Warning
This repository is a work in progress, and for now only functions as a showcase. This code is not intended to secure any valuable information.
This an EVM with precompiles used internally by SUAVE for key management and boostrapping kettles.
The Andromeda precompiles rely on features from Gramine, provided through the filesystem. The gramine environment is provided separately. Running the examples and tests here just run locally, approximating this.
Suave.localRandomuses theRDRANDinstruction via Gramine's/dev/urandom.Suave.volatile{Set/Get}uses a simple staticHashMapin local memory. It does not persist through a service restart.Suave.attestSgxuses Gramine's remote attestation/dev/attestation/quote.Suave.sealingKeyuses Gramine's pseudo-directory/dev/attestation/keysfeature.
As additional utility precompiles we include:
Suave.doHTTPRequest, which uses/etc/ssl/ca-certificates.crtfor HTTPS certificates (the file must be included in the Gramine manifest!).
The tests include a thin wrapper for the precompiles [examples/Andromeda.sol]. This is a small interface, but it should be sufficient to run the Key Manager demo
The revm itself is statless - we don't keep any chain data inside. To provide chain state we have introduced a witness-based database. The database itself is defined in remote_db.rs, and verifying witness is done through helios. For SUAVE chain's Proof of Authority we have added a simple consensus checker that verifies the blocks were signed by one of the trusted block proposers ([0x0981717712ed2c4919fdbc27dfc804800a9eeff9, 0x0e5b9aa4925ed1beeb08d1c5a92477a1b719baa7, 0x0e8705e07bbe1ce2c39093df3d20aaa5120bfc7a]).
State is possibly fetched at two times:
- Before the execution all of the access list state is pre-fetched
- During EVM execution if a slot is missing it will be fetched from the execution client
The main service we provide in this repository is the StatefulExecutor. This is a service which persists volatile memory (for Suave.volatile{Set/Get}) and manages the SUAVE chain light client.
There are two methods that the StatefulExecutor implements:
advance [height=latest], which advances the suave chain light client to the requested heightexecute tx_env, which executes the requested call. Thetx_envis expected to be JSON-encoded TxEnv structure.
make buildNote: clang is required for building revm with c-kzg or secp256k1 feature flags as they depend on C libraries. If you don't have it installed, you can install it with apt install clang.
To mock out /dev/attestation/quote, and /dev/attestation/user_report_data, just try
sudo mkdir /dev/attestation
sudo chown $USER:$USER /dev/attestation
echo "dummnyquote" > /dev/attestation/quotemake examplesThe code in this project is free software under the MIT license.