Migrates pallet-multisig to Consideration #1782
Conversation
|
This pull request has been mentioned on Polkadot Forum. There might be relevant details there: https://forum.polkadot.network/t/frame-monthly-update/4628/1 |
| let updated_multisig = MultisigsFor::<Test>::get(&multi, &call_hash).unwrap(); | ||
| assert_eq!(updated_multisig.depositor, 1); |
There was a problem hiding this comment.
should we check all fields for sanity?
| T::Currency::unreserve(&r.depositor, r.deposit); | ||
| // take consideration | ||
| let Ok(ticket) = | ||
| T::Consideration::new(&r.depositor, Footprint::from_parts(1, threshold as usize)) |
There was a problem hiding this comment.
when migrating, shouldn't we take exactly r.deposit instead of calculating using the current config? to handle the case where the reserve amounts changed.
There was a problem hiding this comment.
As we are un-reserving the previous amount, isn't it a fair assumption to charge the current amount in this lazy migration?
There was a problem hiding this comment.
I wouldn't say so, because it's not what the user agreed to / understood at the time that they made the multisig. I would expect deposit amount changes to only impact new multisigs, not be applied retroactively
There was a problem hiding this comment.
I see your point, but I also don't think that this is a significant issue. It occurs only for a specific case when the deposit amount has changed between the time of creation vs this migration, which is also handled, just that it requires an increase in the deposit. @ggwpez @kianenigma Would love to get your thoughts here. I imagine this was the reason we were trying to add new_from_exact API in consideration, but this looks to me as a better trade-off.
There was a problem hiding this comment.
Yes this is why we were trying to add new_from_exact. I guess adding that failed/is still in progress? :P
There was a problem hiding this comment.
#2274 can be used to migrate them over with an exact amount.
It was added as new trait to not bloat the existing one and not introduce use-once code that lingers forever.
I think we shouldn't change the amounts on the fly, the user only agreed to the amount that they signed and if they are early adopters of Polkadot we should not punish that for no good reason.
There was a problem hiding this comment.
I think we shouldn't change the amounts on the fly, the user only agreed to the amount that they signed and if they are early adopters of Polkadot we should not punish that for no good reason.
I agree
There was a problem hiding this comment.
I think we shouldn't change the amounts on the fly, the user only agreed to the amount that they signed and if they are early adopters of Polkadot we should not punish that for no good reason.
Thanks - but I do see this pattern already being used in preimage pallet here. Won't that be impacted with a similar reasoning?
There was a problem hiding this comment.
Yes, I would have also argued to not have used that pattern in the preimage pallet.
| T::Consideration::new(&r.depositor, Footprint::from_parts(1, threshold as usize)) | ||
| .defensive_proof("Unexpected inability to take deposit after unreserved") | ||
| else { | ||
| return true |
There was a problem hiding this comment.
if this returns early, the new multisig is not added to MultisigsFor. should we just defensive log but continue anyways to not break the multisig?
There was a problem hiding this comment.
Well, multisig can't exist in the system if we were not able to take the consideration. I can throw an error in this case though.
There was a problem hiding this comment.
Wouldn't it be bad ux for a multisig to just vanish?
This shouldn't be an issue if we don't try re-reserving different amounts, though
There was a problem hiding this comment.
It won't vanish but the migration would fail hinting the user to add funds if needed.
There was a problem hiding this comment.
I don't see where it fails, maybe I misunderstand but I see ensure_updated returns true in this conditional if the consideration fails to create
There was a problem hiding this comment.
Yeah, I should have been clearer. I meant that once it throws an error as I mentioned above, it should be fine. Will update that.
I can throw an error in this case though.
| /// The amount held in reserve of the `depositor`, to be returned once the operation ends. | ||
| ticket: Ticket, |
There was a problem hiding this comment.
I think the name Ticket was swapped for Consideration or so.
|
|
||
| /// The set of open multisig operations. | ||
| #[pallet::storage] | ||
| pub type MultisigsFor<T: Config> = StorageDoubleMap< |
There was a problem hiding this comment.
This is a breaking change and will probably mess with wallets/indexers etc since they look at the old map.
I dont think there is an easy way out without MBMs (audit stalled for another month), so not sure what to best do.
There was a problem hiding this comment.
TBH since this is not the highest priority I don't think too much of a problem to wait for MBMs.. should try to minimise breakage of these apis as much as possible, as you point out. with this change, possibly every multisig UI in the ecosystem would break :P
There was a problem hiding this comment.
Yeah, fine to wait for MBM if that's the case.
| <Multisigs<T>>::remove(&id, call_hash); | ||
| T::Currency::unreserve(&m.depositor, m.deposit); | ||
| <MultisigsFor<T>>::remove(&id, call_hash); | ||
| let _ = m.ticket.drop(&m.depositor); |
There was a problem hiding this comment.
Does it panic when its not manually dropped?
There was a problem hiding this comment.
You mean if someone forgot to call drop on the ticket?
There was a problem hiding this comment.
in general i think let _ should be a no-no across the repo.
If in this situation, you specifically want to drop the result you should call mem::drop (AFAIK)
| @@ -665,6 +691,25 @@ impl<T: Config> Pallet<T> { | |||
| signatories.insert(index, who); | |||
| Ok(signatories) | |||
| } | |||
|
|
|||
| pub(crate) fn ensure_updated(id: &T::AccountId, call_hash: &[u8; 32], threshold: u16) -> bool { | |||
There was a problem hiding this comment.
I think we can safely expose this function publicly as extrinsic to manually nudge it to speed up the process.
* Try check-rustdoc pipeline * another try * another try without `--all-features` * fixed cargo doc issues * exclude relay-rialto-parachain-client from cargo doc --------- Co-authored-by: Svyatoslav Nikolsky <svyatonik@gmail.com>
|
User @codeknix, please sign the CLA here. |
|
@gupnik what is the status on this? |
Yes, it's in my todo list but haven't been able to get back to this yet. Will try to prioritise. Thanks for the reminder. |
Part of #226
In order to simply migrate the existing runtimes, a diff can look like the following: