-
Notifications
You must be signed in to change notification settings - Fork 319
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CIP-0040? | Collateral output #216
Merged
Merged
Changes from 3 commits
Commits
Show all changes
18 commits
Select commit
Hold shift + click to select a range
b4c7280
added work from PR#25 to support single stake pool links as well
rphair b24d0ef
for brevity
rphair 235ad40
for clarity
rphair 75faa8f
response to first round of editing by co-author
rphair 0389fa1
second round of co-author edits
rphair adbee6f
reclassified wallet integration as Motivation rather than Rationale
rphair 176b5c0
2 of 3 changes from @nicarq via PR 65
rphair 20f35f6
undone most recent commit (removing PR65 suggestions)
rphair f43d28c
Merge branch 'master' of github.com:rphair/CIPs
rphair 85c4b77
undone most recent commit (removing PR65 suggestions)
rphair db81cb6
Merge remote-tracking branch 'upstream/master'
rphair efd6491
Collateral output CIP
SebastienGllmt d3c48ce
rename file
SebastienGllmt 07ff3b5
Include self-contained balancing requirement
SebastienGllmt 138565e
Add Andre to the CIP
SebastienGllmt b136b3b
Merge branch 'master' of github.com:cardano-foundation/CIPs
rphair 89239b2
Merge branch 'output-collateral' of github.com:cardano-foundation/CIP…
rphair c50eff3
pre merge changes, attempt as 3rd party
rphair File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
--- | ||
CIP: ? | ||
Title: Explicit Collateral Output | ||
Authors: Sebastien Guillemot <seba@dcspark.io>, Jared Corduan <jared.corduan@iohk.io> | ||
Status: Draft | ||
Type: Standards | ||
Created: 2022-02-10 | ||
License: CC-BY-4.0 | ||
--- | ||
|
||
# Abstract | ||
|
||
This document describes adding a new output type to transactions called Collateral Outputs | ||
|
||
# Motivation | ||
|
||
As of Alonzo, transactions that call Plutus smart contracts are required to put up collateral to cover the potential cost of smart contract execution failure. Inputs used as collateral have the following properties: | ||
|
||
1. Cannot contain any tokens (only ADA) | ||
2. Cannot be a script address | ||
3. Must be a UTXO input | ||
4. Must be at least some percentage of the fee in the tx (concrete percentage decided by a protocol parameter) | ||
5. Can be the same UTXO entry as used in non-collateral tx input | ||
6. Is consumed entirely (no change) if the contract execution fails during phase 2 validation | ||
7. Is not consumed if phase phase 2 validation succeeds | ||
|
||
Additionally, there cannot be more than *maxColInputs* (protocol parameter) inputs and the inputs have to cover a percentage of the fee defined by *collateralPercent* (protocol parameter) | ||
|
||
However, | ||
|
||
- Restriction #1 is problematic because hardcore dApp users rarely have UTXO entries that do not contain any tokens. To combat this, wallets have created a special wallet-dependent "collateral" UTXO to reserve for usage of collateral for dApps which is not a great UX. | ||
- Restriction #6 is problematic because wallets want to protect users from signing transactions with large collateral as they cannot verify whether or not the transaction will fail when submitted (especially true for hardware wallets) | ||
|
||
# Specification | ||
|
||
If phrase-2 verification fails, we can send outputs to a special output marked as the collateral output. | ||
|
||
There are two ways to create collateral outputs | ||
|
||
1. Add collateral outputs as a new field inside the transaction. This change is similar to how collateral inputs were created a new field | ||
SebastienGllmt marked this conversation as resolved.
Show resolved
Hide resolved
|
||
2. Change the definition of outputs as `TxOut = Addr × Value × DataHash? × Source?` where source (optional for backwards compatibility) is an enum `0 = regular output, 1 = collateral output`. | ||
|
||
Option #1 provides the best backwards compatibility because we don't expect phase-2 validation to be a common occurrence and so wallets that (due to not being updated) never check collateral outputs will still in the overwhelming majority of cases return the correct result. | ||
|
||
Additionally, this requires updating the collateral requirement. | ||
|
||
If no collateral output is specified (and therefore no tokens are in the collateral input), then we keep the old definition | ||
|
||
``` | ||
ubalance (collateral txb ◁ utxo) ≥ quot (txfee txb * (collateralPercent pp)) 100 | ||
``` | ||
|
||
However, if collateral output is specified, then | ||
1. Each collateral output needs to satisfy the same minimum ADA requirement as regular outputs | ||
2. Collateral output needs to be balanced according to `sum(collateral_input) = sum(collateral_output) + collateral_consumed` | ||
Where `collateral_consumed` is equal to the old formula (`quot (txfee txb * (collateralPercent pp)) 100`). Note that when collateral is consumed, any certificate, etc. in the transaction is ignored so they have no impact on the change calculation. | ||
|
||
## Self-contained balancing | ||
|
||
Some use-cases like hardware wallets, who do not have access to the content of the collateral inputs, cannot easily check if the collateral is balanced. Similar to how we specify an explicit fee as part of the transaction body to tackle this problem, the transaction body also needs a new field that explicitly specified how much collateral will be consumed in the case of phase-2 validation failure. | ||
|
||
## Copyright | ||
|
||
This CIP is licensed under [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode) |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.