This guide explains how to remove the default Trusted Relayer ISM from your Hyperlane Warp Route (HWR) using the Hyperlane CLI. Removing the Trusted Relayer ISM is a crucial step when preparing your HWR for production.
Using the Hyperlane CLI
When first deploying with the CLI, new HWR use a Trusted Relayer ISM out of the box so you don’t need to run a relayer or validator.
In order to go to production, you’ll need to remove this ISM with the Hyperlane CLI.
Prerequisites
- The warp route ID.
- After deployment, the warp route ID is saved to the registry at
$HOME/.hyperlane/deployments/warp_routes/<warpRouteId>.
- The format is
SYMBOL/id (e.g., ETH/yourid).
- To list existing warp route IDs:
ls $HOME/.hyperlane/deployments/warp_routes/
- Access to the private key that currently owns the HWR.
If you followed the Deploy a Warp
Route guide, you most likely have
deployed a HWR with a trusted relayer set to a signer address. hyperlane warp read -w <warpRouteId>
warp read, you should see a similar config under interchainSecurityModule containing a trustedRelayerIsm:
yourchain:
...
interchainSecurityModule:
address: "0xd54d32cD6a62482497252D59E6cCC1445fF0b92d"
type: "staticAggregationIsm"
modules:
- address: "0x50b6dA835D9b8b20523891410a2E042855B465C8"
relayer: "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266"
type: "trustedRelayerIsm"
- owner: "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266"
address: "0xcE512189fF1BD41186E9eDda02BF321Fb1FC6eAc"
type: "defaultFallbackRoutingIsm"
domains: {}
threshold: 1
trustedRelayerIsm as part of the staticAggregationIsm.
This means that the relayer address will be allowed to call the HWR’s handle() function. In other words, the relayer can execute arbitrary messages on the HWR. This may be undesirable in cases outside of the self-relaying feature.
Warp route configs are stored in your local registry at $HOME/.hyperlane/deployments/warp_routes/<warpRouteId>/. The warp read command outputs the current on-chain config for reference.
Step 1: Configuration
Update the warp route deployment config in your local registry by removing the trustedRelayerIsm block from modules. Alternatively, you can configure the entire modules block as desired.
warp-route-deployment.yaml
yourchain:
mailbox: '0x979Ca5202784112f4738403dBec5D0F3B9daabB9'
owner: '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266'
interchainSecurityModule:
address: '0xd54d32cD6a62482497252D59E6cCC1445fF0b92d'
type: 'staticAggregationIsm'
modules:
- - address: '0x50b6dA835D9b8b20523891410a2E042855B465C8'
- relayer: '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266'
- type: trustedRelayerIsm
- owner: '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266'
address: '0xcE512189fF1BD41186E9eDda02BF321Fb1FC6eAc'
type: 'defaultFallbackRoutingIsm'
domains: {}
threshold: 1
name: Ether
symbol: ETH
decimals: 18
totalSupply: 0
type: native
Step 2: Apply
Using the CLI, execute:
hyperlane warp apply -w <warpRouteId>
Step 3: Confirm
To confirm that the trusted relayer was successfully removed using the Hyperlane CLI, run the following command with your token symbol and the chain it is deployed on:
hyperlane warp read -w <warpRouteId>
warp read, confirm that the trusted relayer ISM has been removed from your HWR (In this example, it should only contain the remaining defaultFallbackRoutingIsm). You should see a similar config under interchainSecurityModule:
yourchain:
mailbox: "0x979Ca5202784112f4738403dBec5D0F3B9daabB9"
owner: "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266"
interchainSecurityModule:
address: "0x8af9445d8A3FbFBd1D5dF185B8a4533Ab060Cf36"
type: "staticAggregationIsm"
modules:
- owner: "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266"
address: "0xBe0232d5d45f9aD8322C2C4F84c39e64302Cd996"
type: "defaultFallbackRoutingIsm"
domains: {}
threshold: 1
name: "Ether"
symbol: "ETH"
decimals: 18
totalSupply: 0
type: "native"
