datahaven

mirror of https://github.com/datahaven-xyz/datahaven synced 2026-05-24 09:50:01 +00:00

History

Gonza Montiel 733218ac79 fix: 🛡️ Check origin for validator set messages (#343 ) ### Context The function `v2_sendMessage()` on Snowbridge Gateway contract is permissionless (I'm shocked this is the design choice). Any EOA/contract on Ethereum can build a message and send it through our DH bridge. While we don't change our Snowbridge fork, then this will continue to be the case. ### Problem We use `v2_sendMessage()` to send permissioned operations to our chain. For instance: update our validator set message (coming next, _slashing-related_ messages). So we do need to restrict the processing of the incoming messages on the Substrate side. ### Fix - I've added a check to `EigenLayerMessageProcessor` that enforces `message.origin` to be only a configured `AuthorisedOrigin`. - I've added an `AuthorisedOrigin` to `pallet_external_validators::Config` - I've configured the `AuthorisedOrigin` to be `DatahavenServiceManagerAddress` in all three runtimes ### Stages - [x] Implementation - [x] Runtime integration tests - [x] Collect `DatahavenServiceManagerAddress` parameter for e2e tests to work Fixes https://github.com/datahaven-xyz/sr-datahaven/issues/12 --------- Co-authored-by: Steve Degosserie <723552+stiiifff@users.noreply.github.com>	2025-12-15 14:11:08 +01:00
..
bridge	fix: 🛡️ Check origin for validator set messages (#343 )	2025-12-15 14:11:08 +01:00
snowbridge	fix: 🔨 Update Snowbridge Ethereum network configuration with correct genesis hashes and fork versions (#310 )	2025-12-02 12:49:18 +01:00

fix: 🛡️ Check origin for validator set messages (#343 )

### Context
The function `v2_sendMessage()` on Snowbridge Gateway contract is
**permissionless** (I'm shocked this is the design choice). Any
EOA/contract on Ethereum can build a message and send it through our DH
bridge. While we don't change our Snowbridge fork, then this will
continue to be the case.

### Problem
We use `v2_sendMessage()` to send **permissioned** operations to our
chain. For instance: update our validator set message (coming next,
_slashing-related_ messages). So we do need to restrict the processing
of the incoming messages on the Substrate side.

### Fix
- I've added a check to `EigenLayerMessageProcessor` that enforces
`message.origin` to be only a configured `AuthorisedOrigin`.
- I've added an `AuthorisedOrigin` to
`pallet_external_validators::Config`
- I've configured the `AuthorisedOrigin` to be
`DatahavenServiceManagerAddress` in all three runtimes

### Stages
- [x] Implementation
- [x] Runtime integration tests
- [x] Collect `DatahavenServiceManagerAddress` parameter for e2e tests
to work

Fixes https://github.com/datahaven-xyz/sr-datahaven/issues/12

---------

Co-authored-by: Steve Degosserie <723552+stiiifff@users.noreply.github.com>

2025-12-15 14:11:08 +01:00

bridge

fix: 🛡️ Check origin for validator set messages (#343 )

2025-12-15 14:11:08 +01:00

snowbridge

fix: 🔨 Update Snowbridge Ethereum network configuration with correct genesis hashes and fork versions (#310 )

2025-12-02 12:49:18 +01:00