-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XCM export_message() report errors back to statemine (to release blocked funds) #2443
Comments
Taking a look. |
maybe this looks interesting |
Looks like there are 2 error management mechanisms in XCM:
More details here: https://polkadot.network/blog/xcm-part-three-execution-and-error-management Trying to understand more in-depth how they work, how we can use them and at which chains. |
From what I understand, the After that they can be reclaimed using the Trying to simulate this scenario over a bridge and see exactly how it works. |
Thanks ! This seems related to |
Managed to test this locally on rockmine2.
This withdraws 1 KSM from Alice's account in rockmine2. Since we don't do anything with this amount, it is present in the holding register after executing the xcm instruction and the asset trap mechanism will save it on-chain in the rockmine2 storage
This claims the 1 KSM that was trapped and transfers it back to Alice's account on rockmine2. However there are 2 things to note:
Other things still left to be done:
|
There is a logged issue related to losing assets when The problem is that the assets are removed from the holding register and in case of an error they are not put back. And it doesn't happen only for A solution would be to use a custom |
Another thing to pay attention to is this condition here. There is a "barrier" condition that is checked before processing the XCM message. If this check fails, the XCVM won't be even started, We need to pay attention how to craft the messages in order to avoid triggering this barrier. |
Started to look into Another interesting thing is that the |
Trying to summarize the entire flow, to have a better overall picture. This is how it looks like at the present time. It might change. Some items still need research. I will update this comment as the research progresses. Let's take for example an asset transfer from
The user calls an extrinsic. This extrinsic reserves the assets, prepares the XCM message and sends the XCM message to Possible failures that would involve the assets: Mitigations: I think we can call
Here the XCM message is received and we execute the Possible failures that would involve the assets: Here, the Mitigations:
Here the XCM message is received as an encoded blob, the bridge logic decodes it and sends it to Possible failures that would involve the assets: Here, no XCM instruction is executed, so any failure would lead to losing the assets. They won't even be caught by the Mitigations:
Here we finally execute the last part of the XCM message: Possible failures that would involve the assets: Failures can be related to XCM message problems or the configuration of the Mitigations: Apart from all these we have to be mindful of the XCM barrier on each runtime where XCM instructions are executed: #2443 |
As per the guidance from the XCM team:
|
Considering that the bridge message queue satisfies all the XCM design assumptions (tracked in paritytech/polkadot#2038), I can think of a single issue here: halting the bridge. If the bridge is halted, the in-flight messages might get lost. Thinking of solutions. |
* remove reference to remote-externalities * update reference to remote-externalities * s/remote-ext/frame-remote-externalities * copy the fix from paritytech/cumulus@747400a * update cargo.lock
@serban300 document the conclusion |
The conclusion is the one above: #2443 (comment) Closing the issue |
To recover from bridge errors.
The text was updated successfully, but these errors were encountered: