diff --git a/dymension/VALIDATOR.md b/dymension/VALIDATOR.md deleted file mode 100644 index a51d71f4eb8..00000000000 --- a/dymension/VALIDATOR.md +++ /dev/null @@ -1,64 +0,0 @@ -# Validator instructions for HL based bridges between Dymension <-> Other chains - -Dymension has bridges between - -- Kaspa <-> Dymension -- Ethereum <-> Dymension -- Solana <-> Dymension -- (soon) Base <-> Dymension -- (soon) Binance <-> Dymension - -There are two distinct technologies: - -1. Custom HL based bridge between Kaspa <-> Dymension -2. Vanilla HL bridge between the other chains and Dymension - -A 'validator' actor can - -1. Validate the Kaspa <-> Dymension bridge -2. Validate Dymension chain, for purposes of minting tokens on Ethereum/Solana/Base/Binance - -These are two DISTINCT activities and not related at all. - -## Kaspa <-> Dymension - -N validators are needed. Each validator is responsible for TWO things - -1. Mint wKAS on Dymension -2. Spend escrowed KAS on Kaspa - -This requires exactly TWO key pairs. The first is an Ethereum _type_ key, used to sign a multisig processed by Dymension chain logic. The second is a Kaspa key, used to sign a multisig processed by Kaspa network. The first key can be generated inside AWS KMS. The second key can be securely generated and used by a combination of KMS and Secret Manager. - -Both keys must be very secure because they control funds. - -See [../kaspa/../VALIDATOR.md](./libs/kaspa/ops/validator/VALIDATOR.md) for full instructions on validating Kaspa <-> Dymension bridge. - -## Ethereum/Solana/Base/Binance <-> Dymension - -Vanilla HL tech works by having 'validators' observe merkle roots on a SINGLE chain. Therefore for the bridges, there are FIVE different sets of validators. - -1. Dymension -2. Ethereum -3. Solana -4. Base -5. Binance - -The validator sets for Ethereum/Solana/Base/Binance are large and already exist. We will choose a secure subset to process inbound messages from these chains on Dymension. - -For Blumbus, Dymension team and partners will run N validators for Dymension Blumbus chain; each validator is responsible for TWO things - -1. Observing Dymension chain HL mailbox entity merkle root, and signing a digest for it and posting the digest to a public S3 bucket -2. Announcing the S3 bucket path on Dymension chain state in a bookkeeping entity - -This requires exactly TWO key pairs. The first is an _Ethereum type_ key, used to sign the merkle root digests. The second is a Cosmos-SDK key, used to sign a one-time transaction (or more if needing to update later) to announce the S3 bucket path. - -The first key must be very secure, it controls funds. The second key is not so important: if it is leaked, funds are not at risk. - -HL already has comprehensive docs on setting up this kind of validator - -- [HL doc run validators](https://docs.hyperlane.xyz/docs/operate/validators/run-validators) - - -## Addendum: practical setup - -For Blumbus, each of our real life operators will run BOTH types of validator. \ No newline at end of file diff --git a/dymension/libs/kaspa/ops/validator/VALIDATOR.md b/dymension/libs/kaspa/ops/validator/VALIDATOR.md deleted file mode 100644 index 90bdcdae305..00000000000 --- a/dymension/libs/kaspa/ops/validator/VALIDATOR.md +++ /dev/null @@ -1,134 +0,0 @@ -# How to be a Kaspa bridge validator - -## Key Generation - -TODO: art complete - -## Config - -The validator uses AWS Secrets Manager and KMS for secure key management. To configure the agent to use the key, edit your agent-config.json template: - -```json -{ - "chains": { - "kaspatest10": { - "kaspaKey": { - "type": "aws", - "secretId": "kaspa-validator-escrow-key", - "kmsKeyId": "", - "region": "eu-central-1" - } - } - }, -} -``` - -Ensure your AWS credentials are configured with IAM permissions for: - -- `secretsmanager:GetSecretValue` on the secret -- `kms:Decrypt` on the KMS key - -Set AWS credentials as environment variables: - -```bash -export AWS_ACCESS_KEY_ID= -export AWS_SECRET_ACCESS_KEY= -export AWS_REGION= -``` - -## Running - -Copy the dummy kaspa.mainnet.wallet to ~/.kaspa/kaspa.wallet: `cp ~/.kaspa/kaspa.wallet. This wallet is just to stop the Kaspa client crashing. Signing uses the validator_escrow_secret generated before. - -Make a database directory in place of your choosing - -### Build - -```bash -# in hyperlane-monorepo/rust/main -cd ${HOME}/hyperlane-monorepo/rust/main -cargo build --release --bin validator -``` - -### Setup Environment Variables - -```bash -export CONFIG_FILES= -export DB_VALIDATOR= -export ORIGIN_CHAIN=kaspatest10 # or mainnet -``` - -### Option 1: Run with systemd (recommended) - -```bash -# Create systemd service -sudo tee </dev/null /etc/systemd/system/validator.service -[Unit] -Description=Kaspa Bridge Validator -After=network-online.target -[Service] -WorkingDirectory=${HOME}/hyperlane-monorepo/rust/main -User=$USER -Environment="CONFIG_FILES=${CONFIG_FILES}" -ExecStart=${HOME}/hyperlane-monorepo/rust/main/target/release/validator \ ---db ${DB_VALIDATOR} \ ---originChainName ${ORIGIN_CHAIN} \ ---reorgPeriod 1 \ ---checkpointSyncer.type localStorage \ ---checkpointSyncer.path ARBITRARY_VALUE_FOOBAR \ ---metrics-port 9090 \ ---log.level info -Restart=on-failure -RestartSec=10 -LimitNOFILE=65535 -[Install] -WantedBy=multi-user.target -EOF - -# Reload systemd and start the service -sudo systemctl daemon-reload -sudo systemctl enable validator -sudo systemctl start validator - -# View logs -journalctl -u validator -f -o cat -``` - -### Option 2: Run with tmux - -```bash -tmux -echo $DB_VALIDATOR && echo $CONFIG_FILES && sleep 3s -cd ${HOME}/hyperlane-monorepo/rust/main -./target/release/validator \ ---db $DB_VALIDATOR \ ---originChainName $ORIGIN_CHAIN \ ---reorgPeriod 1 \ ---checkpointSyncer.type localStorage \ ---checkpointSyncer.path ARBITRARY_VALUE_FOOBAR \ ---metrics-port 9090 \ ---log.level info -``` - -### Managing the systemd Service - -```bash -# Check status -sudo systemctl status validator - -# Restart -sudo systemctl restart validator - -# Stop -sudo systemctl stop validator - -# Disable autostart -sudo systemctl disable validator - -# View logs -journalctl -u validator -f -o cat -``` - -## Exposure - -Make sure 9090 or whatever chosen metrics-port is exposed and tell Dymension team. Your validator will answer queries at that port. diff --git a/dymension/libs/kaspa/ops/validator/agent-config.example.json b/dymension/libs/kaspa/ops/validator/agent-config.example.json deleted file mode 100644 index 0fa36a91a04..00000000000 --- a/dymension/libs/kaspa/ops/validator/agent-config.example.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "chains": { - "kaspatest10": { - "protocol": "kaspa", - "name": "kaspatest10", - "domainId": 80808082, - "interchainGasPaymaster": "0x0000000000000000000000000000000000000000000000000000000000000000", - "mailbox": "0x0000000000000000000000000000000000000000000000000000000000000000", - "merkleTreeHook": "0x0000000000000000000000000000000000000000000000000000000000000000", - "validatorAnnounce": "0x0000000000000000000000000000000000000000000000000000000000000000", - "maxBatchSize": 100, - "maxSubmitQueueLength": 100, - "bypassBatchSimulation": false, - "rpcUrls": [ - { - "http": "https://www.google.com" - } - ], - "walletSecret": "lkjsdf", - "kaspaUrlsWrpc": "api-kaspa.mzonder.com:17210", - "kaspaUrlsRest": "https://kaspa-testnet-rest.mzonder.com", - "validatorHosts": "", - "validatorPubsKaspa": "03529874e54a18c55cc7abd82d7f6abdf15537c0cdd50aade37c2db439a0cdbb8f,03c7e58d05924a65ea82cf127eb48e45c6bc9efb8d6cc8a95bef47f2e65162279a,0365813a1769cb4aacab63fb195a4efbaf604f4c0555793d85d1481e9de3630c0b,022783625394e0c37fb2effa6d10ff66fc8633867ac66d6dd1e01b5d458c35df21,03aed2bf48bd81d4e1545d3999122fe66c426d7d32f33d51e83dbd068bd0963ac4,029866afb3a3a9df5bcb7eab9cc09fbc1bd702c4a75be7988732c99bd405d7048b,02fc18cfae9c1b8b1bbf26e5e8bf3f23b3589c132a5c5ec42df4f225f6468fb017,03a840222a77015d05276ada187d2a761a81709b913bb795b539e42d61323a4f99", - "kaspaMultisigThresholdHubIsm": 6, - "kaspaMultisigThresholdEscrow": 6, - "kaspaMinDepositSompi": 4000000000, - "hubMailboxId": "0x68797065726c616e650000000000000000000000000000000000000000000000", - "depositLookBackMins": 3, - "validateDeposit": true, - "validateWithdrawal": true, - "validateWithdrawalConfirmation": true, - "hubDomain": 1260813473, - "hubTokenId": "0x726f757465725f61707000000000000000000000000000020000000000000000", - "kasDomain": 80808082, - "kasTokenId": "0x0000000000000000000000000000000000000000000000000000000000000000", - "grpcUrls": [ - { - "http": "https://grpc-dymension-playground35.mzonder.com:443" - } - ], - "kaspaKey": { - "type": "aws", - "secretId": "<...>", - "kmsKeyId": "", - "region": "eu-central-1" - } - } - }, - "defaultRpcConsensusType": "fallback", - "origin_chains": [ - "kaspatest10", - "dymension" - ], - "destination_chains": [ - "kaspatest10", - "dymension" - ], - "validator": { - "id": "arn:aws:kms:eu-central-1:119065360830:key/90af7a9c-bd26-4e09-842b-3e6c236113f8", - "type": "aws", - "region": "eu-central-1" - } -} \ No newline at end of file