Closed boolafish closed 5 years ago
One idea: To add new predicate B to an existing output type A, instead of binding them directly, we create a output type A' that would be bonded instead. For all old tx holding A, it would need to sign-off a tx that change A --> A'.
In fact, the tx of A --> A' can be pre-defined. So whenever we are creating a new output type A, we also preserve a A' type in the future. We can add another function on contract to lock the registry for adding new predicate to A to protect output A. So once locked, the output type A is protected to be isolated.
So, this creates a set of sets of possible output types. Where utxo can transition from type to type within one set via predicates. And jumping from set to set is possible only via special 'upgrade' transaction.
What I see here as a problem - is a problem of set of sets. Imagine actor A adding predicate A
and actor B adding predicate B
. This creates 4 possible sets. [{},{A},{B},{A,B}]
. So we have an explosion of possibilities.
So we have an explosion of possibilities.
How is this a problem though? If operator code does support all possibility and all sets are what we want it's totally fine. Otherwise operator code would just support what we need to provide the service. Even there might be a path to go forward all possibility, user would just not go (?). Even they went, they are only losing their own money as long as we check sum(input) >= sum(output).
BTW, currently I am only seeing this as a solution for easier and safer upgrade. With this isolation, I think cooperation with operator (at least server code level need to support) is still needed. I guess your goal is to eventually get this burden out from operator?
So we have an explosion of possibilities.
How is this a problem though?
It's a problem if we treat predicate isolation as a open system feature. If we treat it only as a safer upgrade mechanism, than it's alright.
@paulperegud BTW, since this issue is used as a placeholder to put all ideas, do you mind to write down some of your previous thinkings here too?
(notes from call with @boolafish )
re: explosion of possibilities. This problem will not affect end users. It might give some headache to developers of particular dapps. This means that this approach can be treated as a open system feature.
re: re-implementation of arbitrary predicate code by operator (see also #79). We can do eth_call to predicate on ethereum node instead. That would require some abstraction around utxopos <-> inclusion_proof relation. We would need inclusion proofs on Ethereum chain but not on plasma chain.
[Note with Pepesza] ah....Pepesza comment the note above first lol
Some remaining issues I can think of
Moved current comments to doc in wiki: link here
Closing this first as it is not prioritized for Cinnabon and got some draft idea already.
(reopen this to hold notes)
[Note with Pepesza 06.04] Pepesza mentioned that predicate for starting exit might be different from predicate used in challenge. Challenge might be lighter. (eg. IFE, when starts it checks everything. However, in challenge, the competing tx only checks sig.)
This is use as a placeholder issue to collect Predicate isolation idea (no matter it works or not). Would move it to some docs at certain point.