bump: remote executor anchor version (#2329)

* do it

* do it

* clean

* bpf->sbf

* clean up

.github/workflows/ci-pre-commit.yml

@@ -23,7 +23,6 @@ jobs:
           toolchain: 1.82.0
       - name: Install Rust versions
         run: |
-          rustup install 1.66.1
           rustup install 1.73.0
       - name: Install protoc
         uses: arduino/setup-protoc@v3

.github/workflows/ci-remote-executor.yml

@@ -15,14 +15,12 @@ jobs:
       - uses: actions-rs/toolchain@v1
         with:
           profile: minimal
-          toolchain: 1.66.1
+          toolchain: 1.73.0
           components: rustfmt, clippy
           override: true
       - name: Install Solana
         run: |
-          wget http://nz2.archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb
-          sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb
-          sh -c "$(curl -sSfL https://release.solana.com/v1.14.18/install)"
+          sh -c "$(curl -sSfL https://release.solana.com/v1.18.23/install)"
           echo "/home/runner/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
       - name: Run executor tests
-        run: cargo test-bpf --manifest-path ./governance/remote_executor/Cargo.toml
+        run: cargo test-sbf --manifest-path ./governance/remote_executor/Cargo.toml

.pre-commit-config.yaml

@@ -39,13 +39,13 @@ repos:
       - id: cargo-fmt-remote-executor
         name: Cargo format for remote executor
         language: "rust"
-        entry: cargo +1.66.1 fmt --manifest-path ./governance/remote_executor/Cargo.toml --all
+        entry: cargo +1.73.0 fmt --manifest-path ./governance/remote_executor/Cargo.toml --all
         pass_filenames: false
         files: governance/remote_executor
       - id: cargo-clippy-remote-executor
         name: Cargo clippy for remote executor
         language: "rust"
-        entry: cargo +1.66.1 clippy --manifest-path ./governance/remote_executor/Cargo.toml --tests -- --deny warnings
+        entry: cargo +1.73.0 clippy --manifest-path ./governance/remote_executor/Cargo.toml --tests -- --deny warnings
         pass_filenames: false
         files: governance/remote_executor
       # Hooks for cosmwasm contract

governance/remote_executor/cli/Cargo.toml

@@ -9,7 +9,7 @@ remote-executor = {path = "../programs/remote-executor/"}
 solana-program = "1.10.31"
 solana-client = "1.10.31"
 solana-sdk = "1.10.31"
-anchor-client = "0.25.0"
+anchor-client = "0.30.1"
 shellexpand = "2.1.2"
 anyhow = "1.0.65"
 base64 = "0.13.0"

governance/remote_executor/cli/src/main.rs

@@ -286,7 +286,7 @@ pub fn get_execute_instruction(
 ) -> Result<Instruction> {
     let anchor_vaa =
         AnchorVaa::try_deserialize(&mut rpc_client.get_account_data(posted_vaa_key)?.as_slice())?;
-    let emitter = Pubkey::new(&anchor_vaa.emitter_address);
+    let emitter = Pubkey::from(anchor_vaa.emitter_address);
 
     // First accounts from the anchor context
     let mut account_metas = ExecutePostedVaa::populate(&ID, payer_pubkey, &emitter, posted_vaa_key)

governance/remote_executor/programs/remote-executor/Cargo.toml

@@ -33,7 +33,7 @@ sonic_mainnet = []
 
 
 [dependencies]
-anchor-lang = {version = "0.25.0", features = ["init-if-needed"]}
+anchor-lang = {version = "0.30.1", features = ["init-if-needed"]}
 wormhole-solana = { git = "https://github.com/guibescos/wormhole-solana", rev="f14b3b54c1e37e1aaf8c2ac2a5e236832ffdb3c2"}
 wormhole-sdk = { git = "https://github.com/wormhole-foundation/wormhole", tag = "v2.17.1" }
 serde_wormhole = { git = "https://github.com/wormhole-foundation/wormhole", tag = "v2.17.1"}
@@ -41,8 +41,8 @@ boolinator = "2.4.0"
 
 [dev-dependencies]
 
-solana-program-test = "=1.10.31"
+solana-program-test = "1.10.31"
 tokio = "1.14.1"
-solana-sdk = "=1.10.31"
+solana-sdk = "1.10.31"
 bincode = "1.3.3"
 rand = "0.8.5"

governance/remote_executor/programs/remote-executor/src/lib.rs

@@ -3,7 +3,7 @@
 #![allow(clippy::result_large_err)]
 
 use {
-    anchor_lang::{prelude::*, solana_program::borsh::get_packed_len, system_program},
+    anchor_lang::{prelude::*, system_program},
     error::ExecutorError,
     state::{claim_record::ClaimRecord, posted_vaa::AnchorVaa},
     wormhole_sdk::Chain::{self, Solana},
@@ -65,7 +65,7 @@ pub struct ExecutePostedVaa<'info> {
     #[account(constraint = Chain::from(posted_vaa.emitter_chain) == Solana @ ExecutorError::EmitterChainNotSolana, constraint = posted_vaa.sequence > claim_record.sequence @ExecutorError::NonIncreasingSequence, constraint = (&posted_vaa.magic == b"vaa" || &posted_vaa.magic == b"msg" || &posted_vaa.magic == b"msu") @ExecutorError::PostedVaaHeaderWrongMagicNumber )]
     pub posted_vaa: Account<'info, AnchorVaa>,
     /// The reason claim_record has different seeds than executor_key is that executor key might need to pay in the CPI, so we want it to be a native wallet
-    #[account(init_if_needed, space = 8 + get_packed_len::<ClaimRecord>(), payer=payer, seeds = [CLAIM_RECORD_SEED.as_bytes(), &posted_vaa.emitter_address], bump)]
+    #[account(init_if_needed, space = 8 + ClaimRecord::LEN, payer=payer, seeds = [CLAIM_RECORD_SEED.as_bytes(), &posted_vaa.emitter_address], bump)]
     pub claim_record: Account<'info, ClaimRecord>,
     pub system_program: Program<'info, System>,
     // Additional accounts passed to the instruction will be passed down to the CPIs. Very importantly executor_key needs to be passed as it will be the signer of the CPIs.

governance/remote_executor/programs/remote-executor/src/state/claim_record.rs

@@ -9,3 +9,7 @@ use anchor_lang::{
 pub struct ClaimRecord {
     pub sequence: u64,
 }
+
+impl ClaimRecord {
+    pub const LEN: usize = 8;
+}

governance/remote_executor/programs/remote-executor/src/tests/executor_simulator.rs

@@ -9,7 +9,7 @@ use {
         CLAIM_RECORD_SEED, EXECUTOR_KEY_SEED,
     },
     anchor_lang::{
-        prelude::{AccountMeta, ProgramError, Pubkey, Rent, UpgradeableLoaderState},
+        prelude::{AccountMeta, ProgramError, Pubkey, Rent},
         solana_program::hash::Hash,
         AccountDeserialize, AnchorDeserialize, AnchorSerialize,
         InstructionData as AnchorInstructionData, Key, Owner, ToAccountMetas,
@@ -19,7 +19,7 @@ use {
     },
     solana_sdk::{
         account::Account,
-        bpf_loader_upgradeable,
+        bpf_loader,
         instruction::{Instruction, InstructionError},
         signature::Keypair,
         signer::Signer,
@@ -54,7 +54,7 @@ pub enum VaaAttack {
 impl ExecutorBench {
     /// Deploys the executor program as upgradable
     pub fn new() -> ExecutorBench {
-        let mut bpf_data = read_file(
+        let bpf_data = read_file(
             std::env::current_dir()
                 .unwrap()
                 .join(Path::new("../../target/deploy/remote_executor.so")),
@@ -62,42 +62,16 @@ impl ExecutorBench {
 
         let mut program_test = ProgramTest::default();
         let program_key = crate::id();
-        let programdata_key = Pubkey::new_unique();
-
-        let upgrade_authority_keypair = Keypair::new();
-
-        let program_deserialized = UpgradeableLoaderState::Program {
-            programdata_address: programdata_key,
-        };
-        let programdata_deserialized = UpgradeableLoaderState::ProgramData {
-            slot: 1,
-            upgrade_authority_address: Some(upgrade_authority_keypair.pubkey()),
-        };
-
-        // Program contains a pointer to progradata
-        let program_vec = bincode::serialize(&program_deserialized).unwrap();
-        // Programdata contains a header and the binary of the program
-        let mut programdata_vec = bincode::serialize(&programdata_deserialized).unwrap();
-        programdata_vec.append(&mut bpf_data);
 
         let program_account = Account {
-            lamports: Rent::default().minimum_balance(program_vec.len()),
-            data: program_vec,
-            owner: bpf_loader_upgradeable::ID,
+            lamports: Rent::default().minimum_balance(bpf_data.len()),
+            data: bpf_data,
+            owner: bpf_loader::ID,
             executable: true,
             rent_epoch: Epoch::default(),
         };
-        let programdata_account = Account {
-            lamports: Rent::default().minimum_balance(programdata_vec.len()),
-            data: programdata_vec,
-            owner: bpf_loader_upgradeable::ID,
-            executable: false,
-            rent_epoch: Epoch::default(),
-        };
 
-        // Add both accounts to program test, now the program is deployed as upgradable
         program_test.add_account(program_key, program_account);
-        program_test.add_account(programdata_key, programdata_account);
 
         ExecutorBench {
             program_test,
@@ -260,16 +234,21 @@ impl ExecutorSimulator {
         signers: &Vec<&Keypair>,
         executor_attack: ExecutorAttack,
     ) -> Result<(), BanksClientError> {
-        let posted_vaa_data: AnchorVaa = self
-            .banks_client
-            .get_account_data_with_borsh(*posted_vaa_address)
-            .await
-            .unwrap();
+        let posted_vaa_data: AnchorVaa = AnchorVaa::try_from_slice(
+            &self
+                .banks_client
+                .get_account(*posted_vaa_address)
+                .await
+                .unwrap()
+                .unwrap()
+                .data[..],
+        )
+        .unwrap();
 
         let mut account_metas = crate::accounts::ExecutePostedVaa::populate(
             &self.program_id,
             &self.payer.pubkey(),
-            &Pubkey::new(&posted_vaa_data.emitter_address),
+            &Pubkey::from(posted_vaa_data.emitter_address),
             posted_vaa_address,
         )
         .to_account_metas(None);

governance/remote_executor/programs/remote-executor/src/tests/test_adversarial.rs

@@ -125,7 +125,6 @@ async fn test_adversarial() {
     );
 
     // Claim record does not correspond to the emitter's claim record
-    // Next error is privilege scalation because anchor tries to create the account at wrong address but signing with the right seeds
     assert_eq!(
         sim.execute_posted_vaa(
             &vaa_account_valid,
@@ -135,7 +134,7 @@ async fn test_adversarial() {
         .await
         .unwrap_err()
         .unwrap(),
-        InstructionError::PrivilegeEscalation.into_transation_error()
+        ErrorCode::ConstraintSeeds.into_transation_error()
     );
 
     // Claim record does not correspond to the emitter's claim record, but this time it is initialized

governance/remote_executor/rust-toolchain.toml

@@ -1,2 +1,2 @@
 [toolchain]
-channel = "1.66.1"
+channel = "1.73.0"