Merge branch 'main' into ext-integration/stacks

.github/CODEOWNERS

@@ -9,7 +9,7 @@
 /bitcoin/ @evan-gray
 /cosmwasm/ @mdulin2 @kcsongor
 /ethereum/ @gator-boi @kcsongor
-/ethereum/env/ @gator-boi @kcsongor @evan-gray
+/ethereum/env/ @gator-boi @kcsongor @evan-gray @fergarrui
 /relayer/ethereum @nonergodic @gator-boi
 /near/ @evan-gray @kcsongor
 /solana/ @kcsongor 
@@ -23,7 +23,7 @@
 /lp_ui/ @evan-gray @kev1n-peters
 /relayer/generic_relayer @nonergodic @gator-boi
 /scripts/ @evan-gray @kcsongor @djb15
-/sdk/ @evan-gray @kev1n-peters @panoel @SEJeff
+/sdk/ @evan-gray @kev1n-peters @panoel @SEJeff @fergarrui
 /sdk/js-proto-node/ @evan-gray @kev1n-peters
 /sdk/js-proto-web/ @evan-gray @kev1n-peters
 /sdk/js-query/ @evan-gray @kev1n-peters
@@ -42,6 +42,7 @@
 # Protobuf for node
 
 /proto/node/ @evan-gray @panoel
+/proto/publicrpc/ @evan-gray @panoel @fergarrui
 
 # Guardiand node
 
@@ -51,7 +52,7 @@
 
 ## Entrypoint / RPC
 
-/node/cmd/ @panoel @evan-gray
+/node/cmd/ @panoel @evan-gray @fergarrui
 
 ## Common
 /node/pkg/common/ @panoel @evan-gray
@@ -68,7 +69,7 @@
 
 ## Governor
 
-/node/pkg/governor/ @SEJeff @djb15 @johnsaigle @mdulin2 @pleasew8t
+/node/pkg/governor/ @SEJeff @djb15 @johnsaigle @mdulin2 @pleasew8t @bemic
 
 ## Gateway Relayer
 
@@ -82,6 +83,14 @@
 
 /node/pkg/processor/ @evan-gray @panoel
 
+## Proto
+
+/node/pkg/proto/ @evan-gray @panoel @fergarrui
+
+## Query
+
+/node/pkg/query/ @evan-gray @panoel @fergarrui
+
 ## Public RPC
 
 /node/pkg/publicrpc/ @evan-gray @panoel
@@ -97,7 +106,7 @@
 
 ## Watchers
 
-/node/pkg/watchers @evan-gray @panoel
+/node/pkg/watchers @evan-gray @panoel @fergarrui
 /node/pkg/watchers/evm/msg_verifier.go @djb15 @johnsaigle @mdulin2 @pleasew8t
 
 ## Guardian Dependency Upgrades (go.mod) 
@@ -111,7 +120,7 @@
 ## Hacks / Tools
 
 /node/hack/ @panoel @evan-gray
-/node/hack/governor @SEJeff @djb15 @johnsaigle @mdulin2 @pleasew8t
+/node/hack/governor @SEJeff @djb15 @johnsaigle @mdulin2 @pleasew8t @bemic
 
 ## Documentation
 

SECURITY.md

@@ -8,7 +8,6 @@ The following document describes various aspects of the Wormhole security progra
 - [Trust Assumptions](#Trust-Assumptions)
 - [White Hat Hacking](#White-Hat-Hacking)
 - [Chain Integrators](#Chain-Integrators)
-- [Social Media Monitoring](#Social-Media-Monitoring)
 - [Incident Response](#Incident-Response)
 - [Emergency Shutdown](#Emergency-Shutdown)
 - [Security Monitoring](#Security-Monitoring)
@@ -94,14 +93,6 @@ Additionally, ensure:
 - You have an established incident response program in place, with established patterns and playbooks to ensure deterministic outcomes for containment.
 - When security issues do occur, please make sure that the chain makes every attempt to inform affected parties and leads with transparency.
 
-## Social Media Monitoring
-
-The Wormhole project maintains a social media monitoring program to stay abreast of important ecosystem developments.
-
-These developments include monitoring services like Twitter for key phrases and patterns such that the Wormhole project is informed of a compromise or vulnerability in a dependency that could negatively affect Wormhole, its users, or the chains that Wormhole is connected to.
-
-In the case of a large ecosystem development that requires response, the Wormhole project will engage its security incident response program.
-
 ## Incident Response
 
 The Wormhole project maintains an incident response program to respond to vulnerabilities or active threats to Wormhole, its users, or the ecosystems it's connected to.  Wormhole can be made aware about a security event from a variety of different sources (eg. bug bounty program, audit finding, security monitoring, social media, etc.)

node/pkg/governor/mainnet_chains.go

@@ -41,6 +41,6 @@ func ChainList() []ChainConfigEntry {
 		{EmitterChainID: vaa.ChainIDXRPLEVM, DailyLimit: 500_000, BigTransactionSize: 50_000},
 		{EmitterChainID: vaa.ChainIDLinea, DailyLimit: 500_000, BigTransactionSize: 50_000},
 		{EmitterChainID: vaa.ChainIDFogo, DailyLimit: 500_000, BigTransactionSize: 50_000},
-		{EmitterChainID: vaa.ChainIDMonad, DailyLimit: 500_000, BigTransactionSize: 50_000},
+		{EmitterChainID: vaa.ChainIDMonad, DailyLimit: 5_000_000, BigTransactionSize: 500_000},
 	}
 }

node/pkg/notary/notary.go

@@ -38,6 +38,7 @@ import (
 
 	"github.com/certusone/wormhole/node/pkg/common"
 	"github.com/certusone/wormhole/node/pkg/db"
+	"github.com/certusone/wormhole/node/pkg/txverifier"
 	"github.com/wormhole-foundation/wormhole/sdk"
 	"github.com/wormhole-foundation/wormhole/sdk/vaa"
 
@@ -154,30 +155,45 @@ func (n *Notary) ProcessMsg(msg *common.MessagePublication) (v Verdict, err erro
 
 	n.logger.Debug("notary: processing message", msg.ZapFields()...)
 
-	// NOTE: Only token transfers originated on Ethereum are currently considered.
 	// For the initial implementation, the Notary only rules on messages based
 	// on the Transfer Verifier. However, there is no technical barrier to
 	// supporting other message types.
-	if msg.EmitterChain != vaa.ChainIDEthereum {
-		n.logger.Debug("notary: automatically approving message publication because it is not from Ethereum", msg.ZapFields()...)
+	if !txverifier.IsSupported(msg.EmitterChain) {
+		n.logger.Debug("notary: automatically approving message: sent from a chain without a transfer verifier implementation", msg.ZapFields()...)
 		return Approve, nil
 	}
 
 	if !vaa.IsTransfer(msg.Payload) {
-		n.logger.Debug("notary: automatically approving message publication because it is not a token transfer", msg.ZapFields()...)
+		n.logger.Debug("notary: automatically approving message: it is not a wrapped token transfer", msg.ZapFields()...)
 		return Approve, nil
 	}
 
-	if tokenBridge, ok := sdk.KnownTokenbridgeEmitters[msg.EmitterChain]; !ok {
-		// Return Unknown if the token bridge is not registered in the SDK.
-		n.logger.Error("notary: unknown token bridge emitter", msg.ZapFields()...)
-		return Unknown, errors.New("unknown token bridge emitter")
-	} else {
-		// Approve if the token transfer is not from the token bridge.
-		// For now, the notary only rules on token transfers from the token bridge.
-		if !bytes.Equal(msg.EmitterAddress.Bytes(), tokenBridge) {
-			n.logger.Debug("notary: automatically approving message publication because it is not from the token bridge", msg.ZapFields()...)
-			return Approve, nil
+	var tbEmitters = make(map[vaa.ChainID][]byte)
+	switch n.env {
+	case common.MainNet:
+		tbEmitters = sdk.KnownTokenbridgeEmitters
+	case common.TestNet:
+		tbEmitters = sdk.KnownTestnetTokenbridgeEmitters
+	case common.UnsafeDevNet:
+		tbEmitters = sdk.KnownDevnetTokenbridgeEmitters
+	case common.AccountantMock, common.GoTest:
+	default:
+		n.logger.Debug("skipping token bridge emitter check because environment is not mainnet or testnet")
+	}
+
+	// Perform emitter checks when outside of unit tests or mock environments
+	if n.env == common.MainNet || n.env == common.TestNet || n.env == common.UnsafeDevNet {
+		if tokenBridge, ok := tbEmitters[msg.EmitterChain]; !ok {
+			// Return Unknown if the token bridge is not registered in the SDK.
+			n.logger.Error("notary: unknown token bridge emitter", msg.ZapFields()...)
+			return Unknown, errors.New("unknown token bridge emitter")
+		} else {
+			// Approve if the token transfer is not from the token bridge.
+			// For now, the notary only rules on token transfers from the token bridge.
+			if !bytes.Equal(msg.EmitterAddress.Bytes(), tokenBridge) {
+				n.logger.Debug("notary: automatically approving message publication because it is not from the token bridge", msg.ZapFields()...)
+				return Approve, nil
+			}
 		}
 	}
 

node/pkg/notary/notary_test.go

@@ -48,6 +48,57 @@ func makeTestNotary(t *testing.T) *Notary {
 	}
 }
 
+// TestNotary_AlwaysApproveNonTransferVerifierEmitters tests that all messages are approve if the emitter chain does not have a transfer verifier.
+// This test can be removed if the Notary is extended to support other chains.
+func TestNotary_AlwaysApproveNonTransferVerifierEmitters(t *testing.T) {
+	// NOTE: Solana does not have a transfer verifier implementation
+	tests := map[string]struct {
+		verificationState common.VerificationState
+		emitterChain      vaa.ChainID
+		verdict           Verdict
+	}{
+		"approve non-transfer verifier when Rejected": {
+			common.Rejected,
+			vaa.ChainIDSolana,
+			Approve,
+		},
+		"approve non-transfer verifier when Anomalous": {
+			common.Anomalous,
+			vaa.ChainIDSolana,
+			Approve,
+		},
+		"delay non-Ethereum messages for chain with transfer verifier when Rejected": {
+			common.Rejected,
+			vaa.ChainIDSepolia,
+			Delay,
+		},
+	}
+
+	for name, test := range tests {
+		t.Run(name, func(t *testing.T) {
+			n := makeTestNotary(t)
+			msg := makeUniqueMessagePublication(t)
+
+			// Set the emitter address to the known token bridge address for the environment.
+			msg.EmitterChain = test.emitterChain
+
+			err := msg.SetVerificationState(test.verificationState)
+			require.NoError(t, err)
+
+			require.True(t, vaa.IsTransfer(msg.Payload))
+
+			verdict, err := n.ProcessMsg(msg)
+			require.NoError(t, err)
+			require.Equal(
+				t,
+				test.verdict,
+				verdict,
+				fmt.Sprintf("verificationState=%s verdict=%s", msg.VerificationState().String(), verdict.String()),
+			)
+		})
+	}
+}
+
 func TestNotary_ProcessMessageCorrectVerdict(t *testing.T) {
 
 	// NOTE: This test should be exhaustive over VerificationState variants.
@@ -485,7 +536,7 @@ func makeUniqueMessagePublication(t *testing.T) *common.MessagePublication {
 	require.NoError(t, err)
 
 	// Required as the Notary checks the emitter address.
-	tokenBridge := sdk.KnownTokenbridgeEmitters[vaa.ChainIDEthereum]
+	tokenBridge := sdk.KnownDevnetTokenbridgeEmitters[vaa.ChainIDEthereum]
 	tokenBridgeAddress := vaa.Address(tokenBridge)
 	require.NoError(t, err)
 

node/pkg/watchers/near/nearapi/nearapi.go

@@ -14,7 +14,7 @@ import (
 )
 
 const (
-	nearRPCTimeout = 5 * time.Second
+	nearRPCTimeout = 20 * time.Second
 	/*
 		NEAR JSON RPC node is starting up with 4 workers
 		(https://github.com/near/nearcore/blob/8dc9a0bab8aa4648fc7af777e9fa7e3e545c95a5/chain/jsonrpc/src/lib.rs#L1372)