Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go/staking: add minimum balance #4461

Merged
merged 10 commits into from
Feb 22, 2022
Merged

go/staking: add minimum balance #4461

merged 10 commits into from
Feb 22, 2022

Conversation

pro-wh
Copy link
Contributor

@pro-wh pro-wh commented Feb 4, 2022

writing down some basic thoughts on the idea of a minimum balance (general balance only)

cross reference https://oasisprotocol.clickup.com/t/1zfn2hb

still a lot of problems with this

@pro-wh
Copy link
Contributor Author

pro-wh commented Feb 9, 2022
edited
Loading

moving some more out-there ideas to #4466.

changes to this PR:

  • authenticate check now checks after moving the fee in memory. if they don't have enough to meet the min balance after moving the fee, even the fee payment gets rolled back
  • general post-execute (was written wrong anyway) check removed
  • manually add some checks to staking app methods that are known to affect general balance: transfer/withdraw (from + to), add escrow, burn
  • rebased on master, no longer including go/staking: add minimum transfer amount  #4456

thus:

  • various other non-method places can still move funds to create less-than-minimum balances:
    • fee payment
      • you would have had to send several registry transactions already to become a validator, so maybe this is fine
    • debonding completion
      • you would have had to send a reclaim escrow transaction already, so maybe this is fine
    • anything else that I'm not aware of
      • 😬 reviewers pls enlighten me
  • future work better be extra careful
  • you can no longer transfer less than the min balance to a new account
  • you can't withdraw without already having the min balance + fee

@pro-wh pro-wh changed the base branch from pro-wh/feature/minxfer to master February 9, 2022 00:40
@pro-wh pro-wh force-pushed the pro-wh/feature/minbal branch 2 times, most recently from c482a60 to 43f1b5d Compare February 9, 2022 00:46
@pro-wh pro-wh marked this pull request as ready for review February 9, 2022 00:52
@pro-wh
Copy link
Contributor Author

pro-wh commented Feb 9, 2022

gonna try CI 🙌

@pro-wh pro-wh force-pushed the pro-wh/feature/minbal branch 3 times, most recently from 02dbcd5 to 97341ed Compare February 10, 2022 00:29
@pro-wh
Copy link
Contributor Author

pro-wh commented Feb 10, 2022
edited
Loading

hm ci is hanging on whatever comes after TestCrashingBackendDoNotInterfere

gonna see if I can reproduce that locally

🤦 I can

ah. an obvious impact to huge things: pretty much all nodes are dead due to not having any balance when trying to process a registry transaction

@pro-wh
Copy link
Contributor Author

pro-wh commented Feb 11, 2022

fixed a dos risk: there's now a single check for balance >= fee + min balance, shared between check tx and deliver tx. otherwise, an attacker may submit a high-gas-price transaction with fee <= balance < fee + min balance, which would get scheduled with high priority but always abort

@pro-wh
Copy link
Contributor Author

pro-wh commented Feb 11, 2022

adding a way to mark some methods as exempt from the min balance check. the suggested use is for transactions routinely used by nodes, which (i) commonly have no balance and (ii) are known in the registry system

kostko
kostko reviewed Feb 11, 2022
View reviewed changes
go/consensus/tendermint/apps/staking/state/gas.go Outdated Show resolved Hide resolved
go/staking/api/api.go Outdated Show resolved Hide resolved
@pro-wh
Copy link
Contributor Author

pro-wh commented Feb 16, 2022

we discussed more yesterday, and we'd like to extract the configurable minimum balance check, without the method exemptions

@codecov
Copy link

codecov bot commented Feb 17, 2022
edited
Loading

Codecov Report

Merging #4461 (893feb3) into master (8b6bafb) will increase coverage by 0.01%.
The diff coverage is 92.20%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #4461      +/-   ##
==========================================
+ Coverage   68.03%   68.04%   +0.01%     
==========================================
  Files         421      421              
  Lines       46914    46985      +71     
==========================================
+ Hits        31918    31972      +54     
- Misses      11050    11067      +17     
  Partials     3946     3946
Impacted Files Coverage Δ
go/consensus/tendermint/beacon/beacon.go 72.24% <0.00%> (ø)
go/staking/api/api.go 62.33% <ø> (ø)
go/consensus/tendermint/apps/staking/state/gas.go 84.05% <80.00%> (-0.16%) ⬇️
...o/consensus/tendermint/apps/staking/state/state.go 64.20% <88.23%> (+0.58%) ⬆️
.../consensus/tendermint/apps/staking/transactions.go 74.28% <100.00%> (+2.61%) ⬆️
go/staking/tests/state.go 95.39% <100.00%> (ø)
go/oasis-node/cmd/common/metrics/disk.go 65.51% <0.00%> (-20.69%) ⬇️
go/worker/common/committee/runtime_host.go 58.33% <0.00%> (-8.34%) ⬇️
go/oasis-node/cmd/common/metrics/resource.go 84.00% <0.00%> (-8.00%) ⬇️
go/runtime/host/protocol/connection.go 64.66% <0.00%> (-6.77%) ⬇️
... and 23 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2139fb4...893feb3. Read the comment docs.

@pro-wh
Copy link
Contributor Author

pro-wh commented Feb 17, 2022

in the process of adding a big e2e test

right now it passes, I think because the nodes are registered in the genesis state. if the test would run longer, they'd all fail to re-register

@pro-wh
Copy link
Contributor Author

pro-wh commented Feb 18, 2022

tests added

@pro-wh pro-wh force-pushed the pro-wh/feature/minbal branch 2 times, most recently from 560000f to be44746 Compare February 18, 2022 05:30
kostko
kostko reviewed Feb 18, 2022
View reviewed changes
Copy link
Member

@kostko kostko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should probably also add checks to the staking state's Transfer method (used e.g. by roothash.SubmitMsg transaction method).

go/consensus/tendermint/apps/staking/state/gas.go Outdated Show resolved Hide resolved
go/consensus/tendermint/apps/staking/state/gas.go Outdated Show resolved Hide resolved
go/consensus/tendermint/apps/staking/transactions.go Outdated Show resolved Hide resolved
go/consensus/tendermint/apps/staking/transactions.go Outdated Show resolved Hide resolved
@pro-wh pro-wh force-pushed the pro-wh/feature/minbal branch 2 times, most recently from a44236e to 225fee0 Compare February 18, 2022 19:34
@pro-wh
Copy link
Contributor Author

pro-wh commented Feb 18, 2022
edited
Loading

oh thanks. I didn't know there was a separate code path there

edit: or rather not, this seems to be a different level of abstraction

@pro-wh pro-wh force-pushed the pro-wh/feature/minbal branch 2 times, most recently from 14b7e15 to fcd05b2 Compare February 18, 2022 21:59
@pro-wh pro-wh requested a review from kostko February 21, 2022 22:35
@pro-wh pro-wh merged commit 1dab832 into master Feb 22, 2022
@pro-wh pro-wh deleted the pro-wh/feature/minbal branch February 22, 2022 19:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Yawning Yawning Yawning left review comments

@kostko kostko kostko approved these changes

@peterjgilbert peterjgilbert Awaiting requested review from peterjgilbert peterjgilbert is a code owner

@ptrus ptrus Awaiting requested review from ptrus ptrus is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@pro-wh @kostko @Yawning