Guide

Required setup instructions

Environments

Local Setup

The local setup is only intended for testing or development purposes.

This is intended to show how you can run a validator on your local machine, which is only for testing and development purposes. This also means that signatures from local validators are only able to be accessed by locally ran relayers.

For running a validator in a production environment, see the AWS setup guide.

Create a hexadecimal key for your validator to sign with

pageHexadecimal keys

Create a local directory for your validator's signatures

When running a validator locally, your validator will write its signatures to a local directory. This directory can be named whatever you like, just remember to use this directory when setting your Configuration.

# Pick an informative name specific to the chain you're validating
MY_VALIDATOR_SIGNATURES_DIRECTORY=/tmp/hyperlane-validator-signatures-ethereum

# Create the directory
mkdir $MY_VALIDATOR_SIGNATURES_DIRECTORY

Production Setup

For running a validator in a production environment, see the AWS setup guide.

pageAWS setup

Configuration

Take a look at the Agent configuration page and the Configuration reference for a full list of configuration possibilities. The list below is not complete, however it should be enough to get started.

Your validator takes arguments and environment variables as configuration. See below for both the general configurations and those that are specific to the setup instructions you followed.

Argument Description

Argument	Description
`--reorgPeriod`	The number of block confirmations a validator should wait before signing the `Mailbox` merkle root. Note that signing a root that is later invalidated (i.e. due to a re-org) is considered fraudulent behavior and will eventually be slashable. See Latencies
`--originChainName`	The name of the chain being validated (e.g. `ethereum`)
`--chains.[origin chain name].connection.url`	The RPC URL of the node for the chain you are validating. Note Polygon mainnet requires an RPC URL of an archive node (see An RPC nodefor details). e.g. `--chains.ethereum.connection.url` or `--chains.polygon.connection.url`
`--db`	The path to where the validator should write persistent data to disk. Ensure this path to be persistent when using cloud setups. When using Docker, make sure to mount the persistent path/volume into the container. See Configuration referencefor more info

--reorgPeriod

The number of block confirmations a validator should wait before signing the Mailbox merkle root. Note that signing a root that is later invalidated (i.e. due to a re-org) is considered fraudulent behavior and will eventually be slashable. See Latencies

--originChainName

The name of the chain being validated (e.g. ethereum)

--chains.[origin chain name].connection.url

The RPC URL of the node for the chain you are validating. Note Polygon mainnet requires an RPC URL of an archive node (see An RPC nodefor details). e.g. --chains.ethereum.connection.url or --chains.polygon.connection.url

--db

The path to where the validator should write persistent data to disk. Ensure this path to be persistent when using cloud setups. When using Docker, make sure to mount the persistent path/volume into the container. See Configuration referencefor more info

Environment variable Description

Environment variable	Description
`CONFIG_FILES`	If you want to add additional configuration files you can add additional paths here as a comma separated list. These files must be accessible within the filesystem your agent has access to. If you're running in Docker, see Config files with Docker for tips on mounting your config files into your Docker container.

CONFIG_FILES

If you want to add additional configuration files you can add additional paths here as a comma separated list. These files must be accessible within the filesystem your agent has access to. If you're running in Docker, see Config files with Docker for tips on mounting your config files into your Docker container.

Setup-specific configuration

These required environment variables differ based on which of the Environments you set up.

These are required for the Local Setup.

Argument Description

Argument	Description
`--validator.key`	Your validator's private key, which is used to sign merkle roots.
`--chains.${localchainname}.signer.key`	Your validator's private key, which will be used to submit a transaction on chain that publicly announce your validator's checkpoint syncer.
`--checkpointSyncer.type`	Set to `localStorage`.
`--checkpointSyncer.path`	The path to your local directory where validator signatures will be written. This should be the value of `$MY_VALIDATOR_SIGNATURES_DIRECTORY` from the Local Setup. Example: `--checkpointSyncer.path='/tmp/hyperlane-validator-signatures-ethereum'`

--validator.key

Your validator's private key, which is used to sign merkle roots.

--chains.${localchainname}.signer.key

Your validator's private key, which will be used to submit a transaction on chain that publicly announce your validator's checkpoint syncer.

--checkpointSyncer.type

Set to localStorage.

--checkpointSyncer.path

The path to your local directory where validator signatures will be written. This should be the value of $MY_VALIDATOR_SIGNATURES_DIRECTORY from the Local Setup.

Example: --checkpointSyncer.path='/tmp/hyperlane-validator-signatures-ethereum'

Note that relayers must be configured with --allowLocalCheckpointSyncersto be able to read signatures from this validator.

These are required variables that are specific to the AWS setup.

Argument Description

Argument	Description
`--validator.type`	Set to the `aws` literal.
`--validator.id`	The alias of your validator's AWS KMS key, prefixed with `alias/`. Example: `alias/hyperlane-validator-signer-${chain_name}`
`--chains.${localchainname}.signer.type`	Set to the `aws` literal.
`--chains.${localchainname}.signer.id`	The alias of your validator's AWS KMS key, prefixed with `alias/`. Example: `alias/hyperlane-validator-signer-${chain_name}`
`--validator.region`	The region of your AWS KMS key. Example: `us-east-1`.
`--checkpointSyncer.type`	Set to `s3`.
`--checkpointSyncer.bucket`	The AWS S3 bucket name.
`--checkpointSyncer.region`	The region of your AWS S3 bucket. Example: `us-east-1`.

--validator.type

Set to the aws literal.

--validator.id

The alias of your validator's AWS KMS key, prefixed with alias/. Example: alias/hyperlane-validator-signer-${chain_name}

--chains.${localchainname}.signer.type

Set to the aws literal.

--chains.${localchainname}.signer.id

The alias of your validator's AWS KMS key, prefixed with alias/. Example: alias/hyperlane-validator-signer-${chain_name}

--validator.region

The region of your AWS KMS key. Example: us-east-1.

--checkpointSyncer.type

Set to s3.

--checkpointSyncer.bucket

The AWS S3 bucket name.

--checkpointSyncer.region

The region of your AWS S3 bucket. Example: us-east-1.

Environment variable Description

Environment variable	Description
`AWS_ACCESS_KEY_ID`	The access key ID of your validator's AWS IAM user.
`AWS_SECRET_ACCESS_KEY`	The secret access key of your validator's AWS IAM user.

AWS_ACCESS_KEY_ID

The access key ID of your validator's AWS IAM user.

AWS_SECRET_ACCESS_KEY

The secret access key of your validator's AWS IAM user.

Installation

The recommended installation method for a production environment is using a Docker image.

Docker image

To download the docker image, run:

docker pull gcr.io/abacus-labs-dev/hyperlane-agent:8127fa5-20230823-161309

Building from source

First, clone the repo

git clone git@github.com:hyperlane-xyz/hyperlane-monorepo.git

And then follow the setup instructions in the rust directory

Start Validating

Running multiple validators

We encourage folks to validate on as many chains as they are interested in supporting. We recommend that resources are not shared between validator instances.

Running the binary

Refer to the Installation instructions to access the validator binary.

Configuration can be placed in a validator.env file, for example:

validator.env

# These are example values to roughly illustrate
# what a .env file should look like

HYP_BASE_ORIGINCHAINNAME=ethereum
HYP_BASE_REORGPERIOD=20
# ...
# ...

To run the validator binary with the environment variables specified in validator.env:

Find the latest Docker image and set it to the environment variable $DOCKER_IMAGE.

Using the --env-file flag, we can pass in the environment variables to the validator:

docker run -it --env-file validator.env $DOCKER_IMAGE ./validator

If you're specifying a path to your own config file in the CONFIG_FILES environment variable, check out the Config files with Docker section.

If you're running with a Local Setup validator on the same machine, which requires a locally ran relayer to be able to access these validator signatures, be sure to mount your local validator's signature directory on your host machine into your Docker container.

For example, if your local validator is writing signatures to /tmp/hyperlane-validator-signatures-ethereum, you should mount a directory for the Docker container. This is the same directory set in the $HYP_BASE_CHECKPOINTSYNCER_PATH environment variable.

If the command below fails with docker: invalid reference format, the whitespaces may have been malformed and you should remove them from the command.

docker run \
    -it \
    --env-file validator.env \
    --mount type=bind,source="$(pwd)"/hyperlane-validator-signatures-ethereum,target=/tmp/hyperlane-validator-signatures-ethereum \
    # you can pass multiple `--mount` flags to mount several directories
    $DOCKER_IMAGE \
    ./validator

See these instructions for building from source.

Using env and xargs, we can run the built binary from within the hyperlane-monorepo/rust directory with the environment variables found in validator.env:

env $(cat validator.env | grep -v "#" | xargs) ./target/release/validator

If everything is configured correctly, you should see json files being written to your S3 bucket (if you followed the AWS setup) or to your local signatures directory (if you followed the Local Setup). New json files get written every time a new outbound message is inserted into the Mailbox.

Announcing your validator

Relayers need to know where to find your validator's signatures. Your validator will automatically attempt to announce itself by writing to the ValidatorAnnounce contract on the chain that you're validating.

To do this, your validator must have a small amount of tokens to pay for the gas for this transaction.

If your validator has not yet announced itself, and does not have enough tokens to pay for gas, it will log a message specifying how many tokens are needed.

PreviousValidators NextAWS setup

Last updated 7 months ago