rebase develop 2

.github/ISSUE_TEMPLATE/bug_report.md

@@ -7,6 +7,8 @@ assignees: ''
 
 ---
 
+<!-- Please apply the 'triage' label if you would like a prioritised response from the team -->
+
 **Describe the Bug**
 A clear and concise description of what the bug is.
 
@@ -21,4 +23,4 @@ If applicable, add screenshots to help explain your problem.
 
 **Environment (please complete the following information):**
 - OS
-- Version used
+- Version used

.github/ISSUE_TEMPLATE/feature_request.md

@@ -7,6 +7,8 @@ assignees: ''
 
 ---
 
+<!-- Please apply the 'triage' label if you would like a prioritised response from the team -->
+
 **Is your feature request related to a problem? Please describe.**
 A clear and concise description of what the problem is.
 

.github/ISSUE_TEMPLATE/syncing.yaml

@@ -1,6 +1,6 @@
 name: Having difficulties setting up or syncing a node
 description: Please fill out the following form to help us understand and resolve your issue with setting up or syncing a node. Provide as much detail as possible to ensure a quick and accurate resolution.
-labels: ["infra"]
+labels: ["infra", "triage"]
 body:
   - type: dropdown
     attributes:

.github/workflows/zetachain-sec-checks.yml

@@ -0,0 +1,26 @@
+name: "CodeQL - ZetaChain Custom checks "
+
+on: [push, pull_request]
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          packs: zeta-chain/protocol-security-codeql  
+      - name: Analyze
+        uses: github/codeql-action/analyze@v3

Dockerfile-localnet

@@ -28,7 +28,7 @@ RUN --mount=type=cache,target="/root/.cache/go-build" \
     make install install-zetae2e
 
 FROM ghcr.io/zeta-chain/golang:1.23.3-bookworm AS cosmovisor-build
-RUN go install cosmossdk.io/tools/cosmovisor/cmd/[email protected].0
+RUN go install cosmossdk.io/tools/cosmovisor/cmd/[email protected].1
 
 FROM ghcr.io/zeta-chain/golang:1.23.3-bookworm AS base-runtime
 

changelog.md

@@ -2,6 +2,10 @@
 
 ## Unreleased
 
+### Breaking Changes
+
+* The CCTX List RPC (`/zeta-chain/crosschain/cctx`) will now return CCTXs ordered by creation time. CCTXs from before the upgrade will not be displayed. Use the `?unordered=true` parameter to revert to the old behavior.
+
 ### Features
 
 * [3414](https://github.com/zeta-chain/node/pull/3414) - support advanced abort workflow (onAbort)
@@ -10,13 +14,17 @@
 * [3455](https://github.com/zeta-chain/node/pull/3455) - add `track-cctx` command to zetatools
 * [3506](https://github.com/zeta-chain/node/pull/3506) - define `ConfirmationMode` enum and add it to `InboundParams`, `OutboundParams`, `MsgVoteInbound` and `MsgVoteOutbound`
 * [3469](https://github.com/zeta-chain/node/pull/3469) - add `MsgRemoveInboundTracker` to remove inbound trackers. This message can be triggered by the emergency policy.
-* [3450](https://github.com/zeta-chain/node/pull/3450) - SOL withdraw and call integration
+* [3450](https://github.com/zeta-chain/node/pull/3450) - integrate SOL withdraw and call
 * [3538](https://github.com/zeta-chain/node/pull/3538) - implement `MsgUpdateOperationalChainParams` for updating operational-related chain params with operational policy
-* [3534] (https://github.com/zeta-chain/node/pull/3534) - Add Sui deposit & depositAndCall
+* [3534](https://github.com/zeta-chain/node/pull/3534) - Add Sui deposit & depositAndCall
 * [3541](https://github.com/zeta-chain/node/pull/3541) - implement `MsgUpdateZRC20Name` to update the name or symbol of a ZRC20 token
-* [3520](https://github.com/zeta-chain/node/pull/3520) - SPL withdraw and call integration
 * [3439](https://github.com/zeta-chain/node/pull/3439) - use protocol contracts V2 with TON deposits
+* [3520](https://github.com/zeta-chain/node/pull/3520) - integrate SPL withdraw and call
+* [3527](https://github.com/zeta-chain/node/pull/3527) - integrate SOL/SPL withdraw and call revert
 * [3522](https://github.com/zeta-chain/node/pull/3522) - add `MsgDisableFastConfirmation` to disable fast confirmation. This message can be triggered by the emergency policy.
+* [3548](https://github.com/zeta-chain/node/pull/3548) - ensure cctx list is sorted by creation time
+* [3562](https://github.com/zeta-chain/node/pull/3562) - add Sui withdrawals
+* [3600](https://github.com/zeta-chain/node/pull/3600) - add dedicated zetaclient restricted addresses config. This file will be automatically reloaded when it changes without needing to restart zetaclient.
 
 ### Refactor
 
@@ -28,11 +36,14 @@
 * [3501](https://github.com/zeta-chain/node/pull/3501) - fix E2E test failure caused by nil `ConfirmationParams` for Solana and TON
 * [3509](https://github.com/zeta-chain/node/pull/3509) - schedule Bitcoin TSS keysign on interval to avoid TSS keysign spam
 * [3517](https://github.com/zeta-chain/node/pull/3517) - remove duplicate gateway event appending to fix false positive on multiple events in same tx
+* [3602](https://github.com/zeta-chain/node/pull/3602) - hardcode gas limits to avoid estimate gas calls
 
 ### Tests
 
 * [3430](https://github.com/zeta-chain/node/pull/3430) - add simulation test for MsgWithDrawEmission
 * [3503](https://github.com/zeta-chain/node/pull/3503) - add check in e2e test to ensure deletion of stale ballots
+* [3536](https://github.com/zeta-chain/node/pull/3536) - add e2e test for upgrading solana gateway program
+* [3560](https://github.com/zeta-chain/node/pull/3560) - initialize Sui E2E deposit tests
 * [3591](https://github.com/zeta-chain/node/pull/3591) - add a runner for gov proposals in the e2e test.
 
 ## v28.0.0

cmd/zetaclientd/start.go

@@ -10,6 +10,7 @@ import (
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 
+	"github.com/zeta-chain/node/pkg/bg"
 	"github.com/zeta-chain/node/pkg/chains"
 	"github.com/zeta-chain/node/pkg/constant"
 	"github.com/zeta-chain/node/pkg/graceful"
@@ -58,6 +59,15 @@ func Start(_ *cobra.Command, _ []string) error {
 	appContext := zctx.New(cfg, passes.relayerKeys(), logger.Std)
 	ctx := zctx.WithAppContext(context.Background(), appContext)
 
+	err = config.LoadRestrictedAddressesConfig(cfg, globalOpts.ZetacoreHome)
+	if err != nil {
+		logger.Std.Err(err).Msg("loading restricted addresses config")
+	} else {
+		bg.Work(ctx, func(ctx context.Context) error {
+			return config.WatchRestrictedAddressesConfig(ctx, cfg, globalOpts.ZetacoreHome, logger.Std)
+		}, bg.WithName("watch_restricted_addresses_config"), bg.WithLogger(logger.Std))
+	}
+
 	telemetry, err := startTelemetry(ctx, cfg)
 	if err != nil {
 		return errors.Wrap(err, "unable to start telemetry")
@@ -77,7 +87,7 @@ func Start(_ *cobra.Command, _ []string) error {
 		return errors.Wrap(err, "unable to update app context")
 	}
 
-	log.Info().Msgf("Config is updated from zetacore\n %s", cfg.StringMasked())
+	log.Debug().Msgf("Config is updated from zetacore\n %s", cfg.StringMasked())
 
 	granteePubKeyBech32, err := resolveObserverPubKeyBech32(cfg, passes.hotkey)
 	if err != nil {
@@ -133,7 +143,7 @@ func Start(_ *cobra.Command, _ []string) error {
 	// Orchestrator wraps the zetacore client and adds the observers and signer maps to it.
 	// This is the high level object used for CCTX interactions
 	// It also handles background configuration updates from zetacore
-	taskScheduler := scheduler.New(logger.Std)
+	taskScheduler := scheduler.New(logger.Std, 0)
 	maestroDeps := &orchestrator.Dependencies{
 		Zetacore:  zetacoreClient,
 		TSS:       tss,

cmd/zetae2e/config/config.go

@@ -58,6 +58,14 @@ func ExportContractsFromRunner(r *runner.E2ERunner, conf config.Config) config.C
 	conf.Contracts.Solana.GatewayProgramID = config.DoubleQuotedString(r.GatewayProgram.String())
 	conf.Contracts.Solana.SPLAddr = config.DoubleQuotedString(r.SPLAddr.String())
 
+	if r.SuiGateway != nil {
+		conf.Contracts.Sui.GatewayPackageID = config.DoubleQuotedString(r.SuiGateway.PackageID())
+		conf.Contracts.Sui.GatewayObjectID = config.DoubleQuotedString(r.SuiGateway.ObjectID())
+	}
+
+	conf.Contracts.Sui.FungibleTokenCoinType = config.DoubleQuotedString(r.SuiTokenCoinType)
+	conf.Contracts.Sui.FungibleTokenTreasuryCap = config.DoubleQuotedString(r.SuiTokenTreasuryCap)
+
 	conf.Contracts.EVM.ZetaEthAddr = config.DoubleQuotedString(r.ZetaEthAddr.Hex())
 	conf.Contracts.EVM.ConnectorEthAddr = config.DoubleQuotedString(r.ConnectorEthAddr.Hex())
 	conf.Contracts.EVM.CustodyAddr = config.DoubleQuotedString(r.ERC20CustodyAddr.Hex())
@@ -73,6 +81,9 @@ func ExportContractsFromRunner(r *runner.E2ERunner, conf config.Config) config.C
 	conf.Contracts.ZEVM.SOLZRC20Addr = config.DoubleQuotedString(r.SOLZRC20Addr.Hex())
 	conf.Contracts.ZEVM.SPLZRC20Addr = config.DoubleQuotedString(r.SPLZRC20Addr.Hex())
 	conf.Contracts.ZEVM.TONZRC20Addr = config.DoubleQuotedString(r.TONZRC20Addr.Hex())
+	conf.Contracts.ZEVM.SUIZRC20Addr = config.DoubleQuotedString(r.SUIZRC20Addr.Hex())
+	conf.Contracts.ZEVM.SuiTokenZRC20Addr = config.DoubleQuotedString(r.SuiTokenZRC20Addr.Hex())
+
 	conf.Contracts.ZEVM.UniswapFactoryAddr = config.DoubleQuotedString(r.UniswapV2FactoryAddr.Hex())
 	conf.Contracts.ZEVM.UniswapRouterAddr = config.DoubleQuotedString(r.UniswapV2RouterAddr.Hex())
 	conf.Contracts.ZEVM.ConnectorZEVMAddr = config.DoubleQuotedString(r.ConnectorZEVMAddr.Hex())

cmd/zetae2e/config/contracts.go

@@ -19,11 +19,12 @@ import (
 	"github.com/zeta-chain/node/e2e/config"
 	"github.com/zeta-chain/node/e2e/contracts/contextapp"
 	"github.com/zeta-chain/node/e2e/contracts/erc20"
+	"github.com/zeta-chain/node/e2e/contracts/testdappv2"
 	"github.com/zeta-chain/node/e2e/contracts/zevmswap"
 	"github.com/zeta-chain/node/e2e/runner"
 	"github.com/zeta-chain/node/pkg/chains"
 	"github.com/zeta-chain/node/pkg/coin"
-	"github.com/zeta-chain/node/pkg/contracts/testdappv2"
+	"github.com/zeta-chain/node/pkg/contracts/sui"
 	"github.com/zeta-chain/node/pkg/contracts/uniswap/v2-core/contracts/uniswapv2factory.sol"
 	uniswapv2router "github.com/zeta-chain/node/pkg/contracts/uniswap/v2-periphery/contracts/uniswapv2router02.sol"
 	fungibletypes "github.com/zeta-chain/node/x/fungible/types"
@@ -117,6 +118,21 @@ func setContractsFromConfig(r *runner.E2ERunner, conf config.Config) error {
 		r.SPLAddr = solana.MustPublicKeyFromBase58(c.String())
 	}
 
+	// set Sui contracts
+	suiPackageID := conf.Contracts.Sui.GatewayPackageID
+	suiGatewayID := conf.Contracts.Sui.GatewayObjectID
+
+	if suiPackageID != "" && suiGatewayID != "" {
+		r.SuiGateway = sui.NewGateway(suiPackageID.String(), suiGatewayID.String())
+	}
+
+	if c := conf.Contracts.Sui.FungibleTokenCoinType; c != "" {
+		r.SuiTokenCoinType = c.String()
+	}
+	if c := conf.Contracts.Sui.FungibleTokenTreasuryCap; c != "" {
+		r.SuiTokenTreasuryCap = c.String()
+	}
+
 	evmChainID, err := r.EVMClient.ChainID(r.Ctx)
 	require.NoError(r, err, "get evm chain ID")
 	evmChainParams := chainParamsByChainID(chainParams, evmChainID.Int64())
@@ -224,6 +240,28 @@ func setContractsFromConfig(r *runner.E2ERunner, conf config.Config) error {
 		}
 	}
 
+	if c := conf.Contracts.ZEVM.SUIZRC20Addr; c != "" {
+		r.SUIZRC20Addr, err = c.AsEVMAddress()
+		if err != nil {
+			return fmt.Errorf("invalid SUIZRC20Addr: %w", err)
+		}
+		r.SUIZRC20, err = zrc20.NewZRC20(r.SUIZRC20Addr, r.ZEVMClient)
+		if err != nil {
+			return err
+		}
+	}
+
+	if c := conf.Contracts.ZEVM.SuiTokenZRC20Addr; c != "" {
+		r.SuiTokenZRC20Addr, err = c.AsEVMAddress()
+		if err != nil {
+			return fmt.Errorf("invalid SuiTokenZRC20Addr: %w", err)
+		}
+		r.SuiTokenZRC20, err = zrc20.NewZRC20(r.SuiTokenZRC20Addr, r.ZEVMClient)
+		if err != nil {
+			return err
+		}
+	}
+
 	if c := conf.Contracts.ZEVM.UniswapFactoryAddr; c != "" {
 		r.UniswapV2FactoryAddr, err = c.AsEVMAddress()
 		if err != nil {

cmd/zetae2e/config/local.yml

@@ -36,6 +36,10 @@ additional_accounts:
     evm_address: "0xf67deecc3B15F9CEeF5eba3468ed601f3e0B9de2"
     private_key: "2b3306a8ac43dbf0e350b87876c131e7e12bd49563a16de9ce8aeb664b94d559"
     solana_private_key: "4yqSQxDeTBvn86BuxcN5jmZb2gaobFXrBqu8kiE9rZxNkVMe3LfXmFigRsU4sRp7vk4vVP1ZCFiejDKiXBNWvs2C"
+  user_sui:
+    bech32_address: "zeta1qluk7yfyqfejwss64lqmn7de6svudcedz94zs2"
+    evm_address: "0x07F96F1124027327421AAFc1B9F9B9D419C6e32d"
+    private_key: "e9f0e48e37fb2c2357b4fbc2b675fce434889c46052d92e8f4cabd74507a65ad"
   user_legacy_ether:
     bech32_address: "zeta134rakuus43xn63yucgxhn88ywj8ewcv6ezn2ga"
     evm_address: "0x8D47Db7390AC4D3D449Cc20D799ce4748F97619A"

cmd/zetae2e/config/localnet.yml

@@ -34,6 +34,10 @@ additional_accounts:
     evm_address: "0xf67deecc3B15F9CEeF5eba3468ed601f3e0B9de2"
     private_key: "2b3306a8ac43dbf0e350b87876c131e7e12bd49563a16de9ce8aeb664b94d559"
     solana_private_key: "4yqSQxDeTBvn86BuxcN5jmZb2gaobFXrBqu8kiE9rZxNkVMe3LfXmFigRsU4sRp7vk4vVP1ZCFiejDKiXBNWvs2C"
+  user_sui:
+    bech32_address: "zeta1qluk7yfyqfejwss64lqmn7de6svudcedz94zs2"
+    evm_address: "0x07F96F1124027327421AAFc1B9F9B9D419C6e32d"
+    private_key: "e9f0e48e37fb2c2357b4fbc2b675fce434889c46052d92e8f4cabd74507a65ad"
   user_legacy_ether:
     bech32_address: "zeta134rakuus43xn63yucgxhn88ywj8ewcv6ezn2ga"
     evm_address: "0x8D47Db7390AC4D3D449Cc20D799ce4748F97619A"

cmd/zetae2e/local/local.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/fatih/color"
 	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/require"
 	"golang.org/x/sync/errgroup"
 
 	zetae2econfig "github.com/zeta-chain/node/cmd/zetae2e/config"
@@ -53,10 +54,9 @@ const (
 var (
 	TestTimeout        = 20 * time.Minute
 	ErrTopLevelTimeout = errors.New("top level test timeout")
+	noError            = testutil.NoError
 )
 
-var noError = testutil.NoError
-
 // NewLocalCmd returns the local command
 // which runs the E2E tests locally on the machine with localnet for each blockchain
 func NewLocalCmd() *cobra.Command {
@@ -84,7 +84,7 @@ func NewLocalCmd() *cobra.Command {
 	cmd.Flags().Bool(flagTestTSSMigration, false, "set to true to include a migration test at the end")
 	cmd.Flags().Bool(flagTestLegacy, false, "set to true to run legacy EVM tests")
 	cmd.Flags().Bool(flagSkipTrackerCheck, false, "set to true to skip tracker check at the end of the tests")
-	cmd.Flags().Bool(flagSkipPrecompiles, false, "set to true to skip stateful precompiled contracts test")
+	cmd.Flags().Bool(flagSkipPrecompiles, true, "set to true to skip stateful precompiled contracts test")
 	cmd.Flags().
 		Bool(flagUpgradeContracts, false, "set to true to upgrade Gateways and ERC20Custody contracts during setup for ZEVM and EVM")
 
@@ -197,10 +197,6 @@ func localE2ETest(cmd *cobra.Command, _ []string) {
 	// monitor block production to ensure we fail fast if there are consensus failures
 	go monitorBlockProductionCancel(ctx, cancel, conf)
 
-	if testSui && !skipSetup {
-		deployerRunner.SetupSui(conf.RPCs.SuiFaucet)
-	}
-
 	// set the authority client to the zeta tx server to be able to query message permissions
 	deployerRunner.ZetaTxServer.SetAuthorityClient(deployerRunner.AuthorityClient)
 
@@ -261,6 +257,10 @@ func localE2ETest(cmd *cobra.Command, _ []string) {
 		// Update the chain params to contains protocol contract addresses
 		deployerRunner.UpdateProtocolContractsInChainParams()
 
+		if testSui {
+			deployerRunner.SetupSui(conf.RPCs.SuiFaucet)
+		}
+
 		logger.Print("✅ setup completed in %s", time.Since(startTime))
 	}
 
@@ -288,7 +288,6 @@ func localE2ETest(cmd *cobra.Command, _ []string) {
 	if upgradeContracts {
 		deployerRunner.UpgradeGatewaysAndERC20Custody()
 	}
-
 	// always mint ERC20 before every test execution
 	deployerRunner.MintERC20OnEVM(1e10)
 
@@ -410,6 +409,7 @@ func localE2ETest(cmd *cobra.Command, _ []string) {
 			e2etests.TestSolanaDepositName,
 			e2etests.TestSolanaWithdrawName,
 			e2etests.TestSolanaWithdrawAndCallName,
+			e2etests.TestSolanaWithdrawAndCallRevertWithCallName,
 			e2etests.TestSolanaDepositAndCallName,
 			e2etests.TestSolanaDepositAndCallRevertName,
 			e2etests.TestSolanaDepositAndCallRevertWithDustName,
@@ -421,12 +421,23 @@ func localE2ETest(cmd *cobra.Command, _ []string) {
 			e2etests.TestSPLDepositAndCallName,
 			e2etests.TestSPLWithdrawName,
 			e2etests.TestSPLWithdrawAndCallName,
+			e2etests.TestSPLWithdrawAndCallRevertName,
 			e2etests.TestSPLWithdrawAndCreateReceiverAtaName,
 			e2etests.TestSolanaWhitelistSPLName,
 		}
 		eg.Go(solanaTestRoutine(conf, deployerRunner, verbose, solanaTests...))
 	}
 
+	if testSui {
+		suiTests := []string{
+			e2etests.TestSuiDepositName,
+			e2etests.TestSuiDepositAndCallName,
+			e2etests.TestSuiTokenDepositName,
+			e2etests.TestSuiTokenDepositAndCallName,
+		}
+		eg.Go(suiTestRoutine(conf, deployerRunner, verbose, suiTests...))
+	}
+
 	if testTON {
 		if deployerRunner.Clients.TON == nil {
 			logger.Print("❌ TON client is nil, maybe TON lite-server config is not set")
@@ -501,6 +512,13 @@ func localE2ETest(cmd *cobra.Command, _ []string) {
 
 	logger.Print("✅ e2e tests completed in %s", time.Since(testStartTime).String())
 
+	if testSolana {
+		require.True(
+			deployerRunner,
+			deployerRunner.VerifySolanaContractsUpgrade(conf.AdditionalAccounts.UserSolana.SolanaPrivateKey.String()),
+		)
+	}
+
 	if testTSSMigration {
 		TSSMigration(deployerRunner, logger, verbose, conf)
 	}