unlocked on the recipient chain). @@ -136,26 +141,35 @@ _Events_ /// @param digest The digest of the message. event TransferRedeemed(bytes32 indexed digest); ``` + ## Prerequisites ### Installation + Install Foundry tools(https://book.getfoundry.sh/getting-started/installation), which include forge, anvil and cast CLI tools. ### Build + Run the following command to install necessary dependencies and to build the smart contracts: + ```shell $ make build-evm ``` ### Test + To run the full evm test-suite run the following command: + ```shell $ make test-evm ``` + The test-suite includes unit tests, along with property-based fuzz tests, and integration-tests. ### Format + To format the files run this command from the root directory. + ```shell $ make fix-fmt ``` @@ -166,9 +180,67 @@ $ make fix-fmt $ cd evm && forge snapshot ``` -### Contract Deployment -TODO +### Cast + +```shell +$ cast +``` + +### Help + +```shell +$ forge --help +$ anvil --help +$ cast --help +``` + +### Deploy Wormhole NTT + +#### Environment Setup + +Copy the sample environment file located in `env/` into the target subdirectory of your choice (e.g., `testnet` or `mainnet`) and prefix the filename with your blockchain of choice: + +``` +mkdir env/testnet +cp env/.env.sample env/testnet/sepolia.env +``` + +Do this for each blockchain network that the `NTTManager` and `WormholeTransceiver` contracts will be deployed to. Then configure each `.env` file and set the `RPC` variables. + +#### Config Setup + +Before deploying the contracts, navigate to the `evm/cfg` directory and copy the sample file. Make sure to preserve the existing name: + +``` +cd cfg + +cp WormholeNttConfig.json.sample WormholeNttConfig.json +``` + +Configure each network to your liking (including adding/removing networks). We will eventually add the addresses of the deployed contracts to this file. Navigate back to the `evm` directory. + +#### Deploy + +Deploy the `NttManager` and `WormholeTransceiver` contracts by running the following command for each target network: -### Initial Contract Configuration -TODO +``` +bash sh/deploy_wormhole_ntt.sh -n NETWORK_TYPE -c CHAIN_NAME -k PRIVATE_KEY + +# Argument examples +-n testnet, mainnet +-c avalanche, ethereum, sepolia +``` +Save the deployed proxy contract addresses (see the forge script output) in the `WormholeNttConfig.json` file. + +#### Configuration + +Once all of the contracts have been deployed and the addresses have been saved, run the following command for each target network: + +``` +bash sh/configure_wormhole_ntt.sh -n NETWORK_TYPE -c CHAIN_NAME -k PRIVATE_KEY + +# Argument examples +-n testnet, mainnet +-c avalanche, ethereum, sepolia +``` diff --git a/evm/cfg/WormholeNttConfig.json.sample b/evm/cfg/WormholeNttConfig.json.sample new file mode 100755 index 000000000..665ca1296 --- /dev/null +++ b/evm/cfg/WormholeNttConfig.json.sample @@ -0,0 +1,24 @@ +{ + "contracts": [ + { + "chainId": 10002, + "decimals": 6, + "inboundLimit": 18446744073709551614, + "isEvmChain": true, + "isWormholeRelayingEnabled": true, + "isSpecialRelayingEnabled": false, + "nttManager": "0x00000000000000000000000000000000000000000000000000000000deadbeef", + "wormholeTransceiver": "0x00000000000000000000000000000000000000000000000000000000deadbeef" + }, + { + "chainId": 16, + "decimals": 6, + "inboundLimit": 18446744073709551614, + "isEvmChain": true, + "isWormholeRelayingEnabled": true, + "isSpecialRelayingEnabled": false, + "nttManager": "0x00000000000000000000000000000000000000000000000000000000deadbeef", + "wormholeTransceiver": "0x00000000000000000000000000000000000000000000000000000000deadbeef" + } + ] +} diff --git a/evm/env/.env.sample b/evm/env/.env.sample new file mode 100644 index 000000000..25f9b1c60 --- /dev/null +++ b/evm/env/.env.sample @@ -0,0 +1,41 @@ +export RPC="" + +### Foundry profile, we always need to deploy with prod. +export FOUNDRY_PROFILE=prod + +# -------------------------- NTT Contract -------------------------- + +### EVM Token Address +export RELEASE_TOKEN_ADDRESS= + +### Mode (Locking == 0, Burning == 1) +export RELEASE_MODE=0 + +### Rate Limit Duration (specified in seconds) +export RELEASE_RATE_LIMIT_DURATION=86400 +export RELEASE_SKIP_RATE_LIMIT=false + +### Rolling Window Max Outbound Transfer Limit +export RELEASE_OUTBOUND_LIMIT=18446744073709551614 + +# -------------------------- Wormhole -------------------------- + +### Wormhole Chain ID +export RELEASE_WORMHOLE_CHAIN_ID=10002 + +### Wormhole Core Bridge Address +export RELEASE_CORE_BRIDGE_ADDRESS=0x4a8bc80Ed5a4067f1CCf107057b8270E0cC11A78 + +### Wormhole Finality +export RELEASE_CONSISTENCY_LEVEL=201 + +# -------------------------- Relayer -------------------------- + +### Wormhole Relayer Address +export RELEASE_WORMHOLE_RELAYER_ADDRESS=0x7B1bD7a6b4E61c2a123AC6BC2cbfC614437D0470 + +### Specialized Relayer Address +export RELEASE_SPECIAL_RELAYER_ADDRESS=0x0000000000000000000000000000000000000000 + +### Target Chain Gas Limit +export RELEASE_GAS_LIMIT=500000 \ No newline at end of file diff --git a/evm/foundry.toml b/evm/foundry.toml index 1e922f52d..e870eee84 100644 --- a/evm/foundry.toml +++ b/evm/foundry.toml @@ -11,6 +11,7 @@ fs_permissions = [{ access = "read", path = "./test/payloads"}] [profile.prod] via_ir = true +fs_permissions = [{access = "read", path = "./cfg/"}] [fmt] line_length = 100 diff --git a/evm/script/ConfigureWormholeNtt.s.sol b/evm/script/ConfigureWormholeNtt.s.sol new file mode 100644 index 000000000..083b1e831 --- /dev/null +++ b/evm/script/ConfigureWormholeNtt.s.sol @@ -0,0 +1,101 @@ +// SPDX-License-Identifier: Apache 2 +pragma solidity >=0.8.8 <0.9.0; + +import {console2} from "forge-std/Script.sol"; +import {stdJson} from "forge-std/StdJson.sol"; + +import "../src/interfaces/INttManager.sol"; +import "../src/interfaces/IWormholeTransceiver.sol"; +import "../src/interfaces/IOwnableUpgradeable.sol"; + +import {ParseNttConfig} from "./helpers/ParseNttConfig.sol"; +import {WormholeTransceiver} from "../src/Transceiver/WormholeTransceiver/WormholeTransceiver.sol"; + +contract ConfigureWormholeNtt is ParseNttConfig { + using stdJson for string; + + struct ConfigParams { + uint16 wormholeChainId; + } + + function _readEnvVariables() internal view returns (ConfigParams memory params) { + // Chain ID. + params.wormholeChainId = uint16(vm.envUint("RELEASE_WORMHOLE_CHAIN_ID")); + require(params.wormholeChainId != 0, "Invalid chain ID"); + } + + function configureWormholeTransceiver( + IWormholeTransceiver wormholeTransceiver, + ChainConfig[] memory config, + ConfigParams memory params + ) internal { + for (uint256 i = 0; i < config.length; i++) { + ChainConfig memory targetConfig = config[i]; + if (targetConfig.chainId == params.wormholeChainId) { + continue; + } else { + // Set relayer. + if (targetConfig.isWormholeRelayingEnabled) { + wormholeTransceiver.setIsWormholeRelayingEnabled(targetConfig.chainId, true); + console2.log("Wormhole relaying enabled for chain", targetConfig.chainId); + } else if (targetConfig.isSpecialRelayingEnabled) { + wormholeTransceiver.setIsSpecialRelayingEnabled(targetConfig.chainId, true); + console2.log("Special relaying enabled for chain", targetConfig.chainId); + } + + // Set peer. + wormholeTransceiver.setWormholePeer( + targetConfig.chainId, targetConfig.wormholeTransceiver + ); + console2.log("Wormhole peer set for chain", targetConfig.chainId); + + // Set EVM chain. + if (targetConfig.isEvmChain) { + wormholeTransceiver.setIsWormholeEvmChain(targetConfig.chainId, true); + console2.log("EVM chain set for chain", targetConfig.chainId); + } else { + console2.log("This is not an EVM chain, doing nothing"); + } + } + } + } + + function configureNttManager( + INttManager nttManager, + ChainConfig[] memory config, + ConfigParams memory params + ) internal { + for (uint256 i = 0; i < config.length; i++) { + ChainConfig memory targetConfig = config[i]; + if (targetConfig.chainId == params.wormholeChainId) { + continue; + } else { + // Set peer. + nttManager.setPeer( + targetConfig.chainId, + targetConfig.nttManager, + targetConfig.decimals, + targetConfig.inboundLimit + ); + console2.log("Peer set for chain", targetConfig.chainId); + } + } + } + + function run() public { + vm.startBroadcast(); + + // Sanity check deployment parameters. + ConfigParams memory params = _readEnvVariables(); + ( + ChainConfig[] memory config, + INttManager nttManager, + IWormholeTransceiver wormholeTransceiver + ) = _parseAndValidateConfigFile(params.wormholeChainId); + + configureWormholeTransceiver(wormholeTransceiver, config, params); + configureNttManager(nttManager, config, params); + + vm.stopBroadcast(); + } +} diff --git a/evm/script/Counter.s.sol b/evm/script/Counter.s.sol deleted file mode 100644 index 1a47b40b8..000000000 --- a/evm/script/Counter.s.sol +++ /dev/null @@ -1,12 +0,0 @@ -// SPDX-License-Identifier: UNLICENSED -pragma solidity ^0.8.13; - -import {Script, console2} from "forge-std/Script.sol"; - -contract CounterScript is Script { - function setUp() public {} - - function run() public { - vm.broadcast(); - } -} diff --git a/evm/script/DeployWormholeNtt.s.sol b/evm/script/DeployWormholeNtt.s.sol new file mode 100644 index 000000000..9be86eefc --- /dev/null +++ b/evm/script/DeployWormholeNtt.s.sol @@ -0,0 +1,158 @@ +// SPDX-License-Identifier: Apache 2 +pragma solidity >=0.8.8 <0.9.0; + +import {Script, console2} from "forge-std/Script.sol"; + +import "../src/interfaces/IManagerBase.sol"; +import "../src/interfaces/INttManager.sol"; +import "../src/interfaces/IWormholeTransceiver.sol"; + +import {NttManager} from "../src/NttManager/NttManager.sol"; +import {WormholeTransceiver} from "../src/Transceiver/WormholeTransceiver/WormholeTransceiver.sol"; +import {ERC1967Proxy} from "openzeppelin-contracts/contracts/proxy/ERC1967/ERC1967Proxy.sol"; +import {ParseNttConfig} from "./helpers/ParseNttConfig.sol"; + +contract DeployWormholeNtt is Script, ParseNttConfig { + struct DeploymentParams { + address token; + IManagerBase.Mode mode; + uint16 wormholeChainId; + uint64 rateLimitDuration; + bool shouldSkipRatelimiter; + address wormholeCoreBridge; + address wormholeRelayerAddr; + address specialRelayerAddr; + uint8 consistencyLevel; + uint256 gasLimit; + uint64 outboundLimit; + } + + // The minimum gas limit to verify a message on mainnet. If you're worried about saving + // gas on testnet, pick up the phone and start dialing! + uint256 constant MIN_WORMHOLE_GAS_LIMIT = 150000; + + function deployNttManager(DeploymentParams memory params) internal returns (address) { + // Deploy the Manager Implementation. + NttManager implementation = new NttManager( + params.token, + params.mode, + params.wormholeChainId, + params.rateLimitDuration, + params.shouldSkipRatelimiter + ); + + // NttManager Proxy + NttManager nttManagerProxy = + NttManager(address(new ERC1967Proxy(address(implementation), ""))); + + nttManagerProxy.initialize(); + + console2.log("NttManager deployed at: "); + console2.logBytes32(toUniversalAddress(address(nttManagerProxy))); + + return address(nttManagerProxy); + } + + function deployWormholeTransceiver( + DeploymentParams memory params, + address nttManager + ) public returns (address) { + // Deploy the Wormhole Transceiver. + WormholeTransceiver implementation = new WormholeTransceiver( + nttManager, + params.wormholeCoreBridge, + params.wormholeRelayerAddr, + params.specialRelayerAddr, + params.consistencyLevel, + params.gasLimit + ); + + WormholeTransceiver transceiverProxy = + WormholeTransceiver(address(new ERC1967Proxy(address(implementation), ""))); + + transceiverProxy.initialize(); + + console2.log("Wormhole Transceiver deployed at: "); + console2.logBytes32(toUniversalAddress(address(transceiverProxy))); + + return address(transceiverProxy); + } + + function configureNttManager( + address nttManager, + address transceiver, + uint64 outboundLimit, + bool shouldSkipRateLimiter + ) public { + IManagerBase(nttManager).setTransceiver(transceiver); + console2.log("Transceiver address set on NttManager: ", transceiver); + + if (!shouldSkipRateLimiter) { + INttManager(nttManager).setOutboundLimit(outboundLimit); + console2.log("Outbound rate limit set on NttManager: ", outboundLimit); + } + + // Hardcoded to one since these scripts handle Wormhole-only deployments. + INttManager(nttManager).setThreshold(1); + console2.log("Threshold set on NttManager: %d", uint256(1)); + } + + function _readEnvVariables() internal view returns (DeploymentParams memory params) { + // Token address. + params.token = vm.envAddress("RELEASE_TOKEN_ADDRESS"); + require(params.token != address(0), "Invalid token address"); + + // Mode. + uint8 mode = uint8(vm.envUint("RELEASE_MODE")); + if (mode == 0) { + params.mode = IManagerBase.Mode.LOCKING; + } else if (mode == 1) { + params.mode = IManagerBase.Mode.BURNING; + } else { + revert("Invalid mode"); + } + + // Chain ID. + params.wormholeChainId = uint16(vm.envUint("RELEASE_WORMHOLE_CHAIN_ID")); + require(params.wormholeChainId != 0, "Invalid chain ID"); + + // Rate limit duration. + params.rateLimitDuration = uint64(vm.envUint("RELEASE_RATE_LIMIT_DURATION")); + params.shouldSkipRatelimiter = vm.envBool("RELEASE_SKIP_RATE_LIMIT"); + + // Wormhole Core Bridge address. + params.wormholeCoreBridge = vm.envAddress("RELEASE_CORE_BRIDGE_ADDRESS"); + require(params.wormholeCoreBridge != address(0), "Invalid wormhole core bridge address"); + + // Wormhole relayer, special relayer, consistency level. + params.wormholeRelayerAddr = vm.envAddress("RELEASE_WORMHOLE_RELAYER_ADDRESS"); + params.specialRelayerAddr = vm.envAddress("RELEASE_SPECIAL_RELAYER_ADDRESS"); + params.consistencyLevel = uint8(vm.envUint("RELEASE_CONSISTENCY_LEVEL")); + + params.gasLimit = vm.envUint("RELEASE_GAS_LIMIT"); + require(params.gasLimit >= MIN_WORMHOLE_GAS_LIMIT, "Invalid gas limit"); + + // Outbound rate limiter limit. + params.outboundLimit = uint64(vm.envUint("RELEASE_OUTBOUND_LIMIT")); + } + + function run() public { + vm.startBroadcast(); + + // Sanity check deployment parameters. + DeploymentParams memory params = _readEnvVariables(); + + // Deploy NttManager. + address manager = deployNttManager(params); + + // Deploy Wormhole Transceiver. + address transceiver = deployWormholeTransceiver(params, manager); + + // Configure NttManager. + configureNttManager( + manager, transceiver, params.outboundLimit, params.shouldSkipRatelimiter + ); + + vm.stopBroadcast(); + } +} diff --git a/evm/script/UpgradeNttManager.s.sol b/evm/script/UpgradeNttManager.s.sol new file mode 100644 index 000000000..2ae864624 --- /dev/null +++ b/evm/script/UpgradeNttManager.s.sol @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: Apache 2 +pragma solidity >=0.8.8 <0.9.0; + +import {console2} from "forge-std/Script.sol"; + +import "../src/interfaces/INttManager.sol"; +import "../src/interfaces/IManagerBase.sol"; + +import {NttManager} from "../src/NttManager/NttManager.sol"; +import {ERC1967Proxy} from "openzeppelin-contracts/contracts/proxy/ERC1967/ERC1967Proxy.sol"; + +import {ParseNttConfig} from "./helpers/ParseNttConfig.sol"; + +contract UpgradeNttManager is ParseNttConfig { + struct DeploymentParams { + address token; + INttManager.Mode mode; + uint16 wormholeChainId; + uint64 rateLimitDuration; + bool shouldSkipRatelimiter; + } + + function upgradeNttManager( + INttManager nttManagerProxy, + DeploymentParams memory params + ) internal { + // Deploy the Manager Implementation. + NttManager implementation = new NttManager( + params.token, + params.mode, + params.wormholeChainId, + params.rateLimitDuration, + params.shouldSkipRatelimiter + ); + + console2.log("NttManager Implementation deployed at: ", address(implementation)); + + // Upgrade the proxy. + nttManagerProxy.upgrade(address(implementation)); + } + + function _readEnvVariables() internal view returns (DeploymentParams memory params) { + // Token address. + params.token = vm.envAddress("RELEASE_TOKEN_ADDRESS"); + require(params.token != address(0), "Invalid token address"); + + // Mode. + uint8 mode = uint8(vm.envUint("RELEASE_MODE")); + if (mode == 0) { + params.mode = IManagerBase.Mode.LOCKING; + } else if (mode == 1) { + params.mode = IManagerBase.Mode.BURNING; + } else { + revert("Invalid mode"); + } + + // Chain ID. + params.wormholeChainId = uint16(vm.envUint("RELEASE_WORMHOLE_CHAIN_ID")); + require(params.wormholeChainId != 0, "Invalid chain ID"); + + // Rate limit duration. + params.rateLimitDuration = uint64(vm.envUint("RELEASE_RATE_LIMIT_DURATION")); + params.shouldSkipRatelimiter = vm.envBool("RELEASE_SKIP_RATE_LIMIT"); + } + + function run() public { + vm.startBroadcast(); + + // Sanity check deployment parameters. + DeploymentParams memory params = _readEnvVariables(); + (, INttManager nttManager,) = _parseAndValidateConfigFile(params.wormholeChainId); + + // Deploy NttManager. + upgradeNttManager(nttManager, params); + + vm.stopBroadcast(); + } +} diff --git a/evm/script/UpgradeWormholeTransceiver.s.sol b/evm/script/UpgradeWormholeTransceiver.s.sol new file mode 100644 index 000000000..503ed4931 --- /dev/null +++ b/evm/script/UpgradeWormholeTransceiver.s.sol @@ -0,0 +1,85 @@ +// SPDX-License-Identifier: Apache 2 +pragma solidity >=0.8.8 <0.9.0; + +import {console2} from "forge-std/Script.sol"; + +import "../src/interfaces/IWormholeTransceiver.sol"; +import "../src/interfaces/ITransceiver.sol"; +import "../src/interfaces/INttManager.sol"; + +import {WormholeTransceiver} from "../src/Transceiver/WormholeTransceiver/WormholeTransceiver.sol"; +import {ERC1967Proxy} from "openzeppelin-contracts/contracts/proxy/ERC1967/ERC1967Proxy.sol"; + +import {ParseNttConfig} from "./helpers/ParseNttConfig.sol"; + +contract UpgradeWormholeTransceiver is ParseNttConfig { + struct DeploymentParams { + uint16 wormholeChainId; + address wormholeCoreBridge; + address wormholeRelayerAddr; + address specialRelayerAddr; + uint8 consistencyLevel; + uint256 gasLimit; + uint64 outboundLimit; + } + + // The minimum gas limit to verify a message on mainnet. If you're worried about saving + // gas on testnet, pick up the phone and start dialing! + uint256 constant MIN_WORMHOLE_GAS_LIMIT = 150000; + + function upgradeWormholeTransceiver( + IWormholeTransceiver wormholeTransceiverProxy, + DeploymentParams memory params, + address nttManager + ) internal { + // Deploy the Wormhole Transceiver. + WormholeTransceiver implementation = new WormholeTransceiver( + nttManager, + params.wormholeCoreBridge, + params.wormholeRelayerAddr, + params.specialRelayerAddr, + params.consistencyLevel, + params.gasLimit + ); + + console2.log("WormholeTransceiver Implementation deployed at: ", address(implementation)); + + // Upgrade the proxy. + ITransceiver(address(wormholeTransceiverProxy)).upgrade(address(implementation)); + } + + function _readEnvVariables() internal view returns (DeploymentParams memory params) { + // Chain ID. + params.wormholeChainId = uint16(vm.envUint("RELEASE_WORMHOLE_CHAIN_ID")); + require(params.wormholeChainId != 0, "Invalid chain ID"); + + // Wormhole Core Bridge address. + params.wormholeCoreBridge = vm.envAddress("RELEASE_CORE_BRIDGE_ADDRESS"); + require(params.wormholeCoreBridge != address(0), "Invalid wormhole core bridge address"); + + // Wormhole relayer, special relayer, consistency level. + params.wormholeRelayerAddr = vm.envAddress("RELEASE_WORMHOLE_RELAYER_ADDRESS"); + params.specialRelayerAddr = vm.envAddress("RELEASE_SPECIAL_RELAYER_ADDRESS"); + params.consistencyLevel = uint8(vm.envUint("RELEASE_CONSISTENCY_LEVEL")); + + params.gasLimit = vm.envUint("RELEASE_GAS_LIMIT"); + require(params.gasLimit >= MIN_WORMHOLE_GAS_LIMIT, "Invalid gas limit"); + + // Outbound rate limiter limit. + params.outboundLimit = uint64(vm.envUint("RELEASE_OUTBOUND_LIMIT")); + } + + function run() public { + vm.startBroadcast(); + + // Sanity check deployment parameters. + DeploymentParams memory params = _readEnvVariables(); + (, INttManager nttManager, IWormholeTransceiver wormholeTransceiver) = + _parseAndValidateConfigFile(params.wormholeChainId); + + // Upgrade WormholeTransceiver. + upgradeWormholeTransceiver(wormholeTransceiver, params, address(nttManager)); + + vm.stopBroadcast(); + } +} diff --git a/evm/script/helpers/ParseNttConfig.sol b/evm/script/helpers/ParseNttConfig.sol new file mode 100644 index 000000000..5a6acbad4 --- /dev/null +++ b/evm/script/helpers/ParseNttConfig.sol @@ -0,0 +1,89 @@ +// SPDX-License-Identifier: Apache 2 +pragma solidity >=0.8.8 <0.9.0; + +import {Script, console2} from "forge-std/Script.sol"; +import {stdJson} from "forge-std/StdJson.sol"; + +import "../../src/interfaces/INttManager.sol"; +import "../../src/interfaces/IWormholeTransceiver.sol"; + +contract ParseNttConfig is Script { + using stdJson for string; + + // NOTE: Forge expects any struct to be defined in alphabetical order if being used + // to parse JSON. + struct ChainConfig { + uint16 chainId; + uint8 decimals; + uint64 inboundLimit; + bool isEvmChain; + bool isSpecialRelayingEnabled; + bool isWormholeRelayingEnabled; + bytes32 nttManager; + bytes32 wormholeTransceiver; + } + + mapping(uint16 => bool) duplicateChainIds; + + function toUniversalAddress(address evmAddr) internal pure returns (bytes32 converted) { + assembly ("memory-safe") { + converted := and(0xffffffffffffffffffffffffffffffffffffffff, evmAddr) + } + } + + function fromUniversalAddress(bytes32 universalAddr) + internal + pure + returns (address converted) + { + require(bytes12(universalAddr) == 0, "Address overflow"); + + assembly ("memory-safe") { + converted := universalAddr + } + } + + function _parseAndValidateConfigFile(uint16 wormholeChainId) + internal + returns ( + ChainConfig[] memory config, + INttManager nttManager, + IWormholeTransceiver wormholeTransceiver + ) + { + string memory root = vm.projectRoot(); + string memory path = string.concat(root, "/cfg/WormholeNttConfig.json"); + string memory json = vm.readFile(path); + bytes memory contracts = json.parseRaw(".contracts"); + + // Decode the json into ChainConfig array. + config = abi.decode(contracts, (ChainConfig[])); + + // Validate values and set the contract addresses for this chain. + for (uint256 i = 0; i < config.length; i++) { + require(config[i].chainId != 0, "Invalid chain ID"); + require(config[i].nttManager != bytes32(0), "Invalid NTT manager address"); + require( + config[i].wormholeTransceiver != bytes32(0), "Invalid wormhole transceiver address" + ); + require(config[i].inboundLimit != 0, "Invalid inbound limit"); + + // If this is an evm chain, require a valid EVM address. + if (config[i].isEvmChain) { + fromUniversalAddress(config[i].nttManager); + fromUniversalAddress(config[i].wormholeTransceiver); + } + + // Make sure we don't configure the same chain twice. + require(!duplicateChainIds[config[i].chainId], "Duplicate chain ID"); + duplicateChainIds[config[i].chainId] = true; + + // Set the contract addresses for this chain. + if (config[i].chainId == wormholeChainId) { + nttManager = INttManager(fromUniversalAddress(config[i].nttManager)); + wormholeTransceiver = + IWormholeTransceiver(fromUniversalAddress(config[i].wormholeTransceiver)); + } + } + } +} diff --git a/evm/sh/configure_wormhole_ntt.sh b/evm/sh/configure_wormhole_ntt.sh new file mode 100644 index 000000000..0daca4bc5 --- /dev/null +++ b/evm/sh/configure_wormhole_ntt.sh @@ -0,0 +1,62 @@ +#!/bin/bash + +while getopts ":n:c:u:k:" opt; do + case $opt in + n) network="$OPTARG" + ;; + c) chain="$OPTARG" + ;; + u) rpc="$OPTARG" + ;; + k) private_key="$OPTARG" + ;; + \?) echo "Invalid option -$OPTARG" >&2 + exit 1 + ;; + esac + + case $OPTARG in + -*) echo "Option $opt needs a valid argument" >&2 + exit 1 + ;; + esac +done + +if [ -z ${network+x} ]; +then + echo "network (-n) is unset" >&2 + exit 1 +fi + +if [ -z ${chain+x} ]; +then + echo "chain (-c) is unset" >&2 + exit 1 +fi + +if [ -z ${private_key+x} ]; +then + echo "private key (-k) is unset" >&2 + exit 1 +fi + +set -euo pipefail + +ROOT=$(dirname $0) +ENV=$ROOT/../env +FORGE_SCRIPTS=$ROOT/../script + +. $ENV/$network/$chain.env + +# Use the RPC environment variable if rpc isn't set. +if [ -z ${rpc+x} ]; +then + rpc=$RPC +fi + +forge script $FORGE_SCRIPTS/ConfigureWormholeNtt.s.sol \ + --rpc-url $rpc \ + --broadcast \ + --private-key $private_key \ + --slow \ + --skip test diff --git a/evm/sh/deploy_wormhole_ntt.sh b/evm/sh/deploy_wormhole_ntt.sh new file mode 100644 index 000000000..84c2e8432 --- /dev/null +++ b/evm/sh/deploy_wormhole_ntt.sh @@ -0,0 +1,62 @@ +#!/bin/bash + +while getopts ":n:c:u:k:" opt; do + case $opt in + n) network="$OPTARG" + ;; + c) chain="$OPTARG" + ;; + u) rpc="$OPTARG" + ;; + k) private_key="$OPTARG" + ;; + \?) echo "Invalid option -$OPTARG" >&2 + exit 1 + ;; + esac + + case $OPTARG in + -*) echo "Option $opt needs a valid argument" >&2 + exit 1 + ;; + esac +done + +if [ -z ${network+x} ]; +then + echo "network (-n) is unset" >&2 + exit 1 +fi + +if [ -z ${chain+x} ]; +then + echo "chain (-c) is unset" >&2 + exit 1 +fi + +if [ -z ${private_key+x} ]; +then + echo "private key (-k) is unset" >&2 + exit 1 +fi + +set -euo pipefail + +ROOT=$(dirname $0) +ENV=$ROOT/../env +FORGE_SCRIPTS=$ROOT/../script + +. $ENV/$network/$chain.env + +# Use the RPC environment variable if rpc isn't set. +if [ -z ${rpc+x} ]; +then + rpc=$RPC +fi + +forge script $FORGE_SCRIPTS/DeployWormholeNtt.s.sol \ + --rpc-url $rpc \ + --broadcast \ + --private-key $private_key \ + --slow \ + --skip test diff --git a/evm/sh/upgrade_ntt_manager.sh b/evm/sh/upgrade_ntt_manager.sh new file mode 100644 index 000000000..5324d93f6 --- /dev/null +++ b/evm/sh/upgrade_ntt_manager.sh @@ -0,0 +1,62 @@ +#!/bin/bash + +while getopts ":n:c:u:k:" opt; do + case $opt in + n) network="$OPTARG" + ;; + c) chain="$OPTARG" + ;; + u) rpc="$OPTARG" + ;; + k) private_key="$OPTARG" + ;; + \?) echo "Invalid option -$OPTARG" >&2 + exit 1 + ;; + esac + + case $OPTARG in + -*) echo "Option $opt needs a valid argument" >&2 + exit 1 + ;; + esac +done + +if [ -z ${network+x} ]; +then + echo "network (-n) is unset" >&2 + exit 1 +fi + +if [ -z ${chain+x} ]; +then + echo "chain (-c) is unset" >&2 + exit 1 +fi + +if [ -z ${private_key+x} ]; +then + echo "private key (-k) is unset" >&2 + exit 1 +fi + +set -euo pipefail + +ROOT=$(dirname $0) +ENV=$ROOT/../env +FORGE_SCRIPTS=$ROOT/../script + +. $ENV/$network/$chain.env + +# Use the RPC environment variable if rpc isn't set. +if [ -z ${rpc+x} ]; +then + rpc=$RPC +fi + +forge script $FORGE_SCRIPTS/UpgradeNttManager.s.sol \ + --rpc-url $rpc \ + --broadcast \ + --private-key $private_key \ + --slow \ + --skip test diff --git a/evm/sh/upgrade_wormhole_transceiver.sh b/evm/sh/upgrade_wormhole_transceiver.sh new file mode 100644 index 000000000..35ce4ff49 --- /dev/null +++ b/evm/sh/upgrade_wormhole_transceiver.sh @@ -0,0 +1,62 @@ +#!/bin/bash + +while getopts ":n:c:u:k:" opt; do + case $opt in + n) network="$OPTARG" + ;; + c) chain="$OPTARG" + ;; + u) rpc="$OPTARG" + ;; + k) private_key="$OPTARG" + ;; + \?) echo "Invalid option -$OPTARG" >&2 + exit 1 + ;; + esac + + case $OPTARG in + -*) echo "Option $opt needs a valid argument" >&2 + exit 1 + ;; + esac +done + +if [ -z ${network+x} ]; +then + echo "network (-n) is unset" >&2 + exit 1 +fi + +if [ -z ${chain+x} ]; +then + echo "chain (-c) is unset" >&2 + exit 1 +fi + +if [ -z ${private_key+x} ]; +then + echo "private key (-k) is unset" >&2 + exit 1 +fi + +set -euo pipefail + +ROOT=$(dirname $0) +ENV=$ROOT/../env +FORGE_SCRIPTS=$ROOT/../script + +. $ENV/$network/$chain.env + +# Use the RPC environment variable if rpc isn't set. +if [ -z ${rpc+x} ]; +then + rpc=$RPC +fi + +forge script $FORGE_SCRIPTS/UpgradeWormholeTransceiver.s.sol \ + --rpc-url $rpc \ + --broadcast \ + --private-key $private_key \ + --slow \ + --skip test