Add some FIXME notes to observeCommitTx before refactoring it

We plan to use the observeCommitTx also from the chain observer. To make that happen we need to remove stateful information like the known initials of a head. However, those are (in a contrived way) currently our only way of ensuring that this transaction is a proper Hydra Head transaction. The FIXME describes alternatives how to achieve this via keeping the seed in the datum or providing the full resolved inputs of a transaction (including the committed UTxO).
cardano-scaling · Nov 9, 2023 · d7b5231 · d7b5231
1 parent b72cc93
commit d7b5231
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/hydra-node/src/Hydra/Chain/Direct/Tx.hs b/hydra-node/src/Hydra/Chain/Direct/Tx.hs
@@ -900,6 +900,20 @@ observeCommitTx ::
   Tx ->
   Maybe CommitObservation
 observeCommitTx networkId initials tx = do
+  -- FIXME: Strategy to observe without looking at resolved inputs (utxo):
+  --
+  --  - We must check that participation token in output satisfies
+  --      policyId = hash(mu_head(seed))
+  --
+  --  - This allows us to assume (by induction) the output datum at the commit
+  --    script is legit
+  --
+  --  - Further, we need to assert / assume that only one script is spent = onle
+  --    one redeemer matches the InitialRedeemer, as we do not have information
+  --    which of the inputs is spending from the initial script otherwise.
+  --
+  --  Right now we only have the headId in the datum, so we use that in place of
+  --  the seed -> THIS CAN NOT BE TRUSTED.
   (commitIn, commitOut) <- findTxOutByAddress commitAddress tx
   dat <- txOutScriptData commitOut
   (onChainParty, onChainCommits, headId) :: Commit.DatumType <- fromScriptData dat
@@ -908,6 +922,9 @@ observeCommitTx networkId initials tx = do
   initialTxIn <- findInitialTxIn
   committedTxIns <- decodeInitialRedeemer initialTxIn
 
+  -- FIXME: If we have the resolved inputs (utxo) then we could avoid putting
+  -- the commit into the datum (+ changing the hashing strategy of
+  -- collect/fanout)
   committed <- do
     -- TODO: We could simplify this by just using the datum. However, we would
     -- need to ensure the commit is belonging to a head / is rightful. By just