Add verifier to pyth evm contract #2784
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
7 Skipped Deployments
|
danimhr
force-pushed
the
feat/evm-wormhole-backup
branch
from
20858ee to
0bc888b
Compare
| // uint trailingHeaderOffset = offset | ||
| // uint x = UnsafeBytesLib.ToUint8(accumulatorUpdate, trailingHeaderOffset) | ||
| // trailingHeaderOffset += 1 | ||
| uint trailingHeaderOffset = offset; |
There was a problem hiding this comment.
shall we change MINIMUM_ALLOWED_MINOR_VERSION?
There was a problem hiding this comment.
Why do we need to change that?
There was a problem hiding this comment.
it is a metadata to tell us on which version we are right now and reject messages with older minor version. if we don't check it and this gets upgraded before Hermes there might be problems.
| // uint x = UnsafeBytesLib.ToUint8(accumulatorUpdate, trailingHeaderOffset) | ||
| // trailingHeaderOffset += 1 | ||
| uint trailingHeaderOffset = offset; | ||
| signer = Signer( |
There was a problem hiding this comment.
i've lost my solidity knowledge here, what would happen if this byte does not fit in Signer (which accepts only 0 and 1). let's check it if it's an undefined behaviour.
| @@ -37,7 +37,8 @@ contract PythGovernanceInstructions { | |||
| SetWormholeAddress, // 6 | |||
| SetFeeInToken, // 7 - No-op for EVM chains | |||
| SetTransactionFee, // 8 | |||
| WithdrawFee // 9 | |||
| WithdrawFee, // 9 | |||
| SetVerifierAddress // 10 | |||
There was a problem hiding this comment.
note for the future: we need to support it in governance sdk in TS
| // uint trailingHeaderOffset = offset | ||
| // uint x = UnsafeBytesLib.ToUint8(accumulatorUpdate, trailingHeaderOffset) | ||
| // trailingHeaderOffset += 1 | ||
| uint trailingHeaderOffset = offset; |
There was a problem hiding this comment.
it is a metadata to tell us on which version we are right now and reject messages with older minor version. if we don't check it and this gets upgraded before Hermes there might be problems.
Summary
This PR introduces support for a backup verifier in the Pyth EVM contract to enhance reliability when verifying VAAs.
Rationale
Pyth currently verifies VAAs exclusively using Wormhole. This creates a single point of failure: if Wormhole becomes unavailable or its guardians are unable to sign messages, Pyth will be unable to verify updates, potentially causing disruptions.
To address this, we’ve integrated a backup verifier into the contract. If Wormhole fails, the new verifier—with its own guardian set—can independently approve and verify VAAs. As a result, Pyth can continue to function even if Wormhole is down. Only if both the Wormhole and backup verifier guardian sets are unavailable will VAA verification become impossible.
This change improves the resilience and fault tolerance of the system without affecting current functionality.
How has this been tested?