Sui Native bridge

.github/actions/diffs/action.yml

@@ -13,6 +13,9 @@ outputs:
   isMove:
     description: True when changes happened to the Move code
     value: "${{ steps.diff.outputs.isMove }}"
+  isSolidity:
+    description: True when changes happened to the Solidity code
+    value: "${{ steps.diff.outputs.isSolidity }}"
   isReleaseNotesEligible:
     description: True when changes happened in Release Notes eligible paths
     value: "${{ steps.diff.outputs.isReleaseNotesEligible }}"
@@ -58,6 +61,8 @@ runs:
           - 'Cargo.toml'
           - 'examples/**'
           - 'sui_programmability/**'
+        isSolidity:
+          - 'bridge/evm/**'
         isReleaseNotesEligible:
           - 'consensus/**'
           - 'crates/**'

.github/workflows/narwhal.yml

@@ -91,6 +91,10 @@ jobs:
         uses: pierotofy/set-swap-space@master
         with:
           swap-size-gb: 256
+      - name: Install Foundry
+        run: |
+          curl -L https://foundry.paradigm.xyz | { cat; echo '$FOUNDRY_BIN_DIR/foundryup'; } | bash
+          echo "$HOME/.config/.foundry/bin" >> $GITHUB_PATH
       - name: cargo test
         run: |
           cargo nextest run --profile ci

.github/workflows/rust.yml

@@ -45,6 +45,7 @@ jobs:
     outputs:
       isRust: ${{ steps.diff.outputs.isRust }}
       isMove: ${{ steps.diff.outputs.isMove }}
+      isSolidity: ${{ steps.diff.outputs.isSolidity }}
       isReleaseNotesEligible: ${{ steps.diff.outputs.isReleaseNotesEligible }}
       isMoveAutoFormatter: ${{ steps.diff.outputs.isMoveAutoFormatter }}
     steps:
@@ -108,7 +109,7 @@ jobs:
 
   test:
     needs: diff
-    if: needs.diff.outputs.isRust == 'true'
+    if: needs.diff.outputs.isRust == 'true' || needs.diff.outputs.isSolidity == 'true'
     timeout-minutes: 45
     env:
       # Tests written with #[sim_test] are often flaky if run as #[tokio::test] - this var
@@ -128,6 +129,10 @@ jobs:
         uses: pierotofy/set-swap-space@master
         with:
           swap-size-gb: 256
+      - name: Install Foundry
+        run: |
+          curl -L https://foundry.paradigm.xyz | { cat; echo '$FOUNDRY_BIN_DIR/foundryup'; } | bash
+          echo "$HOME/.config/.foundry/bin" >> $GITHUB_PATH
       - name: cargo test
         run: |
           cargo nextest run --profile ci
@@ -221,7 +226,7 @@ jobs:
 
   simtest:
     needs: diff
-    if: needs.diff.outputs.isRust == 'true'
+    if: needs.diff.outputs.isRust == 'true' || needs.diff.outputs.isSolidity == 'true'
     timeout-minutes: 45
     runs-on: [ubuntu-ghcloud]
     env:
@@ -465,3 +470,27 @@ jobs:
         env:
           POSTGRES_HOST: localhost
           POSTGRES_PORT: 5432
+
+  bridge-evm:
+    name: bridge-evm-tests
+    needs: diff
+    if: needs.diff.outputs.isSolidity == 'true'
+    runs-on: [ubuntu-latest]
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # Pin v4.1.1
+      - name: Install Foundry
+        run: |
+          curl -L https://foundry.paradigm.xyz | { cat; echo '$FOUNDRY_BIN_DIR/foundryup'; } | bash
+          echo "$HOME/.config/.foundry/bin" >> $GITHUB_PATH
+      - name: Install Dependencies
+        working-directory: bridge/evm
+        run: |  
+          forge install https://github.com/OpenZeppelin/[email protected] https://github.com/foundry-rs/[email protected] https://github.com/OpenZeppelin/openzeppelin-foundry-upgrades --no-git --no-commit
+      - name: Check Bridge EVM Unit Tests
+        shell: bash
+        working-directory: bridge/evm
+        env:
+          INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }}
+        run: |
+          forge clean
+          forge test --ffi

Cargo.toml

@@ -591,6 +591,7 @@ sui-analytics-indexer-derive = { path = "crates/sui-analytics-indexer-derive" }
 sui-archival = { path = "crates/sui-archival" }
 sui-authority-aggregation = { path = "crates/sui-authority-aggregation" }
 sui-benchmark = { path = "crates/sui-benchmark" }
+sui-bridge = { path = "crates/sui-bridge" }
 sui-cluster-test = { path = "crates/sui-cluster-test" }
 sui-common = { path = "crates/sui-common" }
 sui-config = { path = "crates/sui-config" }

bridge/evm/.gitignore

@@ -4,10 +4,11 @@ cache*
 network_config.json
 .vscode
 cache/
-out/
+out*/
 *.txt
 !remappings.txt
 lcov.info
 broadcast/**/31337
 
-lib/*
+lib/*
+

bridge/evm/contracts/BridgeCommittee.sol

@@ -18,32 +18,31 @@ contract BridgeCommittee is IBridgeCommittee, CommitteeUpgradeable {
     mapping(address committeeMember => bool isBlocklisted) public blocklist;
     IBridgeConfig public config;
 
-    /* ========== INITIALIZER ========== */
+    /* ========== INITIALIZERS ========== */
 
     /// @notice Initializes the contract with the provided parameters.
     /// @dev should be called directly after deployment (see OpenZeppelin upgradeable standards).
-    /// the provided arrays must have the same length and the total stake provided must equal 10000.
-    /// @param _config The address of the BridgeConfig contract.
+    /// the provided arrays must have the same length and the total stake provided must be greater than,
+    /// or equal to the provided minimum stake required.
     /// @param committee addresses of the committee members.
     /// @param stake amounts of the committee members.
-    function initialize(
-        address _config,
-        address[] memory committee,
-        uint16[] memory stake,
-        uint16 minStakeRequired
-    ) external initializer {
+    /// @param minStakeRequired minimum stake required for the committee.
+    function initialize(address[] memory committee, uint16[] memory stake, uint16 minStakeRequired)
+        external
+        initializer
+    {
         __CommitteeUpgradeable_init(address(this));
         __UUPSUpgradeable_init();
 
         uint256 _committeeLength = committee.length;
 
+        require(_committeeLength < 256, "BridgeCommittee: Committee length must be less than 256");
+
         require(
             _committeeLength == stake.length,
             "BridgeCommittee: Committee and stake arrays must be of the same length"
         );
 
-        config = IBridgeConfig(_config);
-
         uint16 totalStake;
         for (uint16 i; i < _committeeLength; i++) {
             require(
@@ -57,19 +56,28 @@ contract BridgeCommittee is IBridgeCommittee, CommitteeUpgradeable {
         require(totalStake >= minStakeRequired, "BridgeCommittee: total stake is less than minimum"); // 10000 == 100%
     }
 
+    /// @notice Initializes the contract with the provided parameters.
+    /// @dev This function should be called directly after config deployment. The config contract address
+    /// provided should be verified before bridging any assets.
+    /// @param _config The address of the BridgeConfig contract.
+    function initializeConfig(address _config) external {
+        require(address(config) == address(0), "BridgeCommittee: Config already initialized");
+        config = IBridgeConfig(_config);
+    }
+
     /* ========== EXTERNAL FUNCTIONS ========== */
 
     /// @notice Verifies the provided signatures for the given message by aggregating and validating the
     /// stake of each signer against the required stake of the given message type.
     /// @dev The function will revert if the total stake of the signers is less than the required stake.
     /// @param signatures The array of signatures to be verified.
-    /// @param message The `BridgeMessage.Message` to be verified.
-    function verifySignatures(bytes[] memory signatures, BridgeMessage.Message memory message)
+    /// @param message The `BridgeUtils.Message` to be verified.
+    function verifySignatures(bytes[] memory signatures, BridgeUtils.Message memory message)
         external
         view
         override
     {
-        uint32 requiredStake = BridgeMessage.requiredStake(message);
+        uint32 requiredStake = BridgeUtils.requiredStake(message);
 
         uint16 approvalStake;
         address signer;
@@ -81,19 +89,15 @@ contract BridgeCommittee is IBridgeCommittee, CommitteeUpgradeable {
             // recover the signer from the signature
             (bytes32 r, bytes32 s, uint8 v) = splitSignature(signature);
 
-            (signer,,) = ECDSA.tryRecover(BridgeMessage.computeHash(message), v, r, s);
+            (signer,,) = ECDSA.tryRecover(BridgeUtils.computeHash(message), v, r, s);
 
-            // skip if signer is block listed or has no stake
-            if (blocklist[signer] || committeeStake[signer] == 0) continue;
+            require(!blocklist[signer], "BridgeCommittee: Signer is blocklisted");
+            require(committeeStake[signer] > 0, "BridgeCommittee: Signer has no stake");
 
             uint8 index = committeeIndex[signer];
             uint256 mask = 1 << index;
-            if (bitmap & mask == 0) {
-                bitmap |= mask;
-            } else {
-                // skip if duplicate signature
-                continue;
-            }
+            require(bitmap & mask == 0, "BridgeCommittee: Duplicate signature provided");
+            bitmap |= mask;
 
             approvalStake += committeeStake[signer];
         }
@@ -103,18 +107,18 @@ contract BridgeCommittee is IBridgeCommittee, CommitteeUpgradeable {
 
     /// @notice Updates the blocklist status of the provided addresses if provided signatures are valid.
     /// @param signatures The array of signatures to validate the message.
-    /// @param message BridgeMessage containing the update blocklist payload.
+    /// @param message BridgeUtils containing the update blocklist payload.
     function updateBlocklistWithSignatures(
         bytes[] memory signatures,
-        BridgeMessage.Message memory message
+        BridgeUtils.Message memory message
     )
         external
         nonReentrant
-        verifyMessageAndSignatures(message, signatures, BridgeMessage.BLOCKLIST)
+        verifyMessageAndSignatures(message, signatures, BridgeUtils.BLOCKLIST)
     {
         // decode the blocklist payload
         (bool isBlocklisted, address[] memory _blocklist) =
-            BridgeMessage.decodeBlocklistPayload(message.payload);
+            BridgeUtils.decodeBlocklistPayload(message.payload);
 
         // update the blocklist
         _updateBlocklist(_blocklist, isBlocklisted);