search

input-output-hk / hydra

Implementation of the Hydra Head protocol
https://hydra.family/head-protocol/
Apache License 2.0
264 stars 86 forks source link

Enable fanout with unconfirmed snapshot #1476

Open ch1bo opened 2 weeks ago

ch1bo commented 2 weeks ago

Context & versions

Observed with 0.17.0

Steps to reproduce

  1. Open a head with multiple parties: alice and eve
  2. Last confirmed snapshot being x
  3. Process a transaction resulting in snapshot x+1 requested, but one party (eve) does not share their AckSn with the rest. e.g. due to a technical fault or adversarial behavior
  4. Honest party alice closes the head with snapshot x
  5. See contestation by eve with snapshot x+1
  6. Honest party alice tries to fanout

Actual behavior

The hydra-node of the honest party cannot fanout.

Expected behavior

The honest party can do a fanout even though they did not see snapshot x+1 confirmed.

Hypothesis

The hydra-node uses the latest confirmedSnapshot to create the fanoutTx. However, it may very well be the case that the seenSnapshot is more recent than the confirmedSnapshot.

I think the hydra-node should check both, confirmedSnapshot and seenSnapshot whether we have the suitable pre-image of finally closed snapshot number (x+1 above) and use the right one to create and post the fanoutTx.

In case we don't have the right snapshot available in the HeadState, a corresponding error should be shown to the users that explains why we cannot fanout (missing the closed snapshot).