PolkaBTC Clients | Vault, Staked Relayer, Oracle, Faucet

Overview

PolkaBTC Clients

Faucet, Oracle, Vault & Staked Relayer

This project is currently under active development.

Prerequisites

Download and start Bitcoin Core:

bitcoind -regtest -server

Build and run the PolkaBTC Parachain:

git clone [email protected]:interlay/btc-parachain.git
cd btc-parachain
cargo run --release -- --dev

Generate an address and mine some blocks:

address=`bitcoin-cli -regtest getnewaddress`
bitcoin-cli -regtest generatetoaddress 101 $address

Note: This may require rpcuser and rpcpassword to be set.

Alternatively run bitcoin-cli from docker:

docker run --network host --entrypoint bitcoin-cli ruimarinho/bitcoin-core:0.20 -regtest -rpcuser=rpcuser -rpcpassword=rpcpassword ${COMMAND}

Development

Building requires Rust nightly. Run the following commands to set it up:

rustup toolchain install nightly-2021-01-25
rustup default nightly-2021-01-25

Getting Started

Oracle

PolkaBTC requires a price oracle to calculate collateralization rates, for local development we can run this client to automatically update the exchange rate at a pre-determined time interval.

cargo run --bin oracle

Staked Relayer

The Staked Relayer client is responsible for submitting Bitcoin block headers to PolkaBTC and reporting on various error states.

source .env
cargo run --bin staked-relayer -- --http-addr '[::0]:3030'

Testdata

To interact with PolkaBTC directly, use the testdata-gen client.

source .env
cargo run --bin testdata-gen -- --keyring bob set-exchange-rate --exchange-rate 1

Vault

The Vault client is used to intermediate assets between Bitcoin and PolkaBTC.

source .env
cargo run --bin vault

Troubleshooting

Too many open files

On cargo test the embedded parachain node in the integration tests can consume a lot of resources. Currently the best workaround is to increase the resource limits of the current user.

Use ulimit -a to list the current resource limits. To increase the maximum number of files set ulimit -n 4096 or some other reasonable limit.

Comments
  • Vault PID file

    Vault PID file

    Generates a PID file named {spec_name}_{account_id}.pid, to the default temp directory of the OS.

    On startup, if such a file exists and the PID in it is indeed a live process, the vault throws an error.

    The PID file is removed after a termination signal is received, by implementing Drop on the PidFile struct.

    opened by daniel-savu 5
  • refactor: allow service to abort on some errors

    refactor: allow service to abort on some errors

    Signed-off-by: Gregory Hill [email protected]

    See the comment on this PR: https://github.com/interlay/interbtc-clients/pull/389

    On a side note, because we removed the checks in service to always restart on any error we will be stuck in a loop now if the wrong Bitcoin network is configured. We should distinguish between recoverable and unrecoverable errors for which this is the latter.

    Specifies Abort and Retry variants on the service::Error enum to allow the consumer to propagate a hard-error to the ConnectionManager.

    On a related note, I'm not sure there is any justification for the service logic to have its own crate since it is only ever consumed by the vault binary. I wonder if we should fold it in?

    opened by gregdhill 4
  • Vaultvisor: Vault Auto-Updater

    Vaultvisor: Vault Auto-Updater

    Is your feature request related to a problem? Please describe. The vault client is released with breaking changes on a regular basis, forcing operators to check the docs website and manually update. This is both error-prone and inconvenient. Providing operators with an opt-in updating solution can ensure higher system availability.

    This problem multiplies when an operator runs vaults on multiple networks, having to keep track of multiple releases.

    Describe alternatives you've considered

    • Cosmos releases can be run within a process manager that handles auto-updates, called Cosmovisor. It listens for on-chain version upgrade events to download and run new releases. Positional arguments are passed through to the node binary. Cosmovisor is implemented in Go, so it's not possible to just swap the cosmos sdk event listener with subxt.
    • Google open-sourced Omaha, the updater used by Chrome and Google Earth. Similarly, Omaha checks an update server and then downloads both the new binary and updater logic (e.g. migrations). It seems to only target Windows, and the update server implies trusting the host.

    Describe the solution you'd like Implement Vaultvisor, a wrapper software similar to the Cosmovisor that listens for on-chain version release events and updates the vault client. Given a JSON file with input arguments, the Vaultvisor can run and auto-update binaries across the Kintsugi, Interlay, and their respective testnet networks.

    • Vaultvisor spawns a separate process to run the vault binary. Positional arguments are specified in a JSON file that can have migrations applied to it.
    • Add a new extrinsic in the Vault Registry: set_vault_release(version, binary_checksum), which emits a VaultClientUpdate(version, binary_checksum) event. The extrinsic writes to a storage item which is read when the Vaultvisor is first started up.
    • Vaultvisor uses subxt to listen for the VaultClientUpdate event. Based on the connected parachain network and the emitted version, it can derive the GitHub URI of the new release. Then, it:
      • Downloads the binary and ensures its checksum matches the one on-chain.
      • SIGINTs the current vault process.
      • Runs the new binary. If successful, removes the old binary. Optional: if unsuccessful, runs the old binary and periodically retries the new one.
    • Once the vault starts persisting local state with rocksdb, migrations for this would also need to be handled by Vaultvisor.

    Additional Context This solution requires releasing the vault client before a runtime upgrade is merged. JSON argument and rocksdb migrations would require their own script, with its own checksum stored on-chain.

    Assumption: Sending a SIGINT signal to the vault process does not cause errors or side-effects.

    enhancement 
    opened by daniel-savu 4
  • refactor: propagate reason for shutdown

    refactor: propagate reason for shutdown

    Signed-off-by: Gregory Hill [email protected]

    Errors which occur in one of the "tasks" are not propagated to the ConnectionManager so we should read this reason from the shutdown channel.

    opened by gregdhill 3
  • Theo/delayed besteffort transactions

    Theo/delayed besteffort transactions

    The experimental features #![feature(array_zip, int_log)] make some parts of the code a lot cleaner (array_zip lets me iterate over fixed-size arrays maintaining size info, int_log makes it trivial to do the ordering calculation without casting to floats). What's our stance on adding these? I can also just rewrite those bits without them.

    Closes #294

    opened by theodorebugnet 3
  • Prometheus rules for redeem not serviced, and crash loop

    Prometheus rules for redeem not serviced, and crash loop

    Add/improve Prometheus rules for:

    • vault startup doom loop (if bitcoind can't service RPC requests in time)
    • new redeem not serviced yet
    • below secure threshold

    In particular, set a minimum (0.01) for some values to avoid false negative alerts.

    opened by spazcoin 2
  • feat(vault): handle termination signals

    feat(vault): handle termination signals

    Handles termination signals, using a similar approach to https://github.com/interlay/interbtc-clients/pull/330.

    This feature makes way for cleaning up the PID file on shutdown, in https://github.com/interlay/interbtc-clients/pull/347

    I tried simplifying the scaffolding required for the mocks but still couldn't find a way around using trait methods only as an indirection to the actual implementation.

    This feature is opt-in in the code (call catch_signals() instead of start()) and could be moved to the service crate instead.


    Panics

    If the given signal is [forbidden][crate::FORBIDDEN].
    If the signal number is negative or larger than internal limit. The limit should be larger than any supported signal the OS supports.
    If the relevant Exfiltrator does not support this particular signal. The default [SignalOnly] one supports all signals. <- we're using the default
    
    opened by daniel-savu 2
  • fix(runner): shutdown child process on temination signal

    fix(runner): shutdown child process on temination signal

    • Uses signal-hook crate to subscribe to termination signals from the OS. The subscription sets a flag stored in the Runner struct, which has to be checked periodically.
    • As a result, there are now two types of actions occurring at intervals: checking the termination flag and checking for a new release.
    • Adds unit test that asserts the run function: 1) successfully terminates if the flag is set; 2) loops if the flag is not set
    opened by daniel-savu 2
  • [LOW] Wrong SS58 prefix used in vault log

    [LOW] Wrong SS58 prefix used in vault log

    Description

    The vault logs uses prefix 42 instead of whichever chain it is connected to e.g. 2092 for kintsugi.

    Tested against: kintsugi main net, vault is successfully integrated to the network though, so this is logging defect only.

    Steps to recreate

    1. Run setup for kintsugi mode and start vault as normal

    ⚠️ Account format used is not for kintsugi

    Apr 27 18:29:10 timbo-ubun2 systemd[1]: Started Vault servicing issue and redeem requests for Kintsugi.
    Apr 27 18:29:10 timbo-ubun2 vault[7384]: Apr 27 18:29:10.824  INFO vault: Starting Prometheus exporter at http://127.0.0.1:9615
    Apr 27 18:29:10 timbo-ubun2 vault[7384]: Apr 27 18:29:10.824  INFO service: Version: 1.9.6
    Apr 27 18:29:10 timbo-ubun2 vault[7384]: Apr 27 18:29:10.824  INFO service: AccountId: 5CFUfGrWKPdTJQ5bM4co11cYijfHXnp96PBtYj3K2dk2KSpd
    
    opened by timbrinded 2
  • feat: print ss58 encoded addresses by network

    feat: print ss58 encoded addresses by network

    Signed-off-by: Gregory Hill [email protected]

    We could fetch this parameter from the metadata but then it would become very involved to pass the value.

    opened by gregdhill 2
  • feat: add impl to pretty print runtime error

    feat: add impl to pretty print runtime error

    Signed-off-by: Gregory Hill [email protected]

    For whatever reason impl std::fmt::Display for DispatchError does not work so this seems to be the only way to capture and interpret the runtime error.

    opened by gregdhill 2
  • Vault aborting on `Wallet already loading.` error

    Vault aborting on `Wallet already loading.` error

    Related: https://github.com/interlay/interbtc-clients/pull/381

    When starting a vault while the bitcoin node is still syncing, I got this behavior:

    Dec 20 11:12:44.359  INFO bitcoin: Waiting for bitcoin-core to sync...    
    Dec 20 11:26:32.005  INFO bitcoin: Synced!    // NOTE: this took a long time
    Dec 20 11:26:32.029  INFO bitcoin: Loading wallet vault-live-polkadot-master...    
    Dec 20 11:26:47.234  INFO bitcoin: Call timed out - retrying...    
    Dec 20 11:26:47.235  INFO bitcoin: Loading wallet vault-live-polkadot-master...    
    Dec 20 11:26:47.265  INFO vault::process: Removing PID file at: /tmp/interlay-parachain_5HCEA2NynWi1J7xfup8dvjV6tVYGN5GkVYMLhddTn8ujFTur.pid
    Dec 20 11:26:47.273 ERROR vault: Exiting: BitcoinError: BitcoinError: JSON-RPC error: RPC error response: RpcError { code: -4, message: "Wallet already loading.", data: None }
    
    opened by sander2 0
  • Vaults should only register up to collateral ceiling

    Vaults should only register up to collateral ceiling

    Is your feature request related to a problem? Please describe. Vault registration will fail when using the faucet if the amount exceeds the free balance or currency ceiling.

    Describe the solution you'd like The Vault should use the maximum possible value (i.e. max(ceiling - total_collateral, max(amount, free_balance))) to prevent exiting early.

    Additional context This may actually be preferable behavior since otherwise the operator will not know that the full amount was not locked.

    opened by gregdhill 0
  • Undetected issue payment

    Undetected issue payment

    As reported by Quarkslabs:

    Description: If a user makes multiple issue requests and pays them in the same Bitcoin trans-action, then the second payment output will be missed by the vaults. This is due to the use of find_map in the process_transaction_and_execute_issue function which only returns the first matching element as stated in its documentation. Recommandation: A possible fix for this issue would be turning the if let construct into a while let construct. However this alone should not be enough as the core of the function can return and needs to be changed accordingly.

    opened by sander2 0
  • Potential panic in the relayer

    Potential panic in the relayer

    As reported by Quarkslab:

    Description: When the relayer tries to send multiple Bitcoin blocks to the parachain, it makes use of the collect_headers function which could potentially panic due to the use of unwrap(). When the relayer queries the Bitcoin node using the get_block_header function, the collect_-headers function could receive a Ok(None) result which would trigger a panic. Recommandation: This issue can be fixed by changing the line pushing the header using a if let construct

    opened by sander2 0
Releases(1.17.6)
Owner
Interlay
We're making DeFi interoperable. Building trustless cross-chain bridges and non-custodial BTC options. Also check out: gitlab.com/interlay
Interlay
Open source Rust implementation of the Witnet decentralized oracle protocol, including full node and wallet backend 👁️🦀

witnet-rust is an open source implementation of the Witnet Decentralized Oracle Network protocol written in Rust. Components witnet-rust implements ma

The Witnet Project 155 Nov 21, 2022
Simple (not simplest) UST vault that integrate with Anchor Protocol

Simple (not simplest) UST Vault Building a simple UST Vault that generate yield from Anchor while also have UST reserved for lending, and etc. This co

Kiettiphong Manovisut 2 May 3, 2022
Distributed Vault For Your Secrets

https://meta-secret.github.io Application Design Activity Diagram graph TD User --> |split password| MSS{MetaSecret} MSS --> |split| Hash1

Meta Secret 4 Nov 9, 2022
An example re-entrancy attack on a flashloan vault.

CosmWasm re-entrancy Exploit Example The exploit example is located in contracts/liquidity_hub/vault-network/exploit_contract. A vault in contracts/li

null 11 Dec 29, 2022
Koofr Vault is an open-source, client-side encrypted folder for your Koofr cloud storage offering an extra layer of security for your most sensitive files.

Koofr Vault https://vault.koofr.net Koofr Vault is an open-source, client-side encrypted folder for your Koofr cloud storage offering an extra layer o

Koofr 12 Dec 30, 2022
Hyperswitch Card Vault is an open-source sensitive information storage system built on Rust.

Tartarus - Rust Locker Overview The Hyperswitch Card Vault (Tartarus) is a highly performant and a secure vault to save sensitive data such as payment

Juspay Technologies 9 Nov 23, 2023
vault client using jwt authentication that define environment variables from vault secrets before executing into something else

envlt envlt, like env, allows you to define environment variables and then execute into something else, but instead of static values, it uses using si

Eric Burghard 6 Nov 13, 2022
This represents staked SOL, and can be sold for wSOL in the wSOL/stSOL Liquidity Pool

This represents staked SOL, and can be sold for wSOL in the wSOL/stSOL Liquidity Pool (paying a fee to skip the unstaking cool-down period). The value of your stSOL holdings is automatically incremented each epoch when staking rewards are paid.

null 2 Jun 4, 2022
IBC modules and relayer - Formal specifications and Rust implementation

ibc-rs Rust implementation of the Inter-Blockchain Communication (IBC) protocol. This project comprises primarily four crates: The ibc crate defines t

Informal Systems 296 Dec 31, 2022
IBC modules and relayer - Formal specifications and Rust implementation

ibc-rs Rust implementation of the Inter-Blockchain Communication (IBC) protocol. This project comprises primarily four crates: The ibc crate defines t

Informal Systems 296 Jan 4, 2023
Multi-threaded Padding Oracle attacks against any service. Written in Rust.

rustpad is a multi-threaded successor to the classic padbuster, written in Rust. It abuses a Padding Oracle vulnerability to decrypt any cypher text or encrypt arbitrary plain text without knowing the encryption key!

Kibouo 76 Dec 16, 2022
Open source Rust implementation of the Witnet decentralized oracle protocol, including full node and wallet backend 👁️🦀

witnet-rust is an open source implementation of the Witnet Decentralized Oracle Network protocol written in Rust. Components witnet-rust implements ma

The Witnet Project 155 Nov 21, 2022
Oracle support for the r2d2 connection pool

r2d2-oracle The documentation can be found on docs.rs. Oracle support for the r2d2 connection pool. This fits in between the r2d2 connection manager a

Ralph Ursprung 7 Dec 14, 2022
This is an Oracle database driver for Rust based on ODPI-C

Rust-oracle This is an Oracle database driver for Rust based on ODPI-C. Change Log See ChangeLog.md. Build-time Requirements C compiler. See Compile-t

Kubo Takehiro 138 Dec 23, 2022
Scans for indications of an XSS vuln, Oracle SQLi and filters out words containing MySQL

RustScan Scans for indications of an XSS vuln, Oracle SQLi and filters out words containing MySQL. Best used along side ParamSpider found at https://g

null 22 Dec 26, 2022
Scans for indications of an XSS, Oracle SQLi and filters out words containing MySQL

PizzaHunt A tool to out pizza the hunt. Scans for indications of an XSS vuln (Double quote escapes) , Oracle SQLi (ORA- in response), filters out url

null 22 Dec 26, 2022
An asynchronous Rust client library for the Hashicorp Vault API

vaultrs An asynchronous Rust client library for the Hashicorp Vault API The following features are currently supported: Auth AppRole JWT/OIDC Token Us

Joshua Gilman 59 Dec 29, 2022
A small CLI wrapper for authenticating with SSH keys from Hashicorp Vault

vaultssh A small CLI wrapper for authenticating with SSH keys from Hashicorp Vault vaultssh is a small CLI wrapper for automatically fetching and usin

Joshua Gilman 50 Dec 10, 2022