Merge branch 'develop' into upgrade-contract

.github/actions/upgrade-testing/create_genesis.py

@@ -0,0 +1,45 @@
+import json
+import os
+
+genesis = open(os.environ["NEW_GENESIS"], "r").read()
+genesis_json_object = json.loads(genesis)
+
+exported_genesis = open(os.environ["OLD_GENESIS"], "r").read()
+exported_genesis_json_object = json.loads(exported_genesis)
+
+crosschain = exported_genesis_json_object["app_state"]["crosschain"]
+observer = exported_genesis_json_object["app_state"]["observer"]
+emissions = exported_genesis_json_object["app_state"]["emissions"]
+fungible = exported_genesis_json_object["app_state"]["fungible"]
+evm = exported_genesis_json_object["app_state"]["evm"]
+auth_accounts = exported_genesis_json_object["app_state"]["auth"]["accounts"]
+
+genesis_json_object["app_state"]["auth"]["accounts"] = genesis_json_object["app_state"]["auth"]["accounts"] + auth_accounts
+genesis_json_object["app_state"]["crosschain"] = crosschain
+genesis_json_object["app_state"]["observer"] = observer
+genesis_json_object["app_state"]["emissions"] = emissions
+genesis_json_object["app_state"]["fungible"] = fungible
+
+evm_accounts = []
+for index, account in enumerate(evm["accounts"]):
+    if account["address"] == "0x0000000000000000000000000000000000000001":
+        print("pop account", account["address"])
+    elif account["address"] == "0x0000000000000000000000000000000000000006":
+        print("pop account", account["address"])
+    elif account["address"] == "0x0000000000000000000000000000000000000002":
+        print("pop account", account["address"])
+    elif account["address"] == "0x0000000000000000000000000000000000000002":
+        print("pop account", account["address"])
+    elif account["address"] == "0x0000000000000000000000000000000000000008":
+        print("pop account", account["address"])
+    else:
+        evm_accounts.append(account)
+
+evm["accounts"] = evm_accounts
+genesis_json_object["app_state"]["evm"] = evm
+
+genesis = open("genesis-edited.json", "w")
+genesis_string = json.dumps(genesis_json_object, indent=2)
+dumped_genesis_object = genesis_string.replace("0x0000000000000000000000000000000000000001","0x387A12B28fe02DcAa467c6a1070D19B82F718Bb5")
+genesis.write(genesis_string)
+genesis.close()

.github/labeler.yml

@@ -4,3 +4,6 @@ breaking:proto:
 breaking:cli:
   - "x/*/client/cli/*.go"
   - "cmd/**/*.go"
+
+ci:
+  - ".github/**"

.github/workflows/sast-linters.yml

@@ -25,18 +25,41 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
-          go-version: 1.19
+          go-version: '1.20'
 
       # - name: Install Pipeline Dependencies
       #   uses:  ./.github/actions/install-dependencies
 
       - name: Run Gosec Security Scanner
-        run: |
-          export PATH=$PATH:$(go env GOPATH)/bin
-          go install github.com/securego/gosec/v2/cmd/gosec@latest
-          gosec ./...
+        uses: securego/gosec@master
+        with:
+          args: ./...
+
+  gosec-cosmos:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.20'
+
+      # - name: Install Pipeline Dependencies
+      #   uses:  ./.github/actions/install-dependencies
+
+      - name: Run Cosmos Gosec Security Scanner
+        uses: cosmos/gosec@master
+        with:
+          args: './... -include=G701,G703,G704' # Disabled G702 as it doesn't seem to be relevant 2023-09-14
+
 
   git-guardian:
     runs-on: ubuntu-latest
@@ -59,24 +82,105 @@ jobs:
 
   lint:
     runs-on: ubuntu-latest
-    timeout-minutes: 10
+    timeout-minutes: 15
     env:
       GO111MODULE: on
     steps:
       - name: Checkout Source
         uses: actions/checkout@v2
-
+        with:
+          fetch-depth: 0
+
       # - name: Install Pipeline Dependencies
       #   uses:  ./.github/actions/install-dependencies
 
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.19
+          go-version: '1.20'
 
       - name: Run golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.50
+          version: v1.54
           skip-cache: true
-          args: --timeout=30m
+          args: --timeout=15m
+
+  nosec_alert:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Getting files updated in the PR
+        id: changed-files
+        uses: tj-actions/changed-files@v39
+        with:
+          base_sha: ${{ github.event.pull_request.base.sha }} 
+
+      - name: List all changed files
+        run: |
+          for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
+            echo "$file was changed"
+          done
+
+      - name: Report nosec usage
+        run: |
+          nosec_list=()
+          nosec_detected=0
+          echo "Changed files: ${{ steps.changed-files.outputs.all_changed_files }}"
+                    
+          for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
+            if git diff ${{ github.event.pull_request.base.sha }} $file | grep -q nosec; then
+              echo "nosec detected in $file"
+              nosec_list+=("$file,")
+              nosec_detected=1
+            else
+              echo "nosec not detected in $file"
+            fi
+          done
+
+          nosec_list_string="${nosec_list[@]}"
+          nosec_list_string="${nosec_list_string%,}"
+          echo "nosec_files=$nosec_list_string" >> $GITHUB_ENV
+          echo "nosec_detected=$nosec_detected" >> $GITHUB_ENV
+
+      - name: Report nosec uses
+        uses: mshick/add-pr-comment@v2
+        if: env.nosec_detected == 1
+        with:
+          message: |
+            *!!!WARNING!!!*
+            `nosec` detected in the following files: ${{ env.nosec_files }}
+
+            Be very careful about using `#nosec` in code. It can be a quick way to suppress security warnings and move forward with development, it should be employed with caution. Suppressing warnings with #nosec can hide potentially serious vulnerabilities. Only use #nosec when you're absolutely certain that the security issue is either a false positive or has been mitigated in another way.
+
+            Only suppress a single rule (or a specific set of rules) within a section of code, while continuing to scan for other problems. To do this, you can list the rule(s) to be suppressed within the #nosec annotation, e.g: /* #nosec G401 */ or //#nosec G201 G202 G203
+            Broad `#nosec` annotations should be avoided, as they can hide other vulnerabilities. **The CI will block you from merging this PR until you remove `#nosec` annotations that do not target specific rules**.
+
+            Pay extra attention to the way `#nosec` is being used in the files listed above. 
+
+      - name: Add Label
+        uses: actions/github-script@v6
+        if: env.nosec_detected == 1
+        with:
+          script: |
+            github.rest.issues.addLabels({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: ["nosec"]
+            })
+
+      - name: Check for '#nosec' without a specific rule
+        run: |
+          DIFF=$(git diff ${{ github.event.pull_request.base.sha }})
+          echo "$DIFF" | grep -P '#nosec(?!(\sG\d{3}))(?![^\s\t])([\s\t]*|$)' && echo "nosec without specified rule found!" && exit 1 || exit 0
+
+
+          

.github/workflows/upgrade_path_testing.yaml

@@ -0,0 +1,153 @@
+name: "UPGRADE_PATH_TESTING"
+
+on:
+  workflow_dispatch:
+    inputs:
+      runner:
+        description: 'Select an Runner Set'
+        type: choice
+        required: true
+        default: 'zeta-runners-athens3'
+        options: [ 'zeta-runners', 'zeta-runners-athens3']
+      version:
+        description: 'The new version to upgrade to from latest state.'
+        required: true
+        default: 'v10.0.0'
+
+
+
+jobs:
+  upgrade_path_test_state_export:
+    name: "UPGRADE_PATH_TEST_STATE_EXPORT"
+    runs-on: ["${{ github.event.inputs.runner }}"]
+    env:
+      latest_state_export: "https://zetachain-external-files.s3.amazonaws.com/state-export/athens3/latest.json"
+      github_binary_version_link: "https://github.com/zeta-chain/node/releases/download/${{ github.event.inputs.version }}/zetacored-ubuntu-22-amd64"
+      downloaded_binary_name: "zetacored-ubuntu-22-amd64"
+      aws_region: "us-east-1"
+    steps:
+      - uses: actions/checkout@v1
+
+      - id: install-aws-cli
+        uses: unfor19/install-aws-cli-action@v1
+        with:
+          version: 2
+
+      - name: "DOWNLOAD_STATE_EXPORT_AND_BINARY"
+        shell: python
+        run: |
+          wget ${latest_state_export}
+          wget github_binary_version_link
+          current_version=$(curl https://rpc-archive.athens.zetachain.com:26657/abci_info -s | jq .result.response.version -r | tr -d '\n')
+          wget https://github.com/zeta-chain/node/releases/download/${current_version}/zetacored-ubuntu-22-amd64 -O ./zetacored
+          echo "PATH=$(pwd):$PATH" >> ${GITHUB_ENV}
+
+      - name: "START_TESTING_NETWORK"
+        shell: shell
+        run: |
+          export DAEMON_HOME=~/.zetacored
+          
+          export DAEMON_NAME=zetacored
+          
+          export CHAINID="localnet_101-1"
+          
+          export KEYRING="test"
+          
+          rm -rf ~/.zetacored
+          
+          kill -9 $(lsof -ti:26657)
+          
+          zetacored config keyring-backend $KEYRING --home ~/.zetacored
+          
+          zetacored config chain-id $CHAINID --home ~/.zetacored
+          
+          zetacored keys delete zetaa --keyring-backend $KEYRING -y > /dev/null 2>&1 || echo "doesn't exist"
+          zetacored keys delete executer_zeta --keyring-backend $KEYRING -y > /dev/null 2>&1 || echo "doesn't exist"
+          zetacored keys delete mario --keyring-backend $KEYRING -y > /dev/null 2>&1  || echo "doesn't exist"
+          zetacored keys delete executer_mario --keyring-backend $KEYRING -y > /dev/null 2>&1 || echo "doesn't exist"
+          
+          echo "race draft rival universe maid cheese steel logic crowd fork comic easy truth drift tomorrow eye buddy head time cash swing swift midnight borrow" | zetacored keys add zeta --algo=secp256k1 --recover --keyring-backend=$KEYRING
+          echo "hand inmate canvas head lunar naive increase recycle dog ecology inhale december wide bubble hockey dice worth gravity ketchup feed balance parent secret orchard" | zetacored keys add mario --algo secp256k1 --recover --keyring-backend=$KEYRING
+          echo "lounge supply patch festival retire duck foster decline theme horror decline poverty behind clever harsh layer primary syrup depart fantasy session fossil dismiss east" | zetacored keys add executer_zeta --recover --keyring-backend=$KEYRING --algo secp256k1
+          echo "debris dumb among crew celery derive judge spoon road oyster dad panic adult song attack net pole merge mystery pig actual penalty neither peasant"| zetacored keys add executer_mario --algo=secp256k1 --recover --keyring-backend=$KEYRING
+          
+          echo '
+          [
+            {
+              "IsObserver": "y",
+              "ObserverAddress": "zeta13c7p3xrhd6q2rx3h235jpt8pjdwvacyw6twpax",
+              "ZetaClientGranteeAddress": "zeta10up34mvwjhjd9xkq56fwsf0k75vtg287uav69n",
+              "ZetaClientGranteePubKey": "zetapub1addwnpepqtlu7fykuh875xjckz4mn4x0mzc25rrqk5qne7mrwxqmatgllv3nx6lrkdp"
+            },
+            {
+              "IsObserver": "y",
+              "ObserverAddress": "zeta1f203dypqg5jh9hqfx0gfkmmnkdfuat3jr45ep2",
+              "ZetaClientGranteeAddress": "zeta1unzpyll3tmutf0r8sqpxpnj46vtdr59mw8qepx",
+              "ZetaClientGranteePubKey": "zetapub1addwnpepqwy5pmg39regpq0gkggxehmfm8hwmxxw94sch7qzh4smava0szs07kk5045"
+            }
+          ]
+          ' > observers.json
+          
+          zetacored init Zetanode-Localnet --chain-id=$CHAINID
+          
+          #Set config to use azeta
+          cat $DAEMON_HOME/config/genesis.json | jq '.app_state["staking"]["params"]["bond_denom"]="azeta"' > $DAEMON_HOME/config/tmp_genesis.json && mv $DAEMON_HOME/config/tmp_genesis.json $DAEMON_HOME/config/genesis.json
+          cat $DAEMON_HOME/config/genesis.json | jq '.app_state["crisis"]["constant_fee"]["denom"]="azeta"' > $DAEMON_HOME/config/tmp_genesis.json && mv $DAEMON_HOME/config/tmp_genesis.json $DAEMON_HOME/config/genesis.json
+          cat $DAEMON_HOME/config/genesis.json | jq '.app_state["gov"]["deposit_params"]["min_deposit"][0]["denom"]="azeta"' > ~/.zetacored/config/tmp_genesis.json && mv $DAEMON_HOME/config/tmp_genesis.json $DAEMON_HOME/config/genesis.json
+          cat $DAEMON_HOME/config/genesis.json | jq '.app_state["mint"]["params"]["mint_denom"]="azeta"' > $DAEMON_HOME/config/tmp_genesis.json && mv $DAEMON_HOME/config/tmp_genesis.json $DAEMON_HOME/config/genesis.json
+          cat $DAEMON_HOME/config/genesis.json | jq '.app_state["evm"]["params"]["evm_denom"]="azeta"' > $DAEMON_HOME/config/tmp_genesis.json && mv $DAEMON_HOME/config/tmp_genesis.json $DAEMON_HOME/config/genesis.json
+          cat $DAEMON_HOME/config/genesis.json | jq '.consensus_params["block"]["max_gas"]="10000000"' > $DAEMON_HOME/config/tmp_genesis.json && mv $DAEMON_HOME/config/tmp_genesis.json $DAEMON_HOME/config/genesis.json
+          
+          contents="$(jq '.app_state.gov.voting_params.voting_period = "10s"' $DAEMON_HOME/config/genesis.json)" && \
+          echo "${contents}" > $DAEMON_HOME/config/genesis.json
+          
+          sed -i '/\[api\]/,+3 s/enable = false/enable = true/' $DAEMON_HOME/config/app.toml
+          
+          zetacored add-observer-list observers.json --keygen-block=5
+          
+          zetacored gentx zeta 1000000000000000000000azeta --chain-id=$CHAINID --keyring-backend=$KEYRING
+          
+          echo "Collecting genesis txs..."
+          zetacored collect-gentxs
+          
+          echo "Validating genesis file..."
+          zetacored validate-genesis
+          
+          rm -rf ./genesis.json
+          rm -rf ./genesis-edited.json
+          
+          cp $DAEMON_HOME/config/genesis.json ./genesis.json
+        
+          echo "Do Genesis Manipulation"
+          export OLD_GENESIS=./latest.json
+          export NEW_GENESIS=./genesis.json
+          
+          python .github/actions/upgrade-testing/create_genesis.py
+          
+          echo "Move Manipulated Genesis"
+          cp ./genesis-edited.json $DAEMON_HOME/config/genesis.json
+          
+          echo "Start Network"
+          zetacored start
+
+      - name: "DETERMINE_UPGRADE_TYPE"
+        shell: python
+        run: |
+          import os
+          version="${{ github.event.inputs.version }}"
+          major_version = version.split(".")[0]
+          minor_version = version.split(".")[1]
+          sub_version = version.split(".")[2]
+          git_env_file = open(os.environ["GITHUB_ENV"], "a+")
+          if major_version == first_major_version and minor_version != first_minor_version:
+              git_env_file.write("UPGRADE_TYPE=NONCON")
+          elif major_version == first_major_version and minor_version == first_minor_version and sub_version != first_sub_version:
+              git_env_file.write("UPGRADE_TYPE=NONCON")
+          else:
+              git_env_file.write("UPGRADE_TYPE=GOV")
+          git_env_file.close()
+ 
+      - name: "CHECK_UPGRADE_TYPE"
+        shell: shell
+        run: |
+          echo ${UPGRADE_TYPE}

Makefile

@@ -157,6 +157,10 @@ specs:
 	@go run ./scripts/gen-spec.go
 .PHONY: specs
 
+mocks:
+	@echo "--> Generating mocks"
+	@bash ./scripts/mocks-generate.sh
+
 generate: proto openapi specs
 .PHONY: generate
 

common/chain.go

@@ -102,6 +102,12 @@ func IsEVMChain(chainID int64) bool {
 		chainID == 137 // polygon mainnet
 }
 
+func IsEthereum(chainID int64) bool {
+	return chainID == 5 || // Goerli
+		chainID == 1337 || // eth privnet
+		chainID == 1 // eth mainnet
+}
+
 func (chain Chain) IsKlaytnChain() bool {
 	return chain.ChainId == 1001
 }