feat(node): Manager Service and Dogecoin signing

Author: evan-gray

Tiltfile

@@ -74,6 +74,7 @@ config.define_bool("ibc_relayer", False, "Enable IBC relayer between cosmos chai
 config.define_bool("redis", False, "Enable a redis instance")
 config.define_bool("generic_relayer", False, "Enable the generic relayer off-chain component")
 config.define_bool("query_server", False, "Enable cross-chain query server")
+config.define_bool("manager_service", False, "Enable manager service for UTXO chains (Dogecoin)")
 
 cfg = config.parse()
 num_guardians = int(cfg.get("num", "1"))
@@ -100,6 +101,7 @@ btc = cfg.get("btc", False)
 redis = cfg.get('redis', ci)
 generic_relayer = cfg.get("generic_relayer", ci)
 query_server = cfg.get("query_server", ci)
+manager_service = cfg.get("manager_service", False)
 
 if ci:
     guardiand_loglevel = cfg.get("guardiand_loglevel", "warn")
@@ -407,6 +409,13 @@ def build_node_yaml():
                     "http://wormchain:1317"
                 ]
 
+            if manager_service:
+                container["command"] += [
+                    "--managerServiceEnabled",
+                    "--dogecoinManagerSignerUri",
+                    "file:///tmp/bridge.key"
+                ]
+
             # Wrap the command with a shell script for per-guardian configuration
             if require_per_guardian_config:
                 original_command = container["command"]
@@ -1115,4 +1124,4 @@ if query_server:
         ],
         labels = ["query-server"],
         trigger_mode = trigger_mode
-    )
+    )

cspell-custom-words.txt

@@ -19,18 +19,16 @@ behaviour
 Berachain
 bigset
 Bigtable
-Blackhole
 blackhole
+Blackhole
 blackholed
+Blackholed
+blackholing
 borsh
 bscscan
 BUILDKIT
 bytecodes
 callstack
-Blackhole
-Blackholed
-blackholing
-blackholed
 ccqlistener
 CCTP
 celestia
@@ -56,6 +54,7 @@ Cyfrin
 datagram
 denoms
 devnet
+Dogecoin
 dymension
 Dymension
 ethcrypto
@@ -117,6 +116,7 @@ lamports
 lastrun
 libp
 Linea
+Litecoin
 localnet
 localterra
 lockfiles
@@ -138,9 +138,13 @@ Neodyme
 nhooyr
 obsv
 Obsv
+OP_CHECKMULTISIG
+OP_CHECKSIG
+OP_EQUALVERIFY
 optimisation
 optin
 Optin
+P2WPKH
 parachain
 pdas
 permissioned
@@ -157,6 +161,7 @@ protobuf
 protos
 prototxt
 pubkey
+pubkeys
 publicrpc
 pushbytes
 pushint
@@ -169,13 +174,15 @@ readyz
 regen
 reinit
 reobservation
-reobservations
 Reobservation
+reobservations
 Reobservations
 reobserved
 repoint
+runtimes
 rustup
 satoshi
+satoshis
 secp
 SECQ
 SECG
@@ -221,12 +228,15 @@ Unichain
 unmarshal
 unnormalize
 untampered
+upserted
 utest
+UTXO
 uusd
 uvarint
 varint
 varints
 vimdiff
+vout
 vphash
 wasmhooks
 wasms
@@ -240,8 +250,9 @@ wormchaind
 Wormholescan
 wormscan
 wormscanurl
+XFER
 xlayer
 xpla
-XFER
 XPLA
+XRPL
 Zellic

deployments/testnet/delegatedManagerSetVAAs.csv

@@ -0,0 +1 @@
+Dogecoin (65) Testnet Token Bridge,01000000000100332d786f5f8daec0ec99d08c7df7777d57cf45605b1667d868bd0b07a8f816f4723bd5578381173c5ef2ed4b6f2224726439ea4a7227cf8b2742b143bf3f8fed01000000008d53cf9f000100000000000000000000000000000000000000000000000000000000000000041e1a7bad048d464a200000000000000000000000000000000044656c6567617465644d616e6167657201000000410000000101050702349de56ca5dd06db8660419d6f150662e0f04febdbf6512d7cfe78c23b51491c035163bfd9518b0a536a17f330a1589fe21d7404b51f525a0a990a65a701952ebb036d40b0b85bca49e41f05a26950578bb13a424507ce34a80f83d3cf601e25818b0307681002ae28b9399e828d0f46d54c31d5d6ff187b3bdddc6615987a466455f50375abc8955c8a8c875ee1febd157132adcc1b992d69a946e83485b8360e23a277030212d206546216917a75533ed6c975f8f794ba0d8a7fb84dedf65ebb20e64841037ff483369b52bd87a73f23413dd8fcace71de7f7823c5c9120f1e9cfe5733a88

node/cmd/guardiand/admintemplate.go

@@ -83,6 +83,13 @@ var coreBridgeSetMessageFeeMessageFee *string
 var delegatedGuardiansConfigJson *string
 var delegatedGuardiansConfigId *string
 
+var delegatedManagerChainId *string
+var delegatedManagerSetIndex *string
+var delegatedManagerSet *string
+var delegatedManagerThreshold *string
+var delegatedManagerNumKeys *string
+var delegatedManagerPublicKeys *string
+
 func init() {
 	governanceFlagSet := pflag.NewFlagSet("governance", pflag.ExitOnError)
 	chainID = governanceFlagSet.String("chain-id", "", "Chain ID")
@@ -236,6 +243,17 @@ func init() {
 	// solana call command
 	AdminClientGeneralPurposeGovernanceSolanaCallCmd.Flags().AddFlagSet(generalPurposeGovernanceFlagSet)
 	TemplateCmd.AddCommand(AdminClientGeneralPurposeGovernanceSolanaCallCmd)
+
+	// flags for the delegated-manager-set-update command
+	delegatedManagerFlagSet := pflag.NewFlagSet("delegated-manager", pflag.ExitOnError)
+	delegatedManagerChainId = delegatedManagerFlagSet.String("manager-chain-id", "", "Wormhole Chain ID for the manager chain (e.g., 65 for Dogecoin)")
+	delegatedManagerSetIndex = delegatedManagerFlagSet.String("manager-set-index", "", "Index of the new manager set (must be current + 1)")
+	delegatedManagerSet = delegatedManagerFlagSet.String("manager-set", "", "Hex-encoded manager set bytes (without leading 0x). Alternative to --threshold/--num-keys/--public-keys")
+	delegatedManagerThreshold = delegatedManagerFlagSet.String("threshold", "", "Number of required signatures (M) for secp256k1 multisig")
+	delegatedManagerNumKeys = delegatedManagerFlagSet.String("num-keys", "", "Total number of public keys (N) for secp256k1 multisig")
+	delegatedManagerPublicKeys = delegatedManagerFlagSet.String("public-keys", "", "Comma-separated list of compressed secp256k1 public keys (33 bytes each, hex-encoded)")
+	AdminClientDelegatedManagerSetUpdateCmd.Flags().AddFlagSet(delegatedManagerFlagSet)
+	TemplateCmd.AddCommand(AdminClientDelegatedManagerSetUpdateCmd)
 }
 
 var TemplateCmd = &cobra.Command{
@@ -387,6 +405,12 @@ var AdminClientGeneralPurposeGovernanceSolanaCallCmd = &cobra.Command{
 	Run:   runGeneralPurposeGovernanceSolanaCallTemplate,
 }
 
+var AdminClientDelegatedManagerSetUpdateCmd = &cobra.Command{
+	Use:   "delegated-manager-set-update",
+	Short: "Generate a DelegatedManager manager set update governance VAA template",
+	Run:   runDelegatedManagerSetUpdateTemplate,
+}
+
 func runGuardianSetTemplate(cmd *cobra.Command, args []string) {
 	// Use deterministic devnet addresses as examples in the template, such that this doubles as a test fixture.
 	guardians := make([]*nodev1.GuardianSetUpdate_Guardian, *setUpdateNumGuardians)
@@ -1309,6 +1333,96 @@ func runGeneralPurposeGovernanceSolanaCallTemplate(cmd *cobra.Command, args []st
 	fmt.Print(string(b))
 }
 
+func runDelegatedManagerSetUpdateTemplate(cmd *cobra.Command, args []string) {
+	if *delegatedManagerChainId == "" {
+		log.Fatal("--manager-chain-id must be specified")
+	}
+	managerChainId, err := parseChainID(*delegatedManagerChainId)
+	if err != nil {
+		log.Fatal("failed to parse manager-chain-id: ", err)
+	}
+
+	if *delegatedManagerSetIndex == "" {
+		log.Fatal("--manager-set-index must be specified")
+	}
+	managerSetIndex, err := strconv.ParseUint(*delegatedManagerSetIndex, 10, 32)
+	if err != nil {
+		log.Fatal("failed to parse manager-set-index as uint32: ", err)
+	}
+
+	var managerSet string
+	if *delegatedManagerSet != "" {
+		// Use raw manager set bytes if provided
+		managerSet = strings.TrimPrefix(*delegatedManagerSet, "0x")
+		// Validate it's valid hex
+		if _, err := hex.DecodeString(managerSet); err != nil {
+			log.Fatal("invalid manager-set (expected hex): ", err)
+		}
+	} else if *delegatedManagerThreshold != "" && *delegatedManagerNumKeys != "" && *delegatedManagerPublicKeys != "" {
+		// Build secp256k1 multisig manager set from components
+		threshold, err := strconv.ParseUint(*delegatedManagerThreshold, 10, 8)
+		if err != nil {
+			log.Fatal("failed to parse threshold as uint8: ", err)
+		}
+		numKeys, err := strconv.ParseUint(*delegatedManagerNumKeys, 10, 8)
+		if err != nil {
+			log.Fatal("failed to parse num-keys as uint8: ", err)
+		}
+		publicKeyStrs := strings.Split(*delegatedManagerPublicKeys, ",")
+
+		// Parse public keys into the format expected by vaa.Secp256k1MultisigManagerSet
+		publicKeys := make([][vaa.CompressedSecp256k1PublicKeyLength]byte, len(publicKeyStrs))
+		for i, pkStr := range publicKeyStrs {
+			pkHex := strings.TrimPrefix(strings.TrimSpace(pkStr), "0x")
+			pkBytes, err := hex.DecodeString(pkHex)
+			if err != nil {
+				log.Fatalf("public key %d is not valid hex: %v", i, err)
+			}
+			if len(pkBytes) != vaa.CompressedSecp256k1PublicKeyLength {
+				log.Fatalf("public key %d has invalid length: expected %d bytes, got %d", i, vaa.CompressedSecp256k1PublicKeyLength, len(pkBytes))
+			}
+			copy(publicKeys[i][:], pkBytes)
+		}
+
+		managerSetStruct := vaa.Secp256k1MultisigManagerSet{
+			M:          uint8(threshold),
+			N:          uint8(numKeys),
+			PublicKeys: publicKeys,
+		}
+		managerSetBytes, err := managerSetStruct.Serialize()
+		if err != nil {
+			log.Fatal("failed to serialize manager set: ", err)
+		}
+		managerSet = hex.EncodeToString(managerSetBytes)
+	} else {
+		log.Fatal("Either --manager-set or (--threshold, --num-keys, --public-keys) must be provided")
+	}
+
+	seq, nonce := randSeqNonce()
+	m := &nodev1.InjectGovernanceVAARequest{
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
+		Messages: []*nodev1.GovernanceMessage{
+			{
+				Sequence: seq,
+				Nonce:    nonce,
+				Payload: &nodev1.GovernanceMessage_DelegatedManagerSetUpdate{
+					DelegatedManagerSetUpdate: &nodev1.DelegatedManagerSetUpdate{
+						ManagerChainId:  uint32(managerChainId),
+						ManagerSetIndex: uint32(managerSetIndex),
+						ManagerSet:      managerSet,
+					},
+				},
+			},
+		},
+	}
+
+	b, err := prototext.MarshalOptions{Multiline: true}.Marshal(m)
+	if err != nil {
+		log.Fatal("failed to marshal request: ", err)
+	}
+	fmt.Print(string(b))
+}
+
 // parseAddress parses either a hex-encoded address and returns
 // a left-padded 32 byte hex string.
 func parseAddress(s string) (string, error) {

node/cmd/guardiand/node.go

@@ -14,6 +14,7 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/certusone/wormhole/node/pkg/guardiansigner"
 	"github.com/certusone/wormhole/node/pkg/watchers"
 	"github.com/certusone/wormhole/node/pkg/watchers/ibc"
@@ -309,6 +310,9 @@ var (
 	// featureFlags are additional static flags that should be published in P2P heartbeats.
 	featureFlags  []string
 	notaryEnabled *bool
+
+	managerServiceEnabled    *bool
+	dogecoinManagerSignerUri *string
 )
 
 func init() {
@@ -555,6 +559,9 @@ func init() {
 	transferVerifierEnabledChainIDs = NodeCmd.Flags().UintSlice("transferVerifierEnabledChainIDs", make([]uint, 0), "Transfer Verifier will be enabled for these chain IDs (comma-separated)")
 
 	notaryEnabled = NodeCmd.Flags().Bool("notaryEnabled", false, "Run the notary")
+
+	managerServiceEnabled = NodeCmd.Flags().Bool("managerServiceEnabled", false, "Run the manager service")
+	dogecoinManagerSignerUri = NodeCmd.Flags().String("dogecoinManagerSignerUri", "", "Dogecoin manager signer URI")
 }
 
 var (
@@ -1975,12 +1982,36 @@ func runNode(cmd *cobra.Command, args []string) {
 		guardianAddrAsBytes = ethcrypto.PubkeyToAddress(guardianSigner.PublicKey(rootCtx)).Bytes()
 	}
 
+	// Initialize manager signers map
+	managerSigners := make(map[vaa.ChainID]guardiansigner.GuardianSigner)
+	if *dogecoinManagerSignerUri != "" {
+		// Ensure the manager signer is not the same as the guardian signer in non-devnet environments
+		if env != common.UnsafeDevNet && *dogecoinManagerSignerUri == *guardianSignerUri {
+			logger.Fatal("dogecoinManagerSignerUri must be different from guardianSignerUri in non-devnet environments")
+		}
+		dogecoinSigner, err := guardiansigner.NewGuardianSignerFromUriWithPurpose(rootCtx, *dogecoinManagerSignerUri, env == common.UnsafeDevNet, "manager-dogecoin")
+		if err != nil {
+			logger.Fatal("failed to create dogecoin manager signer", zap.Error(err))
+		}
+		managerSigners[vaa.ChainIDDogecoin] = dogecoinSigner
+
+		// Log the 33-byte compressed public key for use in P2SH multisig
+		pubKey := dogecoinSigner.PublicKey(rootCtx)
+		btcecPubKey, err := btcec.ParsePubKey(ethcrypto.FromECDSAPub(&pubKey))
+		if err != nil {
+			logger.Fatal("failed to parse dogecoin public key", zap.Error(err))
+		}
+		compressedPubKey := btcecPubKey.SerializeCompressed()
+		logger.Info("initialized dogecoin manager signer", zap.String("compressed_public_key", fmt.Sprintf("%x", compressedPubKey)))
+	}
+
 	guardianOptions := []*node.GuardianOption{
 		node.GuardianOptionDatabase(db),
 		node.GuardianOptionWatchers(watcherConfigs, ibcWatcherConfig),
 		node.GuardianOptionAccountant(*accountantWS, *accountantContract, *accountantCheckEnabled, accountantWormchainConn, *accountantNttContract, accountantNttWormchainConn),
 		node.GuardianOptionGovernor(*chainGovernorEnabled, *governorFlowCancelEnabled, *coinGeckoApiKey),
 		node.GuardianOptionNotary(*notaryEnabled),
+		node.GuardianOptionManagerService(*managerServiceEnabled, managerSigners, *ethRPC),
 		node.GuardianOptionGatewayRelayer(*gatewayRelayerContract, gatewayRelayerWormchainConn),
 		node.GuardianOptionQueryHandler(*ccqEnabled, *ccqAllowedRequesters),
 		node.GuardianOptionAdminService(*adminSocketPath, ethRPC, ethContract, rpcMap),

node/go.mod

@@ -47,6 +47,9 @@ require (
 	github.com/aws/aws-sdk-go-v2/config v1.28.1
 	github.com/aws/aws-sdk-go-v2/service/kms v1.37.3
 	github.com/blendle/zapdriver v1.3.1
+	github.com/btcsuite/btcd v0.22.1
+	github.com/btcsuite/btcd/btcec/v2 v2.3.2
+	github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1
 	github.com/btcsuite/btcutil v1.0.3-0.20201208143702-a53e38424cce
 	github.com/cosmos/cosmos-sdk v0.45.11
 	github.com/fsnotify/fsnotify v1.6.0
@@ -95,8 +98,7 @@ require (
 	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bgentry/speakeasy v0.1.0 // indirect
-	github.com/btcsuite/btcd v0.22.1 // indirect
-	github.com/btcsuite/btcd/btcec/v2 v2.3.2 // indirect
+	github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f // indirect
 	github.com/c2h5oh/datasize v0.0.0-20200112174442-28bbd4740fee // indirect
 	github.com/cespare/xxhash v1.1.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect

node/go.sum

@@ -763,6 +763,7 @@ github.com/btcsuite/btcd/btcec/v2 v2.3.2 h1:5n0X6hX0Zk+6omWcihdYvdAlGf2DfasC0GMf
 github.com/btcsuite/btcd/btcec/v2 v2.3.2/go.mod h1:zYzJ8etWJQIv1Ogk7OzpWjowwOdXY1W/17j2MW85J04=
 github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1 h1:q0rUy8C/TYNBQS1+CGKw68tLOFYSNEs0TFnxxnS9+4U=
 github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc=
+github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f h1:bAs4lUbRJpnnkd9VhRV3jjAVU7DJVjMaK+IsvSeZvFo=
 github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA=
 github.com/btcsuite/btcutil v0.0.0-20180706230648-ab6388e0c60a/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg=
 github.com/btcsuite/btcutil v0.0.0-20190207003914-4c204d697803/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg=