Add wormhole receiver + docs on how to use it (#216)

* Add wormhole receiver + docs on how to use it

* Fix a mistake in comment

* Update docs + add wormhole receiver address to the registry

ethereum/.env.test

@@ -1,5 +1,10 @@
 # Migrations Metadata
 MIGRATIONS_DIR=./migrations/test
+
+# By default tests are run against the tilt Wormhole deployment. If you wish to test against
+# the read-only Wormhole receiver instead, uncomment the following line:
+# MIGRATIONS_DIR=./migrations/prod-receiver
+
 MIGRATIONS_NETWORK=development
 
 # Wormhole Core Migrations

ethereum/Deploying.md

@@ -1,6 +1,6 @@
 # Deploying Contracts to Production
 
-Running the Truffle migrations in [`migrations/prod`](migrations/prod) will deploy the contracts to production. 
+Running the Truffle migrations in [`migrations/prod`](migrations/prod) or [`migrations/prod-receiver`](migrations/prod-receiver/) will deploy the contracts to production. The `prod-receiver` migrations should be used when you need to deploy to a chain that is unsupported by the Wormhole network. The Wormhole Receiver contract acts as a read-only Wormhole endpoint that can verify Wormhole messages even if the Wormhole network has not yet connected the chain.
 
 This is the deployment process:
 
@@ -20,6 +20,9 @@ npx apply-registry
 
 # Perform the migration
 npx truffle migrate --network $MIGRATIONS_NETWORK
+
+# Perform this in first time mainnet deployments with Wormhole Receiver. (Or when guardian sets are upgraded)
+npm run receiver-submit-guardian-sets -- --network $MIGRATIONS_NETWORK
 ```
 
 As a sanity check, it is recommended to deploy the  migrations in `migrations/prod` to the Truffle `development` network first. You can do this by using the configuration values in [`.env.prod.development`](.env.prod.development).
@@ -29,7 +32,8 @@ As a result of this process for some files (with the network id in their name) i
 ## `networks` directory
 Truffle stores the address of the deployed contracts in the build artifacts, which can make local development difficult. We use [`truffle-deploy-registry`](https://github.com/MedXProtocol/truffle-deploy-registry) to store the addresses separately from the artifacts, in the [`networks`](networks) directory. When we need to perform operations on the deployed contracts, such as performing additional migrations, we can run `npx apply-registry` to populate the artifacts with the correct addresses.
 
-Each file in the network directory is named after the network id and contains address of Migration contract and PythUpgradable contract. If you are upgrading the contract it should not change. In case you are deploying to a new network make sure to commit this file.
+Each file in the network directory is named after the network id and contains address of Migration contract and PythUpgradable contract
+(and Wormhole Receiver if we use `prod-receiver`). If you are upgrading the contract it should not change. In case you are deploying to a new network make sure to commit this file.
 
 ## `.openzeppelin` directory
 In order to handle upgrades safely this directory stores details of the contracts structure, such as implementation addresses

ethereum/contracts/wormhole-receiver/ReceiverGetters.sol

@@ -0,0 +1,40 @@
+// contracts/Getters.sol
+// SPDX-License-Identifier: Apache 2
+
+pragma solidity ^0.8.0;
+
+import "./ReceiverState.sol";
+
+contract ReceiverGetters is ReceiverState {
+    function owner() public view returns (address) {
+        return _state.owner;
+    } 
+    
+    function getGuardianSet(uint32 index) public view returns (ReceiverStructs.GuardianSet memory) {
+        return _state.guardianSets[index];
+    }
+
+    function getCurrentGuardianSetIndex() public view returns (uint32) {
+        return _state.guardianSetIndex;
+    }
+
+    function getGuardianSetExpiry() public view returns (uint32) {
+        return _state.guardianSetExpiry;
+    }
+
+    function governanceActionIsConsumed(bytes32 hash) public view returns (bool) {
+        return _state.consumedGovernanceActions[hash];
+    }
+
+    function isInitialized(address impl) public view returns (bool) {
+        return _state.initializedImplementations[impl];
+    }
+
+    function governanceChainId() public view returns (uint16){
+        return _state.provider.governanceChainId;
+    }
+
+    function governanceContract() public view returns (bytes32){
+        return _state.provider.governanceContract;
+    }
+}

ethereum/contracts/wormhole-receiver/ReceiverGovernance.sol

@@ -0,0 +1,95 @@
+// contracts/Governance.sol
+// SPDX-License-Identifier: Apache 2
+
+pragma solidity ^0.8.0;
+
+import "./ReceiverStructs.sol";
+import "./ReceiverGovernanceStructs.sol";
+import "./ReceiverMessages.sol";
+import "./ReceiverSetters.sol";
+
+import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Upgrade.sol";
+
+abstract contract ReceiverGovernance is ReceiverGovernanceStructs, ReceiverMessages, ReceiverSetters, ERC1967Upgrade {
+    event ContractUpgraded(address indexed oldContract, address indexed newContract);
+    event OwnershipTransfered(address indexed oldOwner, address indexed newOwner);
+
+    // "Core" (left padded)
+    bytes32 constant module = 0x00000000000000000000000000000000000000000000000000000000436f7265;
+
+    function submitNewGuardianSet(bytes memory _vm) public {
+        ReceiverStructs.VM memory vm = parseVM(_vm);
+
+        (bool isValid, string memory reason) = verifyGovernanceVM(vm);
+        require(isValid, reason);
+
+        ReceiverGovernanceStructs.GuardianSetUpgrade memory upgrade = parseGuardianSetUpgrade(vm.payload);
+
+        require(upgrade.module == module, "invalid Module");
+
+        require(upgrade.newGuardianSet.keys.length > 0, "new guardian set is empty");
+        require(upgrade.newGuardianSetIndex == getCurrentGuardianSetIndex() + 1, "index must increase in steps of 1");
+
+        setGovernanceActionConsumed(vm.hash);
+
+        expireGuardianSet(getCurrentGuardianSetIndex());
+        storeGuardianSet(upgrade.newGuardianSet, upgrade.newGuardianSetIndex);
+        updateGuardianSetIndex(upgrade.newGuardianSetIndex);
+    }
+
+    function upgradeImplementation(address newImplementation) public onlyOwner {
+        address currentImplementation = _getImplementation();
+
+        _upgradeTo(newImplementation);
+
+        // Call initialize function of the new implementation
+        (bool success, bytes memory reason) = newImplementation.delegatecall(abi.encodeWithSignature("initialize()"));
+
+        require(success, string(reason));
+
+        emit ContractUpgraded(currentImplementation, newImplementation);
+    }
+
+    function verifyGovernanceVM(ReceiverStructs.VM memory vm) internal view returns (bool, string memory){
+        // validate vm
+        (bool isValid, string memory reason) = verifyVM(vm);
+        if (!isValid){
+            return (false, reason);
+        }
+
+        // only current guardianset can sign governance packets
+        if (vm.guardianSetIndex != getCurrentGuardianSetIndex()) {
+            return (false, "not signed by current guardian set");
+        }
+
+        // verify source
+        if (uint16(vm.emitterChainId) != governanceChainId()) {
+            return (false, "wrong governance chain");
+        }
+        if (vm.emitterAddress != governanceContract()) {
+            return (false, "wrong governance contract");
+        }
+
+        // prevent re-entry
+        if (governanceActionIsConsumed(vm.hash)){
+            return (false, "governance action already consumed");
+        }
+
+        return (true, "");
+    }
+
+    function transferOwnership(address newOwner) public onlyOwner {
+        require(newOwner != address(0), "new owner cannot be the zero address");
+
+        address currentOwner = owner();
+        
+        setOwner(newOwner);
+
+        emit OwnershipTransfered(currentOwner, newOwner);
+    }
+
+    modifier onlyOwner() {
+        require(owner() == msg.sender, "caller is not the owner");
+        _;
+    }
+}

ethereum/contracts/wormhole-receiver/ReceiverGovernanceStructs.sol

@@ -0,0 +1,59 @@
+// contracts/GovernanceStructs.sol
+// SPDX-License-Identifier: Apache 2
+
+pragma solidity ^0.8.0;
+
+import "../libraries/external/BytesLib.sol";
+import "./ReceiverStructs.sol";
+
+contract ReceiverGovernanceStructs {
+    using BytesLib for bytes;
+
+    enum GovernanceAction {
+        UpgradeContract,
+        UpgradeGuardianset
+    }
+
+    struct GuardianSetUpgrade {
+        bytes32 module;
+        uint8 action;
+        uint16 chain;
+
+        ReceiverStructs.GuardianSet newGuardianSet;
+        uint32 newGuardianSetIndex;
+    }
+
+    function parseGuardianSetUpgrade(bytes memory encodedUpgrade) public pure returns (GuardianSetUpgrade memory gsu) {
+        uint index = 0;
+
+        gsu.module = encodedUpgrade.toBytes32(index);
+        index += 32;
+
+        gsu.action = encodedUpgrade.toUint8(index);
+        index += 1;
+
+        require(gsu.action == 2, "invalid GuardianSetUpgrade");
+
+        gsu.chain = encodedUpgrade.toUint16(index);
+        index += 2;
+
+        gsu.newGuardianSetIndex = encodedUpgrade.toUint32(index);
+        index += 4;
+
+        uint8 guardianLength = encodedUpgrade.toUint8(index);
+        index += 1;
+
+        gsu.newGuardianSet = ReceiverStructs.GuardianSet({
+            keys : new address[](guardianLength),
+            expirationTime : 0
+        });
+
+        for(uint i = 0; i < guardianLength; i++) {
+            gsu.newGuardianSet.keys[i] = encodedUpgrade.toAddress(index);
+            index += 20;
+        }
+
+        require(encodedUpgrade.length == index, "invalid GuardianSetUpgrade");
+    }
+
+}

ethereum/contracts/wormhole-receiver/ReceiverImplementation.sol

@@ -0,0 +1,29 @@
+// contracts/Implementation.sol
+// SPDX-License-Identifier: Apache 2
+
+pragma solidity ^0.8.0;
+pragma experimental ABIEncoderV2;
+
+import "./ReceiverGovernance.sol";
+
+import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Upgrade.sol";
+
+contract ReceiverImplementation is ReceiverGovernance {
+
+    modifier initializer() {
+        address implementation = ERC1967Upgrade._getImplementation();
+
+        require(
+            !isInitialized(implementation),
+            "already initialized"
+        );
+
+        setInitialized(implementation);
+
+        _;
+    }
+
+    fallback() external payable {revert("unsupported");}
+
+    receive() external payable {revert("the Wormhole Receiver contract does not accept assets");}
+}

ethereum/contracts/wormhole-receiver/ReceiverMessages.sol

@@ -0,0 +1,148 @@
+// contracts/Messages.sol
+// SPDX-License-Identifier: Apache 2
+
+pragma solidity ^0.8.0;
+pragma experimental ABIEncoderV2;
+
+import "./ReceiverGetters.sol";
+import "./ReceiverStructs.sol";
+import "../libraries/external/BytesLib.sol";
+
+
+contract ReceiverMessages is ReceiverGetters {
+    using BytesLib for bytes;
+
+    /// @dev parseAndVerifyVM serves to parse an encodedVM and wholy validate it for consumption
+    function parseAndVerifyVM(bytes calldata encodedVM) public view returns (ReceiverStructs.VM memory vm, bool valid, string memory reason) {
+        vm = parseVM(encodedVM);
+        (valid, reason) = verifyVM(vm);
+    }
+
+   /**
+    * @dev `verifyVM` serves to validate an arbitrary vm against a valid Guardian set
+    *  - it aims to make sure the VM is for a known guardianSet
+    *  - it aims to ensure the guardianSet is not expired
+    *  - it aims to ensure the VM has reached quorum
+    *  - it aims to verify the signatures provided against the guardianSet
+    */
+    function verifyVM(ReceiverStructs.VM memory vm) public view returns (bool valid, string memory reason) {
+        /// @dev Obtain the current guardianSet for the guardianSetIndex provided
+        ReceiverStructs.GuardianSet memory guardianSet = getGuardianSet(vm.guardianSetIndex);
+
+       /**
+        * @dev Checks whether the guardianSet has zero keys
+        * WARNING: This keys check is critical to ensure the guardianSet has keys present AND to ensure 
+        * that guardianSet key size doesn't fall to zero and negatively impact quorum assessment.  If guardianSet
+        * key length is 0 and vm.signatures length is 0, this could compromise the integrity of both vm and 
+        * signature verification.
+        */
+        if(guardianSet.keys.length == 0){
+            return (false, "invalid guardian set");
+        }
+
+        /// @dev Checks if VM guardian set index matches the current index (unless the current set is expired).
+        if(vm.guardianSetIndex != getCurrentGuardianSetIndex() && guardianSet.expirationTime < block.timestamp){
+            return (false, "guardian set has expired");
+        }
+
+       /**
+        * @dev We're using a fixed point number transformation with 1 decimal to deal with rounding.
+        *   WARNING: This quorum check is critical to assessing whether we have enough Guardian signatures to validate a VM
+        *   if making any changes to this, obtain additional peer review. If guardianSet key length is 0 and 
+        *   vm.signatures length is 0, this could compromise the integrity of both vm and signature verification.
+        */
+        if(((guardianSet.keys.length * 10 / 3) * 2) / 10 + 1 > vm.signatures.length){
+            return (false, "no quorum");
+        }
+
+        /// @dev Verify the proposed vm.signatures against the guardianSet
+        (bool signaturesValid, string memory invalidReason) = verifySignatures(vm.hash, vm.signatures, guardianSet);
+        if(!signaturesValid){
+            return (false, invalidReason);
+        }
+
+        /// If we are here, we've validated the VM is a valid multi-sig that matches the guardianSet.
+        return (true, "");
+    }
+
+    /**
+     * @dev verifySignatures serves to validate arbitrary sigatures against an arbitrary guardianSet
+     *  - it intentionally does not solve for expectations within guardianSet (you should use verifyVM if you need these protections)
+     *  - it intentioanlly does not solve for quorum (you should use verifyVM if you need these protections)
+     *  - it intentionally returns true when signatures is an empty set (you should use verifyVM if you need these protections)
+     */
+    function verifySignatures(bytes32 hash, ReceiverStructs.Signature[] memory signatures, ReceiverStructs.GuardianSet memory guardianSet) public pure returns (bool valid, string memory reason) {
+        uint8 lastIndex = 0;
+        for (uint i = 0; i < signatures.length; i++) {
+            ReceiverStructs.Signature memory sig = signatures[i];
+
+            /// Ensure that provided signature indices are ascending only
+            require(i == 0 || sig.guardianIndex > lastIndex, "signature indices must be ascending");
+            lastIndex = sig.guardianIndex;
+
+            /// Check to see if the signer of the signature does not match a specific Guardian key at the provided index
+            if(ecrecover(hash, sig.v, sig.r, sig.s) != guardianSet.keys[sig.guardianIndex]){
+                return (false, "VM signature invalid");
+            }
+        }
+
+        /// If we are here, we've validated that the provided signatures are valid for the provided guardianSet
+        return (true, "");
+    }
+
+    /**
+     * @dev parseVM serves to parse an encodedVM into a vm struct
+     *  - it intentionally performs no validation functions, it simply parses raw into a struct
+     */
+    function parseVM(bytes memory encodedVM) public pure virtual returns (ReceiverStructs.VM memory vm) {
+        uint index = 0;
+
+        vm.version = encodedVM.toUint8(index);
+        index += 1;
+        require(vm.version == 1, "VM version incompatible");
+
+        vm.guardianSetIndex = encodedVM.toUint32(index);
+        index += 4;
+
+        // Parse Signatures
+        uint256 signersLen = encodedVM.toUint8(index);
+        index += 1;
+        vm.signatures = new ReceiverStructs.Signature[](signersLen);
+        for (uint i = 0; i < signersLen; i++) {
+            vm.signatures[i].guardianIndex = encodedVM.toUint8(index);
+            index += 1;
+
+            vm.signatures[i].r = encodedVM.toBytes32(index);
+            index += 32;
+            vm.signatures[i].s = encodedVM.toBytes32(index);
+            index += 32;
+            vm.signatures[i].v = encodedVM.toUint8(index) + 27;
+            index += 1;
+        }
+
+        // Hash the body
+        bytes memory body = encodedVM.slice(index, encodedVM.length - index);
+        vm.hash = keccak256(abi.encodePacked(keccak256(body)));
+
+        // Parse the body
+        vm.timestamp = encodedVM.toUint32(index);
+        index += 4;
+
+        vm.nonce = encodedVM.toUint32(index);
+        index += 4;
+
+        vm.emitterChainId = encodedVM.toUint16(index);
+        index += 2;
+
+        vm.emitterAddress = encodedVM.toBytes32(index);
+        index += 32;
+
+        vm.sequence = encodedVM.toUint64(index);
+        index += 8;
+
+        vm.consistencyLevel = encodedVM.toUint8(index);
+        index += 1;
+
+        vm.payload = encodedVM.slice(index, encodedVM.length - index);
+    }
+}

ethereum/contracts/wormhole-receiver/ReceiverSetters.sol

@@ -0,0 +1,41 @@
+// contracts/Setters.sol
+// SPDX-License-Identifier: Apache 2
+
+pragma solidity ^0.8.0;
+
+import "./ReceiverState.sol";
+
+contract ReceiverSetters is ReceiverState {
+    function setOwner(address owner_) internal {
+        _state.owner = owner_;
+    }
+    
+    function updateGuardianSetIndex(uint32 newIndex) internal {
+        _state.guardianSetIndex = newIndex;
+    }
+
+    function expireGuardianSet(uint32 index) internal {
+        _state.guardianSets[index].expirationTime = uint32(block.timestamp) + 86400;
+    }
+
+    function storeGuardianSet(ReceiverStructs.GuardianSet memory set, uint32 index) internal {
+        _state.guardianSets[index] = set;
+    }
+
+    function setInitialized(address implementatiom) internal {
+        _state.initializedImplementations[implementatiom] = true;
+    }
+
+    function setGovernanceActionConsumed(bytes32 hash) internal {
+        _state.consumedGovernanceActions[hash] = true;
+    }
+
+    function setGovernanceChainId(uint16 chainId) internal {
+        _state.provider.governanceChainId = chainId;
+    }
+
+    function setGovernanceContract(bytes32 governanceContract) internal {
+        _state.provider.governanceContract = governanceContract;
+    }
+
+}

ethereum/contracts/wormhole-receiver/ReceiverSetup.sol

@@ -0,0 +1,35 @@
+// contracts/Implementation.sol
+// SPDX-License-Identifier: Apache 2
+
+pragma solidity ^0.8.0;
+pragma experimental ABIEncoderV2;
+
+import "./ReceiverGovernance.sol";
+
+import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Upgrade.sol";
+
+contract ReceiverSetup is ReceiverSetters, ERC1967Upgrade {
+    function setup(
+        address implementation,
+        address[] memory initialGuardians,
+        uint16 governanceChainId,
+        bytes32 governanceContract
+    ) public {
+        require(initialGuardians.length > 0, "no guardians specified");
+
+        setOwner(msg.sender);
+
+        ReceiverStructs.GuardianSet memory initialGuardianSet = ReceiverStructs.GuardianSet({
+            keys : initialGuardians,
+            expirationTime : 0
+        });
+
+        storeGuardianSet(initialGuardianSet, 0);
+        // initial guardian set index is 0, which is the default value of the storage slot anyways
+
+        setGovernanceChainId(governanceChainId);
+        setGovernanceContract(governanceContract);
+
+        _upgradeTo(implementation);
+    }
+}

ethereum/contracts/wormhole-receiver/ReceiverState.sol

@@ -0,0 +1,47 @@
+// contracts/State.sol
+// SPDX-License-Identifier: Apache 2
+
+pragma solidity ^0.8.0;
+
+import "./ReceiverStructs.sol";
+
+contract ReceiverEvents {
+    event LogGuardianSetChanged(
+        uint32 oldGuardianIndex,
+        uint32 newGuardianIndex
+    );
+
+    event LogMessagePublished(
+        address emitter_address,
+        uint32 nonce,
+        bytes payload
+    );
+}
+
+contract ReceiverStorage {
+    struct WormholeState {
+        ReceiverStructs.Provider provider;
+
+        // contract deployer
+        address owner;
+
+        // Mapping of guardian_set_index => guardian set
+        mapping(uint32 => ReceiverStructs.GuardianSet) guardianSets;
+
+        // Current active guardian set index
+        uint32 guardianSetIndex;
+
+        // Period for which a guardian set stays active after it has been replaced
+        uint32 guardianSetExpiry;
+
+        // Mapping of consumed governance actions
+        mapping(bytes32 => bool) consumedGovernanceActions;
+
+        // Mapping of initialized implementations
+        mapping(address => bool) initializedImplementations;
+    }
+}
+
+contract ReceiverState {
+    ReceiverStorage.WormholeState _state;
+}

ethereum/contracts/wormhole-receiver/ReceiverStructs.sol

@@ -0,0 +1,39 @@
+// contracts/Structs.sol
+// SPDX-License-Identifier: Apache 2
+
+pragma solidity ^0.8.0;
+
+interface ReceiverStructs {
+	struct Provider {
+		uint16 governanceChainId;
+		bytes32 governanceContract;
+	}
+
+	struct GuardianSet {
+		address[] keys;
+		uint32 expirationTime;
+	}
+
+	struct Signature {
+		bytes32 r;
+		bytes32 s;
+		uint8 v;
+		uint8 guardianIndex;
+	}
+
+	struct VM {
+		uint8 version;
+		uint32 timestamp;
+		uint32 nonce;
+		uint16 emitterChainId;
+		bytes32 emitterAddress;
+		uint64 sequence;
+		uint8 consistencyLevel;
+		bytes payload;
+
+		uint32 guardianSetIndex;
+		Signature[] signatures;
+
+		bytes32 hash;
+	}
+}

ethereum/contracts/wormhole-receiver/WormholeReceiver.sol

@@ -0,0 +1,13 @@
+// contracts/Wormhole.sol
+// SPDX-License-Identifier: Apache 2
+
+pragma solidity ^0.8.0;
+
+import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
+
+contract WormholeReceiver is ERC1967Proxy {
+    constructor (address setup, bytes memory initData) ERC1967Proxy(
+        setup,
+        initData
+    ) { }
+}

ethereum/migrations/prod-receiver/1_initial_migration.js

@@ -0,0 +1,12 @@
+const Migrations = artifacts.require("Migrations");
+
+const tdr = require('truffle-deploy-registry');
+
+module.exports = async function (deployer, network) {
+  await deployer.deploy(Migrations);
+  let migrationsInstance = await Migrations.deployed();
+
+  if (!tdr.isDryRunNetworkName(network)) {
+      await tdr.appendInstance(migrationsInstance);
+  }
+};

ethereum/migrations/prod-receiver/2_deploy_wormhole_receiver.js

@@ -0,0 +1,38 @@
+require("dotenv").config({ path: "../.env" });
+
+const tdr = require('truffle-deploy-registry');
+
+const ReceiverSetup = artifacts.require("ReceiverSetup");
+const ReceiverImplementation = artifacts.require("ReceiverImplementation");
+const WormholeReceiver = artifacts.require("WormholeReceiver");
+
+// CONFIG
+const initialSigners = JSON.parse(process.env.INIT_SIGNERS);
+const governanceChainId = process.env.INIT_GOV_CHAIN_ID;
+const governanceContract = process.env.INIT_GOV_CONTRACT; // bytes32
+
+module.exports = async function (deployer, network) {
+  // deploy setup
+  await deployer.deploy(ReceiverSetup);
+
+  // deploy implementation
+  await deployer.deploy(ReceiverImplementation);
+
+  // encode initialisation data
+  const setup = new web3.eth.Contract(ReceiverSetup.abi, ReceiverSetup.address);
+  const initData = setup.methods
+    .setup(
+      ReceiverImplementation.address,
+      initialSigners,
+      governanceChainId,
+      governanceContract
+    )
+    .encodeABI();
+
+  // deploy proxy
+  const wormholeReceiver = await deployer.deploy(WormholeReceiver, ReceiverSetup.address, initData);
+
+  if (!tdr.isDryRunNetworkName(network)) {
+    await tdr.appendInstance(wormholeReceiver);
+  }
+};

ethereum/migrations/prod-receiver/3_deploy_pyth.js

@@ -0,0 +1,34 @@
+require('dotenv').config({ path: "../.env" });
+const bs58 = require("bs58");
+
+const PythUpgradable = artifacts.require("PythUpgradable");
+const WormholeReceiver = artifacts.require("WormholeReceiver");
+
+const pyth2WormholeChainId = process.env.PYTH_TO_WORMHOLE_CHAIN_ID;
+const pyth2WormholeEmitter = process.env.PYTH_TO_WORMHOLE_EMITTER;
+
+const { deployProxy } = require("@openzeppelin/truffle-upgrades");
+const tdr = require('truffle-deploy-registry');
+
+console.log("pyth2WormholeEmitter: " + pyth2WormholeEmitter)
+console.log("pyth2WormholeChainId: " + pyth2WormholeChainId)
+
+module.exports = async function (deployer, network) {
+    // Deploy the proxy. This will return an instance of PythUpgradable,
+    // with the address field corresponding to the fronting ERC1967Proxy.
+    let proxyInstance = await deployProxy(PythUpgradable,
+        [
+            (await WormholeReceiver.deployed()).address,
+            pyth2WormholeChainId,
+            pyth2WormholeEmitter
+        ],
+        { deployer });
+
+    // Add the ERC1967Proxy address to the PythUpgradable contract's 
+    // entry in the registry. This allows us to call upgradeProxy
+    // functions with the value of PythUpgradable.deployed().address:
+    // e.g. upgradeProxy(PythUpgradable.deployed().address, NewImplementation)
+    if (!tdr.isDryRunNetworkName(network)) {
+        await tdr.appendInstance(proxyInstance);
+    }
+};

ethereum/package.json

@@ -23,6 +23,7 @@
     "test": "truffle test",
     "migrate": "mkdir -p build/contracts && cp node_modules/@openzeppelin/contracts/build/contracts/* build/contracts/ && truffle migrate",
     "flatten": "mkdir -p node_modules/@poanet/solidity-flattener/contracts && cp -r contracts/* node_modules/@poanet/solidity-flattener/contracts/ && poa-solidity-flattener",
+    "receiver-submit-guardian-sets": "truffle exec scripts/receiverSubmitGuardianSetUpgrades.js",
     "verify": "patch -u -f node_modules/truffle-plugin-verify/constants.js -i truffle-verify-constants.patch; truffle run verify $npm_config_module@$npm_config_contract_address --network $npm_config_network"
   },
   "author": "",

ethereum/test/pyth.js

@@ -7,6 +7,7 @@ const PythStructs = artifacts.require("PythStructs");
 const { deployProxy, upgradeProxy } = require("@openzeppelin/truffle-upgrades");
 const { expectRevert } = require("@openzeppelin/test-helpers");
 
+// Use "WormholeReceiver" if you are testing with Wormhole Receiver
 const Wormhole = artifacts.require("Wormhole");
 
 const PythUpgradable = artifacts.require("PythUpgradable");