fix: SetGatewayAddress might set invalid gateway address

[ws4charlie]

Description

Fixed the issue in method SetGatewayAddress and add unit test.

How Has This Been Tested?

• Tested CCTX in localnet
• Tested in development environment
• Go unit tests
• Go integration tests
• Tested via GitHub Actions

Summary by CodeRabbit

• New Features

  • Support for stateful precompiled contracts.
  • Common importable RPC package added.
  • Enhancements to staking and Bitcoin functionalities.
  • Integration of authenticated calls for smart contracts.
  • Support for multiple Bitcoin chains and non-EVM standard inbound memo package.

• Bug Fixes

  • Improved error handling for gateway address parsing.
  • Resolved issues with operator voting on discarded keygen ballots.
  • Enhanced outbound tracker to prevent blocking confirmations.

• Tests

  • Added new test for setting gateway address.
  • Enhanced existing tests for relayer balance metrics.

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request includes extensive updates to the ZetaChain node, emphasizing new features, refactoring, testing enhancements, and various fixes. Key features are the introduction of stateful precompiled contracts, a common RPC package, and improvements to Bitcoin and staking functionalities. Refactoring efforts focus on code quality, including lint fixes and unused code removal. Testing coverage has been expanded, particularly for stateful contracts and Bitcoin functionalities. Additionally, several issues have been addressed, improving overall functionality and robustness.

Changes

File Path	Change Summary
changelog.md	Added multiple methods for new features, refactoring, and fixes related to staking, Bitcoin, and contracts.
zetaclient/chains/solana/signer/signer.go	Updated SetGatewayAddress for better error handling and refined SetRelayerBalanceMetrics logic.
zetaclient/chains/solana/signer/signer_test.go	Added Test_SetGatewayAddress to enhance test coverage for gateway address management. Retained existing tests for balance metrics.

Possibly related PRs

• feat(zetacore): add chain static information for bitcoin signet testnet #2883: This PR adds chain static information for the Bitcoin Signet testnet, which is directly related to the main PR's updates on supporting multiple Bitcoin chains and adding chain static information for Bitcoin testnets.
• docs(rfc): non-evm chain memo design standard #2963: This PR includes support for stateful precompiled contracts and enhancements to Bitcoin functionalities, which align with the main PR's focus on similar features and improvements.
• chore: sync v20 changelog #2872: This PR updates the changelog to reflect significant changes in the Zeta Chain protocol, including enhancements related to Bitcoin, which connects to the main PR's updates on Bitcoin functionalities.

Suggested labels

breaking:cli, no-changelog

Suggested reviewers

• fbac
• kingpinXD
• skosito
• lumtis
• brewmaster012
• swift1337

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

Attention: Patch coverage is 66.66667% with 1 line in your changes missing coverage. Please review.

Project coverage is 64.12%. Comparing base (0f8a4c2) to head (c889ab1).
Report is 1 commits behind head on develop.

Files with missing lines	Patch %	Lines
tests/simulation/sim/sim_state.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #3030      +/-   ##
===========================================
+ Coverage    64.06%   64.12%   +0.05%     
===========================================
  Files          412      412              
  Lines        28960    28961       +1     
===========================================
+ Hits         18554    18570      +16     
+ Misses        9611     9596      -15     
  Partials       795      795              

Files with missing lines	Coverage Δ
zetaclient/chains/solana/signer/signer.go	39.84% <100.00%> (+11.81%)	⬆️
tests/simulation/sim/sim_state.go	0.00% <0.00%> (ø)

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (3)

zetaclient/chains/solana/signer/signer_test.go (1)

119-137: Consider adding more edge cases to the test suite.

While the current test cases cover basic scenarios, consider adding tests for:

• Empty string gateway address
• Gateway address with leading/trailing whitespace
• Address with different encoding formats
• Maximum length address validation

zetaclient/chains/solana/signer/signer.go (1)

195-196: LGTM! Consider enhancing error observability.

The early return prevents invalid gateway address state, which is the core fix needed.

Consider enhancing the error logging with structured fields for better observability:

-signer.Logger().Std.Error().Err(err).Msgf("cannot parse gateway address: %s", address)
+signer.Logger().Std.Error().
+    Err(err).
+    Str("address", address).
+    Str("chain", signer.Chain().Name).
+    Msg("cannot parse gateway address")

changelog.md (1)

59-59: Consider enhancing the changelog entry with more context.

While the entry correctly documents the fix, consider expanding it to provide more context about the potential impact and importance of this change. This helps users understand the significance of the fix.

Consider this enhanced version:

-* [3030](https://github.com/zeta-chain/node/pull/3030) - Avoid storing invalid Solana gateway address in the `SetGatewayAddress`
+* [3030](https://github.com/zeta-chain/node/pull/3030) - Fix validation in `SetGatewayAddress` to prevent storing invalid Solana gateway addresses, ensuring proper address validation and system stability

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 0f8a4c2 and b701200.

📒 Files selected for processing (3)

• changelog.md (1 hunks)
• zetaclient/chains/solana/signer/signer.go (1 hunks)
• zetaclient/chains/solana/signer/signer_test.go (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

zetaclient/chains/solana/signer/signer.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

zetaclient/chains/solana/signer/signer_test.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

🔇 Additional comments (2)

zetaclient/chains/solana/signer/signer.go (2)

Line range hint 223-224: LGTM! Efficient guard clause implementation.

The early return using HasRelayerKey() check prevents unnecessary RPC calls, improving efficiency.

---

Line range hint 1-275: Consider reviewing concurrent access patterns.

The Signer struct uses mutex locks in some methods (SetGatewayAddress, GetGatewayAddress) but not in others (SetRelayerBalanceMetrics). While the current implementation might be safe due to initialization patterns, it would be beneficial to document the concurrent access assumptions and requirements.

Let's verify the concurrent access patterns:

✅ Verification successful

Let me gather more information about the concurrent access patterns in the Solana signer implementation.

---

Let me try a different approach to analyze the concurrent access patterns.

---

Based on the analysis of the concurrent access patterns, I can now provide a final response.

Concurrent access patterns are correctly implemented with room for documentation improvements

The concurrent access implementation in the Solana signer is well-structured:

• Mutex protection is correctly applied to shared state modifications (gatewayID, pda) through SetGatewayAddress and GetGatewayAddress
• SetRelayerBalanceMetrics doesn't require mutex protection as it only reads the immutable relayerKey field, which is set during initialization
• The base Signer struct provides the mutex and locking mechanisms inherited by all chain-specific implementations
• Critical state changes are properly synchronized using the Lock/Unlock pattern

Suggestions for improvement:

• Add documentation comments explaining the thread-safety guarantees for each field in the Signer struct
• Consider documenting which methods are safe for concurrent access and which are not

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for mutex usage patterns in signer implementations
rg -A 2 "Lock\(\)" zetaclient/chains/

Length of output: 6757

---

Script:

#!/bin/bash
# Search for methods that access shared state in Solana signer
ast-grep --pattern 'func \(signer \*Signer\) $_($$$) $_ {
  $$$
}'

Length of output: 68

---

Script:

#!/bin/bash
# Search for field accesses in Solana signer methods
rg -A 2 "signer\." zetaclient/chains/solana/signer/signer.go

# Also check the base signer implementation
rg -A 2 "type Signer struct" zetaclient/chains/base/signer.go

Length of output: 2599

[github-actions]

!!!WARNING!!!
nosec detected in the following files: tests/simulation/sim/sim_state.go

Be very careful about using #nosec in code. It can be a quick way to suppress security warnings and move forward with development, it should be employed with caution. Suppressing warnings with #nosec can hide potentially serious vulnerabilities. Only use #nosec when you're absolutely certain that the security issue is either a false positive or has been mitigated in another way.

Only suppress a single rule (or a specific set of rules) within a section of code, while continuing to scan for other problems. To do this, you can list the rule(s) to be suppressed within the #nosec annotation, e.g: /* #nosec G401 */ or //#nosec G201 G202 G203
Broad #nosec annotations should be avoided, as they can hide other vulnerabilities. The CI will block you from merging this PR until you remove #nosec annotations that do not target specific rules.

Pay extra attention to the way #nosec is being used in the files listed above.