How do cross-chain bridges work? A case on Wormhole (Part 2)
Following Part 1, in this article we focus on guardian signatures verification in Wormhole on both Solana and Ethereum.
How are the guardian signatures verified (to prevent fake VAAs)?
On Solana, Wormhole uses the verify_signatures
function to verify all the signatures in a VAA. Each VAA may contain multiple signatures (at least 2/3 of 19 verified signatures to reach a quorum). Because of the compute limit, it splits the signature verification into multiple steps (i.e., calling verify_signatures
multiple times), with each call verifying a subset (e.g., six or seven) of the guardian signatures:
The input accounts in VerifySignatures
are defined below:
The two PDA accounts guardian_set
and signature_set
are important. The guardian_set
account must have been initialized (AccountState::Initialized
) and it stores a set of the verified guardians (including their keys
):