[entropy] First cut at EVM executor (#1148)

jayantk · web-flow · commit da72b6e250f1 · 2023-11-27T06:45:43.000-08:00
* executor

* executor tests

* basic test works

* cleanup

* cleanup

* fix ci
diff --git a/target_chains/ethereum/contracts/contracts/executor/Executor.sol b/target_chains/ethereum/contracts/contracts/executor/Executor.sol
@@ -0,0 +1,164 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.12;
+
+import "../pyth/PythGovernanceInstructions.sol";
+import "../wormhole/interfaces/IWormhole.sol";
+import "./ExecutorErrors.sol";
+
+contract Executor {
+    using BytesLib for bytes;
+
+    // Magic is `PTGM` encoded as a 4 byte data: Pyth Governance Message
+    // TODO: it's annoying that we can't import this from PythGovernanceInstructions
+    uint32 constant MAGIC = 0x5054474d;
+
+    PythGovernanceInstructions.GovernanceModule constant MODULE =
+        PythGovernanceInstructions.GovernanceModule.EvmExecutor;
+
+    // Instruction indicating that the executor contract on
+    // targetChainId at executorAddress should call the contract at callAddress
+    // with the provided callData
+    struct GovernanceInstruction {
+        PythGovernanceInstructions.GovernanceModule module;
+        ExecutorAction action;
+        uint16 targetChainId;
+        // The address of the specific executor that should perform the call.
+        // This argument is included to support multiple Executors on the same blockchain.
+        address executorAddress;
+        address callAddress;
+        bytes callData;
+    }
+
+    // We have different actions here for potential future extensibility
+    enum ExecutorAction {
+        // TODO: add an instruction to change the governance data source.
+        Execute // 0
+    }
+
+    IWormhole private wormhole;
+    uint64 private lastExecutedSequence;
+    uint16 private chainId;
+
+    uint16 private ownerEmitterChainId;
+    bytes32 private ownerEmitterAddress;
+
+    constructor(
+        address _wormhole,
+        uint64 _lastExecutedSequence,
+        uint16 _chainId,
+        uint16 _ownerEmitterChainId,
+        bytes32 _ownerEmitterAddress
+    ) {
+        wormhole = IWormhole(_wormhole);
+        lastExecutedSequence = _lastExecutedSequence;
+        chainId = _chainId;
+        ownerEmitterChainId = _ownerEmitterChainId;
+        ownerEmitterAddress = _ownerEmitterAddress;
+    }
+
+    // Execute the contract call in the provided wormhole message.
+    // The argument should be the bytes of a valid wormhole message
+    // whose payload is a serialized GovernanceInstruction.
+    function execute(
+        bytes memory encodedVm
+    ) public returns (bytes memory response) {
+        IWormhole.VM memory vm = verifyGovernanceVM(encodedVm);
+
+        GovernanceInstruction memory gi = parseGovernanceInstruction(
+            vm.payload
+        );
+
+        if (gi.targetChainId != chainId && gi.targetChainId != 0)
+            revert ExecutorErrors.InvalidGovernanceTarget();
+
+        if (
+            gi.action != ExecutorAction.Execute ||
+            gi.executorAddress != address(this)
+        ) revert ExecutorErrors.DeserializationError();
+
+        bool success;
+        (success, response) = address(gi.callAddress).call(gi.callData);
+
+        // Check if the call was successful or not.
+        if (!success) {
+            // If there is return data, the delegate call reverted with a reason or a custom error, which we bubble up.
+            if (response.length > 0) {
+                // The first word of response is the length, so when we call revert we add 1 word (32 bytes)
+                // to give the pointer to the beginning of the revert data and pass the size as the second argument.
+                assembly {
+                    let returndata_size := mload(response)
+                    revert(add(32, response), returndata_size)
+                }
+            } else {
+                revert ExecutorErrors.ExecutionReverted();
+            }
+        }
+    }
+
+    /// @dev Called when `msg.value` is not zero and the call data is empty.
+    receive() external payable {}
+
+    // Check that the encoded VM is a valid wormhole VAA from the correct emitter
+    // and with a sufficiently recent sequence number.
+    function verifyGovernanceVM(
+        bytes memory encodedVM
+    ) internal returns (IWormhole.VM memory parsedVM) {
+        (IWormhole.VM memory vm, bool valid, ) = wormhole.parseAndVerifyVM(
+            encodedVM
+        );
+
+        if (!valid) revert ExecutorErrors.InvalidWormholeVaa();
+
+        if (
+            vm.emitterChainId != ownerEmitterChainId ||
+            vm.emitterAddress != ownerEmitterAddress
+        ) revert ExecutorErrors.UnauthorizedEmitter();
+
+        if (vm.sequence <= lastExecutedSequence)
+            revert ExecutorErrors.MessageOutOfOrder();
+
+        lastExecutedSequence = vm.sequence;
+
+        return vm;
+    }
+
+    /// @dev Parse a GovernanceInstruction
+    function parseGovernanceInstruction(
+        bytes memory encodedInstruction
+    ) public pure returns (GovernanceInstruction memory gi) {
+        uint index = 0;
+
+        uint32 magic = encodedInstruction.toUint32(index);
+
+        if (magic != MAGIC) revert ExecutorErrors.DeserializationError();
+
+        index += 4;
+
+        uint8 modNumber = encodedInstruction.toUint8(index);
+        gi.module = PythGovernanceInstructions.GovernanceModule(modNumber);
+        index += 1;
+
+        if (gi.module != MODULE) revert PythErrors.InvalidGovernanceTarget();
+
+        uint8 actionNumber = encodedInstruction.toUint8(index);
+        gi.action = ExecutorAction(actionNumber);
+        index += 1;
+
+        gi.targetChainId = encodedInstruction.toUint16(index);
+        index += 2;
+
+        gi.executorAddress = encodedInstruction.toAddress(index);
+        index += 20;
+
+        gi.callAddress = encodedInstruction.toAddress(index);
+        index += 20;
+
+        // As solidity performs math operations in a checked mode
+        // if the length of the encoded instruction be smaller than index
+        // it will revert. So we don't need any extra check.
+        gi.callData = encodedInstruction.slice(
+            index,
+            encodedInstruction.length - index
+        );
+    }
+}
diff --git a/target_chains/ethereum/contracts/contracts/executor/ExecutorErrors.sol b/target_chains/ethereum/contracts/contracts/executor/ExecutorErrors.sol
@@ -0,0 +1,17 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.0;
+
+library ExecutorErrors {
+    // The provided message is not a valid Wormhole VAA.
+    error InvalidWormholeVaa();
+    // The message is coming from an emitter that is not authorized to use this contract.
+    error UnauthorizedEmitter();
+    // The sequence number of the provided message is before the last executed message.
+    error MessageOutOfOrder();
+    // The call to the provided contract executed without providing its own error.
+    error ExecutionReverted();
+    // The message could not be deserialized into an instruction
+    error DeserializationError();
+    // The message is not intended for this contract.
+    error InvalidGovernanceTarget();
+}
diff --git a/target_chains/ethereum/contracts/contracts/pyth/PythGovernanceInstructions.sol b/target_chains/ethereum/contracts/contracts/pyth/PythGovernanceInstructions.sol
@@ -19,7 +19,8 @@ contract PythGovernanceInstructions {
 
     enum GovernanceModule {
         Executor, // 0
-        Target // 1
+        Target, // 1
+        EvmExecutor // 2
     }
 
     GovernanceModule constant MODULE = GovernanceModule.Target;
diff --git a/target_chains/ethereum/contracts/forge-test/Executor.t.sol b/target_chains/ethereum/contracts/forge-test/Executor.t.sol
@@ -0,0 +1,100 @@
+// SPDX-License-Identifier: Apache 2
+
+pragma solidity ^0.8.12;
+
+import "forge-std/Test.sol";
+import "@pythnetwork/entropy-sdk-solidity/EntropyStructs.sol";
+import "../contracts/executor/Executor.sol";
+import "./utils/WormholeTestUtils.t.sol";
+
+contract ExecutorTest is Test, WormholeTestUtils {
+    Wormhole public wormhole;
+    Executor public executor;
+    TestCallable public callable;
+
+    uint16 OWNER_CHAIN_ID = 7;
+    bytes32 OWNER_EMITTER = bytes32(uint256(1));
+
+    uint8 NUM_SIGNERS = 1;
+
+    function setUp() public {
+        address _wormhole = setUpWormholeReceiver(NUM_SIGNERS);
+        executor = new Executor(
+            _wormhole,
+            0,
+            CHAIN_ID,
+            OWNER_CHAIN_ID,
+            OWNER_EMITTER
+        );
+        callable = new TestCallable();
+    }
+
+    function testExecute(
+        address callAddress,
+        bytes memory callData,
+        uint64 sequence
+    ) internal returns (bytes memory vaa) {
+        bytes memory payload = abi.encodePacked(
+            uint32(0x5054474d),
+            PythGovernanceInstructions.GovernanceModule.EvmExecutor,
+            Executor.ExecutorAction.Execute,
+            CHAIN_ID,
+            address(executor),
+            callAddress,
+            callData
+        );
+
+        vaa = generateVaa(
+            uint32(block.timestamp),
+            // TODO: make these arguments so we can do adversarial tests
+            OWNER_CHAIN_ID,
+            OWNER_EMITTER,
+            sequence,
+            payload,
+            NUM_SIGNERS
+        );
+
+        executor.execute(vaa);
+    }
+
+    function testBasic() public {
+        callable.reset();
+
+        uint32 c = callable.fooCount();
+        assertEq(callable.lastCaller(), address(bytes20(0)));
+        testExecute(address(callable), abi.encodeCall(ICallable.foo, ()), 1);
+        assertEq(callable.fooCount(), c + 1);
+        assertEq(callable.lastCaller(), address(executor));
+        // Sanity check to make sure the check above is meaningful.
+        assert(address(executor) != address(this));
+    }
+
+    function testCallerAddress() public {
+        uint32 c = callable.fooCount();
+        testExecute(address(callable), abi.encodeCall(ICallable.foo, ()), 1);
+        assertEq(callable.fooCount(), c + 1);
+    }
+}
+
+interface ICallable {
+    function foo() external;
+
+    function reset() external;
+}
+
+contract TestCallable is ICallable {
+    uint32 public fooCount = 0;
+    address public lastCaller = address(bytes20(0));
+
+    constructor() {}
+
+    function reset() external override {
+        fooCount = 0;
+        lastCaller = address(bytes20(0));
+    }
+
+    function foo() external override {
+        fooCount += 1;
+        lastCaller = msg.sender;
+    }
+}
diff --git a/target_chains/ethereum/contracts/foundry.toml b/target_chains/ethereum/contracts/foundry.toml
@@ -1,5 +1,5 @@
 [profile.default]
-solc_version = '0.8.4'
+solc_version = '0.8.23'
 optimizer = true
 optimizer_runs = 200
 src = 'contracts'
diff --git a/target_chains/ethereum/contracts/truffle-config.js b/target_chains/ethereum/contracts/truffle-config.js
@@ -33,7 +33,7 @@ module.exports = {
 
   compilers: {
     solc: {
-      version: "0.8.4",
+      version: "0.8.23",
       settings: {
         optimizer: {
           enabled: true,

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,8 @@ contract PythGovernanceInstructions {`
`19`	`19`
`20`	`20`	`enum GovernanceModule {`
`21`	`21`	`Executor, // 0`
`22`		`- Target // 1`
	`22`	`+ Target, // 1`
	`23`	`+ EvmExecutor // 2`
`23`	`24`	`}`
`24`	`25`
`25`	`26`	`GovernanceModule constant MODULE = GovernanceModule.Target;`