solana: timelock preloading ops authority #474
Conversation
jadepark-dev
changed the title
jadepark-dev
changed the title
…tractkit/chainlink-ccip into solana/timelock-preload-op-auth
| @@ -171,6 +172,8 @@ func (value TimelockError) String() string { | |||
| return "OperationNotCancellable" | |||
| case OperationNotReady_TimelockError: | |||
| return "OperationNotReady" | |||
| case OperationAlreadyExecuted_TimelockError: | |||
| return "OperationAlreadyExecuted" | |||
There was a problem hiding this comment.
note: on attempt on bypasser execute already executed operation
| err = common.GetAccountDataBorshInto(ctx, solanaGoClient, opToSchedule.OperationPDA(), config.DefaultCommitment, &opAccount) | ||
| if err != nil { | ||
| require.NoError(t, err, "failed to get account info") | ||
| if bytes.Equal(op.Data[:8], timelock.Instruction_ScheduleBatch[:]) { |
There was a problem hiding this comment.
note: filtering schedule_batch instruction only to verify event emission, since preload ixs are in mcm operations together
| pub struct BypasserExecuteBatch<'info> { | ||
| #[account( | ||
| mut, | ||
| seeds = [TIMELOCK_OPERATION_SEED, timelock_id.as_ref(), id.as_ref()], | ||
| bump, | ||
| constraint = operation.is_finalized @ TimelockError::OperationNotFinalized, | ||
| constraint = !operation.is_done() @ TimelockError::OperationAlreadyExecuted, | ||
| close = authority, // close the operation after execution |
There was a problem hiding this comment.
note: bypasser_execution operation management, the operation is needed to be pre-uploaded, but it shouldn't affect normal schedule/execute workflow so we're closing the account
| @@ -23,44 +23,46 @@ pub enum TimelockError { | |||
| #[msg("Provided ID is invalid")] | |||
| InvalidId, | |||
|
|
|||
| #[msg("RBACTimelock: operation not finalized")] | |||
| #[msg("operation not finalized")] | |||
There was a problem hiding this comment.
note: clean up error messages but subject to change on the off-chain requirement
| @@ -78,8 +80,6 @@ pub fn execute_batch<'info>( | |||
| }); | |||
| } | |||
|
|
|||
| require!(op.is_ready(current_time), TimelockError::OperationNotReady); | |||
There was a problem hiding this comment.
note: In the EVM-based version, we do a second is_ready check after executing all calls to guard against reentrancy mid-transaction, which might invalidate the operation. On Solana, however, each instruction is atomic and there is no reentrancy model that would allow an external actor to modify our operation state during its execution. Therefore, the second check is unnecessary here.
| /// Implementation uses separate code paths and PDAs for each operation type | ||
| /// to maintain clear security boundaries and audit trails, despite similar logic. | ||
| /// All operations enforce state transitions, size limits, and role-based access. | ||
| /// |
There was a problem hiding this comment.
note: while it is technically possible to reduce the number of lines between normal / bypasser operation management instructions by employing dynamic seeds or Anchor macro in this file, having analyzed the implementation, I found that it rendered the interface overly complex and substantially reduced readability.
|
- Address [latest breaking change](smartcontractkit/chainlink-ccip#474) from the solana program to incorporate new bypasser seed - updated e2e JIRA: https://smartcontract-it.atlassian.net/browse/DPA-1494
- Address [latest breaking change](smartcontractkit/chainlink-ccip#474) from the solana program to incorporate new bypasser seed - updated e2e JIRA: https://smartcontract-it.atlassian.net/browse/DPA-1494
- Address [latest breaking change](smartcontractkit/chainlink-ccip#474) from the solana program to incorporate new bypasser seed - updated e2e JIRA: https://smartcontract-it.atlassian.net/browse/DPA-1494
…s latest breaking change (#271) Dependent on [this PR](#270) updating the rest of the [API breaking change](smartcontractkit/chainlink-ccip#474). - Uses the new seed `timelock_bypasser_operation` for bypass operation for timelock converter. - Preload instructions for timelock bypasser from initialise to finalize - Updated e2e JIRA: https://smartcontract-it.atlassian.net/browse/DPA-1494
This PR enhances operation authority management and separates proposer/bypasser operation paths
Primary Changes
Others