From eb4a0f36f63f517715ca9594f416e081183f87ce Mon Sep 17 00:00:00 2001 From: DeepakBomjan <44976635+DeepakBomjan@users.noreply.github.com> Date: Wed, 11 Sep 2024 16:02:21 +0545 Subject: [PATCH 01/11] ci: update DEPLOYMENT.md --- scripts/aws/DEPLOYMENT.md | 217 +++++++++++++++++--------------------- 1 file changed, 98 insertions(+), 119 deletions(-) diff --git a/scripts/aws/DEPLOYMENT.md b/scripts/aws/DEPLOYMENT.md index ad443746..e318538c 100644 --- a/scripts/aws/DEPLOYMENT.md +++ b/scripts/aws/DEPLOYMENT.md @@ -29,124 +29,90 @@ Reference: [Creating and Attaching IAM Policy to user](https://docs.aws.amazon.c { "Version": "2012-10-17", "Statement": [ - { - "Sid": "Statement1", - "Effect": "Allow", - "Action": [ - "ec2:AssociateIamInstanceProfile", - "ec2:CreateKeyPair", - "ec2:DescribeImages", - "ec2:CreateTags", - "ec2:DescribeSecurityGroups", - "ec2:CreateSecurityGroup", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DescribeInstances", - "ec2:RunInstances", - "ec2:TerminateInstances" - ], - "Resource": "*" - }, - { - "Sid": "PolicyStatementToAllowUserToPassOneSpecificRole", - "Effect": "Allow", - "Action": [ - "iam:PassRole" - ], - "Resource": "*" - }, - { - "Sid": "CentralizedRelayKmsPolicy", - "Effect": "Allow", - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "AllowViewAccountInfo", - "Effect": "Allow", - "Action": [ - "iam:GetAccountPasswordPolicy", - "iam:GetAccountSummary" - ], - "Resource": "*" - }, - { - "Sid": "AllowManageOwnPasswords", - "Effect": "Allow", - "Action": [ - "iam:ChangePassword", - "iam:GetUser" - ], - "Resource": "arn:aws:iam::*:user/${aws:username}" - }, - { - "Sid": "AllowManageOwnAccessKeys", - "Effect": "Allow", - "Action": [ - "iam:CreateAccessKey", - "iam:DeleteAccessKey", - "iam:ListAccessKeys", - "iam:UpdateAccessKey", - "iam:GetAccessKeyLastUsed" - ], - "Resource": "arn:aws:iam::*:user/${aws:username}" - }, - { - "Sid": "AllowManageOwnSSHPublicKeys", - "Effect": "Allow", - "Action": [ - "iam:DeleteSSHPublicKey", - "iam:GetSSHPublicKey", - "iam:ListSSHPublicKeys", - "iam:UpdateSSHPublicKey", - "iam:UploadSSHPublicKey" - ], - "Resource": "arn:aws:iam::*:user/${aws:username}" - }, - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "iam:CreateInstanceProfile", - "iam:UpdateAssumeRolePolicy", - "iam:PutUserPermissionsBoundary", - "iam:AttachUserPolicy", - "iam:CreateRole", - "iam:AttachRolePolicy", - "iam:PutRolePolicy", - "iam:AddRoleToInstanceProfile", - "iam:CreateAccessKey", - "iam:CreatePolicy", - "iam:PassRole", - "iam:DetachRolePolicy", - "iam:AttachGroupPolicy", - "iam:PutUserPolicy", - "iam:DetachGroupPolicy", - "iam:CreatePolicyVersion", - "iam:DetachUserPolicy", - "iam:PutGroupPolicy", - "iam:SetDefaultPolicyVersion", - "iam:TagRole", - "iam:GetRole", - "iam:GetInstanceProfile", - "cloudshell:*" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": "s3:ListAllMyBuckets", - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "secretsmanager:DescribeSecret", - "secretsmanager:GetSecretValue", - "secretsmanager:CreateSecret", - "secretsmanager:ListSecrets" - ], - "Resource": "*" - } + { + "Sid": "EC2Permissions", + "Effect": "Allow", + "Action": [ + "ec2:AssociateIamInstanceProfile", + "ec2:CreateKeyPair", + "ec2:DescribeImages", + "ec2:CreateTags", + "ec2:DescribeSecurityGroups", + "ec2:CreateSecurityGroup", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DescribeInstances", + "ec2:RunInstances", + "ec2:TerminateInstances" + ], + "Resource": "*" + }, + { + "Sid": "IAMPermissions", + "Effect": "Allow", + "Action": [ + "iam:PassRole", + "iam:GetAccountPasswordPolicy", + "iam:GetAccountSummary", + "iam:ChangePassword", + "iam:GetUser", + "iam:CreateAccessKey", + "iam:DeleteAccessKey", + "iam:ListAccessKeys", + "iam:UpdateAccessKey", + "iam:GetAccessKeyLastUsed", + "iam:DeleteSSHPublicKey", + "iam:GetSSHPublicKey", + "iam:ListSSHPublicKeys", + "iam:UpdateSSHPublicKey", + "iam:UploadSSHPublicKey", + "iam:CreateInstanceProfile", + "iam:UpdateAssumeRolePolicy", + "iam:PutUserPermissionsBoundary", + "iam:AttachUserPolicy", + "iam:CreateRole", + "iam:AttachRolePolicy", + "iam:PutRolePolicy", + "iam:AddRoleToInstanceProfile", + "iam:CreateAccessKey", + "iam:CreatePolicy", + "iam:DetachRolePolicy", + "iam:AttachGroupPolicy", + "iam:PutUserPolicy", + "iam:DetachGroupPolicy", + "iam:CreatePolicyVersion", + "iam:DetachUserPolicy", + "iam:PutGroupPolicy", + "iam:SetDefaultPolicyVersion", + "iam:TagRole", + "iam:GetRole", + "iam:GetInstanceProfile" + ], + "Resource": "*" + }, + { + "Sid": "KMSAndSecretsManagerPermissions", + "Effect": "Allow", + "Action": [ + "kms:*", + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:CreateSecret", + "secretsmanager:ListSecrets" + ], + "Resource": "*" + }, + { + "Sid": "S3Permissions", + "Effect": "Allow", + "Action": "s3:ListAllMyBuckets", + "Resource": "*" + }, + { + "Sid": "CloudShellPermissions", + "Effect": "Allow", + "Action": "cloudshell:*", + "Resource": "*" + } ] } ``` @@ -194,7 +160,7 @@ Reference: [Creating and Attaching IAM Policy to user](https://docs.aws.amazon.c * AWS Region (default: `us-east-1`) * AMI ID * AWS Instance Type (default: `t3.medium`) - * Attestor node name (Eg. stg_attestor_verulink_) + * Attestor node name (\\_attestor_verulink_\ Eg. stg_attestor_verulink_demox_labs) * AWS Secret Manager secret name for signing keys (default: `dev/verulink/attestor/signingservice`) - Ethereum private key - Ethereum wallet address @@ -261,4 +227,17 @@ In case of failure while deploying the attestor 3. If you are using the same configuration like MTLS certificates, Ethereum and Aleo keys, we can just type "C" to **continue with deployment**. \ If you are changing any of them, type "R" to **reconfigure** with new values. +4. If the following error occurs, follow the steps provided below: +```TASK [Retrieve sudo password from AWS Secrets Manager] ****************************************************************************************************************************** +objc[844]: +[__NSCFConstantString initialize] may have been in progress in another thread when fork() was called. +objc[844]: +[__NSCFConstantString initialize] may have been in progress in another thread when fork() was called. We cannot safely call it or ignore it in the fork() child process. Crashing instead. Set a breakpoint on objc_initializeAfterForkError to debug. +ERROR! A worker was found in a dead state +2024-09-08 09:44:45 INFO: An error occurred while executing the playbook. +``` + +[Follow this stack thread](https://stackoverflow.com/questions/50168647/multiprocessing-causes-python-to-crash-and-gives-an-error-may-have-been-in-progr) +or +``` +export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES +``` From 114e4009f590941801fe76aa5ade28672499d22d Mon Sep 17 00:00:00 2001 From: nanney Date: Thu, 12 Sep 2024 13:03:22 +0545 Subject: [PATCH 02/11] chore: config setup for pre release --- attestor/chainService/config.yaml | 34 +++++++++++++++--------------- attestor/signingService/Dockerfile | 4 ++-- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/attestor/chainService/config.yaml b/attestor/chainService/config.yaml index f91f8cc1..3878daad 100644 --- a/attestor/chainService/config.yaml +++ b/attestor/chainService/config.yaml @@ -1,35 +1,35 @@ --- name: _attestor_verulink_ -version: 1.0.1 +version: 1.0.2 chains: - name: aleo - chain_id: 6694886634403 + chain_id: 6694886634401 wallet_address: # wallet indentifier - bridge_contract: token_bridge_sg_v1.aleo - node_url: https://api.explorer.aleo.org/v1|testnet + bridge_contract: vlink_token_service_v2.aleo + node_url: https://api.explorer.provable.com/v1|testnet sequence_num_start: ethereum: 1 # solana: 23 # solana is just for config example - pkt_validity_wait_dur: 10s - finality_height: 1 + pkt_validity_wait_dur: 300s + finality_height: 100 retry_packet_wait_dur: 1m - prune_base_seq_num_wait_dur: 1m - average_block_gen_dur: 1s + prune_base_seq_num_wait_dur: 30m + average_block_gen_dur: 3s dest_chains: - ethereum - name: ethereum - chain_id: 28556963657430695 + chain_id: 27234042785 wallet_address: - bridge_contract: 0x5F05BbC23a0d07C52374c9cb028E757b20Fd68b2 - node_url: https://rpc.sepolia.org - start_height: 6484960 - finality_height: 10 + bridge_contract: 0x15E53390EaF022421E0B27048E0C11776081f75d + node_url: https://rpc2.sepolia.org + start_height: 6676394 + finality_height: 20 filter_topic: 0x23b9e965d90a00cd3ad31e46b58592d41203f5789805c086b955e34ecd462eb9 - feed_pkt_wait_dur: 2s - pkt_validity_wait_dur: 2s + feed_pkt_wait_dur: 30s + pkt_validity_wait_dur: 240s retry_packet_wait_dur: 1m - prune_base_seq_num_wait_dur: 1m + prune_base_seq_num_wait_dur: 30m dest_chains: - aleo @@ -39,7 +39,7 @@ consume_packet_workers: 10 # Default is 10 log: encoding: console output_dir: /path/to/log/dir -mode: dev # dev/prod +mode: prod # dev/prod signing_service: host: signingservice diff --git a/attestor/signingService/Dockerfile b/attestor/signingService/Dockerfile index 47f39299..954a3bc7 100644 --- a/attestor/signingService/Dockerfile +++ b/attestor/signingService/Dockerfile @@ -2,9 +2,9 @@ FROM golang:1.21.6 as signingservice WORKDIR /chainService COPY ./chainService . WORKDIR /signingservice -COPY ./signingService/go.mod ./signingService/go.sum ./ +COPY ./signingService ./ RUN go mod download -COPY ./signingService . +RUN go mod tidy RUN go build -o signingservice . From 56738b8475c7a7682958c98bed203bde640864bc Mon Sep 17 00:00:00 2001 From: Deepak Bomjan Date: Thu, 12 Sep 2024 16:30:02 +0545 Subject: [PATCH 03/11] ci: resolve conflict --- attestor/chainService/config.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/attestor/chainService/config.yaml b/attestor/chainService/config.yaml index 3878daad..b89b3388 100644 --- a/attestor/chainService/config.yaml +++ b/attestor/chainService/config.yaml @@ -24,10 +24,10 @@ chains: bridge_contract: 0x15E53390EaF022421E0B27048E0C11776081f75d node_url: https://rpc2.sepolia.org start_height: 6676394 - finality_height: 20 + finality_height: 25 filter_topic: 0x23b9e965d90a00cd3ad31e46b58592d41203f5789805c086b955e34ecd462eb9 feed_pkt_wait_dur: 30s - pkt_validity_wait_dur: 240s + pkt_validity_wait_dur: 300s retry_packet_wait_dur: 1m prune_base_seq_num_wait_dur: 30m dest_chains: @@ -59,4 +59,4 @@ collector_service: metrics: host: - job_name: prod-push-gateway \ No newline at end of file + job_name: prod-push-gateway From 25b91cfdd7bf56cc9242f260475849a9654ae2d7 Mon Sep 17 00:00:00 2001 From: Deepak Bomjan Date: Thu, 12 Sep 2024 16:32:46 +0545 Subject: [PATCH 04/11] ci: update deployer script --- scripts/aws/deploy.yml | 77 +++++++++++- scripts/aws/deploy_attestor.py | 220 +++++++++++++++++++++++++++------ scripts/aws/requirements.txt | 3 +- 3 files changed, 260 insertions(+), 40 deletions(-) diff --git a/scripts/aws/deploy.yml b/scripts/aws/deploy.yml index 58468673..68019e60 100644 --- a/scripts/aws/deploy.yml +++ b/scripts/aws/deploy.yml @@ -18,6 +18,7 @@ secret_file_path: "./secret.json" artifact_name: ".temp.zip" chainservice_home: "/home/{{ USER }}/{{ PROJECT_NAME }}/{{ SERVICE_NAME }}/chainService" + signingservice_home: "/home/{{ USER }}/{{ PROJECT_NAME }}/{{ SERVICE_NAME }}/signingService" mtls_key_dir: "{{ chainservice_home }}/.mtls" tasks: - name: Retrieve sudo password from AWS Secrets Manager @@ -95,7 +96,39 @@ ansible.builtin.user: name: "{{ USER }}" groups: docker - append: yes + append: yes + + - name: Get machine ID + ansible.builtin.command: "cat /sys/class/dmi/id/product_uuid" + register: machine_id_output + changed_when: false + + - name: Set machine ID + set_fact: + machine_id: "{{ machine_id_output.stdout }}" + + - name: Fetch instance ID from AWS metadata service + ansible.builtin.uri: + url: "http://169.254.169.254/latest/meta-data/instance-id" + return_content: yes + timeout: 2 + register: instance_id_response + ignore_errors: yes + + - name: Check if instance ID retrieval was successful + set_fact: + instance_id: "{{ instance_id_response.content if instance_id_response.status == 200 else 'failed' }}" + + - name: Generate random instance ID if metadata service fails + set_fact: + instance_id: "{{ 'i-' + lookup('password', '/dev/null length=10 chars=ascii_letters+digits') }}" + when: instance_id == "failed" + + - name: Display machine and instance IDs + debug: + msg: + - "Machine ID: {{ machine_id }}" + - "Instance ID: {{ instance_id }}" - name: Enable and start Docker services ansible.builtin.systemd: @@ -253,6 +286,18 @@ regexp: '^name: _attestor_verulink_' replace: 'name: {{ attestor_name }}' + - name: Update colleter service url + replace: + path: "{{ chainservice_home }}/config.yaml" + regexp: 'uri : ' + replace: 'uri : {{ collector_service_url }}' + + - name: Update prometheus pushgateway url + replace: + path: "{{ chainservice_home }}/config.yaml" + regexp: 'host: ' + replace: 'host: {{ prometheus_pushgateway_url }}' + - name: Replace aleo wallet address replace: path: "{{ chainservice_home }}/config.yaml" @@ -262,6 +307,29 @@ secret_json_string: "{{ secret_data[secret_name] | from_json }}" aleo_wallet_address: "{{ secret_json_string.aleo_wallet_address }}" + - name: Update signer service username + replace: + path: "{{ chainservice_home }}/config.yaml" + regexp: 'username:.*' + replace: 'username: "{{ machine_id }}"' + + - name: Update signer service password + replace: + path: "{{ chainservice_home }}/config.yaml" + regexp: 'password:.*' + replace: 'password: "{{ machine_id }}"' + + - name: Update signer service username + replace: + path: "{{ signingservice_home }}/config.yaml" + regexp: 'username:.*' + replace: 'username: "{{ machine_id }}"' + + - name: Update signer service password + replace: + path: "{{ signingservice_home }}/config.yaml" + regexp: 'password:.*' + replace: 'password: "{{ machine_id }}"' - name: Replace eth wallet address replace: @@ -272,6 +340,13 @@ secret_json_string: "{{ secret_data[secret_name] | from_json }}" ethereum_wallet_address: "{{ secret_json_string.ethereum_wallet_address }}" + - name: Replace mtls key file names + replace: + path: "{{ chainservice_home }}/config.yaml" + regexp: 'attestor1' + replace: '{{ attestor_name }}' + + - name: Run docker-compose up -d ansible.builtin.command: cmd: docker compose up -d diff --git a/scripts/aws/deploy_attestor.py b/scripts/aws/deploy_attestor.py index fe6ecccc..4b5861bf 100644 --- a/scripts/aws/deploy_attestor.py +++ b/scripts/aws/deploy_attestor.py @@ -17,6 +17,8 @@ import random import string import yaml +import uuid +import requests from ansible import context from ansible.executor.playbook_executor import PlaybookExecutor @@ -176,7 +178,89 @@ def handle_existing_keypair(ec2_client, key_name): copy_key_to_home_directory(new_key_name) return new_key_name -def create_secret(secret_name, default_secret_name, key_value_pairs, file = False): +# def create_secret(secret_name, default_secret_name, key_value_pairs, file = False): +# # Check if a secret with the provided name exists and is not scheduled for deletion +# secret_data_local = {} +# existing_secret = None +# try: +# existing_secret = secrets_manager.describe_secret(SecretId=secret_name) +# try: +# if existing_secret['DeletedDate'] is not None: +# logging.info("A secret with this name is scheduled for deletion. Please choose a different name.") +# secret_name = input("Enter a new secret name: ") +# except KeyError: +# pass +# except secrets_manager.exceptions.ResourceNotFoundException: +# pass + +# if existing_secret: +# reuse_secret = input("A secret with the provided name already exists. Do you want to reuse it? (yes/no): ").strip().lower() +# if reuse_secret == "yes": +# secret_arn = existing_secret['ARN'] +# logging.info(f"Reusing existing secret '{secret_name}' with ARN: {secret_arn}") +# else: +# secret_name = get_input("Enter secret name", default_secret_name) +# for key, prompt_message in key_value_pairs: +# while True: +# if file: +# value = input(f"{prompt_message}: ") +# if os.path.isfile(value): +# with open(value, 'r') as file: +# secret_data_local[key] = file.read() +# break +# else: +# logging.info("File does not exist. Please enter a valid file path.") +# else: +# value = pwinput.pwinput(prompt=f"{prompt_message}: ",mask='X') +# if value: +# secret_data_local[key] = value +# break +# else: +# logging.info("Value cannot be empty. Please enter a valid value.") + +# secret_value = json.dumps(secret_data) +# secret_response = secrets_manager.create_secret( +# Name=secret_name, +# Description="Secret for Ethereum and Aleo", +# SecretString=secret_value +# ) + +# logging.info(f"Secret created successfully with ARN: {secret_response['ARN']}") + +# secret_arn = secret_response['ARN'] +# logging.info(f"Secret created with ARN: {secret_arn}✅") +# else: + +# for key, prompt_message in key_value_pairs: +# while True: +# if file: +# value = input(f"{prompt_message}: ") +# if os.path.isfile(value): +# with open(value, 'r') as file: +# secret_data_local[key] = file.read() +# break +# else: +# logging.info("File does not exist. Please enter a valid file path.") +# else: +# value = pwinput.pwinput(prompt=f"{prompt_message}: ",mask='X') +# if value: +# secret_data_local[key] = value +# break +# else: +# logging.info("Value cannot be empty. Please enter a valid value.") + +# secret_value = json.dumps(secret_data_local) +# secret_response = secrets_manager.create_secret( +# Name=secret_name, +# Description="Secret for Ethereum and Aleo", +# SecretString=secret_value +# ) + +# logging.info(f"Secret created successfully with ARN: {secret_response['ARN']}") +# secret_arn = secret_response['ARN'] +# return secret_arn, secret_data_local + +def create_secret(secret_name, default_secret_name, key_value_pairs, file=False): # Check if a secret with the provided name exists and is not scheduled for deletion secret_data_local = {} existing_secret = None @@ -196,56 +280,95 @@ def create_secret(secret_name, default_secret_name, key_value_pairs, file = Fals if reuse_secret == "yes": secret_arn = existing_secret['ARN'] logging.info(f"Reusing existing secret '{secret_name}' with ARN: {secret_arn}") + + # Fetch current secret values to allow updates + secret_value = secrets_manager.get_secret_value(SecretId=secret_name) + secret_data_local = json.loads(secret_value['SecretString']) + + # Ask the user if they want to update existing key-value pairs + for key, prompt_message in key_value_pairs: + if key in secret_data_local: + update_value = input(f"Do you want to update the value for '{key}'? (yes/no): ").strip().lower() + if update_value == "yes": + value = None + while True: + if file: + value = input(f"{prompt_message}: ") + if os.path.isfile(value): + with open(value, 'r') as file_content: + secret_data_local[key] = file_content.read() + break + else: + logging.info("File does not exist. Please enter a valid file path.") + else: + value = pwinput.pwinput(prompt=f"{prompt_message}: ", mask='X') + if value: + secret_data_local[key] = value + break + else: + logging.info("Value cannot be empty. Please enter a valid value.") + else: + # If the key doesn't exist, prompt the user to add a new value + logging.info(f"The key '{key}' does not exist. Adding new value.") + value = pwinput.pwinput(prompt=f"{prompt_message}: ", mask='X') + if value: + secret_data_local[key] = value + + # Update the secret with the new values + secret_value_updated = json.dumps(secret_data_local) + secret_response = secrets_manager.update_secret( + SecretId=secret_name, + Description="Updated secret for Ethereum and Aleo", + SecretString=secret_value_updated + ) + logging.info(f"Secret updated successfully with ARN: {secret_response['ARN']}") + else: - secret_name = get_input("Enter secret name", default_secret_name) + secret_name = get_input("Enter a new secret name", default_secret_name) for key, prompt_message in key_value_pairs: while True: if file: value = input(f"{prompt_message}: ") if os.path.isfile(value): - with open(value, 'r') as file: - secret_data_local[key] = file.read() + with open(value, 'r') as file_content: + secret_data_local[key] = file_content.read() break else: logging.info("File does not exist. Please enter a valid file path.") else: - value = pwinput.pwinput(prompt=f"{prompt_message}: ",mask='X') + value = pwinput.pwinput(prompt=f"{prompt_message}: ", mask='X') if value: secret_data_local[key] = value break else: logging.info("Value cannot be empty. Please enter a valid value.") - secret_value = json.dumps(secret_data) + secret_value = json.dumps(secret_data_local) secret_response = secrets_manager.create_secret( Name=secret_name, Description="Secret for Ethereum and Aleo", SecretString=secret_value ) - logging.info(f"Secret created successfully with ARN: {secret_response['ARN']}") - - secret_arn = secret_response['ARN'] - logging.info(f"Secret created with ARN: {secret_arn}✅") else: - + # Secret does not exist, create a new one for key, prompt_message in key_value_pairs: - while True: - if file: - value = input(f"{prompt_message}: ") - if os.path.isfile(value): - with open(value, 'r') as file: - secret_data_local[key] = file.read() - break - else: - logging.info("File does not exist. Please enter a valid file path.") + while True: + if file: + value = input(f"{prompt_message}: ") + if os.path.isfile(value): + with open(value, 'r') as file_content: + secret_data_local[key] = file_content.read() + break else: - value = pwinput.pwinput(prompt=f"{prompt_message}: ",mask='X') - if value: - secret_data_local[key] = value - break - else: - logging.info("Value cannot be empty. Please enter a valid value.") + logging.info("File does not exist. Please enter a valid file path.") + else: + value = pwinput.pwinput(prompt=f"{prompt_message}: ", mask='X') + if value: + secret_data_local[key] = value + break + else: + logging.info("Value cannot be empty. Please enter a valid value.") secret_value = json.dumps(secret_data_local) secret_response = secrets_manager.create_secret( @@ -253,10 +376,9 @@ def create_secret(secret_name, default_secret_name, key_value_pairs, file = Fals Description="Secret for Ethereum and Aleo", SecretString=secret_value ) - logging.info(f"Secret created successfully with ARN: {secret_response['ARN']}") - secret_arn = secret_response['ARN'] - return secret_arn, secret_data_local + + return secret_response['ARN'], secret_data_local def add_sg_rule(security_group_id): try: @@ -268,13 +390,13 @@ def add_sg_rule(security_group_id): CidrIp='0.0.0.0/0' ) - ec2_client.authorize_security_group_ingress( - GroupId=security_group_id, - IpProtocol='tcp', - FromPort=8080, # Modify the port number as needed - ToPort=8080, # Modify the port number as needed - CidrIp='0.0.0.0/0' - ) + # ec2_client.authorize_security_group_ingress( + # GroupId=security_group_id, + # IpProtocol='tcp', + # FromPort=8080, # Modify the port number as needed + # ToPort=8080, # Modify the port number as needed + # CidrIp='0.0.0.0/0' + # ) except: print(f"An error occurred while updating firewall") @@ -389,7 +511,9 @@ def create_config_template(config_file): mtls_secret_name = get_input("Enter MTLS secret name", "mainnet/verulink/attestor/mtls") mtls_secret_arn, mtls_secret_data = create_secret( mtls_secret_name, "mainnet/verulink/attestor/signingservice", key_value_pairs, file = True) - +print("Configuring DB Service and Prometheus Connection..") +collector_service_url = get_input("Enter collector service url", "") +prometheus_pushgateway_url = get_input("Enter prometheus pushgateway url", "") iam_client = boto3.client('iam') @@ -705,6 +829,22 @@ def create_config_template(config_file): print(f"Command failed with return code {e.returncode}.") zip_file = shutil.make_archive(temp_dir, 'zip', temp_dir) +def get_machine_id(): + return uuid.getnode() + +def get_instance_id(): + try: + response = requests.get("http://169.254.169.254/latest/meta-data/instance-id", timeout=2) + if response.status_code == 200: + return response.text + else: + raise Exception("Unable to retrieve instance-id.") + except requests.RequestException as e: + print(f"Error fetching instance-id: {e}") + random_id = ''.join(random.choices(string.ascii_lowercase + string.digits, k=10)) + return f"i-{random_id}" + + # Create a dictionary with the parameters current_directory = os.path.abspath(os.getcwd()) secret_data = { @@ -717,7 +857,11 @@ def create_config_template(config_file): "ssh_private_key": new_key_name, "ansible_playbook": playbook_path, "attestor_name": attestor_name, - "aws_region": region + "aws_region": region, + "signer_username": get_machine_id(), + "signer_password": get_instance_id(), + "collector_service_url": collector_service_url, + "prometheus_pushgateway_url": prometheus_pushgateway_url # "github_username": github_username, # "github_pass": github_pass } diff --git a/scripts/aws/requirements.txt b/scripts/aws/requirements.txt index e715c82e..6d2b5c4a 100644 --- a/scripts/aws/requirements.txt +++ b/scripts/aws/requirements.txt @@ -2,4 +2,5 @@ ansible jsonpath_ng pwinput boto3 -passlib \ No newline at end of file +passlib +requests From 16b01ea23aeeb28ffbacb89d32661351e5b2384c Mon Sep 17 00:00:00 2001 From: nanney Date: Thu, 12 Sep 2024 16:53:39 +0545 Subject: [PATCH 05/11] chore:update rc package --- attestor/signingService/go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/attestor/signingService/go.mod b/attestor/signingService/go.mod index 3e3fe629..7964ef2f 100644 --- a/attestor/signingService/go.mod +++ b/attestor/signingService/go.mod @@ -5,7 +5,7 @@ go 1.21.3 require ( github.com/ethereum/go-ethereum v1.13.15 github.com/stretchr/testify v1.8.4 - github.com/venture23-aleo/verulink/attestor/chainService v1.0.0 + github.com/venture23-aleo/verulink/attestor/chainService v1.0.0-rc2 gopkg.in/yaml.v3 v3.0.1 ) From 24f074de21198c0762541f54b219461a99c4c702 Mon Sep 17 00:00:00 2001 From: bisbist Date: Thu, 12 Sep 2024 19:48:10 +0545 Subject: [PATCH 06/11] Added scripts to verify contracts on Etherscan --- solidity/scripts/deploy/addAttestor.js | 4 +-- solidity/scripts/deploy/addTokenUSDT.js | 2 +- .../scripts/deploy/deployBlackListService.js | 25 +++++++++++--- solidity/scripts/deploy/deployBridge.js | 23 ++++++++++--- .../deploy/deployERC20VaultServiceUSDC.js | 27 +++++++++++---- .../deploy/deployERC20VaultServiceUSDT.js | 26 +++++++++++--- .../scripts/deploy/deployETHVaultService.js | 23 ++++++++++--- solidity/scripts/deploy/deployHolding.js | 23 ++++++++++--- solidity/scripts/deploy/deployTokenService.js | 22 +++++++++--- solidity/scripts/deploy/updateDestchainid.js | 34 +++++++++++++++++++ solidity/scripts/deploy/updateMaxvalWETH.js | 4 +-- .../scripts/deployLib/deployAleoAddressLib.js | 14 ++++++-- solidity/scripts/deployLib/deployLib.js | 14 ++++++-- solidity/scripts/execute.sh | 14 ++++---- 14 files changed, 203 insertions(+), 52 deletions(-) create mode 100644 solidity/scripts/deploy/updateDestchainid.js diff --git a/solidity/scripts/deploy/addAttestor.js b/solidity/scripts/deploy/addAttestor.js index 28e8464c..0857f886 100644 --- a/solidity/scripts/deploy/addAttestor.js +++ b/solidity/scripts/deploy/addAttestor.js @@ -8,8 +8,8 @@ async function main() { process.env.PROVIDER ); const deployerSigner = new ethers.Wallet(process.env.DEPLOYER_PRIVATE_KEY, provider); - // Array of 5 attestors - const attestor = process.env.ATTESTOR1; + + const attestor = process.env.ATTESTOR2; const newQuorumRequired = process.env.NEW_QUORUM_REQUIRED; // Get the contract factory for the "Bridge" contract diff --git a/solidity/scripts/deploy/addTokenUSDT.js b/solidity/scripts/deploy/addTokenUSDT.js index 92d13a76..00362120 100644 --- a/solidity/scripts/deploy/addTokenUSDT.js +++ b/solidity/scripts/deploy/addTokenUSDT.js @@ -11,7 +11,7 @@ async function main() { const tokenAddress = process.env.USDT_ADDR; const vault = process.env.ERC20VAULTSERVICE_PROXY_ADDRESS_USDT; const destChainId = process.env.ALEO_CHAINID; - const destTokenAddress = process.env.DEST_TOKEN_ADDRESS_WETH; + const destTokenAddress = process.env.DEST_TOKEN_ADDRESS_WUSDT; const destTokenService = process.env.DEST_TOKENSERVICE; const min = process.env.MIN_WUSDT; const max = process.env.MAX_WUSDT; diff --git a/solidity/scripts/deploy/deployBlackListService.js b/solidity/scripts/deploy/deployBlackListService.js index d5671bcb..19ffd853 100644 --- a/solidity/scripts/deploy/deployBlackListService.js +++ b/solidity/scripts/deploy/deployBlackListService.js @@ -1,5 +1,5 @@ import hardhat from 'hardhat'; -const { ethers } = hardhat; +const { ethers, run } = hardhat; import * as dotenv from "dotenv"; dotenv.config(); import { updateEnvFile } from "../multisig/utils.js"; @@ -18,18 +18,33 @@ async function main() { console.log("Deploying BlacklistService Impl and Proxy..."); const blackListServiceImpl = await BlackListService.deploy(); - await blackListServiceImpl.deployed(); - updateEnvFile("BLACKLISTSERVICE_IMPLEMENTATION_ADDRESS", blackListServiceImpl.address) + await blackListServiceImpl.deployTransaction.wait(3); console.log("BlackListService Impl Deployed to: ", blackListServiceImpl.address); + // Verification process + console.log("Verifying impl contract..."); + await run("verify:verify", { + address: blackListServiceImpl.address, + constructorArguments: [], // Pass the constructor arguments here + contract: "contracts/main/tokenservice/BlackListService.sol:BlackListService" + }); + + updateEnvFile("BLACKLISTSERVICE_IMPLEMENTATION_ADDRESS", blackListServiceImpl.address) const ProxyContract = await ethers.getContractFactory("ProxyContract"); const initializeData = new ethers.utils.Interface(BlackListService.interface.format()).encodeFunctionData("BlackList_init", [usdc, usdt, deployerSigner.address]); const blackListServiceProxy = await ProxyContract.deploy(blackListServiceImpl.address, initializeData); - await blackListServiceProxy.deployed(); + await blackListServiceProxy.deployTransaction.wait(3); + console.log("BlackListService Proxy Deployed to: ", blackListServiceProxy.address); + console.log("Verifying proxy contract..."); + + await run("verify:verify", { + address: blackListServiceProxy.address, + constructorArguments: [blackListServiceImpl.address, initializeData], // Pass the constructor arguments here + contract: "contracts/proxies/Proxy.sol:ProxyContract" + }); updateEnvFile("BLACKLISTSERVICE_PROXY_ADDRESS", blackListServiceProxy.address) - console.log("BlackListService Proxy Deployed to: ", blackListServiceProxy.address); } main() .then(() => process.exit(0)) diff --git a/solidity/scripts/deploy/deployBridge.js b/solidity/scripts/deploy/deployBridge.js index 9109b757..74516409 100644 --- a/solidity/scripts/deploy/deployBridge.js +++ b/solidity/scripts/deploy/deployBridge.js @@ -1,5 +1,5 @@ import hardhat from 'hardhat'; -const { ethers } = hardhat; +const { ethers, run } = hardhat; import * as dotenv from "dotenv"; dotenv.config(); import { updateEnvFile } from "../multisig/utils.js"; @@ -21,18 +21,33 @@ async function main() { console.log("Deploying Bridge Impl and Proxy..."); const bridgeImpl = await Bridge.deploy(); - await bridgeImpl.deployed(); + await bridgeImpl.deployTransaction.wait(3); console.log("Bridge Impl Deployed to: ", bridgeImpl.address); + // Verification process + console.log("Verifying impl contract..."); + await run("verify:verify", { + address: bridgeImpl.address, + constructorArguments: [], // Pass the constructor arguments here + contract: "contracts/main/Bridge.sol:Bridge" + }); + updateEnvFile("TOKENBRIDGE_IMPLEMENTATION_ADDRESS", bridgeImpl.address); const ProxyContract = await ethers.getContractFactory("ProxyContract"); const initializeData = new ethers.utils.Interface(Bridge.interface.format()).encodeFunctionData("Bridge_init", [destChainId, deployerSigner.address]); const bridgeProxy = await ProxyContract.deploy(bridgeImpl.address, initializeData); - await bridgeProxy.deployed(); + await bridgeProxy.deployTransaction.wait(3); - updateEnvFile("TOKENBRIDGE_PROXY_ADDRESS", bridgeProxy.address) console.log("Bridge Proxy Deployed to: ", bridgeProxy.address); + console.log("Verifying proxy contract..."); + + await run("verify:verify", { + address: bridgeProxy.address, + constructorArguments: [bridgeImpl.address, initializeData], // Pass the constructor arguments here + contract: "contracts/proxies/Proxy.sol:ProxyContract" + }); + updateEnvFile("TOKENBRIDGE_PROXY_ADDRESS", bridgeProxy.address) } main() .then(() => process.exit(0)) diff --git a/solidity/scripts/deploy/deployERC20VaultServiceUSDC.js b/solidity/scripts/deploy/deployERC20VaultServiceUSDC.js index bf059f26..764ae10a 100644 --- a/solidity/scripts/deploy/deployERC20VaultServiceUSDC.js +++ b/solidity/scripts/deploy/deployERC20VaultServiceUSDC.js @@ -1,5 +1,5 @@ import hardhat from 'hardhat'; -const { ethers } = hardhat; +const { ethers, run } = hardhat; import * as dotenv from "dotenv"; dotenv.config(); import { updateEnvFile } from "../multisig/utils.js"; @@ -16,22 +16,37 @@ async function main() { console.log("Deploying Erc20VaultServiceUSDC Impl and Proxy..."); const erc20VaultServiceImpl = await Erc20VaultService.deploy(); - await erc20VaultServiceImpl.deployed(); - updateEnvFile("ERC20VAULTSERVICE_IMPL_ADDRESS_USDC", erc20VaultServiceImpl.address) + await erc20VaultServiceImpl.deployTransaction.wait(3); console.log("Erc20VaultServiceUSDC Impl Deployed to: ", erc20VaultServiceImpl.address); + // Verification process + console.log("Verifying impl contract..."); + await run("verify:verify", { + address: erc20VaultServiceImpl.address, + constructorArguments: [], // Pass the constructor arguments here + contract: "contracts/main/tokenservice/vault/Erc20VaultService.sol:Erc20VaultService" + }); + + updateEnvFile("ERC20VAULTSERVICE_IMPL_ADDRESS_USDC", erc20VaultServiceImpl.address) const ProxyContract = await ethers.getContractFactory("ProxyContract"); const initializeData = new ethers.utils.Interface(Erc20VaultService.interface.format()).encodeFunctionData("Erc20VaultService_init", [tokenAddr, "ERC20VAULT", deployerSigner.address]); const erc20VaultServiceProxy = await ProxyContract.deploy(erc20VaultServiceImpl.address, initializeData); - await erc20VaultServiceProxy.deployed(); + await erc20VaultServiceProxy.deployTransaction.wait(3); + console.log("Erc20VaultServiceUSDC Proxy Deployed to: ", erc20VaultServiceProxy.address); + console.log("Verifying proxy contract..."); + + await run("verify:verify", { + address: erc20VaultServiceProxy.address, + constructorArguments: [erc20VaultServiceImpl.address, initializeData], // Pass the constructor arguments here + contract: "contracts/proxies/Proxy.sol:ProxyContract" + }); updateEnvFile("ERC20VAULTSERVICE_PROXY_ADDRESS_USDC", erc20VaultServiceProxy.address) - console.log("Erc20VaultServiceUSDC Proxy Deployed to: ", erc20VaultServiceProxy.address); } main() .then(() => process.exit(0)) .catch((error) => { console.error(error); process.exit(1); - }); \ No newline at end of file + }); diff --git a/solidity/scripts/deploy/deployERC20VaultServiceUSDT.js b/solidity/scripts/deploy/deployERC20VaultServiceUSDT.js index cf759b78..617b5817 100644 --- a/solidity/scripts/deploy/deployERC20VaultServiceUSDT.js +++ b/solidity/scripts/deploy/deployERC20VaultServiceUSDT.js @@ -1,5 +1,5 @@ import hardhat from 'hardhat'; -const { ethers } = hardhat; +const { ethers, run } = hardhat; import * as dotenv from "dotenv"; dotenv.config(); import { updateEnvFile } from "../multisig/utils.js"; @@ -16,18 +16,34 @@ async function main() { console.log("Deploying Erc20VaultServiceUSDT Impl and Proxy..."); const erc20VaultServiceImpl = await Erc20VaultService.deploy(); - await erc20VaultServiceImpl.deployed(); - updateEnvFile("ERC20VAULTSERVICE_IMPL_ADDRESS_USDT", erc20VaultServiceImpl.address) + await erc20VaultServiceImpl.deployTransaction.wait(3); console.log("Erc20VaultServiceUSDT Impl Deployed to: ", erc20VaultServiceImpl.address); + // Verification process + console.log("Verifying impl contract..."); + await run("verify:verify", { + address: erc20VaultServiceImpl.address, + constructorArguments: [], // Pass the constructor arguments here + contract: "contracts/main/tokenservice/vault/Erc20VaultService.sol:Erc20VaultService" + }); + + updateEnvFile("ERC20VAULTSERVICE_IMPL_ADDRESS_USDT", erc20VaultServiceImpl.address); const ProxyContract = await ethers.getContractFactory("ProxyContract"); const initializeData = new ethers.utils.Interface(Erc20VaultService.interface.format()).encodeFunctionData("Erc20VaultService_init", [tokenAddr, "ERC20VAULT", deployerSigner.address]); const erc20VaultServiceProxy = await ProxyContract.deploy(erc20VaultServiceImpl.address, initializeData); - await erc20VaultServiceProxy.deployed(); + await erc20VaultServiceProxy.deployTransaction.wait(3); - updateEnvFile("ERC20VAULTSERVICE_PROXY_ADDRESS_USDT", erc20VaultServiceProxy.address) console.log("Erc20VaultServiceUSDT Proxy Deployed to: ", erc20VaultServiceProxy.address); + console.log("Verifying proxy contract..."); + + await run("verify:verify", { + address: erc20VaultServiceProxy.address, + constructorArguments: [erc20VaultServiceImpl.address, initializeData], // Pass the constructor arguments here + contract: "contracts/proxies/Proxy.sol:ProxyContract" + }); + + updateEnvFile("ERC20VAULTSERVICE_PROXY_ADDRESS_USDT", erc20VaultServiceProxy.address); } main() .then(() => process.exit(0)) diff --git a/solidity/scripts/deploy/deployETHVaultService.js b/solidity/scripts/deploy/deployETHVaultService.js index eb4781c9..76cc694b 100644 --- a/solidity/scripts/deploy/deployETHVaultService.js +++ b/solidity/scripts/deploy/deployETHVaultService.js @@ -1,5 +1,5 @@ import hardhat from 'hardhat'; -const { ethers } = hardhat; +const { ethers, run } = hardhat; import * as dotenv from "dotenv"; dotenv.config(); import { updateEnvFile } from "../multisig/utils.js"; @@ -15,18 +15,31 @@ async function main() { console.log("Deploying EthVaultService Impl and Proxy..."); const ethVaultServiceImpl = await ETHVaultService.deploy(); - await ethVaultServiceImpl.deployed(); - updateEnvFile("ETHVAULTSERVICE_IMPL_ADDRESS", ethVaultServiceImpl.address) + await ethVaultServiceImpl.deployTransaction.wait(3); console.log("ETHVaultService Impl Deployed to: ", ethVaultServiceImpl.address); + console.log("Verifying impl contract..."); + await run("verify:verify", { + address: ethVaultServiceImpl.address, + constructorArguments: [], // Pass the constructor arguments here + contract: "contracts/main/tokenservice/vault/EthVaultService.sol:EthVaultService" + }); + updateEnvFile("ETHVAULTSERVICE_IMPL_ADDRESS", ethVaultServiceImpl.address) const ProxyContract = await ethers.getContractFactory("ProxyContract"); const initializeData = new ethers.utils.Interface(ETHVaultService.interface.format()).encodeFunctionData("EthVaultService_init", ["ETHVAULT", deployerSigner.address]); const ethVaultServiceProxy = await ProxyContract.deploy(ethVaultServiceImpl.address, initializeData); - await ethVaultServiceProxy.deployed(); + await ethVaultServiceProxy.deployTransaction.wait(3); - updateEnvFile("ETHVAULTSERVICE_PROXY_ADDRESS", ethVaultServiceProxy.address) console.log("ETHVaultService Proxy Deployed to: ", ethVaultServiceProxy.address); + console.log("Verifying proxy contract..."); + + await run("verify:verify", { + address: ethVaultServiceProxy.address, + constructorArguments: [ethVaultServiceImpl.address, initializeData], // Pass the constructor arguments here + contract: "contracts/proxies/Proxy.sol:ProxyContract" + }); + updateEnvFile("ETHVAULTSERVICE_PROXY_ADDRESS", ethVaultServiceProxy.address) } main() .then(() => process.exit(0)) diff --git a/solidity/scripts/deploy/deployHolding.js b/solidity/scripts/deploy/deployHolding.js index df65faf5..91a020f3 100644 --- a/solidity/scripts/deploy/deployHolding.js +++ b/solidity/scripts/deploy/deployHolding.js @@ -1,5 +1,5 @@ import hardhat from 'hardhat'; -const { ethers } = hardhat; +const { ethers, run } = hardhat; import * as dotenv from "dotenv"; dotenv.config(); import { updateEnvFile } from "../multisig/utils.js"; @@ -15,18 +15,31 @@ async function main() { console.log("Deploying Holding Impl and Proxy..."); const holdingImpl = await Holding.deploy(); - await holdingImpl.deployed(); - updateEnvFile("HOLDING_IMPLEMENTATION_ADDRESS", holdingImpl.address); + await holdingImpl.deployTransaction.wait(3); console.log("Holding Impl Deployed to: ", holdingImpl.address); + console.log("Verifying impl contract..."); + await run("verify:verify", { + address: holdingImpl.address, + constructorArguments: [], // Pass the constructor arguments here + contract: "contracts/main/Holding.sol:Holding" + }); + updateEnvFile("HOLDING_IMPLEMENTATION_ADDRESS", holdingImpl.address); const ProxyContract = await ethers.getContractFactory("ProxyContract"); const initializeData = new ethers.utils.Interface(Holding.interface.format()).encodeFunctionData("Holding_init", [process.env.TOKENSERVICE_PROXY_ADDRESS, deployerSigner.address]); const holdingProxy = await ProxyContract.deploy(holdingImpl.address, initializeData); - await holdingProxy.deployed(); + await holdingProxy.deployTransaction.wait(3); - updateEnvFile("HOLDING_PROXY_ADDRESS", holdingProxy.address); console.log("Holding Proxy Deployed to: ", holdingProxy.address); + console.log("Verifying proxy contract..."); + + await run("verify:verify", { + address: holdingProxy.address, + constructorArguments: [holdingImpl.address, initializeData], // Pass the constructor arguments here + contract: "contracts/proxies/Proxy.sol:ProxyContract" + }); + updateEnvFile("HOLDING_PROXY_ADDRESS", holdingProxy.address); } main() .then(() => process.exit(0)) diff --git a/solidity/scripts/deploy/deployTokenService.js b/solidity/scripts/deploy/deployTokenService.js index 540bc4ee..ff4d4118 100644 --- a/solidity/scripts/deploy/deployTokenService.js +++ b/solidity/scripts/deploy/deployTokenService.js @@ -1,5 +1,5 @@ import hardhat from 'hardhat'; -const { ethers } = hardhat; +const { ethers, run } = hardhat; import * as dotenv from "dotenv"; dotenv.config(); import { updateEnvFile } from "../multisig/utils.js"; @@ -18,8 +18,15 @@ async function main() { console.log("Deploying TokenService Impl and Proxy..."); const tokenServiceImpl = await TokenService.deploy(); - await tokenServiceImpl.deployed(); + await tokenServiceImpl.deployTransaction.wait(3); console.log("TokenService Impl Deployed to: ", tokenServiceImpl.address); + // Verification process + console.log("Verifying impl contract..."); + await run("verify:verify", { + address: tokenServiceImpl.address, + constructorArguments: [], // Pass the constructor arguments here + contract: "contracts/main/tokenservice/TokenService.sol:TokenService" + }); updateEnvFile("TOKENSERVICE_IMPLEMENTATION_ADDRESS", tokenServiceImpl.address) const ProxyContract = await ethers.getContractFactory("ProxyContract"); @@ -27,10 +34,17 @@ async function main() { [bridgeAddress, deployerSigner.address, chainId, destChainId, process.env.BLACKLISTSERVICE_PROXY_ADDRESS]); const tokenServiceProxy = await ProxyContract.deploy(tokenServiceImpl.address, initializeData); - await tokenServiceProxy.deployed(); + await tokenServiceProxy.deployTransaction.wait(3); - updateEnvFile("TOKENSERVICE_PROXY_ADDRESS", tokenServiceProxy.address) console.log("TokenService Proxy Deployed to: ", tokenServiceProxy.address); + console.log("Verifying proxy contract..."); + + await run("verify:verify", { + address: tokenServiceProxy.address, + constructorArguments: [tokenServiceImpl.address, initializeData], // Pass the constructor arguments here + contract: "contracts/proxies/Proxy.sol:ProxyContract" + }); + updateEnvFile("TOKENSERVICE_PROXY_ADDRESS", tokenServiceProxy.address) } main() .then(() => process.exit(0)) diff --git a/solidity/scripts/deploy/updateDestchainid.js b/solidity/scripts/deploy/updateDestchainid.js new file mode 100644 index 00000000..cab8153c --- /dev/null +++ b/solidity/scripts/deploy/updateDestchainid.js @@ -0,0 +1,34 @@ +import hardhat from 'hardhat'; +const { ethers } = hardhat; +import * as dotenv from "dotenv"; +dotenv.config(); + +async function main() { + const provider = new ethers.providers.JsonRpcProvider( + process.env.PROVIDER + ); + const deployerSigner = new ethers.Wallet(process.env.DEPLOYER_PRIVATE_KEY, provider); + // New destChainId + const newDestChainId = process.env.ALEO_CHAINID; + + // Get the contract factory for the "Bridge" contract + const Bridge = await ethers.getContractFactory("Bridge", { + libraries: { + PacketLibrary: process.env.PACKET_LIBRARY_CONTRACT_ADDRESS, + AleoAddressLibrary: process.env.ALEO_ADDRESS_LIBRARY, + }, + }); + + const tokenbridgeProxyAddress = process.env.TOKENBRIDGE_PROXY_ADDRESS; + console.log("Updating destChainId"); + const BridgeABI = Bridge.interface.format(); + const BridgeContract = new ethers.Contract(tokenbridgeProxyAddress, BridgeABI, deployerSigner); + await BridgeContract.updateDestinationChainId(newDestChainId); + console.log("destChainId updated successfully!"); +} +main() + .then(() => process.exit(0)) + .catch((error) => { + console.error(error); + process.exit(1); + }); \ No newline at end of file diff --git a/solidity/scripts/deploy/updateMaxvalWETH.js b/solidity/scripts/deploy/updateMaxvalWETH.js index 57161cb8..84284238 100644 --- a/solidity/scripts/deploy/updateMaxvalWETH.js +++ b/solidity/scripts/deploy/updateMaxvalWETH.js @@ -8,8 +8,8 @@ async function main() { process.env.PROVIDER ); const deployerSigner = new ethers.Wallet(process.env.DEPLOYER_PRIVATE_KEY, provider); - const tokenAddress = process.env.USDT_ADDR; - const new_maxval = process.env.MAX_WUSDT; + const tokenAddress = process.env.ONE_ADDRESS; + const new_maxval = process.env.MAX_WETH; const ERC20TokenService = await ethers.getContractFactory("TokenService"); const tokenServiceProxyAddress = process.env.TOKENSERVICE_PROXY_ADDRESS; console.log("Updating Max value of WETH..."); diff --git a/solidity/scripts/deployLib/deployAleoAddressLib.js b/solidity/scripts/deployLib/deployAleoAddressLib.js index d7d5c752..e2378594 100644 --- a/solidity/scripts/deployLib/deployAleoAddressLib.js +++ b/solidity/scripts/deployLib/deployAleoAddressLib.js @@ -1,15 +1,23 @@ import hardhat from 'hardhat'; -const { ethers } = hardhat; +const { ethers, run } = hardhat; import * as dotenv from "dotenv"; dotenv.config(); import { updateEnvFile } from "../multisig/utils.js"; async function main() { const AleoAddressLibrary = await ethers.getContractFactory("AleoAddressLibrary"); + console.log("Deploying AleoAddressLibrary: "); const aleoAddressLibrary = await AleoAddressLibrary.deploy(); - await aleoAddressLibrary.deployed(); - updateEnvFile("ALEO_ADDRESS_LIBRARY", aleoAddressLibrary.address) + await aleoAddressLibrary.deployTransaction.wait(3); console.log("AleoAddressLibrary Deployed to:", aleoAddressLibrary.address); + // Verification process + console.log("Verifying AleoAddressLibrary contract..."); + await run("verify:verify", { + address: aleoAddressLibrary.address, + constructorArguments: [], // Pass the constructor arguments here + contract: "contracts/common/libraries/AleoAddressLibrary.sol:AleoAddressLibrary" + }); + updateEnvFile("ALEO_ADDRESS_LIBRARY", aleoAddressLibrary.address) } main() .then(() => process.exit(0)) diff --git a/solidity/scripts/deployLib/deployLib.js b/solidity/scripts/deployLib/deployLib.js index ebd0dcf8..a27dcfb7 100644 --- a/solidity/scripts/deployLib/deployLib.js +++ b/solidity/scripts/deployLib/deployLib.js @@ -1,15 +1,23 @@ import hardhat from 'hardhat'; -const { ethers } = hardhat; +const { ethers, run } = hardhat; import * as dotenv from "dotenv"; dotenv.config(); import { updateEnvFile } from "../multisig/utils.js"; async function main() { const PacketLibrary = await ethers.getContractFactory("PacketLibrary"); + console.log("Deploying PacketLibrary: "); const packetLibrary = await PacketLibrary.deploy(); - await packetLibrary.deployed(); - updateEnvFile("PACKET_LIBRARY_CONTRACT_ADDRESS", packetLibrary.address) + await packetLibrary.deployTransaction.wait(3); console.log("PacketLibrary Deployed to:", packetLibrary.address); + // Verification process + console.log("Verifying PacketLibrary contract..."); + await run("verify:verify", { + address: packetLibrary.address, + constructorArguments: [], // Pass the constructor arguments here + contract: "contracts/common/libraries/PacketLibrary.sol:PacketLibrary" + }); + updateEnvFile("PACKET_LIBRARY_CONTRACT_ADDRESS", packetLibrary.address) } main() .then(() => process.exit(0)) diff --git a/solidity/scripts/execute.sh b/solidity/scripts/execute.sh index 99cde157..08650c8a 100755 --- a/solidity/scripts/execute.sh +++ b/solidity/scripts/execute.sh @@ -15,13 +15,13 @@ npx hardhat run scripts/deploy/addTokenUSDC.js --network sepolia npx hardhat run scripts/deploy/addTokenUSDT.js --network sepolia npx hardhat run scripts/deploy/addTokenETH.js --network sepolia npx hardhat run scripts/deploy/addAttestor.js --network sepolia -npx hardhat run scripts/deploy/transferOwnerShipBridge.js --network sepolia -npx hardhat run scripts/deploy/transferOwnerShipBlackListService.js --network sepolia -npx hardhat run scripts/deploy/transferOwnershipTokenservice.js --network sepolia -npx hardhat run scripts/deploy/transferOwnerShipHolding.js --network sepolia -npx hardhat run scripts/deploy/transferOwnerShipERC20VaultServiceUSDC.js --network sepolia -npx hardhat run scripts/deploy/transferOwnerShipERC20VaultServiceUSDT.js --network sepolia -npx hardhat run scripts/deploy/transferOwnerShipETHVaultService.js --network sepolia +# npx hardhat run scripts/deploy/transferOwnerShipBridge.js --network sepolia +# npx hardhat run scripts/deploy/transferOwnerShipBlackListService.js --network sepolia +# npx hardhat run scripts/deploy/transferOwnershipTokenservice.js --network sepolia +# npx hardhat run scripts/deploy/transferOwnerShipHolding.js --network sepolia +# npx hardhat run scripts/deploy/transferOwnerShipERC20VaultServiceUSDC.js --network sepolia +# npx hardhat run scripts/deploy/transferOwnerShipERC20VaultServiceUSDT.js --network sepolia +# npx hardhat run scripts/deploy/transferOwnerShipETHVaultService.js --network sepolia # npx hardhat run scripts/deploy/addAttestorBatch.js --network sepolia # Mainnet: From 23763f163b12a13cb49d78198816908a90a80d7a Mon Sep 17 00:00:00 2001 From: bisbist Date: Thu, 12 Sep 2024 21:22:24 +0545 Subject: [PATCH 07/11] changed token name --- solidity/scripts/deploy/deployERC20VaultServiceUSDC.js | 2 +- solidity/scripts/deploy/deployERC20VaultServiceUSDT.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/solidity/scripts/deploy/deployERC20VaultServiceUSDC.js b/solidity/scripts/deploy/deployERC20VaultServiceUSDC.js index 764ae10a..3a4a2fd5 100644 --- a/solidity/scripts/deploy/deployERC20VaultServiceUSDC.js +++ b/solidity/scripts/deploy/deployERC20VaultServiceUSDC.js @@ -30,7 +30,7 @@ async function main() { const ProxyContract = await ethers.getContractFactory("ProxyContract"); - const initializeData = new ethers.utils.Interface(Erc20VaultService.interface.format()).encodeFunctionData("Erc20VaultService_init", [tokenAddr, "ERC20VAULT", deployerSigner.address]); + const initializeData = new ethers.utils.Interface(Erc20VaultService.interface.format()).encodeFunctionData("Erc20VaultService_init", [tokenAddr, "ERC20VAULTUSDC", deployerSigner.address]); const erc20VaultServiceProxy = await ProxyContract.deploy(erc20VaultServiceImpl.address, initializeData); await erc20VaultServiceProxy.deployTransaction.wait(3); console.log("Erc20VaultServiceUSDC Proxy Deployed to: ", erc20VaultServiceProxy.address); diff --git a/solidity/scripts/deploy/deployERC20VaultServiceUSDT.js b/solidity/scripts/deploy/deployERC20VaultServiceUSDT.js index 617b5817..526e5ac0 100644 --- a/solidity/scripts/deploy/deployERC20VaultServiceUSDT.js +++ b/solidity/scripts/deploy/deployERC20VaultServiceUSDT.js @@ -30,7 +30,7 @@ async function main() { const ProxyContract = await ethers.getContractFactory("ProxyContract"); - const initializeData = new ethers.utils.Interface(Erc20VaultService.interface.format()).encodeFunctionData("Erc20VaultService_init", [tokenAddr, "ERC20VAULT", deployerSigner.address]); + const initializeData = new ethers.utils.Interface(Erc20VaultService.interface.format()).encodeFunctionData("Erc20VaultService_init", [tokenAddr, "ERC20VAULTUSDT", deployerSigner.address]); const erc20VaultServiceProxy = await ProxyContract.deploy(erc20VaultServiceImpl.address, initializeData); await erc20VaultServiceProxy.deployTransaction.wait(3); From d6b0671668a196d340e09457e4e44f37db44d749 Mon Sep 17 00:00:00 2001 From: bisbist Date: Thu, 12 Sep 2024 23:18:21 +0545 Subject: [PATCH 08/11] removed unnecessary commented code and unnecessary file --- solidity/compiler_config.json | 16 ----------- solidity/contracts/main/Bridge.sol | 2 -- solidity/scripts/deploy/removeAttestor.js | 35 +++++++++++++++++++++++ solidity/scripts/execute.sh | 31 ++++++++++---------- 4 files changed, 51 insertions(+), 33 deletions(-) delete mode 100644 solidity/compiler_config.json create mode 100644 solidity/scripts/deploy/removeAttestor.js diff --git a/solidity/compiler_config.json b/solidity/compiler_config.json deleted file mode 100644 index 9026d3af..00000000 --- a/solidity/compiler_config.json +++ /dev/null @@ -1,16 +0,0 @@ - -{ - "language": "Solidity", - "settings": { - "optimizer": { - "enabled": true, - "runs": 200 - }, - "outputSelection": { - "*": { - "": ["ast"], - "*": ["abi", "metadata", "devdoc", "userdoc", "storageLayout", "evm.legacyAssembly", "evm.bytecode", "evm.deployedBytecode", "evm.methodIdentifiers", "evm.gasEstimates", "evm.assembly"] - } - } - } -} diff --git a/solidity/contracts/main/Bridge.sol b/solidity/contracts/main/Bridge.sol index c585f6be..bae89786 100644 --- a/solidity/contracts/main/Bridge.sol +++ b/solidity/contracts/main/Bridge.sol @@ -41,8 +41,6 @@ contract Bridge is ) public initializer { __Ownable_init_unchained(); __Pausable_init_unchained(); - // __AttestorManager_init(); - // __BridgeTokenServiceManager_init(); destinationChainId = _destChainId; _transferOwnership(_owner); } diff --git a/solidity/scripts/deploy/removeAttestor.js b/solidity/scripts/deploy/removeAttestor.js new file mode 100644 index 00000000..dd2abc4c --- /dev/null +++ b/solidity/scripts/deploy/removeAttestor.js @@ -0,0 +1,35 @@ +import hardhat from 'hardhat'; +const { ethers } = hardhat; +import * as dotenv from "dotenv"; +dotenv.config(); + +async function main() { + const provider = new ethers.providers.JsonRpcProvider( + process.env.PROVIDER + ); + const deployerSigner = new ethers.Wallet(process.env.DEPLOYER_PRIVATE_KEY, provider); + + const attestor = process.env.ATTESTOR2; + const newQuorumRequired = process.env.NEW_QUORUM_REQUIRED; + + // Get the contract factory for the "Bridge" contract + const Bridge = await ethers.getContractFactory("Bridge", { + libraries: { + PacketLibrary: process.env.PACKET_LIBRARY_CONTRACT_ADDRESS, + AleoAddressLibrary: process.env.ALEO_ADDRESS_LIBRARY, + }, + }); + + const tokenbridgeProxyAddress = process.env.TOKENBRIDGE_PROXY_ADDRESS; + console.log("Removing Attestor"); + const BridgeABI = Bridge.interface.format(); + const BridgeContract = new ethers.Contract(tokenbridgeProxyAddress, BridgeABI, deployerSigner); + await BridgeContract.removeAttestor(attestor, newQuorumRequired); + console.log("Attestor removed successfully!"); +} +main() + .then(() => process.exit(0)) + .catch((error) => { + console.error(error); + process.exit(1); + }); \ No newline at end of file diff --git a/solidity/scripts/execute.sh b/solidity/scripts/execute.sh index 08650c8a..7d7092ff 100755 --- a/solidity/scripts/execute.sh +++ b/solidity/scripts/execute.sh @@ -1,20 +1,21 @@ # Testnet: # Deployment, Setup and transferOwnerShip to Multisig using single owner: -npx hardhat run scripts/deployLib/deployLib.js --network sepolia -npx hardhat run scripts/deployLib/deployAleoAddressLib.js --network sepolia -npx hardhat run scripts/deploy/deployBridge.js --network sepolia -npx hardhat run scripts/deploy/deployBlackListService.js --network sepolia -npx hardhat run scripts/deploy/deployTokenService.js --network sepolia -npx hardhat run scripts/deploy/deployHolding.js --network sepolia -npx hardhat run scripts/deploy/deployERC20VaultServiceUSDC.js --network sepolia -npx hardhat run scripts/deploy/deployERC20VaultServiceUSDT.js --network sepolia -npx hardhat run scripts/deploy/deployETHVaultService.js --network sepolia -npx hardhat run scripts/deploy/addTokenService.js --network sepolia -npx hardhat run scripts/deploy/setHolding.js --network sepolia -npx hardhat run scripts/deploy/addTokenUSDC.js --network sepolia -npx hardhat run scripts/deploy/addTokenUSDT.js --network sepolia -npx hardhat run scripts/deploy/addTokenETH.js --network sepolia -npx hardhat run scripts/deploy/addAttestor.js --network sepolia +# npx hardhat run scripts/deployLib/deployLib.js --network sepolia +# npx hardhat run scripts/deployLib/deployAleoAddressLib.js --network sepolia +# npx hardhat run scripts/deploy/deployBlackListService.js --network sepolia +# npx hardhat run scripts/deploy/deployBridge.js --network sepolia +# npx hardhat run scripts/deploy/deployTokenService.js --network sepolia +# npx hardhat run scripts/deploy/deployHolding.js --network sepolia +# npx hardhat run scripts/deploy/deployERC20VaultServiceUSDC.js --network sepolia +# npx hardhat run scripts/deploy/deployERC20VaultServiceUSDT.js --network sepolia +# npx hardhat run scripts/deploy/deployETHVaultService.js --network sepolia +# npx hardhat run scripts/deploy/addTokenService.js --network sepolia +# npx hardhat run scripts/deploy/setHolding.js --network sepolia +# npx hardhat run scripts/deploy/addTokenUSDC.js --network sepolia +# npx hardhat run scripts/deploy/addTokenUSDT.js --network sepolia +# npx hardhat run scripts/deploy/addTokenETH.js --network sepolia +# npx hardhat run scripts/deploy/addAttestor.js --network sepolia +# npx hardhat run scripts/deploy/removeAttestor.js --network sepolia # npx hardhat run scripts/deploy/transferOwnerShipBridge.js --network sepolia # npx hardhat run scripts/deploy/transferOwnerShipBlackListService.js --network sepolia # npx hardhat run scripts/deploy/transferOwnershipTokenservice.js --network sepolia From f767af0d39cf3d2bbf7012f4a641c88746727f93 Mon Sep 17 00:00:00 2001 From: DeepakBomjan <44976635+DeepakBomjan@users.noreply.github.com> Date: Fri, 13 Sep 2024 10:30:11 +0545 Subject: [PATCH 09/11] ci: update deployment policy --- scripts/aws/DEPLOYMENT.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/aws/DEPLOYMENT.md b/scripts/aws/DEPLOYMENT.md index e318538c..6d7c0e28 100644 --- a/scripts/aws/DEPLOYMENT.md +++ b/scripts/aws/DEPLOYMENT.md @@ -97,7 +97,8 @@ Reference: [Creating and Attaching IAM Policy to user](https://docs.aws.amazon.c "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:CreateSecret", - "secretsmanager:ListSecrets" + "secretsmanager:ListSecrets", + "secretsmanager:UpdateSecret" ], "Resource": "*" }, From ccc30f5debabee788a932d7f426e222a3e49a9b5 Mon Sep 17 00:00:00 2001 From: Deepak Bomjan Date: Thu, 12 Sep 2024 16:43:00 +0545 Subject: [PATCH 10/11] ci: resolve conflict --- attestor/chainService/config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/attestor/chainService/config.yaml b/attestor/chainService/config.yaml index b89b3388..5db27553 100644 --- a/attestor/chainService/config.yaml +++ b/attestor/chainService/config.yaml @@ -27,7 +27,7 @@ chains: finality_height: 25 filter_topic: 0x23b9e965d90a00cd3ad31e46b58592d41203f5789805c086b955e34ecd462eb9 feed_pkt_wait_dur: 30s - pkt_validity_wait_dur: 300s + pkt_validity_wait_dur: 240s retry_packet_wait_dur: 1m prune_base_seq_num_wait_dur: 30m dest_chains: From f825d2dabc84f11a2d1a627b161357d9b099528b Mon Sep 17 00:00:00 2001 From: Deepak Bomjan Date: Thu, 12 Sep 2024 16:30:02 +0545 Subject: [PATCH 11/11] ci: resolve conflict --- attestor/chainService/config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/attestor/chainService/config.yaml b/attestor/chainService/config.yaml index 5db27553..b89b3388 100644 --- a/attestor/chainService/config.yaml +++ b/attestor/chainService/config.yaml @@ -27,7 +27,7 @@ chains: finality_height: 25 filter_topic: 0x23b9e965d90a00cd3ad31e46b58592d41203f5789805c086b955e34ecd462eb9 feed_pkt_wait_dur: 30s - pkt_validity_wait_dur: 240s + pkt_validity_wait_dur: 300s retry_packet_wait_dur: 1m prune_base_seq_num_wait_dur: 30m dest_chains: