Vesting Spec

[AdityaSripal]

• Linked to github-issue with discussion and accepted design
• Updated all relevant documentation (docs/)
• Updated all relevant code comments
• Wrote tests
• Added entries in PENDING.md that include links to the relevant issue or PR that most accurately describes the change.
• Updated cmd/gaia and examples/

---

For Admin Use:

• Added appropriate labels to PR (ex. wip, ready-for-review, docs)
• Reviewers Assigned
• Squashed all commits, uses message "Merge pull request #XYZ: [title]" (coding standards)

[codecov]

Codecov Report

Merging #1875 into develop will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           develop   #1875   +/-   ##
=======================================
  Coverage     63.5%   63.5%           
=======================================
  Files          118     118           
  Lines         7006    7006           
=======================================
  Hits          4449    4449           
  Misses        2301    2301           
  Partials       256     256

[rigelrozanski]

lol I'm not sure that a pro's con's section really belongs in a spec - but not sure where it belongs beyond a proposal github issue

[zmanian]

It would be way better if this used BFT time instead of block number

[rigelrozanski]

shouldn't this be more like GetParams([]byte) []byte and SetParams([]byte, []byte)
p.s. golang maps are a non-deterministic type meaning we can't use them in the state-machine

[rigelrozanski]

I'm wondering if we can just eliminate Type (are we introducing it?) and only have a block-lock param - if it exists then we know it's vested, or rather just locked - which is the important part

[AdityaSripal]

Yea I want to introduce it. If we just want to support this specific case, we can. I think we should add the Type tho, because we may want to add other types of Account. And people building on top of sdk should be able to create multiple account types as well.

For example, in the future we may want to support NLocked Accounts where each month a new amount of coins get unlocked, or maybe some other feature. I don't think we should add cruft to BaseAccount every time we want something new and specific to our application.

imo, it makes sense to create different Account types that define their own parameters and have handlers that can handle specific account types.

Will move a lot of this into a proposal issue as you suggested and rewrite.
Thanks for the review!

[rigelrozanski]

Left a few comments throughout - I like the approach you've proposed of extending the account

This document is structured more like a proposal for these features, and it's placed in a funny location given that it affects bank and auth.

I think maybe this PR should actually be modifying the existing spec documents which are relevant, and also having a new document talking about vesting, but not changes to other modules. Like, let's phrase this as more definite changes and implementation requirements - not a proposal

[jaekwon]

(btw, should be Vesting not Vested).

I'm not sure that having a top-level type is the right solution.
Would it make more sense to have an optional interface method, like

type VestingAccount interface {
    Account
    AssertIsVestingAccount() // existence implies that account is vesting.
}

Then you an check with vacc, ok := acc.(VestingAccount); ok

[AdityaSripal]

That works well in our case where we are choosing from two possible account types.

I think we should leave the option open to adding more account types in the future, and for developers building on the SDK to have many supported account types.

In those cases, I think having a Type() function that handlers can use to switch their functionality based on the account type is better than trying to type cast for multiple account types.

[jaekwon]

Vesting

[jaekwon]

GenesisAccounts are

[jaekwon]

vesting

[jaekwon]

Can someone document why we want to do this, as opposed to having one account that can vest continuously over time? The latter seems much more flexible and I am worried about having to deal with e.g. 24 accounts, or more if we want more fine-grained vesting.

• Additional fields OrigTotalCoins, StartVestingTime, and EndVestingTime in the concrete VestingAccount struct, used only for calculating how much is required to stay in the account.
• You can add and remove coins from the vesting account, but none of the coins can ever be less than OrigTotalCoins * Max(VectorOfOnes, Now-StartTimeVesting/(EndTimeVesting-StartTimeVesting)). The relevant function here is IsGTE() or IsPositive() after a subtraction.

I think it would require more tooling for us to deal with 24 accounts, than to deal with this more flexible vesting system.

[AdityaSripal]

@jaekwon I originally considered doing vesting like a step function, it ends up being a bit more complicated than what you're suggesting. This is because transactions that we want to allow a vesting account to make (like staking) will subtract coins. Thus, vesting accounts balance are allowed to go below the equation you posted.

One thing we could do is to have UnsendableCoins be initialized with the starting balance of the account. When the account delegates or deposits for a vote, the associated handler subtracts the tx amount from UnsendableCoins. Then, the above formula works by replacing OriginalTotalCoins with UnsendableCoins. This will also allow vesting account to send coins earned from fees/inflation.

The downside with this approach is that all handlers for messages we want vesting accounts to be able to call (e.g staking, governance) before fully vesting must be aware of the existence of vesting accounts and update their state correctly. Whereas with the current approach, only the bank module is aware and cares about the existence of vesting accounts.

Not sure how the pros and cons weigh out between the two approaches.

[rigelrozanski]

Jae:

Can someone document why we want to do this, as opposed to having one account that can vest continuously over time? The latter seems much more flexible and I am worried about having to deal with e.g. 24 accounts, or more if we want more fine-grained vesting.

^ @zmanian

[rigelrozanski]

Just realized I don't think we want any of this.. Account already IS an interface which means we can have multiple implementations of Account - why don't we just implement new a new Account for vesting which is the same as sdk.AccAccount BUT with different GetCoins() sdk.Coins and SetCoins(sdk.Coins) error methods which don't allow the withdrawal of tokens earlier than is allowable?

[AdityaSripal]

Yea, realized we shouldn't be changing Account interface as well. Reworking spec

But we can't just implement SetCoins differently. This is because we still want staking handler to be able to subtract coins from our account.

I'll finish up what I have in mind and hopefully that clears things up.

[rigelrozanski]

Awesome - yeah sounds good, excited to see your thinking

[AdityaSripal]

Old spec was not able to spend coins gained from fees/inflation. New spec will allow vesting account to do so.

[rigelrozanski]

wait this is kind of seperate, the ability to spend coins received through the fee-distribution mechanism is independent of the vesting account because the fee-distribution mechanism allows you with withdraw fees to a seperate account - we should keep these distinct and not make the vesting account have special logic for this

[AdityaSripal]

Right, the purpose of ReceivedCoins is to makes sure that funds sent to the VestingAccount after initialization are spendable immediately.

[AdityaSripal]

Flagging for future reference. Since we are using the time in Genesis file as start time, we should make sure creation of Genesis file is close-ish to launch. Otherwise it messes up the slope for continuous vesting.

[AdityaSripal]

@jaekwon the checks described in this spec happen "upstream" from the checks that are already in bank's Keeper methods. Thus, I am really calculating the maximum amount of unlocked coins this account can spend.

If the formula written says you are allowed to spend 15 steak, but you only have 10 steak in the account because you have delegated 5 of your unlocked coins, the keeper will still only allow you to spend up to 10 steak.

There's no need to convert. I think it's worthwhile because Vesting accounts take up more space and gas cost for running transactions. Thus, it makes sense to me to do the one-time conversion though it isn't necessary

I don't think its possible to avoid changing bank. This is because we want all the other modules to be able to set account Coins as normal, but bank module needs special logic before it can set Coins. Thus, the logic can't be implemented at the account or mapper level. I'm not sure how a different message type alleviates this though interested to hear the proposal.

Ex for further clarity:

Let's say I start with 50 steak in a vesting account of which 30 is locked.
I have 40 steak delegated to various validators.

I get sent 10 steak by some other users.

The maximum amount of unlocked coins I am allowed to spend calculated by formula in spec: 30 steak
Amount of steak I should be allowed to spend at this moment: 20 steak

In order for a bank MsgSend to succeed, it checks:
Amount less than maximum allowed spend (30 steak)
Amount less than current balance (20 steak)

If both checks pass, the MsgSend succeeds. Else it fails.

addressed comments, added formulas at the bottom for easier verification

[alexanderbez]

@AdityaSripal I think the updates help greatly. It seems like the pseudo-code format could be improved a bit.

[AdityaSripal]

@alexanderbez anything specific about the pseudocode that was hard to read? I cleaned some of it up to hopefully make it clearer. Let me know if there's still some improvements to be made

[alexanderbez]

@AdityaSripal I was mostly referring to this 👍

[cwgoes]

See comments, also:

• Can we describe how ContinuousVestingAccount implements BaseAccount (in particular GetCoins)?

[cwgoes]

Why do we need this function?

[cwgoes]

Does this need to be a public method?

[AdityaSripal]

Yes, it will be used in bank's keeper methods

[cwgoes]

This just accesses BaseAccount functions, right? Convert is a strange name, it implies that one account is being turned into another, maybe AsBase()?

[AdityaSripal]

Originally the plan was to check if account has fully vested (i.e. Now > EndTime) and then simply return the embedded BaseAccount.
This BaseAccount would then replace the completely vested VestingAccount in the Account store. The main benefit would be that BaseAccount would take up less space in store but it is certainly not necessary.

After talking to @jaekwon , removing this functionality for now.

[cwgoes]

i.e. that are vesting? VestingCoins?

[AdityaSripal]

No upon initialization all coins in OriginalCoins are vesting, true. However as time goes on, some of those coins become vested but OriginalCoins never gets updated.

OriginalCoins denotes all the coins that are in account on initialization, which are the only coins subject to the vesting schedule.
However as these coins go from vesting to vested, OriginalCoins never changes.

The way I understand it, a coin that is unspendable is "vesting" and once it becomes spendable it is "vested". It's entirely possible that this is not correct terminology.

[jaekwon]

Maybe "OriginalVestingCoins" would make it clearer?

[cwgoes]

I think these will now be time.Time since we've merged TM 0.23

[cwgoes]

Are we planning to save the converted account or something? Don't we need to deal with any remaining OriginalCoins or ReceivedCoins?

[AdityaSripal]

Addressed above, will remove

[cwgoes]

This is continuous, but I think we want discrete vesting (once per month)?

I could be wrong, if you've discussed this with others please disregard

[AdityaSripal]

Yeah for now it's continuous because that is what jae and I discussed last. I'm currently trying to confirm what the preferred vesting schedule is for AiB.

Changing the vesting schedule just comes down to changing implementation of this single method.

[cwgoes]

What if I've already sent some unlocked coins? I don't think this check is correct.

[AdityaSripal]

Yea, originally thought the second check would stop this but it won't.

Fixing this in refactor

[cwgoes]

See above comment, also I'm not clear on why we need to convert in the first place, the space savings don't matter much since the number of vesting accounts is finite and very small

[AdityaSripal]

Yup, removing this functionality

[cwgoes]

This seems to contradict the above definition under keeper changes?

[cwgoes]

Discrete vesting is not hard as far as I know, just use time floor div vesting interval.

[jaekwon]

Maybe good to add "Delegated coins are deducted from Account.GetCoins(), but do not count against unlocked coins because they are still at stake and will be reinstated (partially if slashed) after waiting the full unbonding period."

[jaekwon]

Staking handlers SHOULD NOT update ...

[jaekwon]

Left comments, otherwise LGTM.

Addressed comments

[rigelrozanski]

Should merge unless @cwgoes or @alexanderbez have additional comments

[cwgoes]

utACK