chore(lazer): update governance scripts to make them work (#2261)

governance/xc_admin/packages/xc_admin_cli/src/index.ts

@@ -959,7 +959,7 @@ multisigCommand(
     const updateInstruction = await lazerProgram.methods
       .update(trustedSigner, expiryTime)
       .accounts({
-        authority: await vault.getVaultAuthorityPDA(targetCluster),
+        topAuthority: await vault.getVaultAuthorityPDA(targetCluster),
         storage: SOLANA_STORAGE_ID,
       })
       .instruction();

governance/xc_admin/packages/xc_admin_common/src/multisig_transaction/idl/lazer.json

@@ -238,28 +238,13 @@
             "name": "Ed25519InstructionMustPrecedeCurrentInstruction"
           },
           {
-            "name": "LoadInstructionAtFailed",
-            "fields": [
-              {
-                "defined": "ProgramError"
-              }
-            ]
+            "name": "LoadInstructionAtFailed"
           },
           {
-            "name": "LoadCurrentIndexFailed",
-            "fields": [
-              {
-                "defined": "ProgramError"
-              }
-            ]
+            "name": "LoadCurrentIndexFailed"
           },
           {
-            "name": "ClockGetFailed",
-            "fields": [
-              {
-                "defined": "ProgramError"
-              }
-            ]
+            "name": "ClockGetFailed"
           },
           {
             "name": "InvalidEd25519InstructionProgramId"

lazer/contracts/solana/README.md

@@ -3,10 +3,11 @@
 ## Verifiable Build
 
 To build the program in a verifiable way, use [Solana Verify CLI](https://github.com/Ellipsis-Labs/solana-verifiable-build). This tool builds the program in
-a docker container to ensure that the resulting binary is deterministic and verifiable. Run the following command to build the program:
+a docker container to ensure that the resulting binary is deterministic and verifiable. Run the following command to build the program
+in [the lazer root directory](./../../):
 
 ```bash
-solana-verify build -- --features solana-program
+solana-verify build --library-name pyth_lazer_solana_contract
 ```
 
 Once the build is complete, the program binary will be located in the `target/deploy` directory.

lazer/contracts/solana/package.json

@@ -7,8 +7,8 @@
     "test:format": "prettier --check **/*.*",
     "test:anchor": "CARGO_TARGET_DIR=\"$PWD/target\" anchor test",
     "test": "pnpm run test:format && pnpm run test:anchor",
-    "setup": "anchor build && pnpm ts-node scripts/setup.ts",
-    "check_trusted_signer": "pnpm ts-node scripts/check_trusted_signer.ts"
+    "setup": "pnpm ts-node scripts/setup.ts",
+    "check-trusted-signer": "pnpm ts-node scripts/check_trusted_signer.ts"
   },
   "dependencies": {
     "@coral-xyz/anchor": "^0.30.1"

lazer/contracts/solana/scripts/setup.ts

@@ -6,24 +6,30 @@ import yargs from "yargs/yargs";
 import { readFileSync } from "fs";
 import NodeWallet from "@coral-xyz/anchor/dist/cjs/nodewallet";
 
-// This script initializes the program and updates the trusted signer
+// This script initializes the program. It should be run once after the program is deployed. Additionally, if the
+// top authority be the same as the given keypair and the trusted signer and expiry time are provided, the trusted
+// signer will be updated.
 //
-// There are some assumptions made in this script:
-// 1. The program id is derived from the idl file (pytd...).
-// 2. The keypair provided is the top authority keypair
+// Note: the program id is derived from the idl file (pytd...). Run `anchor test` to generate it.
 async function main() {
   let argv = await yargs(process.argv.slice(2))
     .options({
       url: { type: "string", demandOption: true },
       "keypair-path": { type: "string", demandOption: true },
-      "trusted-signer": { type: "string", demandOption: true },
-      "expiry-time-seconds": { type: "number", demandOption: true },
+      "top-authority": { type: "string", demandOption: true },
+      treasury: { type: "string", demandOption: true },
+      "trusted-signer": { type: "string", demandOption: false },
+      "expiry-time-seconds": { type: "number", demandOption: false },
     })
     .parse();
 
   const keypair = anchor.web3.Keypair.fromSecretKey(
     new Uint8Array(JSON.parse(readFileSync(argv.keypairPath, "ascii")))
   );
+
+  const topAuthority = new anchor.web3.PublicKey(argv.topAuthority);
+  const treasury = new anchor.web3.PublicKey(argv.treasury);
+
   const wallet = new NodeWallet(keypair);
   const connection = new anchor.web3.Connection(argv.url, {
     commitment: "confirmed",
@@ -39,21 +45,27 @@ async function main() {
   if (storage.length === 0) {
     console.log("Initializing the program");
     await program.methods
-      .initialize(keypair.publicKey, anchor.web3.PublicKey.unique())
+      .initialize(topAuthority, treasury)
       .accounts({
         payer: wallet.publicKey,
       })
       .rpc();
   }
 
-  console.log("Updating the trusted signer");
-  await program.methods
-    .update(
-      new anchor.web3.PublicKey(argv.trustedSigner),
-      new anchor.BN(argv.expiryTimeSeconds)
-    )
-    .accounts({})
-    .rpc();
+  if (
+    topAuthority.equals(wallet.publicKey) &&
+    argv.trustedSigner &&
+    argv.expiryTimeSeconds
+  ) {
+    console.log("Updating the trusted signer");
+    await program.methods
+      .update(
+        new anchor.web3.PublicKey(argv.trustedSigner),
+        new anchor.BN(argv.expiryTimeSeconds)
+      )
+      .accounts({})
+      .rpc();
+  }
 }
 
 main();