feat(node): guardian signed delegate signatures broadcast#4744
Merged
evan-gray merged 8 commits intowormhole-foundation:mainfrom Apr 14, 2026
Merged
Conversation
evan-gray
force-pushed
the
delegate-observation-batches
branch
5 times, most recently
from
547444a to
33e112f
Compare
evan-gray
force-pushed
the
delegate-observation-batches
branch
2 times, most recently
from
c93a95e to
5ea4844
Compare
Contributor
|
Claude Code is working… I'll analyze this and get back to you. |
evan-gray
force-pushed
the
delegate-observation-batches
branch
from
5ea4844 to
5aa5fae
Compare
johnsaigle
reviewed
Apr 10, 2026
Contributor
There was a problem hiding this comment.
Given that we're doing checks against the current Guardian Set on one level, and the delegated/canonical sets on another level, do we need to worry about the boundary cases like:
- Changing a Guardian Set?
- Changing the Delegated Guardian Set for a chain?
evan-gray
changed the title
johnsaigle
reviewed
Apr 10, 2026
johnsaigle
reviewed
Apr 10, 2026
evan-gray
force-pushed
the
delegate-observation-batches
branch
3 times, most recently
from
16347df to
966587a
Compare
johnsaigle
reviewed
Apr 13, 2026
Contributor
johnsaigle
left a comment
johnsaigle
left a comment
There was a problem hiding this comment.
I think we should update the test coverage to make sure we're handling the non-VAA-hash-related fields correctly.
Otherwise, the rest of the comments are improvements but IMO they do not need to block the PR.
mdulin2
previously approved these changes
Apr 13, 2026
Contributor
mdulin2
left a comment
mdulin2
left a comment
There was a problem hiding this comment.
Looks pretty good to me! The checks on the single signature appear to all be done on the batch case as well.
This reverts commit 628c06e.
evan-gray
force-pushed
the
delegate-observation-batches
branch
from
9be839d to
937d18f
Compare
johnsaigle
reviewed
Apr 14, 2026
Contributor
johnsaigle
left a comment
johnsaigle
left a comment
There was a problem hiding this comment.
A few small notes for test coverage and logging in case we hit size limits on the p2p layer.
Otherwise looks good and I'm happy to approve once these are resolved.
johnsaigle
reviewed
Apr 14, 2026
johnsaigle
reviewed
Apr 14, 2026
mdulin2
approved these changes
Apr 14, 2026
johnsaigle
approved these changes
Apr 14, 2026
panoel
approved these changes
Apr 14, 2026
djb15
approved these changes
Apr 14, 2026
Collaborator
djb15
left a comment
djb15
left a comment
There was a problem hiding this comment.
Approving changes to gossip.proto
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This returns the gossip message time restriction pre #4743 in favor of a canonical guardian only approach. This allows any guardian to collect a quorum of delegated guardian set signatures for a message and broadcast them in a single message.
The goal is that this should maintain the same safeguards and security of the original delegated guardian set messages but provide the same security / DoS prevention as observation requests.
Tested with https://api.wormholescan.io/api/v1/observations/delegate/50/00000000000000000000000062deeafee06c7442a21c93ededc79a0cb5791c83/1750
This required a change in Wormholescan to store the full data from the gossip message, so some earlier messages may not contain all the relevant fields. I expect that if a prior message was needed for some reason, it could either be re-observed or the data could be backfilled.
Reviewers: the most critical code is in p2p.go 👀
Summary