HarryR
commented
6 years ago There is a bug downside to this example is it isn't cross-chain... but demonstrates a method of continuation passing that makes continuations transparent to the developer (on both client & contract writers #side). This primitive, and the work around the contract preprocessor and client-side ease of use stuff does work cross-chain, but needs some more consideration.
So, to expand upon this and provide some detail on how this could be implemented, we assume that the interface for providing a cross-chain proof is straightforward and simple, e.g.:
contract Test {
VerifyProofInterface m_prover;
address m_other_contract;
constructor (VerifyProofInterface prover, address other_contract) public {
m_prover = prover;
m_other_contract = other_contract;
}
function SomethingNeedingProof (address my_address, bytes proof) {
bytes32 sig = SHA('MyProofEvent(address)');
if( m_prover.Verify(proof, m_other_contract, sig, my_address) ) {
// TODO: verify if proof has already been used to trigger this function
// other_contract emitted event with `sig` with arg of `my_address`
}
}
}Note: There is an outstanding problem about proving that contract addresses exist on a specific network, e.g. the other_contract address may exist on multiple networks as it isn't globally unique. (contract address is hash of address and nonce). - That will need to be addressed in another ticket?
The preprocessor will split contract functions which depend on continuations at each place where an async event is consumed, for example the contract in the first comment is translated into something like:
contract Test {
event OnApproved( address by_who );
event OnNeedsApproval( address by_who );
VerifyProofInterface m_prover;
mapping(uint256 => bytes32) m_continuations;
uint256 m_contid;
constructor (VerifyProofInterface prover)
{
m_prover = prover;
}
function WaitForApproval( address from_who )
{
emit OnNeedsApproval(msg.sender);
// BEGIN continuation code
m_contid += 1;
m_continuations[m_contid] = HASH(from_who);
}
function __continuation_WaitForApproval_wait_OnApproved( address from_who, uint256 __continuation_id, bytes __proof )
{
require( m_continuations[__continuation_id] == HASH(from_who) );
bytes32 sig = SHA('OnApproved(address)');
require( true == m_prover.Verify(address(self), sig, from_who, __proof) );
delete m_continuations[__continuation_id];
// END continuation code
msg.sender.transfer(...);
}
function Approve ( address by_who )
{
emit OnApproved(msg.sender);
}
}How it works:
- Upon a
waitinstruction a new continuation is recorded, this includes a hash of all information necessary to verify (e.g. the sender, the arguments, any other necessary state). The function is split at this point into the prefix and the suffix. - The suffix function requires a continuation id to verify the arguments match the hashed continuation arguments. It also needs proof that the specific event it was waiting for (with the right parameters from the specific contract) has been emitted.
- The client is aware of the continuations, how to wait for the correct event, how to supply proofs, and then triggers the continuation function transparently.
Limitations:
- Local variables cannot be accessed after the continuation, without passing them back in via function parameters, these variables would need to be emitted as part of the event, and verified as part of the continuation.
- Original function parameters must be passed again to the continuation
- Continuation must verify that the provided arguments match a continuation
- Cannot rely on data existing across multiple chains without a further state proof (horribly expensive)
- How does waiting for multiple state transitions work? e.g. what if there's an
OnDeclinedevent which causes a different code path to be triggered?
There are also lots of other edge cases, like 'oh look at this big footgun, lets pull the trigger' edge cases that - if attempting to provide truly transparent cross-chain contracts - will bite you hard. They're mostly race conditions and synchronisation, where the other contract must be prevented from executing - e.g. the state of the program can only be executing in one place at any given point in time, but the code can be paused, then execution can be triggered again. I will see if I can further expand on this point later.
This is a work-in-progress specification.
If we take a simple contract, say an exchange, or an approval process which requires multiple inputs, how can this be made easy for developers to write and use, while hiding all the complexity?
Think of the
asyncandwaitkeywords in NodeJS, or coroutines in Python/Gevent, they hide all of the switching logic behind the scenes and allow you to write easy to understand procedural code instead of chains of callbacks or multiple threads with explicit synchronisation.I think it would be good to create an example of what an 'ideal world' solution would look like, then can figure out how to convert that into the bits and pieces necessary to make that happen.
The ideal end result would be something that takes the 'ideal world' solution and automagically makes it happen.
This would be delivered as a SDK and toolchain for developers?
e.g.
But, from the client side, what would invoking and calling this look like? I think it could be as simple as:
Side A:
Side B:
The client-side code on either side will transparently handle the continuation magic, making it transparent and requiring no user intervention, the problem there is that what happens if the client dies or crashes mid-way through - how do continuations get triggered? Any error could cause the whole thing to irrevocably stall unless the program state is recoverable.
Maybe if we come up with a handful of end-user scenarios that would need to be implemented like this then we can figure out all the edge cases. Example examples:
Then these can be translated into example contract & client code