-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(ecocredit): custom bridging support for cancelling credits #1101
Conversation
Codecov Report
@@ Coverage Diff @@
## master #1101 +/- ##
==========================================
- Coverage 69.36% 69.33% -0.04%
==========================================
Files 214 216 +2
Lines 21898 21948 +50
==========================================
+ Hits 15190 15218 +28
- Misses 5388 5402 +14
- Partials 1320 1328 +8
Flags with carried forward coverage won't be shown. Click here to find out more. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good. Mostly nits and I think we should validate contract and recipient address. I'm also wondering if we should define supported bridge targets and validate target as well.
x/ecocredit/core/msg_bridge.go
Outdated
if len(m.BridgeTarget) == 0 { | ||
return sdkerrors.ErrInvalidRequest.Wrap("bridge target should not be empty") | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We might want to consider defining supported targets and validate against those. We could have enumerated values stored in the proto files (similar to how we do digest algorithm, media type, etc. in the date module). We would only support Polygon in this initial version. We should be as cautious as we can given cancelling credits cannot be undone. Ok to leave without for now but something to discuss.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe not a bad idea to prevent unexpected fund transfers. should be gov gated in the future IMHO so a chain upgrade isn't always needed but maybe okay for now to just allow polygon-tco2
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if we're doing validation here, I prefer polygon
as opposed to polygon-tco2
, as we don't want a situation where there could be another way of interpreting the same polygon txhash for creating a different kind of ecocredit / bridge operation.
Co-authored-by: Ryan Christoffersen <[email protected]>
Co-authored-by: Ryan Christoffersen <[email protected]>
Co-authored-by: Ryan Christoffersen <[email protected]>
Co-authored-by: Ryan Christoffersen <[email protected]>
Co-authored-by: Ryan Christoffersen <[email protected]>
Co-authored-by: Ryan Christoffersen <[email protected]>
Co-authored-by: Ryan Christoffersen <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. Nice work.
Co-authored-by: Ryan Christoffersen <[email protected]>
Co-authored-by: Ryan Christoffersen <[email protected]>
Co-authored-by: Ryan Christoffersen <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work! One thing I'm worried abt though is nesting MsgCancel
within MsgBridge
... feels like its not 100% necessary as I don't think we should expect Bridge()
calls to explicitly provide a reason when they are already providing the target
chain explicitly, and the RPC call is called "Bridge" which is essentially the reason for cancelling credits.
proto/regen/ecocredit/v1/tx.proto
Outdated
// MsgCancel is the MsgCancel message type. | ||
MsgCancel msg_cancel = 1; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking at this again in more detail, I think it's preferable for us to not nest proto messages that are used as GRPC request messages like this. Ideally when defining msg server API endpoints, each can evolve independently (e.g. Bridge()
and Cancel()
should be able to evolve independently). So similar to how we always have explicitly separate MsgBridgeRepsonse
and MsgCancelResponse
, we should probably avoid embedding a MsgCancel
field inside the MsgBridge
message.
In terms of which fields from MsgCancel
we need when a user is calling MsgBridge
, I the following is sufficient:
- holder
repeated credits
(could use a similar sub-message toCancelCredits
calledBridgeCredits
?)
My assumption is that we don't actually need an explicit "reason" in the bridge call, as most of the information we would want to pass in the cancel reason would be describing that it's a bridge action, and possibly what chain its coming from. But all of this info we can just get from the target
field, and knowing its a Bridge()
RPC call.
So for filling the "reason" in the cancel event, can we just hardcode it in the message server to set reason = "bridge"
or reason = "bridge-${target}"
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just to note, this was implemented as specified in the issue (or at least to our interpretation). That being said, I do agree with the changes proposed. When automatically filling the reason for MsgCancel
in the message server implementation, I would be in favor of "bridge-${target}"
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry abt the confusion!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @aleem1314 !
Approving. One thing that came up in discussion with @ryanchristo today is that we may actually want to revise our thinking around "contract" being an explicit field in the Bridge()
API call...
This was my oversight when writing out #1084... From a security perspective, we can't only rely on an end user's desired "contract" for tokens to get minted into on the destination chain. As this may not actually be the corresponding TCO2 contract for the given batch denom. Since the bridge service will anyway need to manage their own mapping between batch denoms & TCO2 contracts on the destination chain, there probably isn't much added value in the user providing this upfront...
Co-authored-by: Ryan Christoffersen <[email protected]>
Description
ref: #1084
Author Checklist
All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.
I have...
!
to the type prefix if API or client breaking changeCHANGELOG.md
Reviewers Checklist
All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.
I have...
!
in the type prefix if API or client breaking change