[native bridge] - move compiler, execution changes for bridge (Mysten…

…Labs#16186)

## Description 

Adding move compiler object id and OTW exception for bridge prior adding
to the framework package
## Test Plan 

How did you test the new or updated feature?

---
If your changes are not user-facing and do not break anything, you can
skip the following section. Otherwise, please briefly describe what has
changed under the Release Notes section.

### Type of Change (Check all that apply)

- [ ] protocol change
- [ ] user-visible impact
- [ ] breaking change for a client SDKs
- [ ] breaking change for FNs (FN binary must upgrade)
- [ ] breaking change for validators or node operators (must upgrade
binaries)
- [ ] breaking change for on-chain data layout
- [ ] necessitate either a data wipe or data migration

### Release notes

crates/sui-types/src/bridge.rs

@@ -0,0 +1,28 @@
+// Copyright (c) Mysten Labs, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+use crate::base_types::SequenceNumber;
+use crate::error::SuiResult;
+use crate::object::Owner;
+use crate::storage::ObjectStore;
+use crate::SUI_BRIDGE_OBJECT_ID;
+use move_core_types::ident_str;
+use move_core_types::identifier::IdentStr;
+
+pub const BRIDGE_MODULE_NAME: &IdentStr = ident_str!("bridge");
+pub const BRIDGE_CREATE_FUNCTION_NAME: &IdentStr = ident_str!("create");
+
+pub const BRIDGE_SUPPORTED_ASSET: &[&str] = &["btc", "eth", "usdc", "usdt"];
+
+pub fn get_bridge_obj_initial_shared_version(
+    object_store: &dyn ObjectStore,
+) -> SuiResult<Option<SequenceNumber>> {
+    Ok(object_store
+        .get_object(&SUI_BRIDGE_OBJECT_ID)?
+        .map(|obj| match obj.owner {
+            Owner::Shared {
+                initial_shared_version,
+            } => initial_shared_version,
+            _ => unreachable!("Bridge object must be shared"),
+        }))
+}

crates/sui-types/src/lib.rs

@@ -30,6 +30,7 @@ pub mod accumulator;
 pub mod authenticator_state;
 pub mod balance;
 pub mod base_types;
+pub mod bridge;
 pub mod clock;
 pub mod coin;
 pub mod collection_types;
@@ -103,6 +104,11 @@ pub const SUI_SYSTEM_PACKAGE_ID: ObjectID = ObjectID::from_address(SUI_SYSTEM_AD
 pub const DEEPBOOK_ADDRESS: AccountAddress = deepbook_addr();
 pub const DEEPBOOK_PACKAGE_ID: ObjectID = ObjectID::from_address(DEEPBOOK_ADDRESS);
 
+/// 0xb-- account address where Bridge modules are stored
+/// Same as the ObjectID
+pub const BRIDGE_ADDRESS: AccountAddress = address_from_single_byte(11);
+pub const BRIDGE_PACKAGE_ID: ObjectID = ObjectID::from_address(BRIDGE_ADDRESS);
+
 /// 0x5: hardcoded object ID for the singleton sui system state object.
 pub const SUI_SYSTEM_STATE_ADDRESS: AccountAddress = address_from_single_byte(5);
 pub const SUI_SYSTEM_STATE_OBJECT_ID: ObjectID = ObjectID::from_address(SUI_SYSTEM_STATE_ADDRESS);
@@ -128,12 +134,20 @@ pub const SUI_RANDOMNESS_STATE_OBJECT_ID: ObjectID =
 pub const SUI_DENY_LIST_ADDRESS: AccountAddress = deny_list_addr();
 pub const SUI_DENY_LIST_OBJECT_ID: ObjectID = ObjectID::from_address(SUI_DENY_LIST_ADDRESS);
 
+/// 0x9: hardcode object ID for the singleton bridge object.
+pub const SUI_BRIDGE_ADDRESS: AccountAddress = address_from_single_byte(9);
+pub const SUI_BRIDGE_OBJECT_ID: ObjectID = ObjectID::from_address(SUI_BRIDGE_ADDRESS);
+
 /// Return `true` if `addr` is a special system package that can be upgraded at epoch boundaries.
 /// All new system package ID's must be added here.
 pub fn is_system_package(addr: impl Into<AccountAddress>) -> bool {
     matches!(
         addr.into(),
-        MOVE_STDLIB_ADDRESS | SUI_FRAMEWORK_ADDRESS | SUI_SYSTEM_ADDRESS | DEEPBOOK_ADDRESS
+        MOVE_STDLIB_ADDRESS
+            | SUI_FRAMEWORK_ADDRESS
+            | SUI_SYSTEM_ADDRESS
+            | DEEPBOOK_ADDRESS
+            | BRIDGE_ADDRESS
     )
 }
 
@@ -218,6 +232,7 @@ fn resolve_address(addr: &str) -> Option<AccountAddress> {
         "std" => Some(MOVE_STDLIB_ADDRESS),
         "sui" => Some(SUI_FRAMEWORK_ADDRESS),
         "sui_system" => Some(SUI_SYSTEM_ADDRESS),
+        "bridge" => Some(BRIDGE_ADDRESS),
         _ => None,
     }
 }

external-crates/move/crates/move-compiler/src/sui_mode/id_leak.rs

@@ -25,8 +25,8 @@ use crate::{
 use std::collections::BTreeMap;
 
 use super::{
-    AUTHENTICATOR_STATE_CREATE, AUTHENTICATOR_STATE_MODULE_NAME, CLOCK_MODULE_NAME,
-    DENY_LIST_CREATE, DENY_LIST_MODULE_NAME, ID_LEAK_DIAG, OBJECT_MODULE_NAME,
+    AUTHENTICATOR_STATE_CREATE, AUTHENTICATOR_STATE_MODULE_NAME, BRIDGE_ADDR_NAME, BRIDGE_CREATE,
+    BRIDGE_MODULE_NAME, CLOCK_MODULE_NAME, DENY_LIST_CREATE, DENY_LIST_MODULE_NAME, ID_LEAK_DIAG, OBJECT_MODULE_NAME,
     OBJECT_NEW_UID_FROM_HASH, RANDOMNESS_MODULE_NAME, RANDOMNESS_STATE_CREATE, SUI_ADDR_NAME,
     SUI_CLOCK_CREATE, SUI_SYSTEM_ADDR_NAME, SUI_SYSTEM_CREATE, SUI_SYSTEM_MODULE_NAME,
     UID_TYPE_NAME,
@@ -55,6 +55,7 @@ pub const FUNCTIONS_TO_SKIP: &[(Symbol, Symbol, Symbol)] = &[
         RANDOMNESS_STATE_CREATE,
     ),
     (SUI_ADDR_NAME, DENY_LIST_MODULE_NAME, DENY_LIST_CREATE),
+    (BRIDGE_ADDR_NAME, BRIDGE_MODULE_NAME, BRIDGE_CREATE),
 ];
 
 //**************************************************************************************************

external-crates/move/crates/move-compiler/src/sui_mode/mod.rs

@@ -47,6 +47,10 @@ pub const RANDOMNESS_STATE_TYPE_NAME: Symbol = symbol!("Random");
 pub const RANDOMNESS_STATE_CREATE: Symbol = symbol!("create");
 pub const DENY_LIST_MODULE_NAME: Symbol = symbol!("deny_list");
 pub const DENY_LIST_CREATE: Symbol = symbol!("create");
+pub const BRIDGE_ADDR_NAME: Symbol = symbol!("bridge");
+pub const BRIDGE_MODULE_NAME: Symbol = symbol!("bridge");
+pub const BRIDGE_TYPE_NAME: Symbol = symbol!("Bridge");
+pub const BRIDGE_CREATE: Symbol = symbol!("create");
 
 pub const EVENT_MODULE_NAME: Symbol = symbol!("event");
 pub const EVENT_FUNCTION_NAME: Symbol = symbol!("emit");
@@ -139,3 +143,6 @@ pub const PRIVATE_TRANSFER_CALL_DIAG: DiagnosticInfo = custom(
     /* code */ 9,
     "invalid private transfer call",
 );
+
+// Bridge supported asset
+pub const BRIDGE_SUPPORTED_ASSET: &[&str] = &["btc", "eth", "usdc", "usdt"];

external-crates/move/crates/move-compiler/src/sui_mode/typing.rs

@@ -896,10 +896,7 @@ fn exp(context: &mut Context, e: &T::Exp) {
         }
         T::UnannotatedExp_::Pack(m, s, _, _) => {
             if !context.in_test
-                && !context
-                    .current_module()
-                    .value
-                    .is(SUI_ADDR_NAME, SUI_MODULE_NAME)
+                && !otw_special_cases(context)
                 && context.one_time_witness.as_ref().is_some_and(|otw| {
                     otw.as_ref()
                         .is_ok_and(|o| m == context.current_module() && o == s)
@@ -916,6 +913,16 @@ fn exp(context: &mut Context, e: &T::Exp) {
     }
 }
 
+fn otw_special_cases(context: &Context) -> bool {
+    BRIDGE_SUPPORTED_ASSET
+        .iter()
+        .any(|token| context.current_module().value.is(BRIDGE_ADDR_NAME, token))
+        || context
+            .current_module()
+            .value
+            .is(SUI_ADDR_NAME, SUI_MODULE_NAME)
+}
+
 fn check_event_emit(context: &mut Context, loc: Loc, mcall: &ModuleCall) {
     let current_module = context.current_module();
     let ModuleCall {

external-crates/move/crates/move-symbol-pool/src/lib.rs

@@ -74,6 +74,8 @@ static_symbols!(
     "AuthenticatorState",
     "random",
     "Random",
+    "bridge",
+    "Bridge",
     "id",
     "transfer",
     "freeze_object",

sui-execution/latest/sui-verifier/src/id_leak_verifier.rs

@@ -29,6 +29,7 @@ use move_core_types::{
     account_address::AccountAddress, ident_str, identifier::IdentStr, vm_status::StatusCode,
 };
 use std::{collections::BTreeMap, error::Error, num::NonZeroU64};
+use sui_types::bridge::BRIDGE_MODULE_NAME;
 use sui_types::deny_list::{DENY_LIST_CREATE_FUNC, DENY_LIST_MODULE};
 use sui_types::{
     authenticator_state::AUTHENTICATOR_STATE_MODULE_NAME,
@@ -37,7 +38,7 @@ use sui_types::{
     id::OBJECT_MODULE_NAME,
     randomness_state::RANDOMNESS_MODULE_NAME,
     sui_system_state::SUI_SYSTEM_MODULE_NAME,
-    SUI_FRAMEWORK_ADDRESS, SUI_SYSTEM_ADDRESS,
+    BRIDGE_ADDRESS, SUI_FRAMEWORK_ADDRESS, SUI_SYSTEM_ADDRESS,
 };
 
 use crate::{
@@ -96,13 +97,16 @@ const SUI_DENY_LIST_CREATE: FunctionIdent = (
     DENY_LIST_CREATE_FUNC,
 );
 
+const SUI_BRIDGE_CREATE: FunctionIdent =
+    (&BRIDGE_ADDRESS, BRIDGE_MODULE_NAME, ident_str!("create"));
 const FRESH_ID_FUNCTIONS: &[FunctionIdent] = &[OBJECT_NEW, OBJECT_NEW_UID_FROM_HASH, TS_NEW_OBJECT];
 const FUNCTIONS_TO_SKIP: &[FunctionIdent] = &[
     SUI_SYSTEM_CREATE,
     SUI_CLOCK_CREATE,
     SUI_AUTHENTICATOR_STATE_CREATE,
     SUI_RANDOMNESS_STATE_CREATE,
     SUI_DENY_LIST_CREATE,
+    SUI_BRIDGE_CREATE,
 ];
 
 impl AbstractValue {

sui-execution/latest/sui-verifier/src/one_time_witness_verifier.rs

@@ -24,11 +24,12 @@ use move_binary_format::{
     },
 };
 use move_core_types::{ident_str, language_storage::ModuleId};
+use sui_types::bridge::BRIDGE_SUPPORTED_ASSET;
 use sui_types::{
     base_types::{TX_CONTEXT_MODULE_NAME, TX_CONTEXT_STRUCT_NAME},
     error::ExecutionError,
     move_package::{is_test_fun, FnInfoMap},
-    SUI_FRAMEWORK_ADDRESS,
+    BRIDGE_ADDRESS, SUI_FRAMEWORK_ADDRESS,
 };
 
 use crate::{verification_failure, INIT_FN_NAME};
@@ -45,7 +46,16 @@ pub fn verify_module(
     // the module has no initializer). The reason for it is that the SUI coin is only instantiated
     // during genesis. It is easiest to simply special-case this module particularly that this is
     // framework code and thus deemed correct.
-    if ModuleId::new(SUI_FRAMEWORK_ADDRESS, ident_str!("sui").to_owned()) == module.self_id() {
+    let self_id = module.self_id();
+
+    if ModuleId::new(SUI_FRAMEWORK_ADDRESS, ident_str!("sui").to_owned()) == self_id {
+        return Ok(());
+    }
+
+    if BRIDGE_SUPPORTED_ASSET
+        .iter()
+        .any(|token| ModuleId::new(BRIDGE_ADDRESS, ident_str!(token).to_owned()) == self_id)
+    {
         return Ok(());
     }