neo-project / proposals

NEO Enhancement Proposals
Creative Commons Attribution 4.0 International
136 stars 113 forks source link

Account-bound contract groups #161

Open roman-khimov opened 1 year ago

roman-khimov commented 1 year ago

NEP-15 defines the concept of a "group":

A Group is identified by a public key and must be accompanied by a signature for the contract hash to prove that the contract is indeed included in the group.

Groups are mostly useful for CustromGroups and rule-based witnesses that check for groups and allow to easily extend some witness to a set of related contracts. So it's a useful concept in some cases like NeoFS sidechain where we have a number of interrelated contracts that together form a complete system. We use groups there, but given the definition from above:

And all of these problems basically boil down to the fact that groups are completely detached from regular Neo accounts. Accounts that are defined as verification script hashes. At the time of Neo 3.0 this was kinda OK since we had no way to run invocation/verification scripts during contract deployment, but I think now with System.Runtime.LoadScript from neo-project/neo#2756 we're able to do that (in a way similar to neo-project/neo#2866).

We can keep old pubkey/signature groups, but at the same time have some new fields there:

{
  "account": "<Neo address like NQfT4bN7pTikt5ujs5cgpYhAtBpHHfSo5s>",
  "invocation": "<base64 bytecode>",
  "verification": "<base64 bytecode>",
}

"account" is needed for contract-based verification that traditionally (similar to transaction signers) leave the verification script blank (so that "verification" field can be omitted in this case). Other than that it'd be the same invocation/verification script pair that will be loaded into VM with contract hash used as a "script container" and will return a boolean result as usual.

This (quite simple) change will give complete account's power to contract groups and make them more useful in various settings.