SIMD-0185: Vote Account v4#185
Conversation
jstarry
force-pushed
the
vote-account-v4
branch
from
3fc627d to
9d8dedb
Compare
| `authorized_voters` field that correspond to epochs less than the current epoch, | ||
| only purge entries less than the previous epoch (current epoch - 1). This will | ||
| mean that the `authorized_voters` field can now hold up to 4 entries for the | ||
| epochs in the range `[current_epoch - 1, current_epoch + 2]`. Keeping the |
There was a problem hiding this comment.
is there a reason we need to store current_epoch + 2?
There was a problem hiding this comment.
Yeah that's the current design and I think it kinda makes sense because otherwise you could set a new authorized voter at the end of an epoch and immediately start using it in the next block in the new epoch and leaders would need an up to date view on any new authorized voters for each fork crossing the epoch boundary
|
I'm sorry, why is |
Up for debate still, but I put it there for now since it's easier to update the vote account all in one go. If that field remains unused by the protocol it can be used for something else in the future. |
|
Is this about a new instruction to pay the leader who landed a successful transaction? |
segfaultdoc
left a comment
segfaultdoc
left a comment
There was a problem hiding this comment.
Overall good proposal, trying to think longer term if the Tips commission piece makes sense or becomes obsolete
|
I updated the proposal to use basis points for commission values and to remove any special handling for block tips for now. |
|
@AshwinSekar I've updated the SIMD to only remove the |
Got it, happy to approve. I do think it would be a lot faster if we could get away with one migration to remove |
Yeah maybe that's still the best approach. There's just a lot of changes I want to make:
Would we use a single feature gate for all of these changes? I think that could be fine. We will have a separate feature gate for SIMD-0123 anyways to actually make use of these new fields. |
This reverts commit 68a231b.
AshwinSekar
left a comment
AshwinSekar
left a comment
There was a problem hiding this comment.
Would we use a single feature gate for all of these changes? I think that could be fine. We will have a separate feature gate for SIMD-0123 anyways to actually make use of these new fields.
This sounds like a good approach. lgtm
|
Can this be incorporated into this SIMD? |
|
Just pushed another update to this SIMD to add more detail to the required changes section and some other minor cleanup and renaming. It'd be great to get another review pass from anza devs @AshwinSekar @buffalojoec @t-nelson and fd devs @lidatong @topointon-jump |
| The existing withdraw instruction MUST be modified to completely zero vote | ||
| account data for fully withdrawn vote accounts. The old behavior partially | ||
| zeroed the account data following the vote state version discriminant and is | ||
| less intuitive. |
There was a problem hiding this comment.
I felt this was a nice to have change. This way we know that any vote account with the version discriminant bytes 03 00 00 00 is still initialized. Other vote state versions require checking fields for initialized values to be sure of initialization which is a footgun IMO.
There was a problem hiding this comment.
Seems reasonable to me, unless there's some reason it's done like this currently? Seems strange to keep that discriminator set afterward.
There was a problem hiding this comment.
No explicit reason that I'm aware of. We will need an extra look from auditors at this though.
| If a modified vote account's size is smaller than `3762` bytes, first resize the | ||
| account to `3762` bytes before updating the account data. The vote program does | ||
| not need to check if the resulting account is rent exempt, the runtime will | ||
| enforce that check. This differs from the prior vote program implementation which | ||
| falls back to store vote state as v2 if the account size cannot be resized while | ||
| keeping the account rent exempt. |
There was a problem hiding this comment.
I felt this was nice to have because it simplifies the vote program implementation and ensures that all v4 vote accounts have the same size. Here's the current code in question that this will clean up:
buffalojoec
left a comment
buffalojoec
left a comment
There was a problem hiding this comment.
Looks good to me. I left a few clarifying comments or ideas, but no major concerns on my end!
| The existing withdraw instruction MUST be modified to completely zero vote | ||
| account data for fully withdrawn vote accounts. The old behavior partially | ||
| zeroed the account data following the vote state version discriminant and is | ||
| less intuitive. |
There was a problem hiding this comment.
Seems reasonable to me, unless there's some reason it's done like this currently? Seems strange to keep that discriminator set afterward.
buffalojoec
left a comment
buffalojoec
left a comment
There was a problem hiding this comment.
Thanks for updating. I left one more question, then I can stamp.
|
Approved as long as we are certain there are little to no Vote State v2 or older vote accounts in active use. Throwing an error on those accounts not being rent-exempt could affect those nodes' timely vote credits. |
New vote accounts must be created as v3 and note that v2 vote state accounts wouldn't have timely vote credits because v3 was introduced to add that feature. Because of that, we don't need to be certain about whether v2 accounts are in active use for this proposal, they would already be severely disadvantaged in consensus when tvc was enabled and have plenty of incentive to upgrade if they hadn't already. But in any case, I did check mainnet and there are no active vote accounts using v2 still. |
| pub pending_delegator_rewards: u64, | ||
|
|
||
| /// NEW: compressed bls pubkey for alpenglow | ||
| pub bls_pubkey_compressed: Option<[u8; 48]> |
There was a problem hiding this comment.
Looks good, compressed should be fine. But I think @AshwinSekar proposed we make this field mandatory...
There was a problem hiding this comment.
As I said in the other thread option is fine. Since V4 migration happens automatically on first vote instruction so we can't enforce that this field is populated by operators, we'll have to detect it in Agave when alpenglow is active and instruct operators to fill it in.
There was a problem hiding this comment.
Looks good. If possible can we also squeeze in the additional instruction here?
/// Update the BLS Pubkey for the vote account
///
/// # Account references
/// 0. `[WRITE]` Vote account to be updated
/// 1. `[SIGNER]` Withdraw authority
UpdateBLSPubkey([u8; 48]),
Can also defer this to the Alpenglow SIMD if you prefer.
Thanks for looking!
I prefer to defer this instruction to another SIMD. I've deferred the new instructions for updating commission and collector accounts to other SIMD's as well. |
buffalojoec
left a comment
buffalojoec
left a comment
There was a problem hiding this comment.
This is ready to go from my side, but I left a few small comments on the recent additions. None affect the spec.
11 participants
No description provided.