Comments (14)
Going to close this as (3) works for now, and contract ownership can be implemented using a single-token currency or deserialisation.
from plutus.
I'd like to keep this open, I'm not really happy with (3) and I think it's generally going to be important for the validator to have access to the data script of the spending transaction.
from plutus.
In order for this work, we need a transaction
tx
that spends an output from the script address (this output determinest
and the current states :: S
) using a redeemer with the inputi :: I
.tx
also produces a new output to the script address, with a data scripts' :: S
such thats' = t s i
. How can the validator script ensure that the new data script is actuallyt s i
, and not some other state? If it can't, then the contract can be manipulated very easily, by providing a different data script. This is the "validating the next data script" problem.
I've been thinking a while about this and I still do not understand the current design. We have a "black-box" transaction that outputs something that we need to verify even though we exactly know what it's supposed to be. Why? Can we change something and not produce a data script in the transaction, so that we don't need to verify it and can just compute the next state using the redeemer?
from plutus.
We are computing the next state in validator using the redeemer. But we can not pass this computed state into the next validator script other than via data script. And the validator script can not produce the output data script, it can only verify the transaction already contains a valid (equal to computed) data script.
from plutus.
@nau, thanks!
And the validator script can not produce the output data script, it can only verify the transaction already contains a valid (equal to computed) data script.
Is there any way to change the current design, so that it makes sense to allow the validator script to produce the output data script? I understand it's not what we have right now, but can we change that somehow?
from plutus.
Won't we get issues with closures then?
Imaging a produced data script containing a function that encloses some values from the validator.
We would need to store the whole context. Is this feasible in our case?
from plutus.
Is there any way to change the current design, so that it makes sense to allow the validator script to produce the output data script?
Yeah we could change the return value of the validator from Bool
to whatever the data script is.
But I agree @nau about closures, we would have to replay all validator scripts from the beginning of the contract whenever we want to know the current state.
from plutus.
@nau,
Won't we get issues with closures then?
Imaging a produced data script containing a function that encloses some values from the validator.
We would need to store the whole context. Is this feasible in our case?
I assumed, our data scripts are always closed right now? So we can just ban data scripts that reference some internal state of the validator. Or we can allow that and automatically let-bind the values (which essentially makes the data script closed), if it's necessary for some reason, and let the user decide whether it's feasible or not in their particular case.
But I agree @nau about closures, we would have to replay all validator scripts from the beginning of the contract whenever we want to know the current state.
We already have to replay all the events of the blockchain in order to know its current state. As long as computing the state of the validator happens off-chain, it seems to align well with other parts of the system.
But can we allow the validator to somehow publish its data script? Like trigger a separate kind of transactions, I don't know.
I very well understand that I'm probably asking completely nonsensical questions here, I just feel really weird about verifying that what you got is what you already have and so I think it's natural to ask whether there is any way to avoid this by changing the design of the system.
Also, if the data script contains functions, how are we going to check equality of them?
from plutus.
What if a data script is hard to calculate but easy to validate?
With current design it's the job of a transaction producer to do all the heavy computations, otherwise every node/wallet would have to replicate it.
from plutus.
What if a data script is hard to calculate but easy to validate? With current design it's the job of a transaction producer to do all the heavy computations, otherwise every node/wallet would have to replicate it.
Regarding the problem that we discuss here, we always have to calculate the next data script in the validator in order to check that the redeemer's one is correct. There are cases where we don't need state machines and thus don't need to verify that the redeemer contains a valid state and we certainly should handle those cases somehow, but with the current design it seems we can't handle the dual situation where we have a data script that is easy to calculate, but hard to check that what was calculated and put into the redeemer is indeed correct. See:
Also, if the data script contains functions, how are we going to check equality of them?
from plutus.
@effectfully wrote,
We already have to replay all the events of the blockchain in order to know its current state. As long as computing the state of the validator happens off-chain, it seems to align well with other parts of the system.
But can we allow the validator to somehow publish its data script? Like trigger a separate kind of transactions, I don't know.
No, we cannot do that. The two things you mention are exactly the two things that Ethereum allows and Bitcoin-style UTxO doesn't: (1) publish the result of computation inside the validator (i.e., change the state of the blockchain as a result of validator computation) and (2) issue new transactions from inside the validator.
Changing this would fundamentally change the blockchain. One of the core concepts of Extended UTxO is that it adds some extra information to outputs and validator invocation, but it leaves the structure and dataflow of UTxO the exact same as before.
Apart from that, I think, it wouldn't be a good idea, going back on this is nothing we could decide uni-laterally as it has a serious impact on Cardano core. It would also have implications on the whole discussion on execution costs, killing the purity we just talked about in Miami.
I very well understand that I'm probably asking completely nonsensical questions here, I just feel really weird about verifying that what you got is what you already have and so I think it's natural to ask whether there is any way to avoid this by changing the design of the system.
These are perfectly legit questions. However, we do what we do for a very good reason (what I wrote above). Yes, doing the data script validation in the validator is a bit of a hassle, but it is the validator after all and a bit of hassle here is a minor inconvenience compared to impacting the fundamental ledger structure.
from plutus.
I see. Thanks a lot for the explanations, Manuel.
from plutus.
See also #1436, which may avoid this problem entirely.
from plutus.
We've now implemented #1436, so I'm going to close this (yay!).
from plutus.
Related Issues (20)
- Facilitate Cardano Node release
- Get rid of prismatic error handling?
- `Unroll` gets into infinite loop on `[SomeType]`
- `HasSchema` instances for datatypes provided by Plutus
- The evaluate-builtins optimization isn't conservative
- Pretty instance for PlutusV3 ScriptContext is incomplete
- Invalid `Eq` and `Ord` instances on `AssocMap.Map`
- Investigate Marlowe validator compilation failure with GHC 9.6.2
- `serialiseCompiledCode` should be type constrained
- Speed `defaultCekParameters*` back up? HOT 1
- PIR case-of-case is exponential and causes OOMs HOT 5
- Costing for remainining bitwise builtins
- Costing for bitwise logical builtins
- Move `nightly.yml` from `plutus-benchmark` to `plutus-shared`
- Move `combined-haddock.yml` from `plutus-benchmark` to `plutus-shared`
- Public Documentation from Agda Metatheory
- QuickCheck `Arbitrary` instances for Ledger types HOT 1
- Fix cabal haddock-project documentation
- Faster processing of `Data` objects HOT 3
- Complete Migration from ReadTheDocs to Docusaurus
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from plutus.