-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow NFT to be burned when number of offers is greater than 500 (part of NonFungibleTokensV1_2
amendment)
#4346
Conversation
Hi @shawnxie999 Have a look at https://github.com/XRPLF/rippled/pull/4336/files for an example of how to do this. |
4d4218a
to
d7b5469
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please address the issues identified (the biggest one is the looping bug over the offer directory pages) and ping me again for a follow-up review.
Generally, you should also consider squashing things into a reasonable set of commits, especially when first opening the PR. Subsequent fixes to address concerns can be left as separate commits but marked as [FOLD]
to make it easier to review.
c5eb27f
to
0fb8daf
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, except for some clang-format
issues. You'll want to squash this down into a single commit, prior to the Passed
label being added.
3814b92
to
12236be
Compare
I'd like to make an observation based only on the description of the pull request. I've not looked at the code yet. The observation is a bit long-winded, and starts with how the ledger prevents duplicate NFTokens from appearing in the ledger. Each NFToken ID incorporates the 160-bit ID of the issuing account. That account ID plus the Once the issuing account is quiescent for 20 minutes or so, it can deleted. Once an account is deleted it can be recreated, but a recreated account has its account root in an initial state. So a recreated account has a Specifically in order to prevent duplicate NFTokens in the ledger there is a rule that prevents an account from being deleted if it has ever issued an NFToken that has not also been burned. If an account issues no NFTokens it automatically meets that requirement. If a different account has issued 1700 NFTokens and all 1700 of those NFTokens have been burned, that account also meets the requirements. This is where canceling all of the offers for a burned NFToken comes in. Let's suppose the behavior proposed by this pull request comes into play. Then we could see this sequence of events play out:
Also note that this scenario is only possible if the behavior proposed by this pull request comes into play. If we don't accept this pull request then there are two possible outcomes:
Alice can cancel as many as 500 offers for her NFToken in a single transaction. So it would take a particularly concerted effort by attackers to prevent Alice from burning her NFToken. The attacker needs to generates NFToken create offer transactions at 500 times the rate that Alice issues cancel transactions. It seems improbable that this attack would be worth it. I don't know what usability issue prompted this pull request. But I think that usability issue needs to be balanced against the possibility of there being NFTokenOffers in the ledger for an NFToken that is not the same as the originally intended token. The scenario is a bit convoluted. I'm happy to work through the details more closely with anyone who's curious. Thanks for reading. |
Thanks for the informative feedback Scott! You said that account can be re-created once it has been deleted - so the account would be created with the same address as before? If that is the case, then when you mention
That means we have duplicate NFTs that share the same NFTokenID (one is the newly minted, other is the burnt one) on the ledger. To me, it sounds a bit odd that this scenario was allowed to happen in the first place. Nonetheless, I'm curious if this situation was considered when this approach was proposed, or whether it was forgotten. But I think @ledhed2222 has more context on this. |
That's correct. The ID of an account is derived from the secret used to create the account. If an account is deleted from the ledger then, later, an account with the same ID as the deleted account can be recreated by re-using the same secret.
If I open my eyes to the ledger history I have to agree that...
Situations like this became possible when account deletion was enabled a few years back. However, since an account with any NFTs in the ledger cannot be deleted, there can only be one instance of a particular NFT ID in any given current ledger. Does that distinction make sense? I'm happy to answer further questions.
Account deletion is a little known corner of the ledger that also has strange consequences. It's easy to forget. |
@scottschurr From my understanding, one ramification would be that it would cause confusion when a NFT is re-minted, left-over offers from the burnt NFT object are carried over to the new one. Just curious in your perspective, how serious of a problem would this scenario be? |
@shawnxie999, my opinion on the severity of the problem is irrelevant. Different observers will have different opinions on how serious the matter is. However consider this:
Note that the NFToken that Alice re-mints has exactly the same ID as the original one, but the associated URL is different. So, from a legitimate perspective, even though the ID is the same, the NFToken itself is different. How does Bill feel about having paid for an NFT that is not the same as the one he created the offer for? That depends on Bill. Given the folks who populate the crypto world I'd guess that there's a pretty good likelihood that Bill would be royally torqued once he found out. So my opinion doesn't matter here. The question is how a user of the ledger would feel. That's above my pay grade. |
Trivial: Let's consider naming this amendment This does not block merging or reviewing - please proceed as before. The name will be finalized later, before |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left one comment that requires no action. I think this code still meets its intended purpose.
* Allow offers to be removable * Delete sell offers first Signed-off-by: Shawn Xie <[email protected]>
* Allow offers to be removable * Delete sell offers first Signed-off-by: Shawn Xie <[email protected]> Signed-off-by: Kenny Lei <[email protected]>
* Allow offers to be removable * Delete sell offers first Signed-off-by: Shawn Xie <[email protected]>
* Allow offers to be removable * Delete sell offers first Signed-off-by: Shawn Xie <[email protected]>
* upstream/develop: Rename to fixNonFungibleTokensV1_2 and some cosmetic changes (XRPLF#4419) Only account specified as destination can settle through brokerage: (XRPLF#4399) Prevent brokered sale of NFToken to owner: (XRPLF#4403) Fix 3 issues around NFToken offer acceptance (XRPLF#4380) Allow NFT to be burned when number of offers is greater than 500 (XRPLF#4346) Add fixUnburnableNFToken feature (XRPLF#4391) Change default vote on fixUniversalNumber from yes to no (XRPLF#4414)
* upstream/develop: Rename to fixNonFungibleTokensV1_2 and some cosmetic changes (XRPLF#4419) Only account specified as destination can settle through brokerage: (XRPLF#4399) Prevent brokered sale of NFToken to owner: (XRPLF#4403) Fix 3 issues around NFToken offer acceptance (XRPLF#4380) Allow NFT to be burned when number of offers is greater than 500 (XRPLF#4346) Add fixUnburnableNFToken feature (XRPLF#4391) Change default vote on fixUniversalNumber from yes to no (XRPLF#4414)
* upstream/develop: Rename to fixNonFungibleTokensV1_2 and some cosmetic changes (XRPLF#4419) Only account specified as destination can settle through brokerage: (XRPLF#4399) Prevent brokered sale of NFToken to owner: (XRPLF#4403) Fix 3 issues around NFToken offer acceptance (XRPLF#4380) Allow NFT to be burned when number of offers is greater than 500 (XRPLF#4346) Add fixUnburnableNFToken feature (XRPLF#4391) Change default vote on fixUniversalNumber from yes to no (XRPLF#4414)
* upstream/develop: Rename to fixNonFungibleTokensV1_2 and some cosmetic changes (XRPLF#4419) Only account specified as destination can settle through brokerage: (XRPLF#4399) Prevent brokered sale of NFToken to owner: (XRPLF#4403) Fix 3 issues around NFToken offer acceptance (XRPLF#4380) Allow NFT to be burned when number of offers is greater than 500 (XRPLF#4346) Add fixUnburnableNFToken feature (XRPLF#4391) Change default vote on fixUniversalNumber from yes to no (XRPLF#4414)
* upstream/develop: Rename to fixNonFungibleTokensV1_2 and some cosmetic changes (XRPLF#4419) Only account specified as destination can settle through brokerage: (XRPLF#4399) Prevent brokered sale of NFToken to owner: (XRPLF#4403) Fix 3 issues around NFToken offer acceptance (XRPLF#4380) Allow NFT to be burned when number of offers is greater than 500 (XRPLF#4346) Add fixUnburnableNFToken feature (XRPLF#4391) Change default vote on fixUniversalNumber from yes to no (XRPLF#4414)
* upstream/develop: Rename to fixNonFungibleTokensV1_2 and some cosmetic changes (XRPLF#4419) Only account specified as destination can settle through brokerage: (XRPLF#4399) Prevent brokered sale of NFToken to owner: (XRPLF#4403) Fix 3 issues around NFToken offer acceptance (XRPLF#4380) Allow NFT to be burned when number of offers is greater than 500 (XRPLF#4346) Add fixUnburnableNFToken feature (XRPLF#4391)
…ctionality * upstream/develop: Rename to fixNonFungibleTokensV1_2 and some cosmetic changes (XRPLF#4419) Only account specified as destination can settle through brokerage: (XRPLF#4399) Prevent brokered sale of NFToken to owner: (XRPLF#4403) Fix 3 issues around NFToken offer acceptance (XRPLF#4380) Allow NFT to be burned when number of offers is greater than 500 (XRPLF#4346) Add fixUnburnableNFToken feature (XRPLF#4391) Change default vote on fixUniversalNumber from yes to no (XRPLF#4414)
…tpage * upstream/develop: Rename to fixNonFungibleTokensV1_2 and some cosmetic changes (XRPLF#4419) Only account specified as destination can settle through brokerage: (XRPLF#4399) Prevent brokered sale of NFToken to owner: (XRPLF#4403) Fix 3 issues around NFToken offer acceptance (XRPLF#4380) Allow NFT to be burned when number of offers is greater than 500 (XRPLF#4346) Add fixUnburnableNFToken feature (XRPLF#4391) Change default vote on fixUniversalNumber from yes to no (XRPLF#4414)
…LF#4346) * Allow offers to be removable * Delete sell offers first Signed-off-by: Shawn Xie <[email protected]>
fixUnburnableNFToken
: Allow NFT to be burned when number of offers is greater than 500NonFungibleTokensV1_2
amendment)
Ready for Review
High Level Overview of Change
(disable whitespaces to see file comparisons better)
This PR introduces an amendment called
fixUnburnableNFToken
which allows NFTs with more than 500 offers to be burned. This is enabled by deleting 500 offers but leaving the others untouched.Context of Change
Current NFT cannot be burned when it has over 500 offers. We want to remove this restriction. So we delete exactly 500 offers, and will leave out other offers untouched if there are more.
Type of Change