-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check for token minting or burning #692
Conversation
Transactions CostsSizes and execution budgets for Hydra protocol transactions. Note that unlisted parameters are currently using
Script summary
Cost of Init Transaction
Cost of Commit TransactionCurrently only one UTxO per commit allowed (this is about to change soon)
Cost of CollectCom Transaction
Cost of Close Transaction
Cost of Contest Transaction
Cost of Abort TransactionSome variation because of random mixture of still initial and already committed outputs.
Cost of FanOut TransactionInvolves spending head output and burning head tokens. Uses ada-only UTxO for better comparability.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This review tries to apply the perfection game protocol
I will describe what I like about this P.R. and then what improvement I can think of to make it perfect. I'm expecting the author of the P.R. to ensure that they understand what I write or ask for clarifications if it's not the case. I'm expecting the author of the P.R. to just not include my ideas if they disagree with them without any form of justification. Hence I, in advance, approve the P.R.
To describe what I would change, I will try to extensively use the suggest change feature of GitHub as I believe this is the most efficient way to upload data from my brain to the authors' brains. That being said, the suggestions I will write will probably not compile or pass the test so do not just accept them but consider them for what they are: the description of an improvement to make the P.R. perfect.
What I like about this P.R.:
- it's been done in a very short time with a very small and precise scope in mind
- I like the name chosen for the new added functions which are explicit and clear to me
For me to find it perfect you would have to:
- make the tests pass
- polish the commit history to have only one update changelog commit
- polish the commit history to have only one haddock commit
- polish the commit history to include the changes of the one named minor into another commit
- detail the P.R. description adding at least a why section which would explain why we need to check that in the validator, in particular, explain how one could forge a transaction which would burn token in a close transaction
- see other improvement proposals below
0dfed0e
to
0d67991
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Commit transaction also must not mint/burn tokens. Also we want to prevent any minting or burning (per the specification).
51e958d
to
71e9968
Compare
58d5d55
to
67e6f2d
Compare
Values are a bit weird to work with because "no minting" actually yields a Value with the ada symbol and quantity 0 always. This is due to the way the ledger converts babbage tx bodies to plutusv2 script contexts.
- Rename Mutation constructors MutateTokenBurning -> MutateTokenMintingOrBurning - Move mustNotMintOrBurn to the Util module - Fix haddock strings to reflect also minting
- Move changelog entry and fix wording - Fix haddock to not include the word _forge_
67e6f2d
to
f9eb387
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The mint/burn generator is good enough. Location could be improved. But address the MUST comments. Also, tests don't pass anymore as the script is now 100Bytes bigger again.
Test Results271 tests - 11 265 ✔️ - 11 17m 8s ⏱️ + 3m 43s Results for commit c357f37. ± Comparison against base commit b637137. This pull request removes 11 tests.
♻️ This comment has been updated with latest results. |
08d39fd
to
c357f37
Compare
Why
We want to close the identified security gap where we want to prevent minting or burning of tokens in state transitions that are not actually supposed to burn or mint.
How
🍦 Update
checkClose
,checkContest
,checkCommit
andcheckCollectCom
to verify no head token is burnt in v-head.To check before merging:
Documentation is up to date