Branislav Kontur
9e1afcafb5
* Initial version of bridges pallet as subtree of https://github.com/paritytech/parity-bridges-common Added `Bridges subtree files` pr review rule * Squashed 'bridges/' content from commit d30927c08 git-subtree-dir: bridges git-subtree-split: d30927c089bd9e73092d1ec1a62895603cb277a3 * Updated REAMDE.md and BRIDGES.md (inspired by original https://github.com/paritytech/polkadot/blob/d22eb62fe40e55e15eb91d375f48cc540d83a47e/BRIDGES.md) * Squashed 'bridges/' changes from d30927c08..d3970944b d3970944b Small simplifications (#2050) git-subtree-dir: bridges git-subtree-split: d3970944b0cfc4ea5226225e1ca07dab234c3556 * Squashed 'bridges/' changes from d3970944b..2180797fb 2180797fb Removed CODEOWNERS (#2051) git-subtree-dir: bridges git-subtree-split: 2180797fbf8a990490c67853dcffd81bc8dd083c * Squashed 'bridges/' changes from 2180797fbf..4850aac8ce 4850aac8ce Removed relayer_account: &AccountId from MessageDispatch (#2080) 8c8adafd54 Revert "Fix max-size messages at test chains (#2064)" (#2077) c01a63efd8 Fixed off-by-one when confirming rewards in messages pallet (#2075) a298be96aa Update subxt dependencies (#2072) c0eef51eab Fix max-size messages at test chains (#2064) 3a658e3697 Messages relay fixes (#2073) 0022b5ab22 Slash relayers for invalid transactions (#2025) 198104007f Bump enumflags2 from 0.7.5 to 0.7.7 9229b257e5 [ci] Fix rules for docker build (#2069) 660d791390 [ci] Update buildah command and version (#2058) e4535c0ca4 fix the way latest_confirmed_nonce_at_source is "calculated" (#2067) dbc2d37590 select nothing if we have already selected nonces to submit or have submitted something (#2065) a7eedd21fe [relay-substrate-client] Bump jsonrpsee (#2066) 8875d5aeae Bump clap from 4.2.2 to 4.2.4 25f9cf55e2 Another use of RangeInclusiveExt::checked_len() (#2060) 4942c12a5f submit lane unblock transactions from relay (#2030) c0325d3c9c Test deployments fixes (#2057) fc7b9b7ed7 Use the new matrix server (#2056) 63bcb5c10b Fixed delivery alert rule (#2052) git-subtree-dir: bridges git-subtree-split: 4850aac8ce6c34e5ca6246b88cd14c873a879cba * Squashed 'bridges/' changes from 4850aac8ce..66aaf0dd23 66aaf0dd23 Nits (#2083) git-subtree-dir: bridges git-subtree-split: 66aaf0dd239dde40b64264061a77c921e2c82568 * Squashed 'bridges/' changes from 66aaf0dd23..557ecbcecc 557ecbcecc Fix sized messages (Follow-up on #2064) (#2103) 54f587a066 Add weight of refund extension post_dispatch to the weights of messages pallet (#2089) 5b1626f8c4 fix pallet param for nightly benchmarks check (#2099) ae44c6b7a1 Add millau specific messages weights (#2097) 6ad0bd1f1e Add integrity tests to rialto parachain runtiime (#2096) 6919556de5 Bump tokio from 1.27.0 to 1.28.0 58795fcb75 Bump clap from 4.2.4 to 4.2.5 01bf31085b Bump scale-info from 2.5.0 to 2.6.0 8fe383240d Bump anyhow from 1.0.70 to 1.0.71 8d94e82ad5 deployments: add new BEEFY metrics and alarms (#2090) e9a4749e7e Bump wasmtime from 6.0.1 to 6.0.2 9d9936c0d9 Bump wasmtime from 6.0.1 to 6.0.2 in /tools/runtime-codegen 5d77cd7bee Add more logs to relayer and message pallets (#2082) 75fbb9d3ef Update comment (#2081) 9904d09cf6 Benchmarks for new relayers pallet calls (#2040) git-subtree-dir: bridges git-subtree-split: 557ecbcecc585547b744a5ac9fb8d7f3b9de4521 * fmt * Squashed 'bridges/' changes from 557ecbcecc..04b3dda6aa 04b3dda6aa Remove from subtree (#2111) f8ff15e7e7 Add `MessagesPalletInstance` for integrity tests (#2107) 92ccef58e6 Use generated runtimes for BHR/BHW (#2106) b33e0a585b Fix comment (#2105) git-subtree-dir: bridges git-subtree-split: 04b3dda6aa38599e612ff637710b6d2cff275ef3 * ".git/.scripts/commands/fmt/fmt.sh" --------- Co-authored-by: parity-processbot <>
12 KiB
High-Level Bridge Documentation
This document gives a brief, abstract description of main components that may be found in this repository. If you want to see how we're using them to build Rococo <> Wococo (Kusama <> Polkadot) bridge, please refer to the Polkadot <> Kusama Bridge.
Purpose
This repo contains all components required to build a trustless connection between standalone Substrate chains, that are using GRANDPA finality, their parachains or any combination of those. On top of this connection, we offer a messaging pallet that provides means to organize messages exchange.
On top of that layered infrastructure, anyone may build their own bridge applications - e.g. XCM messaging, encoded calls messaging and so on.
Terminology
Even though we support (and require) two-way bridging, the documentation will generally talk about a one-sided interaction. That's to say, we will only talk about syncing finality proofs and messages from a source chain to a target chain. This is because the two-sided interaction is really just the one-sided interaction with the source and target chains switched.
The bridge has both on-chain (pallets) and offchain (relayers) components.
On-chain components
On-chain bridge components are pallets that are deployed at the chain runtime. Finality pallets require deployment at the target chain, while messages pallet needs to be deployed at both, source and target chains.
Bridge GRANDPA Finality Pallet
A GRANDPA light client of the source chain built into the target chain's runtime. It provides a "source of truth" about the source chain headers which have been finalized. This is useful for higher level applications.
The pallet tracks current GRANDPA authorities set and only accepts finality proofs (GRANDPA justifications), generated by the current authorities set. The GRANDPA protocol itself requires current authorities set to generate explicit justification for the header that enacts next authorities set. Such headers and their finality proofs are called mandatory in the pallet and relayer pays no fee for such headers submission.
The pallet does not require all headers to be imported or provided. The relayer itself chooses which headers he wants to submit (with the exception of mandatory headers).
More: pallet level documentation and code.
Bridge Parachains Finality Pallet
Parachains are not supposed to have their own finality, so we can't use bridge GRANDPA pallet to verify their
finality proofs. Instead, they rely on their relay chain finality. The parachain header is considered final,
when it is accepted by the paras pallet
at its relay chain. Obviously, the relay chain block, where it is accepted, must also be finalized by the relay
chain GRANDPA gadget.
That said, the bridge parachains pallet accepts storage proof of one or several parachain heads, inserted to the
Heads
map of the paras pallet.
To verify this storage proof, the pallet uses relay chain header, imported earlier by the bridge GRANDPA pallet.
The pallet may track multiple parachains at once and those parachains may use different primitives. So the parachain header decoding never happens at the pallet level. For maintaining the headers order, the pallet uses relay chain header number.
More: pallet level documentation and code.
Bridge Messages Pallet
The pallet is responsible for queuing messages at the source chain and receiving the messages proofs at the target chain. The messages are sent to the particular lane, where they are guaranteed to be received in the same order they are sent. The pallet supports many lanes.
The lane has two ends. Outbound lane end is storing number of messages that have been sent and the number of messages that have been received. Inbound lane end stores the number of messages that have been received and also a map that maps messages to relayers that have delivered those messages to the target chain.
The pallet has three main entrypoints:
- the
send_messagemay be used by the other runtime pallets to send the messages; - the
receive_messages_proofis responsible for parsing the messages proof and handing messages over to the dispatch code; - the
receive_messages_delivery_proofis responsible for parsing the messages delivery proof and rewarding relayers that have delivered the message.
Many things are abstracted by the pallet:
- the message itself may mean anything, the pallet doesn't care about its content;
- the message dispatch happens during delivery, but it is decoupled from the pallet code;
- the messages proof and messages delivery proof are verified outside of the pallet;
- the relayers incentivization scheme is defined outside of the pallet.
Outside of the messaging pallet, we have a set of adapters, where messages and delivery proofs are regular storage proofs. The proofs are generated at the bridged chain and require bridged chain finality. So messages pallet, in this case, depends on one of the finality pallets. The messages are XCM messages and we are using XCM executor to dispatch them on receival. You may find more info in Polkadot <> Kusama Bridge document.
More: pallet level documentation and code.
Bridge Relayers Pallet
The pallet is quite simple. It just registers relayer rewards and has an entrypoint to collect them. When the rewards are registered and the reward amount is configured outside of the pallet.
More: pallet level documentation and code.
Offchain Components
Offchain bridge components are separate processes, called relayers. Relayers are connected both to the source chain and target chain nodes. Relayers are reading state of the source chain, compare it to the state of the target chain and, if state at target chain needs to be updated, submits target chain transaction.
GRANDPA Finality Relay
The task of relay is to submit source chain GRANDPA justifications and their corresponding headers to the Bridge GRANDPA Finality Pallet, deployed at the target chain. For that, the relay subscribes to the source chain GRANDPA justifications stream and submits every new justification it sees to the target chain GRANDPA light client. In addition, relay is searching for mandatory headers and submits their justifications - without that the pallet will be unable to move forward.
More: GRANDPA Finality Relay Sequence Diagram, pallet level documentation and code.
Parachains Finality Relay
The relay connects to the source relay chain and the target chain nodes. It doesn't need to connect to the
tracked parachain nodes. The relay looks at the Heads
map of the paras pallet
in source chain, and compares the value with the best parachain head, stored in the bridge parachains pallet at
the target chain. If new parachain head appears at the relay chain block B, the relay process waits
until header B or one of its ancestors appears at the target chain. Once it is available, the storage
proof of the map entry is generated and is submitted to the target chain.
As its on-chain component (which requires bridge GRANDPA pallet to be deployed nearby), the parachains
finality relay requires GRANDPA finality relay to be running in parallel. Without it, the header B or
any of its children's finality at source won't be relayed at target, and target chain
won't be able to verify generated storage proof.
More: Parachains Finality Relay Sequence Diagram, code.
Messages Relay
Messages relay is actually two relays that are running in a single process: messages delivery relay and delivery confirmation relay. Even though they are more complex and have many caveats, the overall algorithm is the same as in other relays.
Message delivery relay connects to the source chain and looks at the outbound lane end, waiting until new
messages are queued there. Once they appear at the source block B, the relay start waiting for the block
B or its descendant appear at the target chain. Then the messages storage proof is generated and submitted
to the bridge messages pallet at the target chain. In addition, the transaction may include the storage proof
of the outbound lane state - that proves that relayer rewards have been paid and this data (map of relay
accounts to the delivered messages) may be pruned from the inbound lane state at the target chain.
Delivery confirmation relay connects to the target chain and starts watching the inbound lane end. When new
messages are delivered to the target chain, the corresponding source chain account is inserted to the
map in the inbound lane data. Relay detects that, say, at the target chain block B and waits until that
block or its descendant appears at the source chain. Once that happens, the relay crafts a storage proof of
that data and sends it to the messages pallet, deployed at the source chain.
As you can see, the messages relay also requires finality relay to be operating in parallel. Since messages relay submits transactions to both source and target chains, it requires both source-to-target and target-to-source finality relays. They can be GRANDPA finality relays or GRANDPA+parachains finality relays, depending on the type of connected chain.
More: Messages Relay Sequence Diagram, pallet level documentation and code.
Complex Relay
Every relay transaction has its cost. The only transaction, that is "free" to relayer is when the mandatory GRANDPA header is submitted. The relay that feeds the bridge with every relay chain and/or parachain head it sees, will have to pay a (quite large) cost. And if no messages are sent through the bridge, that is just waste of money.
We have a special relay mode, called complex relay, where relay mostly sleeps and only submits transactions that are required for the messages/confirmations delivery. This mode starts two message relays (in both directions). All required finality relays are also started in a special on-demand mode. In this mode they do not submit any headers without special request. As always, the only exception is when GRANDPA finality relay sees the mandatory header - it is submitted without such request.
The message relays are watching their lanes and when, at some block B, they see new messages/confirmations
to be delivered, they are asking on-demand relays to relay this block B. On-demand relays does that and
then message relay may perform its job. If on-demand relay is a parachain finality relay, it also runs its
own on-demand GRANDPA relay, which is used to relay required relay chain headers.
More: Complex Relay Sequence Diagram, code.