Vault #220
Vault #220
Conversation
markspanbroek
force-pushed
the
update-solidity
branch
from
20a32c1 to
81e88dd
Compare
markspanbroek
force-pushed
the
update-solidity
branch
from
81e88dd to
b54cd59
Compare
|
Added functionality to have multiple accounts for an account holder inside a fund. This ensures that in the codex marketplace we keep funds for the client and for each slot separate, even though some providers may choose to fill multiple slots, or a client might decide to fill a slot in the storage contract itself. |
markspanbroek
force-pushed
the
vault
branch
2 times, most recently
from
3049325 to
724670b
Compare
|
Replaced 🔥 burnFund() with ❄️ freezeFund(). |
There was a problem hiding this comment.
Really great job Mark! Huge effort 💪 🙌
This was quite a lot to go through. I used the implementation branch (master...vault-integration#diff-5973808e32384782b5978a63e85b893b67d634be8aa42001f0ef480f189a0688R179) to get a better understanding of how some of the functionality relates to the Marketplace.
One question:
When we discussed freezing the vault, we discussed that it would not be able to be unfrozen by a controlling party. In this implementation, unfreezing happens after some time has elapsed, making the funds withdrawable again. Is the idea here that in the case of an attack, the vaults would all be locked in some way with a very long expiry?
markspanbroek
force-pushed
the
update-solidity
branch
from
b54cd59 to
6816355
Compare
There was a problem hiding this comment.
Great work Mark! 🎉
I don't see any big problem with the general approach and design here. My only concern is the usage of the uint128 for the balance tracking. See my comment bellow.
This is big PR, so this is just my first iteration of review. Will do more later on.
|
Thanks for the good feedback @AuHau and @emizzle. I think I addressed most of the naming concerns.
The |
markspanbroek
force-pushed
the
update-solidity
branch
from
6816355 to
7b14c20
Compare
Updates to the API of the Vault contract as worked on in codex-storage/codex-contracts-eth#220 Most important changes: - token transfers are much more restricted in the vault, improving its safety - when a storage request fails, only the providers at fault are punished, the rest are not - when a storage request fails, the client is only reimbursed for the remaining time in the contract - no longer possible for the marketplace to request one final storage proof before allowing withdrawal - repair reward is temporarily stored with the client's funds while slot is free, and not yet filled; this could lead to client withdrawing repair rewards when slots are free when the request ends
| function unpause() public onlyOwner { | ||
| _unpause(); | ||
| } |
There was a problem hiding this comment.
Didn't we discuss that it would be possible to only freeze the contract without the possibility to unfreeze it?
There was a problem hiding this comment.
We discussed it, but didn't come to a conclusion yet. It may be nice to be able to pause the vault while working on a critical fix for the marketplace contract, and then unpause it once the fix is in place.
| let account | ||
|
|
||
| beforeEach(async function () { | ||
| account = await vault.encodeAccountId(holder.address, randomBytes(12)) |
There was a problem hiding this comment.
Why a random account? Wouldn't a fixed account be better?
There was a problem hiding this comment.
Any account discriminator should work for these tests
| expect(await vault.getLockExpiry(fund)).to.equal(expiry) | ||
| }) | ||
|
|
||
| it("does not allow a lock with expiry past maximum", async function () { |
There was a problem hiding this comment.
What about setting the expiry/maximum into the past?
There was a problem hiding this comment.
That is currently allowed, although not very useful
| /// Indicates that a locked fund is frozen. Flows have stopped, nothing is | ||
| /// allowed until the fund unlocks. | ||
| Frozen, |
There was a problem hiding this comment.
Why Frozen also stop the flows? I could imagine a use-case, where you deposit and set up all the funds in the Locked stage and then you would just want to make it "immutable" to just wait until funds get unlocked and prevent any changes to the setting. Frozen could almost be used for it, except it stops the flows...
Honestly, I would rather specify this using the functions that freeze the funds eq. having freezeFund() (will not stop the flows) and freezeFundsAndStopFlows() (will freeze funds and stop flows).
There was a problem hiding this comment.
Yes, I see that freezing can be interpreted in more than one way. I chose this, because for the marketplace we need the interpretation that the balances do not change after this point. I would suggest to revisit this when needed.
- NoLock -> Inactive - Unlocked -> Withdrawing
Co-Authored-by: Adam Uhlíř <adam@uhlir.dev>
Reason: update() is too generic, and can easily be interpreted as changing the on-chain state, whereas it actually updates the in-memory struct. Co-Authored-By: Eric <5089238+emizzle@users.noreply.github.com> Co-Authored-By: Adam Uhlíř <adam@uhlir.dev>
Co-Authored-By: Adam Uhlíř <adam@uhlir.dev>
Adds a
Vaultcontract, that allows funds to be locked up for a certain amount of time. These funds can be transferred, burned or even flow over time to other addresses.Follows the design from codex-research/design/contract-deployment
Requires #219 to be merged first.