Fix wasm on-demand materialization file naming; set TLS SNI for forking gRPC

[tiljrd]

User description

Fix wasm on-demand materialization file naming; set TLS SNI for forking gRPC

Summary

This PR fixes the "Error opening Wasm file for reading" issue in forking mode by addressing two key problems:

1. Wasm file naming mismatch: Modified materializeAndPinWasm to prefer the on-chain CodeHash from CodeInfo instead of always computing a local SHA256 hash, ensuring the generated filename matches what wasmvm expects during contract execution.

2. TLS ServerName configuration: Added proper TLS configuration with ServerName for gRPC connections to resolve connectivity issues when fetching wasm bytecode from remote endpoints.

Key Changes

• app/wasm_materialize.go: Use on-chain CodeHash for filename when available, write wasm files to multiple potential paths that wasmvm might check
• app/msg_wasm_wrapper.go & app/query_wasm_wrapper.go: Set TLS ServerName properly for gRPC dial options
• Auto-generated protobuf changes (may need regeneration)

Review & Testing Checklist for Human

Critical (3 items):

• End-to-end test: Verify wasm contract execution no longer fails with "Error opening Wasm file for reading" in forking mode using the provided Kurtosis commands
• Regression test: Confirm existing wasm contract functionality still works in non-forking mode (existing contracts should execute without issues)
• TLS connectivity: Test that gRPC connections to grpc.thor.pfc.zone:443 work properly with the new TLS ServerName configuration

Notes

Testing was incomplete due to intermittent RPC EOF errors (post failed: Post "http://localhost:26657": EOF) during verification. The materialization and pinning logs showed expected behavior, but full end-to-end contract execution could not be verified.

The protobuf changes in api/types/query.pulsar.go appear to be auto-generated and may need regeneration with make generate.

Link to Devin run: https://app.devin.ai/sessions/a93bebe179184ecfb0855343177bb0a7
Requested by: @tiljrd

---

PR Type

Enhancement, Bug fix, Documentation

---

Description

• Fixed WASM on-demand materialization: Modified materializeAndPinWasm to use on-chain CodeHash from CodeInfo instead of computing local SHA256 hash, ensuring generated filenames match what wasmvm expects during contract execution
• Added TLS ServerName configuration: Implemented proper TLS configuration with ServerName for gRPC connections to resolve connectivity issues when fetching WASM bytecode from remote endpoints
• Implemented comprehensive forking infrastructure: Added complete forking KV store system with remote gRPC client, LRU cache with TTL, iterator support, and proper state management
• Enhanced WASM contract handling: Created message and query wrappers to ensure automatic contract materialization before execution with fallback to remote endpoints
• Added authz module integration: Integrated authorization module with keeper initialization, store upgrades, and ante handler support
• Improved user API call detection: Added gRPC metadata extraction across handlers to identify user-initiated API calls for proper context propagation
• Enhanced query routing: Implemented custom query service router with route overrides and support for complex asset paths with slashes
• Added mimir bypass functionality: Implemented decorator to skip ante handlers for MsgMimir transactions and enhanced fee handling for forking scenarios
• Security improvements: Updated Docker build to use HTTPS repositories and improved CA certificate handling

---

Diagram Walkthrough

flowchart LR
  A["WASM Contract Request"] --> B["Message/Query Wrapper"]
  B --> C["Check Local Storage"]
  C --> D{Contract Available?}
  D -->|No| E["Remote gRPC Client"]
  E --> F["Fetch from Remote with TLS"]
  F --> G["Materialize & Pin WASM"]
  G --> H["Execute Contract"]
  D -->|Yes| H
  I["Forking KV Store"] --> J["Local Storage"]
  I --> K["LRU Cache"]
  I --> L["Remote Client"]
  M["User API Call"] --> N["gRPC Metadata"]
  N --> O["Context Propagation"]

Loading

File Walkthrough

	Relevant files
Miscellaneous	2 files query.pb.go Auto-generated protobuf file update                                            x/thorchain/types/query.pb.go • Updated auto-generated protobuf file with new binary data • Modified gzipped FileDescriptorProto from 2646 to 2711 bytes • Changed file descriptor hash and content structure +171/-167 query.pb.gw.go Auto-generated gRPC gateway query handlers for alternative API routes x/thorchain/types/query.pb.gw.go • Added duplicate query handler functions for LiquidityProvider, LiquidityProviders, Saver, Savers, Borrower, and Borrowers endpoints • Added new URL patterns and forward response handlers for alternative API routes • Generated additional gRPC gateway code for query endpoints with different path structures +811/-31
Enhancement	27 files iterator.go New iterator implementations for forking mode data access x/thorchain/forking/iterator.go • Added MergedIterator struct to merge local and remote iterators with proper key ordering • Implemented RemoteIterator for iterating over remote KeyValue slices • Added EmptyIterator as a null iterator implementation • Includes support for both forward and reverse iteration modes +246/-0  client.go Complete forking gRPC client implementation with TLS support x/thorchain/forking/client.go • Implemented comprehensive remote gRPC client for forking mode with TLS support • Added WASM contract state fetching with proper key parsing and address handling • Implemented query methods for pools, nodes, accounts, liquidity providers, savers, and borrowers • Added proper TLS configuration with ServerName for secure gRPC connections +1269/-0 msg_thorchain_wrapper.go WASM message wrapper with automatic code materialization  app/msg_thorchain_wrapper.go • Created message wrapper for WASM contract operations with materialization support • Added automatic WASM code materialization before contract instantiation and execution • Implemented TLS-enabled gRPC connection for fetching remote contract information • Added proper error handling and retry logic for height-based queries +209/-0  msg_server.go User API call detection via gRPC metadata                                x/denom/keeper/msg_server.go • Added metadata extraction for user API call detection in all message handlers • Implemented context value setting for CtxUserAPICall based on gRPC metadata • Enhanced CreateDenom, MintTokens, BurnTokens, and ChangeDenomAdmin methods +27/-0    app.go Add forking infrastructure and authz module integration    app/app.go • Added forking functionality with configuration for remote gRPC connections and KV store services • Integrated authz module with keeper initialization and module registration • Added wasm materialization and query/message wrapper routing for forking mode • Implemented forking services initialization with cache and remote client setup +185/-10 query_wasm_wrapper.go Implement WASM query wrapper with remote fallback                app/query_wasm_wrapper.go • Created WASM query wrapper to handle remote gRPC queries with TLS configuration • Implemented fallback logic to fetch contract data from remote endpoints when not available locally • Added proper TLS ServerName configuration for secure gRPC connections • Includes retry logic for height-related errors and contract materialization +508/-0  store.go Core forking KV store implementation                                          x/thorchain/forking/store.go • Implemented forking KV store that checks local storage first, then cache, then remote • Added remote fetch logic with proper error handling and caching • Implemented iterator support for both forward and reverse iteration with merged results • Added debug logging and statistics tracking for forking operations +264/-0  msg_wasm_wrapper.go Implement WASM message wrapper with materialization            app/msg_wasm_wrapper.go • Created WASM message wrapper to ensure contract materialization before execution • Added TLS configuration for secure gRPC connections to remote endpoints • Implemented contract info fetching from remote when not available locally • Added proper error handling and retry logic for remote queries +169/-0  wasm_materialize.go WASM bytecode materialization and pinning system                  app/wasm_materialize.go • Implemented WASM bytecode materialization and pinning functionality • Added remote bytecode fetching via gRPC with TLS support • Created multiple file path targets for WASM files to ensure compatibility • Added proper gzip decompression and SHA256 hash handling +191/-0  msg_server_wasms.go Add user API context to WASM message handlers                        x/thorchain/msg_server_wasms.go • Added user API call context extraction from gRPC metadata for all WASM message handlers • Implemented proper context propagation for forking mode detection • Enhanced all WASM message server methods with metadata handling +59/-0    query_service_router.go Custom query service router with context handling                app/query_service_router.go • Created custom query service router with route override capabilities • Implemented bank query wrapper with user API call context extraction • Added gRPC metadata handling for proper context propagation • Provided extensible framework for custom query handlers +115/-0  cache.go LRU cache implementation with TTL support                                x/thorchain/forking/cache.go • Implemented LRU cache with TTL support for forking data • Added thread-safe operations with proper mutex handling • Included automatic cleanup of expired entries • Provided cache statistics and management functionality +144/-0  service.go Forking KV store service implementation                                    x/thorchain/forking/service.go • Implemented forking KV store service wrapper with state management • Added block processing state tracking and genesis mode detection • Included statistics tracking for remote fetches and cache performance • Provided proper service lifecycle management +118/-0  ante.go Mimir bypass decorator and authz support                                  x/thorchain/ante.go • Added MimirBypassDecorator to skip ante handlers for MsgMimir transactions • Enhanced ante handler to support authz message types • Implemented early bypass logic with infinite gas meter for mimir messages +35/-1    querier.go Enhanced pool query with contract address support                x/thorchain/querier.go • Enhanced pool query to support contract address lookup with case-insensitive matching • Added support for both uppercase and lowercase Ethereum address formats • Implemented pool iteration to find assets by contract address +41/-0    types.go Core forking types and interfaces                                                x/thorchain/forking/types.go • Defined core types and interfaces for forking functionality • Specified RemoteConfig, RemoteClient, Cache, and ForkingKVStore interfaces • Added statistics tracking and gas metering type definitions +72/-0    handler_wasm_execute_contract.go Add authz support to WASM execute handler                                x/thorchain/handler_wasm_execute_contract.go • Added authz message types to WASM execute ante decorator • Enhanced fee handling to support authz grant, revoke, and exec messages +5/-1      handler_send.go Add user API context to send handler                                          x/thorchain/handler_send.go • Added user API call context extraction from gRPC metadata • Enhanced bank send handler with proper context propagation +9/-0      grpc_query.go Add user API context to gRPC queries                                          x/thorchain/grpc_query.go • Added user API call context extraction from gRPC metadata • Enhanced query server with proper context propagation for forking detection +10/-0    msg_server.go Add user API context to message server                                      x/thorchain/msg_server.go • Added user API call context extraction from gRPC metadata to external handler • Enhanced message server with proper context propagation +8/-0      grpc_query.go Add user API context to denom queries                                        x/denom/keeper/grpc_query.go • Added user API call context extraction from gRPC metadata • Enhanced denom admin query with proper context propagation +8/-0      upgrades.go Add authz store to standard upgrades                                          app/upgrades/standard/upgrades.go • Added authz store key to upgrade store additions • Integrated authz module into standard upgrade process +4/-1      module.go Add user API flag to gRPC gateway                                                x/thorchain/module.go • Added user-api-call metadata flag to gRPC gateway router • Enhanced HTTP request handling with proper API call identification +4/-1      ante.go Add mimir bypass to ante handler chain                                      app/ante.go • Added MimirBypassDecorator as first ante handler to bypass fee deduction for mimir messages +3/-0      gas.go SDK gas meter wrapper implementation                                          x/thorchain/forking/gas.go • Implemented SDK gas meter wrapper for forking operations • Added gas consumption tracking and reporting functionality +24/-0    query.proto Enhanced protobuf routes for complex asset paths                  proto/thorchain/v1/types/query.proto • Updated HTTP route patterns to support asset paths with slashes using {asset=**} pattern • Added additional bindings for alternative endpoint formats • Enhanced API routing for complex asset identifiers +31/-13  Dockerfile Docker build security improvements                                              build/docker/Dockerfile • Updated package installation to use HTTPS repositories • Improved security by copying CA certificates from build stage • Enhanced Docker build process with better practices +19/-14
Configuration changes	3 files constants.go New context key for user API call identification                  constants/constants.go • Added new context key CtxUserAPICall for identifying user-initiated API calls +1/-0      flags.go Forking module CLI flags configuration                                      x/thorchain/forking/flags.go • Added CLI flags for forking configuration including gRPC endpoint and chain ID • Implemented timeout, cache, and trust parameters for remote connections • Provided comprehensive configuration options for forking behavior +35/-0    commands.go Add forking flags to thornode commands                                      cmd/thornode/commands.go • Added forking module initialization flags to start command • Integrated forking configuration with existing module setup +3/-0
Bug fix	2 files handler_mimir.go Enhanced mimir handler for forking mode                                    x/thorchain/handler_mimir.go • Modified mimir handler to skip fee deduction when bond module has insufficient balance • Added balance checking before attempting fee transfers • Improved error handling for forking mode scenarios +20/-10  keeper_node_account.go Fix typo in bond error message                                                      x/thorchain/keeper/v1/keeper_node_account.go • Fixed typo in error message from "not enound bond" to "not enough bond" +1/-1
Documentation	1 files README.md Forking module documentation                                                          x/thorchain/forking/README.md • Added comprehensive documentation for the forking module • Documented architecture, components, configuration, and usage • Provided testing guidelines and security considerations +99/-0
Dependencies	1 files go.mod Update cosmos/evm dependency                                                          go.mod • Added replace directive for cosmos/evm dependency +2/-0
Additional files	1 files query.pulsar.go +574/-555

---