ADR 0006: Consensus Governance #3423
Conversation
kostko
force-pushed
the
kostko/docs/adr-consensus-governance
branch
3 times, most recently
from
184c157 to
58a3856
Compare
kostko
force-pushed
the
kostko/docs/adr-consensus-governance
branch
from
58a3856 to
4de1301
Compare
kostko
requested review from
peterjgilbert,
pro-wh and
Yawning
as code owners
kostko
force-pushed
the
kostko/docs/adr-consensus-governance
branch
from
4de1301 to
dda1c1a
Compare
| ### Consensus Parameters | ||
|
|
||
| This proposal introduces the following new consensus parameters in the | ||
| governance module: |
There was a problem hiding this comment.
Here we can specify: "Since these are consensus parameters, they need to be specified in the genesis file and will be the same across all proposals."
This will help clarify the nature of the parameters.
| ## Decision | ||
|
|
||
| This proposal introduces a minimal on-chain governance mechanism where anyone | ||
| can submit governance proposals and the validators can vote where one base unit |
There was a problem hiding this comment.
Maybe we can explicitly point out that this includes both self-delegations and delegations from other users, since conceptually sometimes people think about delegation as primarily in the "delegations from other users" case.
We can just add parentheses at the end: "(including both self-delegations and delegations from other users)."
|
|
||
| // UpgradeProposal is an upgrade proposal. | ||
| type UpgradeProposal struct { | ||
| upgrade.Descriptor |
There was a problem hiding this comment.
Is #2596 a prerequisite for this ADR? Or maybe at least a "good to have", so voters can actually confirm the proposed upgrade identifier (hash) matches a specific source code. (i guess alternatively, although not ideal, we could use something like hash of the source code?)
There was a problem hiding this comment.
Yes, that's right. So in theory the hash could also be a Git commit or a hash of a manifest containing further information.
kostko
force-pushed
the
kostko/docs/adr-consensus-governance
branch
from
dda1c1a to
12588f8
Compare
|
|
||
| - The set of pending upgrades is checked to make sure that no upgrades are | ||
| currently pending. If there is an existing upgrade pending, the method call | ||
| fails with `ErrUpgradeAlreadyPending`. |
There was a problem hiding this comment.
This seems a little odd: we prevent new proposals when one is pending, but as long as active proposals have not been voted on and moved to pending state, additional proposals can be made. Is the intent to prevent two pending proposals from becoming ... "in use" (i.e., approved and switch-over epoch has passed, so presumably all node operators have picked up the implementation or implemented the proposal themselves)? What happens (if anything) if two or more active proposals go into pending state and their switch-over epochs are close to each other, e.g., within upgrade_min_epochs_diff of each other?
Not a critical issue, but just wanted clarification / trying to understand the intent.
There was a problem hiding this comment.
we prevent new proposals when one is pending, but as long as active proposals have not been voted on and moved to pending state, additional proposals can be made
I think this is just a misunderstanding, there are two things to an upgrade:
- First a governance upgrade proposal is created and it goes through the voting process.
- Only if the vote passes is an upgrade pending.
So this does not refer to other pending governance upgrade proposals but to already passed pending upgrades.
What happens (if anything) if two or more active proposals go into pending state and their switch-over epochs are close to each other, e.g., within upgrade_min_epochs_diff of each other?
See the Proposal Content Execution section below where there is another check when the passed governance upgrade proposal is executed. Only one upgrade can be pending and if two upgrade proposals are passed, the second one will fail to execute.
kostko
force-pushed
the
kostko/docs/adr-consensus-governance
branch
from
12588f8 to
8e76033
Compare
|
|
||
| This proposal adds the following consensus layer state in the governance module: | ||
|
|
||
| - **Next proposal identifier (`0x80`)** |
There was a problem hiding this comment.
If we follow the existing convention, I think these identifiers will start at 0x90 (and the governance app id will be 0x09) since 0x08 is in use by the new improved beacon already.
There was a problem hiding this comment.
Hm, so I looked at the beacon when deciding on this and it uses the prefix from the previous beacon/epochtime apps which seems like the right thing to do:
oasis-core/go/consensus/tendermint/apps/beacon/state/state.go
Lines 16 to 32 in ae0e671
The app id for the beacon should be changed to 0x04 to be consistent.
There was a problem hiding this comment.
Ok yeah I also saw the comment in the beacon PR 👍
kostko
force-pushed
the
kostko/docs/adr-consensus-governance
branch
from
8e76033 to
60fdaba
Compare
There was a problem hiding this comment.
my summary:
this adds on-chain yes/no/abstain voting for "proposals." entities can vote, and their votes are counted proportional to their stake if they are a validator at the time the proposal is set to close. as an optimization for stable validator committees, they must also be validator at the time they vote. they can also change their vote leading up to the proposal close time.
this adds a set of proposal types for managing network upgrades. the on-chain representation of a proposed upgrade https://github.com/oasisprotocol/oasis-core/blob/v20.12.1/go/upgrade/api/api.go#L66 is mostly opaque, other than the epoch when it happens. this type and the mechanisms around it are already part of the codebase.
kostko
force-pushed
the
kostko/docs/adr-consensus-governance
branch
from
60fdaba to
8098873
Compare
Rendered