Add guardian signature (#1)

Author: danimhr

.github/workflows/ci-pre-commit.yml

@@ -0,0 +1,38 @@
+name: Pre-commit checks
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          # Need to grab the history of the PR
+          fetch-depth: 0
+
+      - name: Set up Python (for pre-commit)
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install pre-commit
+        run: pip install pre-commit
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: 1.87.0
+          components: clippy
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: nightly-2024-12-03
+          components: rustfmt
+
+      - name: Run pre-commit on all files
+        run: pre-commit run --all-files

.gitignore

@@ -0,0 +1,2 @@
+/target
+.secret

.pre-commit-config.yaml

@@ -0,0 +1,25 @@
+repos:
+  - repo: local
+    hooks:
+      # Hooks for workspace
+      - id: cargo-fmt-workspace
+        name: Cargo format for workspace
+        language: "rust"
+        entry: cargo +nightly-2024-12-03 fmt --manifest-path ./Cargo.toml --all -- --config-path rustfmt.toml
+        pass_filenames: false
+        types_or: ["rust", "cargo", "cargo-lock"]
+        files: .
+      - id: cargo-clippy-workspace
+        name: Cargo clippy for workspace
+        language: "rust"
+        entry: cargo +1.87.0 clippy --manifest-path ./Cargo.toml --tests -- -D warnings
+        pass_filenames: false
+        types_or: ["rust", "cargo", "cargo-lock"]
+        files: .
+      - id: cargo-test-workspace
+        name: Cargo test for workspace
+        language: "rust"
+        entry: cargo +1.87.0 test --manifest-path ./Cargo.toml
+        pass_filenames: false
+        types_or: ["rust", "cargo", "cargo-lock"]
+        files: .

Cargo.lock

@@ -0,0 +1,20 @@
+[package]
+name = "pythnet-watcher"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+anyhow = "1.0.98"
+borsh = "0.9.3"
+clap = { version = "4.5.39", features = ["derive", "env"] }
+secp256k1 = { version = "0.31.0", features = ["recovery"] }
+serde = "1.0.219"
+serde_wormhole = "0.1.0"
+sha3 = "0.10.8"
+solana-account-decoder = "2.2.7"
+solana-client = "2.2.7"
+solana-sdk = "2.2.2"
+tokio = "1.45.1"
+tokio-stream = "0.1.17"
+tracing = "0.1.41"
+wormhole-vaas-serde = "0.1.0"

Cargo.toml

@@ -0,0 +1,13 @@
+Copyright 2025 Pyth Contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

LICENSE

@@ -1 +1,52 @@
-# pythnet-watcher
+# Pythnet Watcher
+
+This project is a Rust-based utility for listening to messages on **Pythnet**, processing, and signing them.
+
+---
+
+## 🚀 Getting Started
+
+### 🛠️ Build the Project
+
+```bash
+cargo build --release
+```
+
+Or for development:
+
+```bash
+cargo build
+```
+
+---
+
+### ▶️ Run the Project
+
+You can run the project using `cargo run` by passing the required flags:
+
+```bash
+cargo run -- \
+  --pythnet-url wss://api2.pythnet.pyth.network \
+  --secret-key /path/to/secret.key \
+  --wormhole-pid H3fxXJ86ADW2PNuDDmZJg6mzTtPxkYCpNuQUTgmJ7AjU \
+```
+
+---
+
+### 🌱 Environment Variables (Optional)
+
+Instead of CLI flags, you can also set environment variables:
+
+```bash
+export PYTHNET_URL=wss://api2.pythnet.pyth.network
+export SECRET_KEY=/path/to/secret.key
+export WORMHOLE_PID=H3fxXJ86ADW2PNuDDmZJg6mzTtPxkYCpNuQUTgmJ7AjU
+
+cargo run
+```
+
+---
+
+### 🧪 Testing Locally
+
+To test in a non-production environment (e.g. with devnet or a local Pythnet fork), just provide a different `--pythnet-url` and optionally use custom `--wormhole-pid`.

README.md

@@ -0,0 +1,2 @@
+[toolchain]
+channel = "1.87.0"

rust-toolchain.toml

@@ -0,0 +1,19 @@
+edition = "2021"
+
+# Merge all imports into a clean vertical list of module imports.
+imports_granularity = "One"
+group_imports = "One"
+imports_layout = "Vertical"
+
+# Better grep-ability.
+empty_item_single_line = false
+
+# Consistent pipe layout.
+match_arm_leading_pipes = "Preserve"
+
+# Align Fields
+enum_discrim_align_threshold = 80
+struct_field_align_threshold = 80
+
+# Allow up to two blank lines for visual grouping.
+blank_lines_upper_bound = 2

rustfmt.toml

@@ -0,0 +1,18 @@
+use clap::Parser;
+
+#[derive(Parser, Clone, Debug)]
+pub struct RunOptions {
+    /// The API key to use for auction server authentication.
+    #[arg(long = "pythnet-url", env = "PYTHNET_URL")]
+    pub pythnet_url:     String,
+    /// Path to the file containing the secret key.
+    #[arg(long = "secret-key", env = "SECRET_KEY")]
+    pub secret_key_path: String,
+    /// The Wormhole program ID.
+    #[arg(
+        long = "wormhole-pid",
+        env = "WORMHOLE_PID",
+        default_value = "H3fxXJ86ADW2PNuDDmZJg6mzTtPxkYCpNuQUTgmJ7AjU"
+    )]
+    pub wormhole_pid:    String,
+}

src/config.rs

@@ -0,0 +1,174 @@
+use {
+    borsh::BorshDeserialize,
+    clap::Parser,
+    posted_message::PostedMessageUnreliableData,
+    secp256k1::SecretKey,
+    signed_body::SignedBody,
+    solana_account_decoder::UiAccountEncoding,
+    solana_client::{
+        nonblocking::pubsub_client::PubsubClient,
+        pubsub_client::PubsubClientError,
+        rpc_config::{
+            RpcAccountInfoConfig,
+            RpcProgramAccountsConfig,
+        },
+        rpc_filter::{
+            Memcmp,
+            RpcFilterType,
+        },
+    },
+    solana_sdk::pubkey::Pubkey,
+    std::{
+        fs,
+        str::FromStr,
+        time::Duration,
+    },
+    tokio::time::sleep,
+    tokio_stream::StreamExt,
+    wormhole_sdk::{
+        vaa::Body,
+        Address,
+        Chain,
+    },
+};
+
+mod config;
+mod posted_message;
+mod signed_body;
+
+struct ListenerConfig {
+    ws_url:              String,
+    secret_key:          SecretKey,
+    wormhole_pid:        Pubkey,
+    accumulator_address: Pubkey,
+}
+
+fn find_message_pda(wormhole_pid: &Pubkey, slot: u64) -> Pubkey {
+    let ring_index = (slot % 10_000) as u32;
+    Pubkey::find_program_address(
+        &[b"AccumulatorMessage", &ring_index.to_be_bytes()],
+        wormhole_pid,
+    )
+    .0
+}
+
+async fn run_listener(config: ListenerConfig) -> Result<(), PubsubClientError> {
+    let client = PubsubClient::new(config.ws_url.as_str()).await?;
+    let (mut stream, unsubscribe) = client
+        .program_subscribe(
+            &config.wormhole_pid,
+            Some(RpcProgramAccountsConfig {
+                filters:        Some(vec![RpcFilterType::Memcmp(Memcmp::new(
+                    0,
+                    solana_client::rpc_filter::MemcmpEncodedBytes::Bytes(b"msu".to_vec()),
+                ))]),
+                account_config: RpcAccountInfoConfig {
+                    encoding:         Some(UiAccountEncoding::Base64),
+                    data_slice:       None,
+                    commitment:       Some(
+                        solana_sdk::commitment_config::CommitmentConfig::confirmed(),
+                    ),
+                    min_context_slot: None,
+                },
+                with_context:   None,
+                sort_results:   None,
+            }),
+        )
+        .await?;
+
+    while let Some(update) = stream.next().await {
+        if find_message_pda(&config.wormhole_pid, update.context.slot).to_string()
+            != update.value.pubkey
+        {
+            continue; // Skip updates that are not for the expected PDA
+        }
+
+        let unreliable_data: PostedMessageUnreliableData = {
+            let data = match update.value.account.data.decode() {
+                Some(data) => data,
+                None => {
+                    tracing::error!("Failed to decode account data");
+                    continue;
+                }
+            };
+
+            match BorshDeserialize::deserialize(&mut data.as_slice()) {
+                Ok(data) => data,
+                Err(e) => {
+                    tracing::error!(error = ?e, "Invalid unreliable data format");
+                    continue;
+                }
+            }
+        };
+
+        if Chain::Pythnet != unreliable_data.emitter_chain.into() {
+            continue;
+        }
+        if config.accumulator_address != Pubkey::from(unreliable_data.emitter_address) {
+            continue;
+        }
+
+        let body = Body {
+            timestamp:         unreliable_data.submission_time,
+            nonce:             unreliable_data.nonce,
+            emitter_chain:     unreliable_data.emitter_chain.into(),
+            emitter_address:   Address(unreliable_data.emitter_address),
+            sequence:          unreliable_data.sequence,
+            consistency_level: unreliable_data.consistency_level,
+            payload:           unreliable_data.payload.clone(),
+        };
+
+        match SignedBody::try_new(body, config.secret_key) {
+            Ok(signed_body) => println!("Signed Body: {:?}", signed_body),
+            Err(e) => tracing::error!(error = ?e, "Failed to sign body"),
+        };
+    }
+
+    tokio::spawn(async move { unsubscribe().await });
+
+    Err(PubsubClientError::ConnectionClosed(
+        "Stream ended".to_string(),
+    ))
+}
+
+fn load_secret_key(path: String) -> SecretKey {
+    let bytes = fs::read(path.clone()).expect("Invalid secret key file");
+    if bytes.len() == 32 {
+        let byte_array: [u8; 32] = bytes.try_into().expect("Invalid secret key length");
+        return SecretKey::from_byte_array(byte_array).expect("Invalid secret key length");
+    }
+
+    let content = fs::read_to_string(path)
+        .expect("Invalid secret key file")
+        .trim()
+        .to_string();
+    SecretKey::from_str(&content).expect("Invalid secret key")
+}
+
+#[tokio::main]
+async fn main() {
+    let run_options = config::RunOptions::parse();
+    let secret_key = load_secret_key(run_options.secret_key_path);
+    let client = PubsubClient::new(&run_options.pythnet_url)
+        .await
+        .expect("Invalid WebSocket URL");
+    drop(client); // Drop the client to avoid holding the connection open
+    let accumulator_address = Pubkey::from_str("G9LV2mp9ua1znRAfYwZz5cPiJMAbo1T6mbjdQsDZuMJg")
+        .expect("Invalid accumulator address");
+    let wormhole_pid =
+        Pubkey::from_str(&run_options.wormhole_pid).expect("Invalid Wormhole program ID");
+
+    loop {
+        if let Err(e) = run_listener(ListenerConfig {
+            ws_url: run_options.pythnet_url.clone(),
+            secret_key,
+            wormhole_pid,
+            accumulator_address,
+        })
+        .await
+        {
+            tracing::error!(error = ?e, "Error listening to messages");
+            sleep(Duration::from_millis(200)).await; // Wait before retrying
+        }
+    }
+}

src/main.rs

@@ -0,0 +1,104 @@
+use {
+    borsh::{
+        BorshDeserialize,
+        BorshSerialize,
+    },
+    serde::{
+        Deserialize,
+        Serialize,
+    },
+    std::{
+        io::{
+            Error,
+            ErrorKind::InvalidData,
+            Write,
+        },
+        ops::{
+            Deref,
+            DerefMut,
+        },
+    },
+};
+
+#[derive(Default, Debug, Clone)]
+pub struct PostedMessageUnreliableData {
+    pub message: MessageData,
+}
+
+#[derive(Debug, Default, BorshSerialize, BorshDeserialize, Clone, Serialize, Deserialize)]
+pub struct MessageData {
+    /// Header of the posted VAA
+    pub vaa_version: u8,
+
+    /// Level of consistency requested by the emitter
+    pub consistency_level: u8,
+
+    /// Time the vaa was submitted
+    pub vaa_time: u32,
+
+    /// Account where signatures are stored
+    pub vaa_signature_account: [u8; 32],
+
+    /// Time the posted message was created
+    pub submission_time: u32,
+
+    /// Unique nonce for this message
+    pub nonce: u32,
+
+    /// Sequence number of this message
+    pub sequence: u64,
+
+    /// Emitter of the message
+    pub emitter_chain: u16,
+
+    /// Emitter of the message
+    pub emitter_address: [u8; 32],
+
+    /// Message payload
+    pub payload: Vec<u8>,
+}
+
+impl BorshSerialize for PostedMessageUnreliableData {
+    fn serialize<W: Write>(&self, writer: &mut W) -> std::io::Result<()> {
+        writer.write_all(b"msu")?;
+        BorshSerialize::serialize(&self.message, writer)
+    }
+}
+
+impl BorshDeserialize for PostedMessageUnreliableData {
+    fn deserialize(buf: &mut &[u8]) -> std::io::Result<Self> {
+        if buf.len() < 3 {
+            return Err(Error::new(InvalidData, "Not enough bytes"));
+        }
+
+        let expected = b"msu";
+        let magic: &[u8] = &buf[0..3];
+        if magic != expected {
+            return Err(Error::new(
+                InvalidData,
+                format!(
+                    "Magic mismatch. Expected {:?} but got {:?}",
+                    expected, magic
+                ),
+            ));
+        };
+        *buf = &buf[3..];
+        Ok(PostedMessageUnreliableData {
+            message: <MessageData as BorshDeserialize>::deserialize(buf)?,
+        })
+    }
+}
+
+impl Deref for PostedMessageUnreliableData {
+    type Target = MessageData;
+
+    fn deref(&self) -> &Self::Target {
+        &self.message
+    }
+}
+
+impl DerefMut for PostedMessageUnreliableData {
+    fn deref_mut(&mut self) -> &mut Self::Target {
+        &mut self.message
+    }
+}

src/posted_message.rs

@@ -0,0 +1,35 @@
+use {
+    secp256k1::{
+        Message,
+        Secp256k1,
+        SecretKey,
+    },
+    serde::Serialize,
+    wormhole_sdk::vaa::Body,
+};
+
+#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
+pub struct SignedBody<P> {
+    pub version:   u8,
+    pub signature: [u8; 65],
+    pub body:      Body<P>,
+}
+
+impl<P: Serialize> SignedBody<P> {
+    pub fn try_new(body: Body<P>, secret_key: SecretKey) -> Result<Self, anyhow::Error> {
+        let digest = body.digest()?;
+        let signature = Secp256k1::new()
+            .sign_ecdsa_recoverable(Message::from_digest(digest.secp256k_hash), &secret_key);
+        let (recovery_id, signature_bytes) = signature.serialize_compact();
+        let recovery_id: i32 = recovery_id.into();
+        let mut signature = [0u8; 65];
+        signature[..64].copy_from_slice(&signature_bytes);
+        signature[64] = recovery_id as u8;
+
+        Ok(Self {
+            version: 1,
+            signature,
+            body,
+        })
+    }
+}