From c2e05d052602b02400a1cb09e3f432d5ce195674 Mon Sep 17 00:00:00 2001 From: Ali Behjati Date: Thu, 16 Jan 2025 09:24:29 +0100 Subject: [PATCH] chore(lazer): update governance scripts to make them work (#2261) --- .../packages/xc_admin_cli/src/index.ts | 2 +- .../src/multisig_transaction/idl/lazer.json | 21 ++-------- lazer/contracts/solana/README.md | 5 ++- lazer/contracts/solana/package.json | 4 +- lazer/contracts/solana/scripts/setup.ts | 42 ++++++++++++------- 5 files changed, 36 insertions(+), 38 deletions(-) diff --git a/governance/xc_admin/packages/xc_admin_cli/src/index.ts b/governance/xc_admin/packages/xc_admin_cli/src/index.ts index 69a4768e0e..6aef3317a7 100644 --- a/governance/xc_admin/packages/xc_admin_cli/src/index.ts +++ b/governance/xc_admin/packages/xc_admin_cli/src/index.ts @@ -959,7 +959,7 @@ multisigCommand( const updateInstruction = await lazerProgram.methods .update(trustedSigner, expiryTime) .accounts({ - authority: await vault.getVaultAuthorityPDA(targetCluster), + topAuthority: await vault.getVaultAuthorityPDA(targetCluster), storage: SOLANA_STORAGE_ID, }) .instruction(); diff --git a/governance/xc_admin/packages/xc_admin_common/src/multisig_transaction/idl/lazer.json b/governance/xc_admin/packages/xc_admin_common/src/multisig_transaction/idl/lazer.json index d2bb20dadd..0d66b1b2c8 100644 --- a/governance/xc_admin/packages/xc_admin_common/src/multisig_transaction/idl/lazer.json +++ b/governance/xc_admin/packages/xc_admin_common/src/multisig_transaction/idl/lazer.json @@ -238,28 +238,13 @@ "name": "Ed25519InstructionMustPrecedeCurrentInstruction" }, { - "name": "LoadInstructionAtFailed", - "fields": [ - { - "defined": "ProgramError" - } - ] + "name": "LoadInstructionAtFailed" }, { - "name": "LoadCurrentIndexFailed", - "fields": [ - { - "defined": "ProgramError" - } - ] + "name": "LoadCurrentIndexFailed" }, { - "name": "ClockGetFailed", - "fields": [ - { - "defined": "ProgramError" - } - ] + "name": "ClockGetFailed" }, { "name": "InvalidEd25519InstructionProgramId" diff --git a/lazer/contracts/solana/README.md b/lazer/contracts/solana/README.md index 7d5502d822..40dc49d614 100644 --- a/lazer/contracts/solana/README.md +++ b/lazer/contracts/solana/README.md @@ -3,10 +3,11 @@ ## Verifiable Build To build the program in a verifiable way, use [Solana Verify CLI](https://github.com/Ellipsis-Labs/solana-verifiable-build). This tool builds the program in -a docker container to ensure that the resulting binary is deterministic and verifiable. Run the following command to build the program: +a docker container to ensure that the resulting binary is deterministic and verifiable. Run the following command to build the program +in [the lazer root directory](./../../): ```bash -solana-verify build -- --features solana-program +solana-verify build --library-name pyth_lazer_solana_contract ``` Once the build is complete, the program binary will be located in the `target/deploy` directory. diff --git a/lazer/contracts/solana/package.json b/lazer/contracts/solana/package.json index 71d468b455..a0475bc803 100644 --- a/lazer/contracts/solana/package.json +++ b/lazer/contracts/solana/package.json @@ -7,8 +7,8 @@ "test:format": "prettier --check **/*.*", "test:anchor": "CARGO_TARGET_DIR=\"$PWD/target\" anchor test", "test": "pnpm run test:format && pnpm run test:anchor", - "setup": "anchor build && pnpm ts-node scripts/setup.ts", - "check_trusted_signer": "pnpm ts-node scripts/check_trusted_signer.ts" + "setup": "pnpm ts-node scripts/setup.ts", + "check-trusted-signer": "pnpm ts-node scripts/check_trusted_signer.ts" }, "dependencies": { "@coral-xyz/anchor": "^0.30.1" diff --git a/lazer/contracts/solana/scripts/setup.ts b/lazer/contracts/solana/scripts/setup.ts index f08b2798ea..7272b31d67 100644 --- a/lazer/contracts/solana/scripts/setup.ts +++ b/lazer/contracts/solana/scripts/setup.ts @@ -6,24 +6,30 @@ import yargs from "yargs/yargs"; import { readFileSync } from "fs"; import NodeWallet from "@coral-xyz/anchor/dist/cjs/nodewallet"; -// This script initializes the program and updates the trusted signer +// This script initializes the program. It should be run once after the program is deployed. Additionally, if the +// top authority be the same as the given keypair and the trusted signer and expiry time are provided, the trusted +// signer will be updated. // -// There are some assumptions made in this script: -// 1. The program id is derived from the idl file (pytd...). -// 2. The keypair provided is the top authority keypair +// Note: the program id is derived from the idl file (pytd...). Run `anchor test` to generate it. async function main() { let argv = await yargs(process.argv.slice(2)) .options({ url: { type: "string", demandOption: true }, "keypair-path": { type: "string", demandOption: true }, - "trusted-signer": { type: "string", demandOption: true }, - "expiry-time-seconds": { type: "number", demandOption: true }, + "top-authority": { type: "string", demandOption: true }, + treasury: { type: "string", demandOption: true }, + "trusted-signer": { type: "string", demandOption: false }, + "expiry-time-seconds": { type: "number", demandOption: false }, }) .parse(); const keypair = anchor.web3.Keypair.fromSecretKey( new Uint8Array(JSON.parse(readFileSync(argv.keypairPath, "ascii"))) ); + + const topAuthority = new anchor.web3.PublicKey(argv.topAuthority); + const treasury = new anchor.web3.PublicKey(argv.treasury); + const wallet = new NodeWallet(keypair); const connection = new anchor.web3.Connection(argv.url, { commitment: "confirmed", @@ -39,21 +45,27 @@ async function main() { if (storage.length === 0) { console.log("Initializing the program"); await program.methods - .initialize(keypair.publicKey, anchor.web3.PublicKey.unique()) + .initialize(topAuthority, treasury) .accounts({ payer: wallet.publicKey, }) .rpc(); } - console.log("Updating the trusted signer"); - await program.methods - .update( - new anchor.web3.PublicKey(argv.trustedSigner), - new anchor.BN(argv.expiryTimeSeconds) - ) - .accounts({}) - .rpc(); + if ( + topAuthority.equals(wallet.publicKey) && + argv.trustedSigner && + argv.expiryTimeSeconds + ) { + console.log("Updating the trusted signer"); + await program.methods + .update( + new anchor.web3.PublicKey(argv.trustedSigner), + new anchor.BN(argv.expiryTimeSeconds) + ) + .accounts({}) + .rpc(); + } } main();