Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support a param on SubmitEvidence to inform whether to advance #10748

Closed
turadg opened this issue Dec 19, 2024 · 1 comment · Fixed by #10753
Closed

support a param on SubmitEvidence to inform whether to advance #10748

turadg opened this issue Dec 19, 2024 · 1 comment · Fixed by #10753
Assignees
Labels
enhancement New feature or request

Comments

@turadg
Copy link
Member

turadg commented Dec 19, 2024

What is the Problem Being Solved?

Currently the Fast USDC contract advances every transaction that it learns about (if it can). The problem is some transactions are too risky.

We need the oracles to assess the risk using the chainPolicy and include information for the Advancer to decide.

We also need the reasons to be logged and written to vstorage for the end user to see in the transaction dashboard.

Description of the Design

A second parameter to submitEvidence, riskAssessment. For now it will just have one property risksIdentified?: string. That means the risks identified so far. Over time the riskAssessment can include other properties and the contract can identify new risks or excise ones identified upstream.

It's possible that oracles provide different riskAssessment values. It's unlikely but one might update to a new policy faster than another and the system should accept that. Differing evidence we treat as failure because they conflict and the system can't know what to trust. For risksIdentified it can and should take the union.

If the advance is deemed to risky (for now risksIdentified?.length > 0) then it should transition to a new state, AdvanceSkipped, writing that status along with the risksIdentified to vstorage. The settler should treat AdvanceSkipped the same as AdvanceFailed (the advance didn't start).

The README should be updated:

stateDiagram-v2
  Observed --> AdvanceSkipped : Risks identified
  Observed --> Advancing : No risks, can advance
  Observed --> Forwarding : No risks, Mint deposited before advance
  Forwarding --> Forwarded
  Advancing --> Advanced
  Advanced --> Disbursed
  AdvanceSkipped --> Forwarding : Mint deposited
  AdvanceFailed --> Forwarding : Mint deposited
  Advancing --> AdvanceFailed
  Forwarding --> ForwardFailed
Loading

For rationale:
✔️ How should the contract handle conditional advancing?

Security Considerations

This empowers the oracles to prevent advancing. Technically it is only advisory and the contract can change to ignore it or expect other information.

Scaling Considerations

none

Test Plan

Contract tests will suffice in CI. It should verify that when the info is included it's written to vstorage.
We'll also need to cover this in UI integration testing with oracle operators.

This should be covered in the C18 requirement test.

Upgrade Considerations

not yet deployed

@turadg turadg added the enhancement New feature or request label Dec 19, 2024
@turadg turadg added this to the FU4: UI integration milestone Dec 19, 2024
@samsiegart samsiegart self-assigned this Dec 19, 2024
@samsiegart
Copy link
Contributor

samsiegart commented Dec 19, 2024

Trying to hash out the design more...

A second parameter to submitEvidence, riskAssessment. For now it will just have one property skipAdvance: boolean. Over time it can include other info from the oracles so that the contract can decide by its own logic.

I don't see submitEvidence but there's this attest function which seems like what we're talking about. It doesn't do much more than track quorum then publish the CctpTxEvidence, so I assume we should publish the riskAssessment along with the CctpTxEvidence there, maybe it should just be included in the CctpTxEvidence type?

Now, I assume if skipAdvance is false or riskAssessment is missing altogether the advancer should handle business as usual. I'm not sure what to do in the case where skipAdvance is true. I assume we should not do the advance. Do we set the status as AdvanceFailed so the settler will do the slow transfer?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants