Changed the handler returns to OrderInfoResponse & Added Signed Effects
#130
Conversation
| pub mutated: Vec<ObjectRef>, | ||
| // Object Refs of objects now deleted (the old refs). | ||
| pub deleted: Vec<ObjectRef>, | ||
| // TODO: add events here too. |
There was a problem hiding this comment.
I think gas used and status code would also make sense here (more details in #120)
There was a problem hiding this comment.
Ok, I am now including a Result<(), FastPayError> returned by move_call or module_publish.
| .certificates | ||
| .get(transaction_digest) | ||
| .map_err(|_| FastPayError::StorageError)?, | ||
| signed_effects: self |
There was a problem hiding this comment.
Somewhat tangential, but I'm wondering how signed_orders and signed_effects work w.r.t state sync. The other components of AuthorityStore should be the same on every authority, but signed_orders and signed_effects are a bit odd in that they're inherently specific to the single authority providing the signature. So specifically:
- Does a full node need to pick a particular authority to sync all of its
signed_ordersandsigned_effectsfrom? Or can it not serve queries that require reading from these stores? - Same question, but for a new authority joining the network
There was a problem hiding this comment.
I think that this depend on the degree of re-validation an authority that syncs wishes to perform.
- At the extreme end it wants to re-validate everything: in this case the only set it syncs are the certificates, and then re-executes them all, therefore deriving the effects and objects on the way.
- Somewhere in the middle and authority wants to trust a quorum but not re-execute. In this case it downloads the effects from f+1 authorities, and if they agree it just applies them. This ensures that one authority at least was honest.
- At the lower end of assurance an authority can just pick a random set of other authorities (sample 3-5 by stake) and apply the effects that all agree on.
- Then finally an authority can fully trust another authority: and just copy the effects.
Thinking about it: is there a reason to sync the full history of effects? I guess only to serve authenticated reads on the events down the line when we have them?
There was a problem hiding this comment.
PS: SignedOrder may be different between authorities, but SignedEffects should not be (if processing is determnistic), besides the signature being from a different authority.
There was a problem hiding this comment.
I guess only to serve authenticated reads on the events down the line when we have them?
Yes, authenticated reads of both events and other order effects (e.g., "did this order create object O"?)
PS: SignedOrder may be different between authorities, but SignedEffects should not be (if processing is determnistic), besides the signature being from a different authority.
Ah, interesting... Is SignedOrder only different (besides name/signature) between authorities when a client equivocates?
There was a problem hiding this comment.
Without at minimum arguing that some actors in the system (which may be authorities, or "fishermen" incentivized for this explicit purpose) download both certificates & effects, re-validate everything, and are able to submit a fraud proof when they disagree with the effects they receive, can we argue that the execution of orders in FastNFT has any sort of computational integrity?
Note: the standard I'm suggesting above is the weakest available, that of optimistic rollups. I don't suggest we adopt it.
gdanezis
force-pushed
the
fix-handle-returns
branch
from
d8f318f to
4af6f46
Compare
gdanezis
force-pushed
the
fix-handle-returns
branch
from
e63b644 to
b429486
Compare
gdanezis
changed the title
OrderInfoResponse & Added Signed Effects
|
@huitseeker Any feedback on this PR? |
|
Ok merging! |
Subscriber client
OrderInfoResponsestruct, containing the signed order, certificate and signed effects.SignedOrderEffectsbinds theTransactionDigestwith the mutated and deletedObjectRefs. Since anObjectRefcontains theObjectDigesta quorum of these could be used for light clients.SignedOrderEffectsto return them if a certificate is submitted again.Future PR / out of scope:
Perf impact: bench 9100 tx/s -> 8500 tx/s.