A Solana program that facilitates token bridging using Hyperlane's infrastructure. The program implements a secure ownership model using Squads Protocol for critical administrative controls while maintaining efficient token bridging operations.
- Program upgrade authority is managed by a Squads multisig
- Program account ownership is managed by the same Squads multisig
- This ensures critical administrative functions require multiple signatures, preventing single-point-of-failure risks
- The strategist is implemented as a normal externally owned account (not a PDA)
- The strategist has limited control, only being able to:
- Initiate transfers up to the current token balance
- Pay bridge fees using their own lamports
When a strategist initiates a remote transfer, the following security checks and operations occur:
-
Strategist Verification
- Verifies the transaction signer matches the stored strategist public key
-
Configuration Validation
- All strategist-provided parameters (except amount) are hashed and compared against stored configuration
- This prevents unauthorized modification of bridge parameters
-
Token Transfer
- Transfers the specified token amount from the program derived account(BoringState) to the strategist
- Amount is bounded by the program's current token balance
-
Bridge Execution
- The transferred tokens are bridged from the strategist's account, using Hyperlane's infrastructure
- Bridge fees are paid by the strategist's account
- The strategist cannot modify any bridge configuration parameters
- All configuration changes require multisig approval
- Bridge fees must be covered by the strategist's lamport balance
- Token transfers are limited to the program's available balance
- Squads Protocol - The multisig solution used for administrative control
-
Clone the repository:
git clone <repository-url> cd boring-bridge-holder
-
Install dependencies:
yarn install
Build the program:
anchor buildRun the tests:
anchor testSolana devnet:
anchor deploy --provider.cluster https://api.devnet.solana.comEclipse Mainnet:
solana program deploy target/deploy/boring_bridge_holder.so --keypair ~/.config/solana/id.json -u https://eclipse.helius-rpc.comTo retry txs:
solana program deploy target/deploy/boring_bridge_holder.so --keypair ~/.config/solana/id.json -u https://eclipse.helius-rpc.com --buffer <PATH_TO_INTERMEDIATE_KEYPAIR>To generate an intermediate keypair:
solana-keygen recover --outfile ./intermediate.jsonTo see abandoned buffer accounts:
solana program show --buffers -u https://eclipse.helius-rpc.comTo close abandoned buffer accounts:
solana program close --buffers --keypair ~/.config/solana/id.json -u https://eclipse.helius-rpc.comNavigate to Backup Squads Website
Go to settings and set the following: RPC Url: https://eclipse.helius-rpc.com Program ID: eSQDSMLf3qxwHVHeTr9amVAGmZbRLY2rFdSURandt6f
Then enter the multisig address. Squads multisig: 8QfUfa4QRqPrbvJ7h98VQPCE8vM6KFovYYEMkiVwSAaf
To change upgrade authority. Note only add in the --skip-new-upgrade-authority-signer-check flag if you are sure the new upgrade authority is correct.
solana program set-upgrade-authority <PROGRAM_ID> --new-upgrade-authority <NEW_UPGRADE_AUTHORITY> -u https://eclipse.helius-rpc.com --skip-new-upgrade-authority-signer-checkMake necessary changes to the program, update the version number in lib.rs, and in tests/boring-bridge-holder.ts
solana program write-buffer target/deploy/boring_bridge_holder.so -u https://eclipse.helius-rpc.comIf txs fail, then recover the intermediate keypair and retry the txs with the intermediate keypair. Once you have the buffer account, update the bufferAccount variable in scripts/create_upgrade_tx.ts.
Change the buffer authority to the multisig.
solana program set-buffer-authority <BUFFER_ACCOUNT> --new-buffer-authority <NEW_BUFFER_AUTHORITY> -u https://eclipse.helius-rpc.comThen run
ts-node scripts/create_upgrade_tx.tsBefore running any scripts:
-
Copy the sample environment file:
cp sample.env .env
-
Fill out the
.envfile with your configuration values -
Run scripts using ts-node:
-
initialize.ts: Initialize the boring bridge holder account -
transfer_ownership.ts: Transfer ownership of the boring bridge holder account -
update_configuration.ts: Update the configuration -
update_strategist.ts: Update the strategist -
transfer_remote.ts: Transfer tokens remotelyts-node scripts/<script-name>.ts
- Make sure
solana-verifyis installed. - Make sure
anchor buildhas been run. - Run the following command:
ts-node scripts/verify_program.tsUnder the hood this script is just using solana-verify get-executable-hash and solana-verify get-program-hash to verify the program hashes match.
programs/boring-bridge-holder/src/lib.rs: Main program file containing instruction handlersprograms/boring-bridge-holder/src/instructions/: Directory containing instruction-specific logictransfer_remote.rs: Logic for the transfer remote instruction
tests/boring-bridge-holder.ts: Test suite
- Initialize a boring bridge holder account
- Transfer ownership
- Update strategist
- Update configuration
- Transfer tokens remotely using Hyperlane's infrastructure
- Creator: The account that created the boring bridge holder
- Owner: The account that can update configuration and transfer ownership
- Strategist: The account that can execute transfers
- Config Hash: Hash of the current configuration
- Bump: PDA bump seed
- Target Program
- NOOP Program
- Token PDA
- Mailbox Program
- Mailbox Outbox
- Message Dispatch Authority
- IGP Program
- IGP Program Data
- IGP Account (This is really the overhead IGP program)
- Token Sender (This is really the IGP account)
- Token 2022 Program
- Mint Authority
- Destination Domain
- EVM Recipient
- Decimals
UNLICENSED