svm: build ntt the proper way on other svms#730
Merged
Conversation
kcsongor
force-pushed
the
solana/bridge-addr-from-env
branch
3 times, most recently
from
77563ac to
83b3431
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR refactors the Solana/SVM build system to remove hardcoded network defaults and improve flexibility. The changes enable runtime configuration of bridge addresses and align terminology to use "SVM" (Solana Virtual Machine) instead of "Solana" where appropriate for cross-chain compatibility.
- Removes
mainnetas the default feature from all Cargo.toml files, requiring explicit network selection - Updates dependency references to use the
from-envfeature pattern instead ofbridge-address-from-env - Adds new
svm buildCLI command to build program binaries without deploying
Reviewed Changes
Copilot reviewed 8 out of 9 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| solana/programs/wormhole-governance/Cargo.toml | Removes default mainnet feature, updates bridge-address-from-env to use from-env feature, adds idl-build dependencies |
| solana/programs/ntt-transceiver/Cargo.toml | Removes default mainnet feature, updates bridge-address-from-env to use from-env, updates git dependencies to specific revisions |
| solana/programs/ntt-quoter/Cargo.toml | Removes default mainnet feature, updates network features to propagate to example-native-token-transfers dependency |
| solana/programs/example-native-token-transfers/Cargo.toml | Removes default mainnet feature, updates bridge-address-from-env to use from-env, adds idl-build dependencies |
| solana/Makefile | Adds explicit --features mainnet flag to anchor-build command, fixes trailing whitespace |
| solana/Cargo.toml | Updates wormhole-anchor-sdk and wormhole-svm-definitions git dependencies to new repositories and revisions |
| solana/Cargo.lock | Updates dependency versions and removes duplicate wormhole-svm-definitions entry |
| cli/src/index.ts | Renames Solana references to SVM in user-facing strings, adds new svm build command, refactors deploy logic into buildSvm function |
| .github/workflows/solana.yml | Adds explicit --features mainnet to cargo check and clippy commands |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
kcsongor
force-pushed
the
solana/bridge-addr-from-env
branch
from
83b3431 to
ec18f98
Compare
kcsongor
force-pushed
the
solana/bridge-addr-from-env
branch
from
ec18f98 to
190b4ee
Compare
kcsongor
force-pushed
the
solana/bridge-addr-from-env
branch
from
190b4ee to
7136e69
Compare
kcsongor
force-pushed
the
solana/bridge-addr-from-env
branch
4 times, most recently
from
b2bf64c to
3e1b5ef
Compare
nvsriram
approved these changes
Dec 9, 2025
Contributor
nvsriram
left a comment
nvsriram
left a comment
There was a problem hiding this comment.
LGTM!
- Verified 1e5f6d6db2e1d77cca291cd77b5b2e05e97b905e points to valid commit hash on main and contains latest changes.
- Verified 325cca4b628f17536f54b079eeb82b41247bfbef points to valid commit in main and contains latest wormhole-svm-definitions changes.
evan-gray
approved these changes
Dec 11, 2025
We no longer need to depend on backported forks of `wormhole-anchor-sdk`, `wormhole-verify-vaa-shim-interface`, and `wormhole-post-message-shim-interface` as these have been updated to support all anchor versions. Furthermore, the new versions of these crates encode the program IDs (such as Wormhole) as a static value again, meaning they will be in the rodata section of the binary just like before, so the binary patching method works on them for replacing the address.
Newer versions of NTT support a `bridge-address-from-env` flag, which allows specifying the address of the Wormhole program from an environment variable rather than relying on a pre-defined set of addresses. We use that flag when available, and fall back to patching the binary when it's not. This way of detecting the cargo flag allows us to: - build the binary properly for new versions going forward - support building older NTT releases without modification for other SVMs (e.g. fogo) by patching the binary - if the `bridge-address-from-env` feature is backported to older NTTs (should be straightforward), then the CLI will just pick up that compilation path automatically
evan-gray
force-pushed
the
solana/bridge-addr-from-env
branch
from
3e1b5ef to
823b724
Compare
evgeniko
pushed a commit
that referenced
this pull request
Dec 15, 2025
* solana: use updated crates We no longer need to depend on backported forks of `wormhole-anchor-sdk`, `wormhole-verify-vaa-shim-interface`, and `wormhole-post-message-shim-interface` as these have been updated to support all anchor versions. Furthermore, the new versions of these crates encode the program IDs (such as Wormhole) as a static value again, meaning they will be in the rodata section of the binary just like before, so the binary patching method works on them for replacing the address. * cli: properly build svm binaries by passing core address Newer versions of NTT support a `bridge-address-from-env` flag, which allows specifying the address of the Wormhole program from an environment variable rather than relying on a pre-defined set of addresses. We use that flag when available, and fall back to patching the binary when it's not. This way of detecting the cargo flag allows us to: - build the binary properly for new versions going forward - support building older NTT releases without modification for other SVMs (e.g. fogo) by patching the binary - if the `bridge-address-from-env` feature is backported to older NTTs (should be straightforward), then the CLI will just pick up that compilation path automatically
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Present
Currently, deploying the SVM contract on SVM chains other than Solana is a bit messy. We depend on the
wormhole-anchor-sdkcrate, which defines program ids for solana mainnet/devnet/localnet. This crate pins anchor to 0.31.0, so we can't directly use it, and instead have been depending on a branch which downgraded to 0.29.0.Since this SDK only includes addresses for the solana networks, when compiling for a different network (such as fogo), the CLI would patch the binary after compilation, replacing the solana address with the relevant fogo address.
This used to work, however, the 0.29.0 branch now includes a commit that allows us to override the bridge address with one from an environment variable. It does this by defining the value as a base58 string and parsing it into a Pubkey at runtime... meaning that the binary patching won't work on it. Technically it's not needed, because we can just pass the right address in the first place, but the CLI then does a sanity check to ensure that the right program ID shows up in the binary, which now fails as of a3a63d2. This means that currently, the current unreleased version of NTT cannot be built with the CLI (because the binary patching fails, then binary verification also fails, independently).
Future
This PR builds on a couple other ones:
Those PRs allow the anchor dependencies to be used with any anchor version, so we no longer need a dedicated backported 0.29.0 branch of wormhole-anchor-sdk. They also make the
wormhole-svm-definitionscrate the single source of truth for program ids and PDAs, in the form of const computation, so binary patching is no longer necessary, and binary verification passes (because the program ID can be assigned as a static array into the rodata section of the object file).This PR just bumps the dependencies to those in the PRs linked above, and updates the CLI to support the new build method. As a convenience and for easier testing, we also add a new command to build an svm binary without deploying it. I verified that now we can build
--localsuccessfully (we couldn't before, it was failing binary verification, even for Solana, for the reasons explained above).When the
bridge-address-from-envflag is available (i.e. as of now), the CLI uses that flag to build the program. When it's not (i.e. all previous versions), we fall back to patching the binary when the target is not Solana.This way of detecting the cargo flag allows us to:
bridge-address-from-envfeature is backported to older NTTs (should be straightforward), then the CLI will just pick up that compilation path automatically