Guibescos/executor (#283)

* Start anchor program

* pythnet folder

* Renames

* Implement processor

* Comments

* More comments

* Bump anchor

* Use new version of the wormhole package

* Get Solana chain id from wormhole core

* Pythnet bridge address

* Remove comment

* Fix borsh headers

Author: guibescos

pythnet/remote-executor/Cargo.lock

@@ -19,4 +19,6 @@ default = []
 overflow-checks = true
 
 [dependencies]
-anchor-lang = "0.24.2"
+anchor-lang = {version = "0.25.0", features = ["init-if-needed"]}
+wormhole-solana = { git = "https://github.com/guibescos/wormhole", branch = "gbescos/sdk-solana"}
+wormhole-core = { git = "https://github.com/guibescos/wormhole", branch = "gbescos/sdk-solana"}

pythnet/remote-executor/programs/remote-executor/Cargo.toml

@@ -0,0 +1,12 @@
+
+use anchor_lang::prelude::*;
+
+#[error_code]
+pub enum ExecutorError {
+    EmitterChainNotSolana,
+    NonIncreasingSequence,
+    GovernanceHeaderInvalidMagicNumber,
+    GovernanceHeaderInvalidModule,
+    GovernanceHeaderInvalidAction,
+    GovernanceHeaderInvalidReceiverChain
+}

pythnet/remote-executor/programs/remote-executor/src/error.rs

@@ -1,15 +1,61 @@
-use anchor_lang::prelude::*;
+#![deny(warnings)]
+
+use anchor_lang::{prelude::*, solana_program::borsh::get_packed_len};
+use state::{claim_record::ClaimRecord, posted_vaa::AnchorVaa};
+
+mod state;
+mod error;
 
 declare_id!("Fg6PaFpoGXkYsidMpWTK6W2BeZ7FEfcYkg476zPFsLnS");
 
 #[program]
 pub mod remote_executor {
+    use anchor_lang::solana_program::{program::invoke_signed, instruction::Instruction};
+    use wormhole::Chain::{Solana, self};
+
+    use crate::{state::{governance_payload::ExecutorPayload}, error::ExecutorError};
+
     use super::*;
 
     pub fn execute_posted_vaa(ctx: Context<ExecutePostedVaa>) -> Result<()> {
+        let posted_vaa = &ctx.accounts.posted_vaa;
+        let claim_record = &mut ctx.accounts.claim_record;
+        assert_or_err(Chain::from(posted_vaa.emitter_chain) == Solana, err!(ExecutorError::EmitterChainNotSolana))?;
+        assert_or_err(posted_vaa.sequence > claim_record.sequence, err!(ExecutorError::NonIncreasingSequence))?;
+        claim_record.sequence = posted_vaa.sequence;
+
+        let payload = ExecutorPayload::try_from_slice(&posted_vaa.payload)?;
+        payload.check_header()?;
+        
+        for instruction in payload.instructions.iter().map(Instruction::from) {
+            // TO DO: We currently pass `remaining_accounts` down to the CPIs, is there a more efficient way to do it?
+            invoke_signed(&instruction, ctx.remaining_accounts, &[&[EXECUTOR_KEY_SEED.as_bytes(), &posted_vaa.emitter_address, &[*ctx.bumps.get("executor_key").unwrap()]]])?;
+        }
         Ok(())
     }
 }
 
+const EXECUTOR_KEY_SEED : &str = "EXECUTOR_KEY";
+const CLAIM_RECORD_SEED : &str = "CLAIM_RECORD";
+
+
 #[derive(Accounts)]
-pub struct ExecutePostedVaa {}
+pub struct ExecutePostedVaa<'info> {
+    #[account(mut)]
+    pub payer : Signer<'info>,
+    pub posted_vaa : Account<'info, AnchorVaa>,
+    #[account(seeds = [EXECUTOR_KEY_SEED.as_bytes(), &posted_vaa.emitter_address], bump)]
+    pub executor_key : UncheckedAccount<'info>,
+    /// The reason claim record is separated from executor_key is that executor key might need to pay in the CPI, so we want it to be a wallet
+    #[account(init_if_needed, space = 8 + get_packed_len::<ClaimRecord>(), payer=payer, seeds = [CLAIM_RECORD_SEED.as_bytes(), &posted_vaa.emitter_address], bump)]
+    pub claim_record : Account<'info, ClaimRecord>,
+    pub system_program: Program<'info, System>
+}
+
+pub fn assert_or_err(condition : bool, error : Result<()>) -> Result<()>{
+    if !condition {
+        error
+    } else {
+        Result::Ok(())
+    }
+}

pythnet/remote-executor/programs/remote-executor/src/lib.rs

@@ -0,0 +1,10 @@
+use anchor_lang::prelude::*;
+use anchor_lang::account;
+use anchor_lang::prelude::borsh::BorshSchema;
+
+#[account]
+#[derive(Default, BorshSchema)]
+/// This struct records 
+pub struct ClaimRecord{
+    pub sequence : u64 
+}

pythnet/remote-executor/programs/remote-executor/src/state/claim_record.rs

@@ -0,0 +1,125 @@
+use std::{ops::Deref, mem::size_of, io::ErrorKind};
+
+use anchor_lang::{prelude::*, solana_program::instruction::Instruction};
+use wormhole::Chain;
+
+use crate::{assert_or_err, error::ExecutorError};
+
+pub const MAGIC_NUMBER : u32 = 0x4d475450; // Reverse order of the solidity contract because borsh uses little endian numbers
+
+#[derive(AnchorDeserialize, AnchorSerialize)]
+pub struct ExecutorPayload{
+    pub header : GovernanceHeader,
+    pub instructions: Vec<InstructionData>,
+
+}
+
+#[derive(AnchorDeserialize, AnchorSerialize, PartialEq)]
+pub enum Module {
+    Executor = 0,
+    Target 
+}
+
+#[derive(AnchorDeserialize, AnchorSerialize, PartialEq)]
+pub enum Action {
+    ExecutePostedVaa = 0,
+}
+
+
+/// The Governance Header format for pyth governance messages is the following:
+/// - A 4 byte magic number `['P','T','G','M']`
+/// - A one byte module variant (0 for Executor and 1 for Target contracts)
+/// - A one byte action variant (for Executor only 0 is currently valid)
+/// - A bigendian 2 bytes u16 chain id
+#[derive(AnchorDeserialize, AnchorSerialize)]
+pub struct GovernanceHeader {
+    pub magic_number : u32,
+    pub module : Module,
+    pub action : Action,
+    pub chain : BigEndianU16
+}
+
+/// Hack to get Borsh to deserialize, serialize this number with big endian order
+pub struct BigEndianU16{
+    pub value : u16
+}
+
+impl AnchorDeserialize for BigEndianU16 {
+    fn deserialize(buf: &mut &[u8]) -> std::result::Result<BigEndianU16, std::io::Error> {
+        if buf.len() < size_of::<u16>() {
+            return Err(std::io::Error::new(
+                ErrorKind::InvalidInput,
+                "Unexpected length of input",
+            ));
+        }
+        let res = u16::from_be_bytes(buf[..size_of::<u16>()].try_into().unwrap());
+        *buf = &buf[size_of::<u16>()..];
+        Ok(BigEndianU16{ value:res})
+    }
+}
+
+impl AnchorSerialize for BigEndianU16 {
+    fn serialize<W: std::io::Write>(&self, writer: &mut W) -> std::io::Result<()> {
+        writer.write_all(&self.to_be_bytes())
+    }
+}
+
+impl Deref for BigEndianU16 {
+    type Target = u16;
+
+    fn deref(&self) -> &Self::Target {
+        &self.value
+    }
+}
+
+/// InstructionData wrapper. It can be removed once Borsh serialization for Instruction is supported in the SDK
+#[derive(Clone, Debug, PartialEq, Eq, AnchorDeserialize, AnchorSerialize)]
+pub struct InstructionData {
+    /// Pubkey of the instruction processor that executes this instruction
+    pub program_id: Pubkey,
+    /// Metadata for what accounts should be passed to the instruction processor
+    pub accounts: Vec<AccountMetaData>,
+    /// Opaque data passed to the instruction processor
+    pub data: Vec<u8>,
+}
+
+/// Account metadata used to define Instructions
+#[derive(Clone, Debug, PartialEq, Eq, AnchorDeserialize, AnchorSerialize)]
+pub struct AccountMetaData {
+    /// An account's public key
+    pub pubkey: Pubkey,
+    /// True if an Instruction requires a Transaction signature matching `pubkey`.
+    pub is_signer: bool,
+    /// True if the `pubkey` can be loaded as a read-write account.
+    pub is_writable: bool,
+}
+
+impl From<&InstructionData> for Instruction {
+    fn from(instruction: &InstructionData) -> Self {
+        Instruction {
+            program_id: instruction.program_id,
+            accounts: instruction
+                .accounts
+                .iter()
+                .map(|a| AccountMeta {
+                    pubkey: a.pubkey,
+                    is_signer: a.is_signer,
+                    is_writable: a.is_writable,
+                })
+                .collect(),
+            data: instruction.data.clone(),
+        }
+    }
+}
+
+impl ExecutorPayload {
+    const MODULE : Module = Module::Executor;
+    const ACTION : Action = Action::ExecutePostedVaa;
+
+    pub fn check_header(&self) -> Result<()>{
+        assert_or_err(self.header.magic_number == MAGIC_NUMBER, err!(ExecutorError::GovernanceHeaderInvalidMagicNumber))?;
+        assert_or_err(self.header.module == ExecutorPayload::MODULE, err!(ExecutorError::GovernanceHeaderInvalidMagicNumber))?;
+        assert_or_err(self.header.action == ExecutorPayload::ACTION, err!(ExecutorError::GovernanceHeaderInvalidMagicNumber))?;
+        assert_or_err(Chain::from(self.header.chain.value) == Chain::Pythnet, err!(ExecutorError::GovernanceHeaderInvalidMagicNumber))
+    }
+}

pythnet/remote-executor/programs/remote-executor/src/state/governance_payload.rs

@@ -0,0 +1,3 @@
+pub mod claim_record;
+pub mod posted_vaa;
+pub mod governance_payload;

pythnet/remote-executor/programs/remote-executor/src/state/mod.rs

@@ -0,0 +1,43 @@
+use std::{io::Write, str::FromStr, ops::Deref};
+use anchor_lang::prelude::*;
+use wormhole_solana::VAA;
+
+impl Owner for AnchorVaa {
+    fn owner() -> Pubkey{
+        Pubkey::from_str("H3fxXJ86ADW2PNuDDmZJg6mzTtPxkYCpNuQUTgmJ7AjU").unwrap() // Pythnet bridge address
+    }
+}
+
+impl AccountDeserialize for AnchorVaa {
+    // Manual implementation because this account does not have an anchor discriminator
+    fn try_deserialize(buf: &mut &[u8]) -> anchor_lang::Result<Self> {
+        Self::try_deserialize_unchecked(buf)
+    }
+
+    // Manual implementation because this account does not have an anchor discriminator
+    fn try_deserialize_unchecked(buf: &mut &[u8]) -> Result<Self> {   
+        AnchorDeserialize::deserialize(buf)
+        .map_err(|_| anchor_lang::error::ErrorCode::AccountDidNotDeserialize.into())
+    }
+}
+
+impl AccountSerialize for AnchorVaa {
+    // Make this fail, this is readonly VAA it should never be serialized by this program
+    fn try_serialize<W: Write>(&self, _writer: &mut W) -> Result<()> {
+        return Err(anchor_lang::error::ErrorCode::AccountDidNotSerialize.into());
+    }
+}
+
+impl Deref for AnchorVaa {
+    type Target = VAA;
+
+    fn deref(&self) -> &Self::Target {
+        &self.vaa
+    }
+}
+
+
+#[derive(Clone, AnchorDeserialize, AnchorSerialize)]
+pub struct AnchorVaa{
+    pub vaa : VAA
+}