Skip to content

Implement fork for "staking vaults" #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
galpHub merged 5 commits into from
Dec 3, 2020
Merged

Implement fork for "staking vaults" #38

galpHub merged 5 commits into from
Dec 3, 2020

Conversation

@domob1812
Copy link

@domob1812 domob1812 commented Sep 28, 2020
edited
Loading

Based on the op-code changes (OP_REQUIRE_COINSTAKE) by @galpHub, this finishes the consensus-parts of the planned fork to implement staking vaults. It introduces a new time-activated fork (currently at block time 2'000'000'000, to be scheduled with a follow-up change). The changes to consensus are as follows:

  1. Blocks after the activation time will enforce OP_REQUIRE_COINSTAKE in signature verification.
  2. They also enforce new rules on the structure of coinstakes: If a coinstake is spending a vault output, the coins used for staking and the staking reward have to be paid back to the same script in a single output.
  3. From the fork, staking vault scripts are able to sign the blocks (in addition to P2PK and P2PKH scripts that are able to sign blocks before).
  4. The extra signature verification done on the coinstake in CheckProofOfStake is no longer enforcing SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS, and it is also using OP_REQUIRE_COINSTAKE.

Note that 3) and 4) implement a hard fork, that is scheduled in parallel with the script changes which by themselves would only be a soft fork. This hard fork just lifts some rules that were stricter before; so once all is through and activated for long enough, we can retro-actively remove the stricter rules until genesis and simplify the code for 3) and 4).

galpHub
galpHub reviewed Sep 28, 2020
View reviewed changes
Copy link

@galpHub galpHub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll give it another pass tomorrow as well. Overall looks great. Just need to review the code more closely.

galpHub
galpHub suggested changes Sep 30, 2020
View reviewed changes
Copy link

@galpHub galpHub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So taking a look at the fixups, I think that - on second thought - maybe not so much a decorator of the CoinMinter but rather a decorator for the BlockFactory. I noticed that for PoS blocks the suggested changes will succeed but not so much for PoW blocks as it changes the merkle root.

In the constructor for the CoinMinter, since it receives the chain's parameters, you could instead do (pseudocode only for clarity)
blockFactory_( Params().IsRegTest() ? std::make_shared(...) : std::make_shared(...) )

galpHub
galpHub reviewed Sep 30, 2020
View reviewed changes
galpHub
galpHub reviewed Sep 30, 2020
View reviewed changes
galpHub
galpHub suggested changes Sep 30, 2020
View reviewed changes
@domob1812 domob1812 force-pushed the vault-upgrade branch 2 times, most recently from 984732a to 554cb5d Compare October 1, 2020 12:21
@domob1812
Copy link
Author

domob1812 commented Oct 1, 2020

I've now done some more follow-up changes (in 554cb5d and the preceding commits), which separate the changes to the CoinMinter and BlockFactory for generateblock off into a specific subclass used only in that place.

@domob1812 domob1812 force-pushed the vault-upgrade branch 3 times, most recently from a2007d7 to 440419d Compare October 5, 2020 13:25
@domob1812 domob1812 mentioned this pull request Oct 5, 2020
Merged
@domob1812 domob1812 mentioned this pull request Oct 16, 2020
Closed
galpHub
galpHub reviewed Oct 22, 2020
View reviewed changes
Copy link

@galpHub galpHub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few rename suggestions.

@domob1812
Copy link
Author

domob1812 commented Oct 23, 2020

I've applied the renaming changes in a fixup commit (will squash properly later when the review is done). I've also added a test per your suggestion for paying to another vault script.

galpHub
galpHub reviewed Oct 28, 2020
View reviewed changes
@domob1812 domob1812 mentioned this pull request Nov 4, 2020
Closed
@domob1812
Copy link
Author

domob1812 commented Nov 4, 2020
edited
Loading

We should update this PR to be based on the ActivationManager from #46 for fork activation.

EDIT: Done.

@domob1812 domob1812 force-pushed the vault-upgrade branch 2 times, most recently from b63373c to 90a7487 Compare November 5, 2020 15:00
@domob1812 domob1812 marked this pull request as draft November 5, 2020 15:02
@domob1812 domob1812 force-pushed the vault-upgrade branch 2 times, most recently from 00751fe to 78bc15c Compare November 6, 2020 15:31
@domob1812 domob1812 mentioned this pull request Nov 6, 2020
Merged
@domob1812 domob1812 force-pushed the vault-upgrade branch 2 times, most recently from 2c687bf to a79419a Compare November 11, 2020 12:57
@domob1812 domob1812 force-pushed the vault-upgrade branch 2 times, most recently from 4254e7e to 5da18a6 Compare November 17, 2020 13:50
@domob1812 domob1812 force-pushed the vault-upgrade branch 13 times, most recently from a428971 to 08b4e3f Compare November 26, 2020 14:12
@domob1812
Activate staking vaults as fork.
cd2a404 
This defines a new fork, to be scheduled at a future block time,
with these consensus changes:

- Once activated, verify scripts with OP_REQUIRE_COINSTAKE.
- In addition, blocks also apply the custom CheckCoinstakeForVaults
  verification routine to coinstake transactions (making sure that
  vault payments are correct, i.e. back to the vault with the right amount).

For now, the fork is scheduled for UNIX time 2000000000 (more than
a decade from now).  This will be updated to the real time later,
when the schedule has been finalised.
@domob1812 domob1812 marked this pull request as ready for review December 1, 2020 13:13
@domob1812
Copy link
Author

domob1812 commented Dec 1, 2020

With the recent merge of #55 and #48, this is now quite simplified and ready for review and merging.

galpHub
galpHub suggested changes Dec 1, 2020
View reviewed changes
@domob1812
Allow vault scripts to sign PoS blocks.
083212c 
Extend the PoS block signing and verifying logic to accept also
signatures from vault scripts; otherwise, staking with vaults will
not actually be possible.

Note that this is a hard fork.  We activate it together with the
other (soft fork) parts at the StakingVaults activation time.
@domob1812
New regtest vaultfork.py.
4c9109a 
The new regtest vaultfork.py verifies behaviour around activating
the OP_REQUIRE_COINSTAKE fork with an activation time.

Once the time has been reached, new blocks will enforce the post-fork rules
(i.e. OP_REQUIRE_COINSTAKE and some extra coinstake checks).
@domob1812
Allow NOPs in coinstake signatures.
e659713 
In addition to normal signature verification done on transactions
in blocks, CheckProofOfStake by itself already verifies the
coinstake transaction's signature (presumably as some kind of
DoS protection to fail early for blocks faked with someone else's
stake).

This verification uses SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS,
which makes it impossible to implement upgrades like the vault
fork (as well as future changes) as soft forks.

This change introduces a hard fork activated together with
Fork::StakingVaults, which removes this flag and thus allows
coinstake scripts to contain upgradable NOPs.

We also add SCRIPT_REQUIRE_COINSTAKE to the flags used in
CheckProofOfStake.  Since the transaction there is always a
coinstake, this does not change anything except turn
OP_REQUIRE_COINSTAKE from a NOP to a "real" opcode.
@domob1812
Extend vaultfork.py with coinstake tests.
d93fdc0 
Add tests for vault scripts in real coinstakes of blocks in the
vaultfork.py integration test.  This verifies the extra conditions
we apply to them after the fork (so the staker cannot steal coins
from a vault) as well as verifies that proper staking as the vault
is possible.
@galpHub galpHub merged commit b287ef3 into DiviProject:Development Dec 3, 2020
@domob1812 domob1812 deleted the vault-upgrade branch December 4, 2020 13:09
@domob1812 domob1812 mentioned this pull request Apr 14, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@galpHub galpHub galpHub approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@domob1812 @galpHub