EthBridge storage should only be modifiable by protocol transactions

[james-chf]

Relates to anoma/namada#114 - Depends on #1066 - this branch is based off of james/1059/eth-bridge-vp and this PR is targeting that branch for the time being to get a better diff.

• add a new type of protocol transaction - EthereumBridgeUpdate(Tx) - and allow the wrapped Tx to be executed
• add tx_enqueue_eth_transfer.wasm which modifies the /queue key under the Ethereum bridge account's storage - currently it just writes the data of the transaction directly to it, but in a future update it will manipulate the queue structure there properly
• make the Ethereum bridge validity predicate reject any transaction which does not have its data signed with an active validator's protocol key
• add an end-to-end test exercising a successful protocol transaction
• some end-to-end test helpers (may be moved into a separate PR)

Still to come after this PR

• protocol transactions themselves will be verified against active validator's protocol keys rather than a bundled public key as is currently the case
• transactions that modify Ethereum bridge account storage (and perhaps all protocol transactions in general) may be restricted to have to be signed by the block proposer rather than any active validator

Testing

To run end-to-end tests, assuming you already have wasm/s built except for the new one(s) added in this PR, run:

export RUST_BACKTRACE=short
export ANOMA_E2E_KEEP_TEMP=true
export ANOMA_E2E_DEBUG=true
make -C wasm/wasm_source tx_enqueue_eth_transfer
make checksum-wasm

• using ABCI

cargo test \
  eth_bridge -- \
    --test-threads=1 \
    --nocapture

• using ABCI++ (currently the Tendermint client fails when trying to submit a transaction with an error like "Internal error: timed out waiting for tx to be included in a block (code: -32603)")

# ensure tendermint++ is built from this commit - https://github.com/tendermint/tendermint/commit/f40884911
export TENDERMINT=${HOME}/bin/tendermint++

cargo test \
 --no-default-features \
 --features "ABCI-plus-plus" \
 eth_bridge -- \
     --test-threads=1 \
     --nocapture

[james-chf]

pls update wasm

[james-chf]

pls update wasm

[james-chf]

pls update wasm

[james-chf]

pls update wasm

[james-chf]

I have a helper utility for submitting protocol transactions I can publish in another repo

[james-chf]

I'm not sure about this docstring as we have a catchall case (_ =>) which would do things for other TxTypes. I'd say we should remove this caveat from the docstring and replace the _ => with an explicit match arm for each TxType, then we should also get a compile error to make us update this fn if we introduced a new TxType.

[james-chf]

This isn't a great location, not sure where to put it. It's a struct used in the tx_write_storage_key test wasm, and also in the e2e tests which constructs the serialized tx.data for a tx_write_storage_key transaction.

[james-chf]

This test runs with cargo test get_abs_path but isn't currently running in CI

[james-chf]

If submitting a protocol transaction, tx_data ends up being the tx.data field of the innermost Tx (i.e. the one wrapped by EthereumBridgeUpdate(Tx)), which should be a Signed { data, sig } if the protocol transaction is constructed correctly.

In the case of submitting a regular transaction, it seems to end up being a SignedTxData, which I think must be the tx.data field of the outermost Tx that actually gets submitted to Tendermint RPC.

I haven't looked closely yet at why there is this difference, it could be just to do with the way this branch is coded currently, but the VP will reject as it can't deserialize that to a Signed, if it gets that far.

[james-chf]

I had to put a fair bit of logging while developing and unsure how much to remove, I guess it would add to gas cost

[james-chf]

pls update wasm

[james-chf]

pls update wasm

[james-chf]

I will pick what's useful from this branch to other branch(es) since transactions to modify the Ethereum bridge may be applied internally rather than via Tendermint