Integrates datacap token with verified registry actor #514
Conversation
anorth
force-pushed
the
anorth/verifreg-tokenintegration
branch
from
ce16c81 to
76478a7
Compare
anorth
force-pushed
the
anorth/datacap-token
branch
from
3c4f9d6 to
3582f12
Compare
anorth
force-pushed
the
anorth/verifreg-tokenintegration
branch
from
76478a7 to
ea3444a
Compare
anorth
force-pushed
the
anorth/datacap-token
branch
5 times, most recently
from
1014d9d to
e61e26e
Compare
anorth
force-pushed
the
anorth/verifreg-tokenintegration
branch
from
ea3444a to
e079141
Compare
| let st = State::new(rt.store(), id_addr).map_err(|e| { | ||
| e.downcast_default(ExitCode::USR_ILLEGAL_STATE, "Failed to create verifreg state") | ||
| })?; | ||
| let st = State::new(rt.store(), id_addr, *DATACAP_TOKEN_ACTOR_ADDR) |
There was a problem hiding this comment.
Why store and use this instead of hardcoding dependence on this other builtin actor addr in the code? The later pattern is already everywhere.
There was a problem hiding this comment.
I could go either way. I think this use of state is a pattern that would work better generally, outside built-ins. It also offers simple possibilities for migration to a new actor in the future.
There was a problem hiding this comment.
That is a neat point, code cid could stay the same assuming state migration is possible
anorth
force-pushed
the
anorth/verifreg-tokenintegration
branch
from
e079141 to
a94d10b
Compare
anorth
force-pushed
the
anorth/verifreg-tokenintegration
branch
3 times, most recently
from
92a6dbb to
5c58a71
Compare
anorth
force-pushed
the
decouple-fil+
branch
3 times, most recently
from
fef6314 to
e9f4498
Compare
anorth
force-pushed
the
anorth/verifreg-tokenintegration
branch
from
5c58a71 to
f71b0e7
Compare
| // Burn the client's data cap tokens. | ||
| let balance = balance_of(rt, &token, &client).context("failed to fetch balance")?; | ||
| let burnt = std::cmp::min(balance, params.data_cap_amount_to_remove); | ||
| destroy(rt, &token, &client, &burnt) |
There was a problem hiding this comment.
Inside of destroy we should have a check against a balance of 0 to optimize away an unnecessary send.
There was a problem hiding this comment.
I don't think it's worth the complexity. This is a hard-to-invoke method that's explicitly oriented toward invoking this destroy function exactly once.
| BS: Blockstore, | ||
| RT: Runtime<BS>, | ||
| { | ||
| let token_amt = datacap_to_tokens(amount); |
There was a problem hiding this comment.
I get that datacap (and storage power etc) are conceptual tokens. But I'm worried about using the TokenAmount type to denote amounts of other token types since this is walking back the norm of calling different token types by different type aliases especially since the rest of the builtin actors are written assuming TokenAmount == FILAmount
There was a problem hiding this comment.
Instead of importing ref-fvm the fungible token library could implement a FungibleTokenAmount trait that DataCap and others could implement.
There was a problem hiding this comment.
The DataCap type or conceptual data cap? DataCap values here are not interchangeable with token amounts and are not conceptually tokens. The DataCap type here is not a token. I will happily delete the DataCap type since it offers nothing except documentation of the intended role of a BigInt.
the norm of calling different token types by different type aliases
Maybe this is just some imprecise definitions, but I don't think there is any such norm since prior to this branch there are no other token types. There are just other BigInts. The TokenAmount shall not be a mere alias.
The token standard proposal explicitly equates the type of user-programmed tokens with the native Filecoin built-in token. I haven't got the new TokenAmount type from the FVM yet, but once that comes this will all be type-safe. The token library will use the same TokenAmount. DataCap will not be convertible.
| Err(e) => acc.add(format!("error loading clients {e}")), | ||
| } | ||
|
|
||
| // check verifiers and clients are disjoint |
There was a problem hiding this comment.
TODO: I think we should still check this since we appear to be trying to maintain the invariant. It will become a cross DataCap Verifreg check
anorth
force-pushed
the
anorth/verifreg-tokenintegration
branch
from
61f4d7f to
d518418
Compare
|
One thing I noticed, that might be an issue is that the new |
Replaces the verified registry actor's client allowance state with calls to a built-in datacap token actor.
Note there's little type-safety around the token precision units vs the datacap units, but this will be resolved when we get a new release of the FVM SDK, which will come with a
TokenAmountnewtype that's not easily convertible to BigInt.Before merging:
Closes #523
Closes #536