diff --git a/solana/helpers/test-fixtures/src/test_setup.rs b/solana/helpers/test-fixtures/src/test_setup.rs index 2436ae8..3390c38 100644 --- a/solana/helpers/test-fixtures/src/test_setup.rs +++ b/solana/helpers/test-fixtures/src/test_setup.rs @@ -683,14 +683,12 @@ impl TestFixture { &mut self, gateway_root_pda: &Pubkey, execute_data_pda: &Pubkey, - rotate_signers_command_pda: &Pubkey, current_verifier_set_tracker_pda: &Pubkey, new_verifier_set_tracker_pda: &Pubkey, ) -> BanksTransactionResultWithMetadata { let ix = gateway::instructions::rotate_signers( *execute_data_pda, *gateway_root_pda, - *rotate_signers_command_pda, None, *current_verifier_set_tracker_pda, *new_verifier_set_tracker_pda, @@ -781,7 +779,6 @@ impl TestFixture { /// gateway.rotate_signers. /// /// Returns: - /// - approved command PDA /// - execute data thats stored inside the execute data PDA /// - execute data PDA pub async fn fully_rotate_signers( @@ -790,8 +787,8 @@ impl TestFixture { new_signer_set: VerifierSet, signers: &SigningVerifierSet, domain_separator: &[u8; 32], - ) -> (Pubkey, Vec, Pubkey) { - let (command_pdas, execute_data, execute_data_pda, tx) = self + ) -> (Vec, Pubkey) { + let (execute_data, execute_data_pda, tx) = self .fully_rotate_signers_with_execute_metadata( gateway_root_pda, new_signer_set, @@ -800,7 +797,7 @@ impl TestFixture { ) .await; assert!(tx.result.is_ok()); - (command_pdas, execute_data, execute_data_pda) + (execute_data, execute_data_pda) } pub async fn fully_rotate_signers_with_execute_metadata( @@ -809,7 +806,7 @@ impl TestFixture { new_signer_set: VerifierSet, signers: &SigningVerifierSet, domain_separator: &[u8; 32], - ) -> (Pubkey, Vec, Pubkey, BanksTransactionResultWithMetadata) { + ) -> (Vec, Pubkey, BanksTransactionResultWithMetadata) { let current_verifier_set_tracker_pda = signers.verifier_set_tracker(); let (new_verifier_set_tracker_pda, _) = gateway::get_verifier_set_tracker_pda(&gateway::ID, new_signer_set.hash(hasher_impl())); @@ -822,28 +819,16 @@ impl TestFixture { ) .await; - let command = OwnedCommand::RotateSigners(new_signer_set); - let rotate_signers_command_pda = self - .init_pending_gateway_commands(gateway_root_pda, &[command]) - .await - .pop() - .unwrap(); let tx = self .rotate_signers_with_metadata( gateway_root_pda, &execute_data_pda, - &rotate_signers_command_pda, ¤t_verifier_set_tracker_pda, &new_verifier_set_tracker_pda, ) .await; - ( - rotate_signers_command_pda, - execute_data, - execute_data_pda, - tx, - ) + (execute_data, execute_data_pda, tx) } pub async fn get_account( diff --git a/solana/programs/gateway/src/axelar_auth_weighted.rs b/solana/programs/gateway/src/axelar_auth_weighted.rs index 5a27289..6da4ee5 100644 --- a/solana/programs/gateway/src/axelar_auth_weighted.rs +++ b/solana/programs/gateway/src/axelar_auth_weighted.rs @@ -99,11 +99,11 @@ impl AxelarAuthWeighted { } let epoch = self.current_epoch(); - let elapsed: BnumU256 = epoch + let diff: BnumU256 = epoch .checked_sub(verifier_set_tracker.epoch) .ok_or(AxelarAuthWeightedError::EpochCalculationOverflow)? .into(); - if elapsed >= self.previous_signers_retention.into() { + if diff >= self.previous_signers_retention.into() { msg!("verifier set is too old"); return Err(AxelarAuthWeightedError::InvalidSignerSet); } diff --git a/solana/programs/gateway/src/instructions.rs b/solana/programs/gateway/src/instructions.rs index fcf749f..5cbedf6 100644 --- a/solana/programs/gateway/src/instructions.rs +++ b/solana/programs/gateway/src/instructions.rs @@ -39,15 +39,13 @@ pub enum GatewayInstruction { /// Accounts expected by this instruction: /// 0. [WRITE] Gateway Root Config PDA account /// 1. [] Gateway ExecuteData PDA account - /// 2. [WRITE] Gateway ApprovedCommand PDA account. The command needs to be - /// `RotateSigners`. - /// 3. [] Verifier Setr Tracker PDA account (the one that signed the + /// 2. [] Verifier Setr Tracker PDA account (the one that signed the /// ExecuteData) - /// 4. [WRITE, SIGNER] new uninitialized VerifierSetTracker PDA account (the + /// 3. [WRITE, SIGNER] new uninitialized VerifierSetTracker PDA account (the /// one that needs to be initialized) - /// 5. [WRITE, SIGNER] Funding account for the new VerifierSetTracker PDA - /// 6. [] System Program account - /// 7. Opional: [SIGNER] `Operator` that's stored in the gateway confi PDA. + /// 4. [WRITE, SIGNER] Funding account for the new VerifierSetTracker PDA + /// 5. [] System Program account + /// 6. Optional: [SIGNER] `Operator` that's stored in the gateway config PDA. RotateSigners, /// Represents the `CallContract` Axelar event. @@ -283,7 +281,6 @@ pub fn approve_messages( pub fn rotate_signers( execute_data_account: Pubkey, gateway_root_pda: Pubkey, - command_account: Pubkey, operator: Option, current_verifier_set_tracker_pda: Pubkey, new_verifier_set_tracker_pda: Pubkey, @@ -294,7 +291,6 @@ pub fn rotate_signers( let mut accounts = vec![ AccountMeta::new(gateway_root_pda, false), AccountMeta::new_readonly(execute_data_account, false), - AccountMeta::new(command_account, false), AccountMeta::new_readonly(current_verifier_set_tracker_pda, false), AccountMeta::new(new_verifier_set_tracker_pda, false), AccountMeta::new(payer, true), diff --git a/solana/programs/gateway/src/processor/rotate_signers.rs b/solana/programs/gateway/src/processor/rotate_signers.rs index 3eec4e8..579579f 100644 --- a/solana/programs/gateway/src/processor/rotate_signers.rs +++ b/solana/programs/gateway/src/processor/rotate_signers.rs @@ -12,11 +12,10 @@ use solana_program::sysvar::Sysvar; use super::Processor; use crate::axelar_auth_weighted::SignerSetMetadata; -use crate::commands::ArchivedCommand; use crate::events::GatewayEvent; use crate::state::execute_data::{ArchivedGatewayExecuteData, RotateSignersVariant}; use crate::state::verifier_set_tracker::VerifierSetTracker; -use crate::state::{GatewayApprovedCommand, GatewayConfig}; +use crate::state::{GatewayConfig}; use crate::{assert_valid_verifier_set_tracker_pda, seed_prefixes}; impl Processor { @@ -37,7 +36,6 @@ impl Processor { let mut accounts_iter = accounts.iter(); let gateway_root_pda = next_account_info(&mut accounts_iter)?; let gateway_approve_messages_execute_data_pda = next_account_info(&mut accounts_iter)?; - let message_account = next_account_info(&mut accounts_iter)?; let signer_verifier_set = next_account_info(&mut accounts_iter)?; let new_empty_verifier_set = next_account_info(&mut accounts_iter)?; let payer = next_account_info(&mut accounts_iter)?; @@ -82,16 +80,6 @@ impl Processor { }; let new_verifier_set = &execute_data.data; - let command = ArchivedCommand::from(new_verifier_set); - - let approved_command_account = message_account - .as_ref() - .check_initialized_pda::(program_id)? - .command_valid_and_pending(gateway_root_pda.key, &command, message_account)? - .ok_or_else(|| { - msg!("Command already executed"); - ProgramError::InvalidArgument - })?; // Check: proof signer set is known. let signer_data = gateway_config @@ -124,10 +112,7 @@ impl Processor { gateway_config.auth_weighted.last_rotation_timestamp = current_time; - // Save the updated approved message account - let mut data = message_account.try_borrow_mut_data()?; - approved_command_account.pack_into_slice(&mut data); - + // Rotate the signers let new_verifier_set_tracker = match gateway_config.rotate_signers(new_verifier_set) { Ok(new_verifier_set_tracker) => new_verifier_set_tracker, Err(err) => { diff --git a/solana/programs/gateway/tests/module/rotate_signers.rs b/solana/programs/gateway/tests/module/rotate_signers.rs index 0149b8e..fa85576 100644 --- a/solana/programs/gateway/tests/module/rotate_signers.rs +++ b/solana/programs/gateway/tests/module/rotate_signers.rs @@ -12,7 +12,7 @@ use test_fixtures::test_setup::{ }; use crate::{ - get_approved_command, get_gateway_events, get_gateway_events_from_execute_data, make_messages, + get_gateway_events, get_gateway_events_from_execute_data, make_messages, make_payload_and_commands, }; @@ -44,18 +44,12 @@ async fn successfully_rotates_signers() { let (execute_data_pda, _) = fixture .init_execute_data(&gateway_root_pda, payload, &signers, &domain_separator) .await; - let gateway_approved_command_pda = fixture - .init_pending_gateway_commands(&gateway_root_pda, &command) - .await - .pop() - .unwrap(); // Action let tx = fixture .rotate_signers_with_metadata( &gateway_root_pda, &execute_data_pda, - &gateway_approved_command_pda, &signers.verifier_set_tracker(), &new_signer_set.verifier_set_tracker(), ) @@ -73,10 +67,6 @@ async fn successfully_rotates_signers() { assert_eq!(actual, expected); } - // - command PDAs get updated - let approved_command = get_approved_command(&mut fixture, &gateway_approved_command_pda).await; - assert!(approved_command.is_command_executed()); - // - signers have been updated let root_pda_data = fixture .get_account::(&gateway_root_pda, &gmp_gateway::ID) @@ -197,17 +187,11 @@ async fn succeed_if_signer_set_signed_by_old_signer_set_and_submitted_by_the_ope let (execute_data_pda, _) = fixture .init_execute_data(&gateway_root_pda, payload, &signers, &domain_separator) .await; - let rotate_signers_command_pda = fixture - .init_pending_gateway_commands(&gateway_root_pda, &command) - .await - .pop() - .unwrap(); // Action let ix = gmp_gateway::instructions::rotate_signers( execute_data_pda, gateway_root_pda, - rotate_signers_command_pda, Some(operator.pubkey()), signers.verifier_set_tracker(), newer_signer_set.verifier_set_tracker(), @@ -232,10 +216,6 @@ async fn succeed_if_signer_set_signed_by_old_signer_set_and_submitted_by_the_ope assert_eq!(actual, expected); } - // - command PDAs get updated - let approved_command = get_approved_command(&mut fixture, &rotate_signers_command_pda).await; - assert!(approved_command.is_command_executed()); - // - signers have been updated let root_pda_data = fixture .get_account::(&gateway_root_pda, &gmp_gateway::ID) @@ -274,24 +254,18 @@ async fn fail_if_provided_operator_is_not_the_real_operator_thats_stored_in_gate .await; let newer_signer_set = make_signers(&[500, 200], 700); - let (payload, command) = payload_and_command(&newer_signer_set.verifier_set()); + let (payload, ..) = payload_and_command(&newer_signer_set.verifier_set()); // we stil use the initial signer set to sign the data (the `signers` variable) let (execute_data_pda, _) = fixture .init_execute_data(&gateway_root_pda, payload, &signers, &domain_separator) .await; - let rotate_signers_command_pda = fixture - .init_pending_gateway_commands(&gateway_root_pda, &command) - .await - .pop() - .unwrap(); // Action let fake_operator = Keypair::new(); let ix = gmp_gateway::instructions::rotate_signers( execute_data_pda, gateway_root_pda, - rotate_signers_command_pda, Some(fake_operator.pubkey()), // `stranger_danger` in place of the expected `operator` signers.verifier_set_tracker(), newer_signer_set.verifier_set_tracker(), @@ -335,7 +309,7 @@ async fn fail_if_operator_is_not_using_pre_registered_signer_set() { // generate a new random operator set to be used (do not register it) let new_signer_set = make_signers(&[500, 200], 1); let random_signer_set = make_signers(&[11], 54); - let (payload, command) = payload_and_command(&new_signer_set.verifier_set()); + let (payload, ..) = payload_and_command(&new_signer_set.verifier_set()); // using `new_signers` which is the cause of the failure let (execute_data_pda, _) = fixture @@ -346,17 +320,11 @@ async fn fail_if_operator_is_not_using_pre_registered_signer_set() { &domain_separator, ) .await; - let rotate_signers_command_pda = fixture - .init_pending_gateway_commands(&gateway_root_pda, &command) - .await - .pop() - .unwrap(); // Action let ix = gmp_gateway::instructions::rotate_signers( execute_data_pda, gateway_root_pda, - rotate_signers_command_pda, Some(operator.pubkey()), random_signer_set.verifier_set_tracker(), new_signer_set.verifier_set_tracker(), @@ -587,22 +555,16 @@ async fn fail_on_rotate_signers_if_new_ops_len_is_zero() { .await; let new_signer_set = make_signers(&[], 1); - let (payload, command) = payload_and_command(&new_signer_set.verifier_set()); + let (payload, ..) = payload_and_command(&new_signer_set.verifier_set()); let (execute_data_pda, _) = fixture .init_execute_data(&gateway_root_pda, payload, &signers, &domain_separator) .await; // Action - let gateway_approved_command_pdas = fixture - .init_pending_gateway_commands(&gateway_root_pda, &command) - .await - .pop() - .unwrap(); let tx = fixture .rotate_signers_with_metadata( &gateway_root_pda, &execute_data_pda, - &gateway_approved_command_pdas, &signers.verifier_set_tracker(), &new_signer_set.verifier_set_tracker(), )