1) By providing a list of "incomplete" dependencies, this can be detected if an operation goes from valid to invalid while all dependencies remain the same.
2) By returning ready = true to an operation that does not pay enough fees.
Support for (1) already exists, but (2) is not fully implemented yet.
Right now, the built-in senders simulate the operation before doing the relay; if the simulation pays enough fee, they proceed to execute the operation. If the executed operation didn't pay enough fee, then the endorser may get banned.
But if the simulation says that the operation doesn't pay enough fee, the operation is discarded right away. An additional step must be performed to verify that the endorser is in fact returning ready = false.
This must be done carefully, as there are scenarios in which the sender may decide that the operation does not pay enough, but the endorser may say it does. In these cases, the endorser must not be banned.
i.e., the sender may be asking for a minimum higher priority fee, or for a higher markup on the token fee conversion ratio.
An endorser may "lie" in two different ways:
1) By providing a list of "incomplete" dependencies, this can be detected if an operation goes from valid to invalid while all dependencies remain the same.
2) By returning
ready = trueto an operation that does not pay enough fees.Support for (1) already exists, but (2) is not fully implemented yet.
Right now, the built-in senders simulate the operation before doing the relay; if the simulation pays enough fee, they proceed to execute the operation. If the executed operation didn't pay enough fee, then the endorser may get banned.
But if the simulation says that the operation doesn't pay enough fee, the operation is discarded right away. An additional step must be performed to verify that the endorser is in fact returning
ready = false.This must be done carefully, as there are scenarios in which the sender may decide that the operation does not pay enough, but the endorser may say it does. In these cases, the endorser must not be banned.
i.e., the sender may be asking for a minimum higher priority fee, or for a higher markup on the token fee conversion ratio.