You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the Fast USDC contract advances every transaction that it learns about (if it can). The problem is some transactions are too risky.
We need the oracles to assess the risk using the chainPolicy and include information for the Advancer to decide.
We also need the reasons to be logged and written to vstorage for the end user to see in the transaction dashboard.
Description of the Design
A second parameter to submitEvidence, riskAssessment. For now it will just have one property risksIdentified?: string. That means the risks identified so far. Over time the riskAssessment can include other properties and the contract can identify new risks or excise ones identified upstream.
It's possible that oracles provide different riskAssessment values. It's unlikely but one might update to a new policy faster than another and the system should accept that. Differing evidence we treat as failure because they conflict and the system can't know what to trust. For risksIdentified it can and should take the union.
If the advance is deemed to risky (for now risksIdentified?.length > 0) then it should transition to a new state, AdvanceSkipped, writing that status along with the risksIdentified to vstorage. The settler should treat AdvanceSkipped the same as AdvanceFailed (the advance didn't start).
The README should be updated:
stateDiagram-v2
Observed --> AdvanceSkipped : Risks identified
Observed --> Advancing : No risks, can advance
Observed --> Forwarding : No risks, Mint deposited before advance
Forwarding --> Forwarded
Advancing --> Advanced
Advanced --> Disbursed
AdvanceSkipped --> Forwarding : Mint deposited
AdvanceFailed --> Forwarding : Mint deposited
Advancing --> AdvanceFailed
Forwarding --> ForwardFailed
This empowers the oracles to prevent advancing. Technically it is only advisory and the contract can change to ignore it or expect other information.
Scaling Considerations
none
Test Plan
Contract tests will suffice in CI. It should verify that when the info is included it's written to vstorage.
We'll also need to cover this in UI integration testing with oracle operators.
This should be covered in the C18 requirement test.
Upgrade Considerations
not yet deployed
The text was updated successfully, but these errors were encountered:
A second parameter to submitEvidence, riskAssessment. For now it will just have one property skipAdvance: boolean. Over time it can include other info from the oracles so that the contract can decide by its own logic.
I don't see submitEvidence but there's this attest function which seems like what we're talking about. It doesn't do much more than track quorum then publish the CctpTxEvidence, so I assume we should publish the riskAssessment along with the CctpTxEvidence there, maybe it should just be included in the CctpTxEvidence type?
Now, I assume if skipAdvance is false or riskAssessment is missing altogether the advancer should handle business as usual. I'm not sure what to do in the case where skipAdvance is true. I assume we should not do the advance. Do we set the status as AdvanceFailed so the settler will do the slow transfer?
What is the Problem Being Solved?
Currently the Fast USDC contract advances every transaction that it learns about (if it can). The problem is some transactions are too risky.
We need the oracles to assess the risk using the chainPolicy and include information for the Advancer to decide.
We also need the reasons to be logged and written to vstorage for the end user to see in the transaction dashboard.
Description of the Design
A second parameter to
submitEvidence
,riskAssessment
. For now it will just have one propertyrisksIdentified?: string
. That means the risks identified so far. Over time theriskAssessment
can include other properties and the contract can identify new risks or excise ones identified upstream.It's possible that oracles provide different
riskAssessment
values. It's unlikely but one might update to a new policy faster than another and the system should accept that. Differing evidence we treat as failure because they conflict and the system can't know what to trust. ForrisksIdentified
it can and should take the union.If the advance is deemed to risky (for now
risksIdentified?.length > 0
) then it should transition to a new state,AdvanceSkipped
, writing that status along with therisksIdentified
to vstorage. The settler should treatAdvanceSkipped
the same asAdvanceFailed
(the advance didn't start).The README should be updated:
For rationale:
✔️ How should the contract handle conditional advancing?
Security Considerations
This empowers the oracles to prevent advancing. Technically it is only advisory and the contract can change to ignore it or expect other information.
Scaling Considerations
none
Test Plan
Contract tests will suffice in CI. It should verify that when the info is included it's written to vstorage.
We'll also need to cover this in UI integration testing with oracle operators.
This should be covered in the C18 requirement test.
Upgrade Considerations
not yet deployed
The text was updated successfully, but these errors were encountered: