Develop a gas slot based settlement_timeout definition #383
Comments
Do you mean that the caller of |
I don't think the idea is to provide all block headers since close, but a sufficient number of headers where the sum of My 2 cents: Ideally the gas slots proof would be in relation to the lock's expiration block instead of the channel's close block, since after the close block there could be lots of gas slots that couldn't be used with a given lock, because the secret is not revealed yet and it may be learned up to the lock's expiration. The meaning of the proof would be "for each of the pending locks, this is a proof of the first available gas slot since the lock expiration". The above sort of implies that a "out of gas slot proof" should be added to the unlock function, the unlock transaction would contain a proof that it slipped after the expiration block because of the lack of gas slots, effectively extending the lock's expiration. With that said, I think it's best to keep this complexity in the choice of the settlement period and lock's expiration instead of shifting it to the smart contract, the gas slot strategy basically allows for a smaller expiration value since the participants can provide a proof to extend the expiration period, instead of using a large expiration that accounts for the worst case (I'm assuming the out of gas slot thing), but I think the larger expiration periods is easier to implement and to reason about. |
well I am afraid that just the sum wouldn't be enough, instead we would need to show that there would have been enough "slots" for complete unlock transactions (if we need 1000 gas to call unlock once and there were 10 blocks with 100
Yeah, I think that's right: unlock should allow for a
I agree in regards to complexity, but this proposal aims to address the congestion/flood issue [see also https://lightning.network/lightning-network-paper.pdf 3.3.1/Timestop] in a way that does not require wild ass guesses for a "safe" timeout. |
|
So the idea would be to provide a sufficient amount of headers since close where there would have been enough gas to facilitate the unlock function? I understand the problem we are trying to solve (congested block spam blocking in-time settlements), but this sounds like a really complex thing to move into the smart contract logic. Providing a sufficient amount of block headers to the contract and having RLP-decoding logic (we can use something like this) would be quite complex and expensive as far as gas is concerned. Let's put some thought into it and see what we come up with, but after the MVP as it's not a priority right now and for the purposes of the MVP a high enough |
|
Right, not highest priority atm. This is needed for all state channel based apps. Vitalik is aware of the issue and in support of supporting it. |
Btw: I do not consider this "right" anymore. I think the only reasonable mode is provide proof, that other parties had a chance to respond in time, which is to be measured in available gas slots. |
Problem Definition
Currently we have a fixed block number "settlement_timeout" (
ST) that needs to pass afterclosewas called in the Channel. The number is a guess with some safety margins to allow both participants to get all pre-settlement transactions confirmed (claiming locks and updating/disputing the courtesy balance).However, there can be situations where this timeout is not long enough, because there wasn't enough gas available in the last
STblocks (e.g. because of deliberate attacks or just high gas usage/saturation). So a situation can arise where Bob callssettlebefore Alice could claim all locks and Alice would lose asset.Solution
One potential solution to this is to require a "proof of available gas" in the
settlecall. It would roughly look like this:After
closethe amount of potential transactions is bound by the number of open locks + a potential call to update the non-closing-party's balance. I assume we can predict the gas cost for each of these operations. I will call these gas costs "required gas slots".The caller of
settlemust provide a number of block headers since the call toclose. The contract will check the block header's available gas (block.gas_limit - block.gas_used) and match the required gas slots with the available gas slots.The settlement will only proceed if this proof,
available_gas_slots >= required_gas_slots, is successful. Yet we may still want to keep a minimum fixedsettlement_timeoutas a lower bound, because we need it for lock timeouts in transfers.This will prevent situations where a channel participant loses asset just due to full blocks.
Tasklist
https://github.com/mhhf/sol-rlphttps://github.com/androlo/standard-contracts/blob/master/contracts/src/codec/RLP.sol)settlement_timeoutperiod will have been usable for lock claiming transactions may either allow to reduce the safety margins or allow for better estimates for these margins. At this point in time it is over my head what the implications are.The text was updated successfully, but these errors were encountered: