feat: whitelist connection gater

cmd/zetaclientd/start.go

@@ -13,6 +13,9 @@ import (
 	"time"
 
 	"github.com/cometbft/cometbft/crypto/secp256k1"
+	"github.com/cosmos/cosmos-sdk/types/bech32/legacybech32"
+	crypto2 "github.com/libp2p/go-libp2p/core/crypto"
+	"github.com/libp2p/go-libp2p/core/peer"
 	maddr "github.com/multiformats/go-multiaddr"
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog/log"
@@ -157,6 +160,25 @@ func start(_ *cobra.Command, _ []string) error {
 
 	go zetacoreClient.UpdateAppContextWorker(ctx, appContext)
 
+	keygen := appContext.GetKeygen()
+	cfg.WhitelistedPeers = []string{}
+	for _, pk := range keygen.GranteePubkeys {
+		pk, err := legacybech32.UnmarshalPubKey(legacybech32.AccPK, pk)
+		if err != nil {
+			return err
+		}
+		bz := pk.Bytes()
+		k, err := crypto2.UnmarshalSecp256k1PublicKey(bz)
+		if err != nil {
+			return err
+		}
+		pid, err := peer.IDFromPublicKey(k)
+		if err != nil {
+			return err
+		}
+		cfg.WhitelistedPeers = append(cfg.WhitelistedPeers, pid.String())
+	}
+
 	// Generate TSS address . The Tss address is generated through Keygen ceremony. The TSS key is used to sign all outbound transactions .
 	// The hotkeyPk is private key for the Hotkey. The Hotkey is used to sign all inbound transactions
 	// Each node processes a portion of the key stored in ~/.tss by default . Custom location can be specified in config file during init.

go.mod

@@ -367,5 +367,5 @@ replace (
 	github.com/bnb-chain/tss-lib => github.com/zeta-chain/tss-lib v0.0.0-20240916163010-2e6b438bd901
 	github.com/ethereum/go-ethereum => github.com/zeta-chain/go-ethereum v1.10.26-spc
 	github.com/libp2p/go-libp2p => github.com/zeta-chain/go-libp2p v0.0.0-20240710192637-567fbaacc2b4
-	gitlab.com/thorchain/tss/go-tss => github.com/zeta-chain/go-tss v0.0.0-20240916173049-89fee4b0ae7f
+	gitlab.com/thorchain/tss/go-tss => github.com/zeta-chain/go-tss v0.0.0-20241023194402-26ad436b42a1
 )

go.sum

@@ -4204,8 +4204,8 @@ github.com/zeta-chain/go-ethereum v1.10.26-spc h1:NvY4rR9yw52wfxWt7YoFsWbaIwVMyO
 github.com/zeta-chain/go-ethereum v1.10.26-spc/go.mod h1:/6CsT5Ceen2WPLI/oCA3xMcZ5sWMF/D46SjM/ayY0Oo=
 github.com/zeta-chain/go-libp2p v0.0.0-20240710192637-567fbaacc2b4 h1:FmO3HfVdZ7LzxBUfg6sVzV7ilKElQU2DZm8PxJ7KcYI=
 github.com/zeta-chain/go-libp2p v0.0.0-20240710192637-567fbaacc2b4/go.mod h1:TBv5NY/CqWYIfUstXO1fDWrt4bDoqgCw79yihqBspg8=
-github.com/zeta-chain/go-tss v0.0.0-20240916173049-89fee4b0ae7f h1:XqUvw9a3EnDa271r5/tjRy90U2l1E8thdWzlrkbrEGE=
-github.com/zeta-chain/go-tss v0.0.0-20240916173049-89fee4b0ae7f/go.mod h1:B1FDE6kHs8hozKSX1/iXgCdvlFbS6+FeAupoBHDK0Cc=
+github.com/zeta-chain/go-tss v0.0.0-20241023194402-26ad436b42a1 h1:t7/6SVGVk7OD/2g+b1ieMtdjpM/zewgnqgW0yEXMJT0=
+github.com/zeta-chain/go-tss v0.0.0-20241023194402-26ad436b42a1/go.mod h1:B1FDE6kHs8hozKSX1/iXgCdvlFbS6+FeAupoBHDK0Cc=
 github.com/zeta-chain/keystone/keys v0.0.0-20240826165841-3874f358c138 h1:vck/FcIIpFOvpBUm0NO17jbEtmSz/W/a5Y4jRuSJl6I=
 github.com/zeta-chain/keystone/keys v0.0.0-20240826165841-3874f358c138/go.mod h1:U494OsZTWsU75hqoriZgMdSsgSGP1mUL1jX+wN/Aez8=
 github.com/zeta-chain/protocol-contracts v1.0.2-athens3.0.20241021075719-d40d2e28467c h1:ZoFxMMZtivRLquXVq1sEVlT45UnTPMO1MSXtc88nDv4=

zetaclient/config/types.go

@@ -109,6 +109,10 @@ type Config struct {
 	// compliance config
 	ComplianceConfig ComplianceConfig `json:"ComplianceConfig"`
 
+	// whitelist config
+	WhitelistedPeers []string `json:"WhitelistedPeers"`
+	DisableWhitelist bool     `json:"DisableWhitelist"` // TODO: remove since this is just for local debugging
+
 	mu *sync.RWMutex
 }
 

zetaclient/tss/tss_signer.go

@@ -185,6 +185,8 @@
 		preParams, // use pre-generated pre-params if non-nil
 		IP,        // for docker test
 		tssPassword,
+		cfg.WhitelistedPeers,
+		cfg.DisableWhitelist,
 	)
 	if err != nil {
 		log.Error().Err(err).Msg("NewTSS error")