[AIP-35][Charging Invariant Violation Errors]

[thepomeranian]

AIP Discussion

Summary

Charge transactions that triggered invariant violation error instead of discarding them.

Motivation

Invariant violation error is a special type of errors that gets triggered in the Aptos VM where some unexpected invariants are being violated. Right now transactions that triggered such error will be marked as discarded which could potentially be a DDoS vector for our network as it leaves users to be able to submit computations without being charged.

Examples of transactions that could trigger an invariant violation errors are transactions that violates MoveVM's paranoid type checker.

Read more about it here: https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-35.md

[chen-robert]

We @otter-sec are in favor of this change.

This change would allow Aptos to introduce more robust security controls, gated by invariant violations which otherwise might incidentally introduce unintended denial of service security risks. This helps protect the chain more comprehensively, resulting in stronger guarantees for chain uptime and robustness.

We also don't believe there are material downsides for users. While users could in theory be subject to paying more gas, we note that in practice these errors represent critical invariant violations and will almost never be triggered by normal usage. More practically, we do not believe there has been an instance of this error triggered by normal usage to date.