maharifu
commented
3 months ago @byte-bandit Just as a sanity check, this is what I'm thinking here:
- Initialize compass nonce at 0 as part of the constructor
- Pigeon gets compass_id from compass and includes it as part of every message, together with the skyway nonce
- Skyway keeps track of current compass from pigeon messages. If it changes, we reset the nonce (to 0).
- To safeguard the initial deployment, if the current compass version in skyway is empty, we store it without resetting the nonce.
This way we get independent nonces on every compass update, but we don't have to keep track of them all. This could also add the benefit that if something goes wrong, we can redeploy compass to restart the nonces and re-sync.
We could keep the current nonce in the new compass instead of restarting at 0, but that would force us to reset to an arbitrary number instead. This doesn't seem to add much and restarting at 0 seems cleaner.
Do you see any issues on this approach?
byte-bandit
During a compass upgrade, we'll have two versions of compass live, and well call the old version with the address of the new one in order to update ownership of tokens and this gas wallet.
If any third party makes calls to compass to send funds to Paloma, this will increase the nonce on the old compass.
We need a solution for this on the protocol side.