Comments (17)
EIP PR looks excellent! I guess it's as far as we can go with scastie. I guess a proper web service will emerge if this workflow gets wide adoption. It might work similarly to those badges (coverage, versions, etc.).
from oracle-core.
Hmm, what if instead of using plutomonkey to give P2S addresses, we store the eip23 contracts as part of oracle-core source code, and use node to compile them? The node API doesn't have any way to pass constants directly, but it could be done with string substitution I suppose, so Pool contract would be something like:
{
// This box (pool box)
// epoch start height is stored in creation Height (R3)
// R4 Current data point (Long)
// R5 Current epoch counter (Int)
//
// tokens(0) pool token (NFT)
// tokens(1) reward tokens
// When initializing the box, there must be one reward token. When claiming reward, one token must be left unclaimed
val otherTokenId = INPUTS(1).tokens(0)._1
val refreshNFT = fromBase64({refreshNftInput})
val updateNFT = fromBase64({updateNftInput})
sigmaProp(otherTokenId == refreshNFT || otherTokenId == updateNFT)
}
After replacing the {} parameters, it could be compiled. This would also make it easier to provide new contracts, since currently it can be a bit tricky for a new user to create a contract, and figure out the indices for constants. The downside I see is that this would require a Node API call, but the contracts could be cached for the same inputs somewhere.
from oracle-core.
@SethDusek Interesting! I've never thought of using the node for ErgoScript compilation. Constant substitution is not a problem. We can do it in the compiled tree like we're doing it now. However, I see the following cons:
- We have tests that rely on the contracts, and I'd refrain from requiring a node to run the tests.
- The "proof verification" would be a user comparing the contract's source code in our repo with EIP. Which is much more complicated than comparing a hash.
from oracle-core.
Will work on this.
from oracle-core.
@greenhat, I think we need a place to hold the actual contracts as separate files so that we can link directly to them once ergoplatform/ergo-playgrounds#26 is merged. The ergoplatform/eips
repo just has *.md
files. Maybe we can create a directory for eip-0023?
from oracle-core.
Good idea! Please, do a PR for eip-23 PR. Ideally, we'd want to render contract code from a separate file in the eip md file along with a contract hash and link to scastie to verify this hash.
from oracle-core.
Markdown only allows embedding of external things via raw HTML tags. We can use permalinks to code and Github renders it like follows: https://github.com/kettlebell/rust_hello_world
It looks a bit ugly though, and you can't control the height of the code snippet from what I see. What do you think?
from oracle-core.
But you do get syntax highlighting and line numbers which can be useful when discussing aspects of the contracts with others.
from oracle-core.
Although it does not look all that pretty it has a link to the whole file so it should be fine.
from oracle-core.
Sure. The link is also tied to the commit hash, so we'll need to be careful to update the links on each contract modification.
from oracle-core.
Sure. The link is also tied to the commit hash, so we'll need to be careful to update the links on each contract modification.
I see the problem with using links with commit hashes. Contract edits during the PR lifecycle will not be shown unless link in the EIP file is updated. I'd rather use link relative to the EIP file.
from oracle-core.
Yeah agreed. Ok, I'll try to get it working with HTML.
from oracle-core.
@SethDusek not sure where your comment went but I like the submodule approach. The verification through scastie should actually be placed in oracle-core
, since operators will come here for the binary and instructions. The EIP markdown file stands alone as the authoritative source. Maybe we can modify ergo-playgrounds
to load the EIP markdown file, parse out the contracts, then process it all in a single hit?
I tried embedding <object>
tags in the markdown file to bring in external text, but it doesn't work. Not surprising, it's a really bad idea security-wise.
from oracle-core.
@SethDusek not sure where your comment went but I like the submodule approach. The verification through scastie should actually be placed in
oracle-core
, since operators will come here for the binary and instructions. The EIP markdown file stands alone as the authoritative source. Maybe we can modifyergo-playgrounds
to load the EIP markdown file, parse out the contracts, then process it all in a single hit?
When I made this issue, I focused not solely on verifying oracle contracts but on building a framework/workflow for checking any contracts against EIPs(or published by other means) in any off-chain code. My thinking was to show the contract's hash in the EIP file and then check the same hash somehow in the off-chain code. In our case, it might be a unit test loading the contract from default_parameters.rs
and checking its hash against the expected as a hard-coded string. Thus, anyone can check the hash in the EIP file with the hard-coded expected hash in our unit test.
I tried embedding
<object>
tags in the markdown file to bring in external text, but it doesn't work. Not surprising, it's a really bad idea security-wise.
We can scrap the idea of inlining contract code into EIP md file and go with links. I mean, sooner or later, we'd want to analyze contracts in EIPs with external tools, so we'd have to throw away inlining anyway.
from oracle-core.
Sounds good. I've made the PR: ergoplatform/eips#78, the changed section looks as follows: https://github.com/ergoplatform/eips/blob/fec79b7e72c017d02aa799b3748ae845c02f8874/eip-0023/eip-0023.md#contracts-with-base-64-encoded-hash-of-ergo-tree-bytes.
Also I've taken your idea of the unit test and packaged it as a separate command in the binary. This allows operators to check it without having to compile the binary. (see #105)
Once the PR + eip23
branch is merged, we can add the scastie verification links (need to have a stable URL for the contracts).
from oracle-core.
It'd be cool to have a badge for it.
from oracle-core.
The bounty is sent. Thank you!
from oracle-core.
Related Issues (20)
- Suggest changes to ballot contract to allow ballot token owners to spend ballot boxes without any requirements HOT 2
- Bootstrap a new pool for ERG/XAU on testnet HOT 1
- Pool health OK for a first few minutes while running bootstrapped pool with only 1 oracle
- In oracle boxes scan filter out non-oracle boxes guarded by non-oracle-contract (PK wallets, etc.)
- Return 503 HTTP error for pool and oracle health endpoints when it's down
- Refresh NFT error in pool box after updating min_votes HOT 1
- Better error messages when config files loading failed
- Oracle health OK but the last posted box is 65 blocks old (epoch length is 35)
- Pool health DOWN but active oracle count is not changed
- For status base url use explorer.ergoplatform.com instead of api.ergoplatform.com
- Docker Hub Repo link broken
- Recommended way to run oracle-core when already running full ergo node? HOT 2
- Add CLI switch to auto approve "extract-reward-tokens" command HOT 2
- Add claimable reward token metrics to the Prometheus metrics endpoint HOT 1
- Scan Issue HOT 4
- Failed to found my own oracle box in the filtered posted oracle boxes HOT 10
- Add scan start blockheight parameter in config HOT 2
- Unlock node wallet if locked
- How to run a testnet oracle?
- Fix issues with buyback offchain
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oracle-core.