SIMD-0016: Program Rebatable Account Write Fees #16
Conversation
|
can we get lines wrapped at ~80char here to ease review? |
Done |
|
Eugene from Ellipsis Labs here. I have some reservations about this proposal. It seems like there are two orthogonal goals here:
However, as written, this trades off:
An automated mechanism similar to multidimensional EIP-1559 may make more sense. https://ethresear.ch/t/multidimensional-eip-1559/11651
|
|
@eugene-chen can't the automation be built up first as a library in a program that sets these fees, then enshrined if everyone agrees that its the best? |
|
It does seem better to replace local cranks with a global crank, but still not ideal. An implementation seems quite involved. Such a program would need access to per-state fees from previous blocks for each piece of state, no? |
|
@eugene-chen I don't think it needs a crank. can be done on access. It might need stats about CUs in the last few blocks which are available to the state machine. |
|
@eugene-chen The problem with multidimensional EIP, is that state is unbounded in number of dimensions, any account can be congested. So the amount of state that would be need to be stored and tracked by the runtime automatically is huge. We need applications to enable and pay for this anyways. Iterating at the program level is much faster than in the L1. What's important is that eventually the system can provide enough information to the application program to implement its own multidimensional 1559. Once that works, either it becomes enshrined as a library in the sdk, or maybe it's worth just adding it to sealevel. But probably a library will be good enough. |
|
Agreed that an iterative approach at the application level, to the extent possible, makes a lot more sense than iterating on the L1. But requiring programs to actively update fees to be usable, even if temporary, effectively makes it impossible for protocols to decentralize. Additionally, returning these fees to the program is not particularly incentive-compatible for validators. |
|
Transferring these fees to validators can create a perverse incentive to
reorder transactions.
…On Thu, Feb 2, 2023 at 5:43 AM Eugene Chen ***@***.***> wrote:
Agreed that an iterative approach at the application level, to the extent
possible, makes a lot more sense than iterating on the L1.
But requiring programs to actively update fees to be usable, even if
temporary, effectively makes it impossible for protocols to decentralize.
Additionally, returning these fees to the program is not particularly
incentive-compatible for validators.
—
Reply to this email directly, view it on GitHub
<#16 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABDF7BMWIZXIJ2KMIZTQXDWVLDGRANCNFSM6AAAAAATH3RNUI>
.
You are receiving this because you are subscribed to this thread.Message
ID: <solana-foundation/solana-improvement-documents/pull/16/c1412696179@
github.com>
|
|
What’s the incentive to reorder? Shouldn’t they just greedily include as
many total CUs paying expensive state fees as possible?
On Wed, Feb 1, 2023 at 9:48 PM Maximilian Schneider <
***@***.***> wrote:
… Transferring these fees to validators can create a perverse incentive to
reorder transactions.
On Thu, Feb 2, 2023 at 5:43 AM Eugene Chen ***@***.***> wrote:
> Agreed that an iterative approach at the application level, to the extent
> possible, makes a lot more sense than iterating on the L1.
>
> But requiring programs to actively update fees to be usable, even if
> temporary, effectively makes it impossible for protocols to decentralize.
>
> Additionally, returning these fees to the program is not particularly
> incentive-compatible for validators.
>
> —
> Reply to this email directly, view it on GitHub
> <
#16 (comment)
>,
> or unsubscribe
> <
https://github.com/notifications/unsubscribe-auth/AABDF7BMWIZXIJ2KMIZTQXDWVLDGRANCNFSM6AAAAAATH3RNUI
>
> .
> You are receiving this because you are subscribed to this thread.Message
> ID: <solana-foundation/solana-improvement-documents/pull/16/c1412696179@
> github.com>
>
—
Reply to this email directly, view it on GitHub
<#16 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABKPFJNON5AZZO5TIJUCZHDWVMN7XANCNFSM6AAAAAATH3RNUI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***
.com>
|
|
Depends on the protocol, but failed transactions will most likely pay
higher fees than successful transactions. This is already included in the SIMD document's problem description in line 27-29.
On Thu, Feb 2, 2023 at 11:55 AM Eugene Chen ***@***.***>
wrote:
… What’s the incentive to reorder? Shouldn’t they just greedily include as
many total CUs paying expensive state fees as possible?
On Wed, Feb 1, 2023 at 9:48 PM Maximilian Schneider <
***@***.***> wrote:
> Transferring these fees to validators can create a perverse incentive to
> reorder transactions.
>
> On Thu, Feb 2, 2023 at 5:43 AM Eugene Chen ***@***.***> wrote:
>
> > Agreed that an iterative approach at the application level, to the
extent
> > possible, makes a lot more sense than iterating on the L1.
> >
> > But requiring programs to actively update fees to be usable, even if
> > temporary, effectively makes it impossible for protocols to
decentralize.
> >
> > Additionally, returning these fees to the program is not particularly
> > incentive-compatible for validators.
> >
> > —
> > Reply to this email directly, view it on GitHub
> > <
>
#16 (comment)
> >,
> > or unsubscribe
> > <
>
https://github.com/notifications/unsubscribe-auth/AABDF7BMWIZXIJ2KMIZTQXDWVLDGRANCNFSM6AAAAAATH3RNUI
> >
> > .
> > You are receiving this because you are subscribed to this
thread.Message
> > ID:
<solana-foundation/solana-improvement-documents/pull/16/c1412696179@
> > github.com>
> >
>
> —
> Reply to this email directly, view it on GitHub
> <
#16 (comment)
>,
> or unsubscribe
> <
https://github.com/notifications/unsubscribe-auth/ABKPFJNON5AZZO5TIJUCZHDWVMN7XANCNFSM6AAAAAATH3RNUI
>
> .
> You are receiving this because you were mentioned.Message ID:
> ***@***.***
> .com>
>
—
Reply to this email directly, view it on GitHub
<#16 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABDF7BZJZN6J7JPV67KAJLWVMO3PANCNFSM6AAAAAATH3RNUI>
.
You are receiving this because you are subscribed to this thread.Message
ID: <solana-foundation/solana-improvement-documents/pull/16/c1413078835@
github.com>
|
|
If someone wants to pay to include a failed transaction, why should that be
penalized more than the tx fees paid?
On Wed, Feb 1, 2023 at 9:57 PM Maximilian Schneider <
***@***.***> wrote:
… Depends on the protocol, but failed transactions will most likely pay
higher fees than successful transactions.
On Thu, Feb 2, 2023 at 11:55 AM Eugene Chen ***@***.***>
wrote:
> What’s the incentive to reorder? Shouldn’t they just greedily include as
> many total CUs paying expensive state fees as possible?
>
> On Wed, Feb 1, 2023 at 9:48 PM Maximilian Schneider <
> ***@***.***> wrote:
>
> > Transferring these fees to validators can create a perverse incentive
to
> > reorder transactions.
> >
> > On Thu, Feb 2, 2023 at 5:43 AM Eugene Chen ***@***.***> wrote:
> >
> > > Agreed that an iterative approach at the application level, to the
> extent
> > > possible, makes a lot more sense than iterating on the L1.
> > >
> > > But requiring programs to actively update fees to be usable, even if
> > > temporary, effectively makes it impossible for protocols to
> decentralize.
> > >
> > > Additionally, returning these fees to the program is not particularly
> > > incentive-compatible for validators.
> > >
> > > —
> > > Reply to this email directly, view it on GitHub
> > > <
> >
>
#16 (comment)
> > >,
> > > or unsubscribe
> > > <
> >
>
https://github.com/notifications/unsubscribe-auth/AABDF7BMWIZXIJ2KMIZTQXDWVLDGRANCNFSM6AAAAAATH3RNUI
> > >
> > > .
> > > You are receiving this because you are subscribed to this
> thread.Message
> > > ID:
> <solana-foundation/solana-improvement-documents/pull/16/c1412696179@
> > > github.com>
> > >
> >
> > —
> > Reply to this email directly, view it on GitHub
> > <
>
#16 (comment)
> >,
> > or unsubscribe
> > <
>
https://github.com/notifications/unsubscribe-auth/ABKPFJNON5AZZO5TIJUCZHDWVMN7XANCNFSM6AAAAAATH3RNUI
> >
> > .
> > You are receiving this because you were mentioned.Message ID:
> > ***@***.***
> > .com>
> >
>
> —
> Reply to this email directly, view it on GitHub
> <
#16 (comment)
>,
> or unsubscribe
> <
https://github.com/notifications/unsubscribe-auth/AABDF7BZJZN6J7JPV67KAJLWVMO3PANCNFSM6AAAAAATH3RNUI
>
> .
> You are receiving this because you are subscribed to this thread.Message
> ID: <solana-foundation/solana-improvement-documents/pull/16/c1413078835@
> github.com>
>
—
Reply to this email directly, view it on GitHub
<#16 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABKPFJMUG6OG4PV4WI7ZP4TWVMPBZANCNFSM6AAAAAATH3RNUI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***
.com>
|
|
Please add comments in the document, if you have specific questions to the mechanism presented. |
|
I have updated the POC implementation by modification of the account structure itself. To roll out application fees easily and to avoid misuse of application fees I am thinking of adding a new instruction : Let me know your thoughts. |
There was a problem hiding this comment.
please reformat to fit the template
this doesn't seem precisely enough defined that someone could take it and implement it from scratch, which leads me to believe that the proposal is biased by, or at least intends to lean heavily on, the PoC.
ideally there would be zero code before a proposal is accepted to prevent this kind of thing. at most mocked data structures or pseudo code to clarify difficult to describe logic.
further, there's little elaboration of the required runtime changes, which are by far the part that needs to be most thoroughly understood before any consideration for acceptance. the new program isn't described in particular detail either, eg. no idea what the PDA will hold, what units fees are defined in, etc.
i don't think i can form an opinion as is
I will rewrite the proposal as you have asked.I have more clear understanding with how things should work. |
|
Hi, this is Philip from Firedancer. I'm on board with the premise of the proposal, but the amount of extra state this requires so early in the transaction pipeline scares me a bit, especially if you think about this proposal in the context of a bankless leader. Deciding whether a transaction can successfully pay the fee requires a lookup for each account the transaction uses, which with address lookup tables can be rather large. Would a simpler solution be adding an infallible transfer built-in program (i.e. the transfer happens even if the transaction fails) where the source is the fee payer and the destination can be application dependent? The DEX can use the instructions sysvar to inspect the transaction and reject the transaction if the infallible transfer isn't to its liking (right destination, sufficient quantity). It's true that this idea doesn't prevent people from write locking the account just to cause trouble, but anyone write locking the account with a hope of actually making a trade would need to include this instruction. This feels immensely easier to implement and also gives the application tons of flexibility as to what fees it requires, when, and how to rebate them. |
|
the issue with this kind of solution is, that it requires for a program to store the relationship between account and write-fee. hence "enabling" application fees now requires some change to the program's account data & it's CPI interface (require new write locked accounts). traditionally changes to account data has been avoided, might be less of an issue now, after the realloc release. changes to CPI interface though are painful to roll out in production. |
godmodegalactus
force-pushed
the
application_write_account_fees
branch
from
8ec9d34
to
1a2b8a7
Compare
|
@t-nelson I have rewritten the proposal with details as required. |
I like this idea. Something akin to the instruction to request TX prioritization fee, or similar to request TX CU limits. With this, the transaction's ApplicationFee will be know upfront (before accounts are loaded). On a separate note, due to the similarity this IX has with other IXs (such as requesting compute units, or request prio fee etc. ) One idea mentioned on Discord is to have one general IX that takes a TLV list to set all sorts of limits. The idea is to reduce number of IXs since there is limited space for IXs per TX. wdyt? |
|
Here are some responses and thoughts. I'll also add notes on the PR.
If you didn't want to use a bunch of PDAs, you could have the infallible transfer go to the account they are attempting to write lock. Then you would check they paid the fee happen using the instructions sysvar (which I agree is not ideal). The instructions sysvar isn't one that you can access with
I understand the pain, but it feels a little backwards to me to change the runtime to avoid changing the program.
I found this section way more complicated than necessary. I think you're calling two different things
I like this idea too, but it has the same problem with not actually preventing DoS attacks that my infallible transfer idea has. If a transaction specifies a low limit, it may successfully write lock the account and then fail.
I am not in favor of this idea. The instruction limit is 64, which (as far as I know) people don't run into regularly. Normally the constraint people run up against is the transaction size, and this idea won't make much of a difference. The |
| ## Summary | ||
|
|
||
| This SIMD will discuss additional fees called Program Rebatable Account Write | ||
| Fees or PRAW Fees. These fees are decided and set by the dapp developer to |
There was a problem hiding this comment.
These fees are decided and set by the dapp developer
how can this offer any protection if left to an attentive, competent dapp developer to deliberately act with good will?
the usability of the chain cannot be left to humans. the protocol MUST drive up fees on the write-contested state. dapp developers can then opt to rebate, in part or whole, for the accounts owned by their program(s). if the protocol can't defend itself against poorly behaving programs/users (by pricing them out!), then its fate is sealed
There was a problem hiding this comment.
As stated in the proposal, this proposal is not targeting the congestion control of the whole cluster by itself. This proposal only aims to give dapp authority more control over the usage of the dapp. It is in the dapp programmers/ authority best interest to set this fee correctly do that they make it hard to spam their dapps but not so high that it discourages users to use the dapp. For congestion control there are other fees that are been discussed.
There was a problem hiding this comment.
it's not the protocol's job to make dapp users happy. it's the protocol's job to ensure that poorly designed dapps' users are maximally unhappy so that they either a) stop using the dapp, or b) convince the dapps' developers to improve the dapp.
handing this proposal the most valuable, sought after eight bytes in all of the protocol, to only kinda, maybe improve one thing in a very brittle and easy to misuse way would be pretty negligent on the part of protocol maintainers.
There was a problem hiding this comment.
eight bytes to implement program defined account write access control. if it's too much, we might be able to reduce to less if that's more appropriate. we need at least 4 bits though.
| collected on the account on which they were set. These fees would be only | ||
| applied if the account is write locked by the transaction. The owner of the | ||
| account can do lamport transfer to recover these fees. So instead of fees going | ||
| to the validator, these fees go to the **dapp developers**. It will be dapp |
There was a problem hiding this comment.
these fees go to the dapp developers
1) WHAT
how are these incentives in any way productively aligned?
any unrebated fees should be burnt to avoid encouraging dapp developers from using them as a pure profit source. dapp developers bear no burden from having encouraged abusive behavior by their users while causing externalities that likely effect other users. this behavior should be punished, not rewarded.
allowing the dapp devs to retain any fees incentivizes them to design zero-sum races to create state-write competition and justify driving up praw fees.
There was a problem hiding this comment.
I assure you that driving up the PRAW fees for a dapp is not a good idea. Having high PRAW fees will make the app unattractive for the users. Who will want to trade on dapp which requires 1SOLs of PRAW fees to place an order? Dapp developers always have to find best threshold.
Do you have any concrete examples why do you think dapp developers will like to increase the PRAW fees?
There was a problem hiding this comment.
Having high PRAW fees will make the app unattractive for the users.
this is 100% the goal. the game design is poor if it's encouraging users to behave abusively either via greedily writelocking or spamming duplicate transactions.
Do you have any concrete examples why do you think dapp developers will like to increase the PRAW fees?
if dapp developers are receiving the fees, they have every reason to maximize that income stream
There was a problem hiding this comment.
This is wrong for so many reasons. You argumentation is ad absurdum.
- The operating system design is poor when process isolation is not guaranteed, not the application design.
- Dapp developers need to provide lowest fees to their target users as they try to maximize value / cost of service. Users are in full control about the fees they agree to when signing a transaction.
|
|
||
| Addition of new syscalls to get, set and rebate PRAW fees during program | ||
| runtime. Application developers will be able to rebate these fees through the | ||
| new syscall, but only if the transaction succeeds, this way transactions |
There was a problem hiding this comment.
| new syscall, but only if the transaction succeeds, this way transactions | |
| but only if the transaction succeeds |
i don't really understand the justification for this requirement. ofc the fee-payer must have a sufficient balance for the tx to be eligible for execution, but why does that have anything to do with the eventual result of the transaction?
the feature is being implemented in the runtime, it can side step normal tx execution rules if need be. an example of this is how transactions making use of durable nonces advance the stored recent blockhash so long as the transaction is eligible for execution, regardless of its result. this includes instruction errors, which typically revert all non-fee effects of execution.
the success requirement is going to make it very risky to even attempt a transaction that the user doesn't have high confidence will succeed. that is, the ones this feature is meant to curb. additionally, it harms practical composability as the combinatorial complexity of programs leveraging others makes confidence in the success of a transaction if more difficult to reason about.
it seems far more equitable to honor rebates for all logic that was executed in good will up to failure. this would allow for rebating logic to be implemented in one spot at the end of each instruction, having done relevant accounting during its execution
There was a problem hiding this comment.
Imagine the following transaction,
if (I_am_making_profit) {
cpi_into_the_dapp_ixA()
} else {
return Ok(())
}
as a dapp authority I want to punish this kind of spamming. Dapp adds PRAW fees on the accounts so that payer will get rebate only if ixA is called. So spammer can get creative, they create a transaction with two instructions. First instruction will call the ixA and second will do something like this:
I (!i_am_making_profit) {
return Err(not_making_profit)
}
So spammer will get rebate from the first instructions and in the second he will fail successfully bypassing the PRAW fees.
There was a problem hiding this comment.
that's fine, PRAW fees on accounts owned by w/e program declares ixA get charged. however if that same program had earlier cpi'd into some other program who rebated their PRAW fees for good behavior, those rebates should be honored regardless of the transaction result. that is, program B should not be able to preempt rebates by program A (assuming programs are executed in alphabetical order 😉)
There was a problem hiding this comment.
additionally, it harms practical composability as the combinatorial complexity of programs leveraging others makes confidence in the success of a transaction if more difficult to reason about.
The reason why dapp chains are popular is that the developers can actually permission on-chain composability and prevent "noisy neighbors". This proposal is aimed at enabling developers on a shared L1 the same level of access control through an economic incentive. Obviously "it harms practical composability", there is no way to ensure process isolation without restricting the current model. End-user transactions using the reference client should simply never fail, it can be completely avoided.
it seems far more equitable to honor rebates for all logic that was executed in good will up to failure. this would allow for rebating logic to be implemented in one spot at the end of each instruction, having done relevant accounting during its execution
That's an assumption this proposal doesn't make. It should be left to the dapp developer to freely decide when to rebate. Simple ix-level decisions are a special case for infrastructure applications with simple read/write access rules (like pyth). End-user applications often use far more instructions, so a check per instruction is not economical use of CU.
the feature is being implemented in the runtime, it can side step normal tx execution rules if need be.
That's something we actually didn't consider, it's a largely negative change imo though:
- it creates harder to reason about semantics for dapp developers. It's way easier to communicate, tx fails -> rebate fails.
- it allows for exploiting program errors as free rollbacks after fees have been rebated
those rebates should be honored regardless of the transaction result. that is, program B should not be able to preempt rebates by program A
The signer of the transaction wasted valuable blockspace of program A through his failure to create a successful transaction combining program A and program B. He should reimburse program A roughly the expected profit it could extract from the same amount of blockspace. Program B has the same claim towards the signer from my PoV.
| Once PRAW fees are paid on an account by the payer they are valid for the whole | ||
| transaction, even if the same account is write-locked in multiple instructions. |
There was a problem hiding this comment.
this sounds like a footgun. if a program contains both an innocuous instruction, that writes and rebates an account, as well as one that has state competition on that same account, users can just use the former as a NOP to get their rebate before competing on the latter.
charging the fee per-account-reference seems much safer
EDIT: I see this scenario mentioned later in the doc(:tada:), leaving my comment here though
There was a problem hiding this comment.
If it is not clear the writing of the PRAW fees is not taken into account during the transaction. This is important to encourage users to create transactions with more instructions.
There was a problem hiding this comment.
If it is not clear the writing of the PRAW fees is not taken into account during the transaction. This is important to encourage users to create transactions with more instructions.
i don't understand this statement at all.
- what does "writing" mean in this context?
- why are transactions with more instructions good/relevant?
| some parameters for the transaction. We create a new solana native program | ||
| `TransactionHeaderProgram` that decodes the instruction data using a type length | ||
| value structure (`TLV`) format and computes the required | ||
| `TransactionHeaderParameter`s for the transaction. The `TLV` structure is well | ||
| defined for accounts in solana program library repository we will extend the | ||
| definition for instruction data. As we have multiple transaction header |
There was a problem hiding this comment.
all of this tvl stuff, while generally a good idea (i proposed it after all 🙃), belongs in a separate SIMD. it's only adding noise in this one. here we can just discuss additions as compute budget program instructions, knowing that they may never actually get implemented there.
i won't be commenting on the tvl-related stuff here as a result
There was a problem hiding this comment.
Anyways we need to add a way to set PRAW fees. It will be harder to set in compute budget, would be better if it is a part of compute budget instruction. That is why I made it a part of this proposal.
There was a problem hiding this comment.
It will be harder to set in compute budget, would be better if it is a part of compute budget instruction.
is there a typo in here? i'm reading it as a self-contradictory statement.
| Let Overpaid amount (`O = M - T`) | ||
|
|
||
| After execution, we iterate on the rebates issued to calculate total rebated | ||
| amount (`R`), For an account there could be multiple rebates during a |
There was a problem hiding this comment.
For an account there could be multiple rebates
huh? it was stated above that an account is only rebated once
There was a problem hiding this comment.
Program can issue multiple rebates but only the maximum will be taken into account. The rebate will be issued by the runtime only once.
There was a problem hiding this comment.
sounds like this section is not sufficiently defined then
| After execution, we iterate on the rebates issued to calculate total rebated | ||
| amount (`R`), For an account there could be multiple rebates during a | ||
| transaction. Consider that there are `N` rebates on ith account. Each rebate | ||
| will be represented as `Rin`. |
There was a problem hiding this comment.
can't the syscall just accumulate the rebates in the TransactionContext? then all we do is transfer that amount of lamports back after execution
There was a problem hiding this comment.
Thtas the idea.
There was a problem hiding this comment.
that's not clear from the description
| We then transfer `(Pi - Ri) * C` into each writable account and `O + R` back to | ||
| the payer. | ||
|
|
||
| ### Consumption of CUs |
There was a problem hiding this comment.
these costs should be measured like the rest of the native ops, not extrapolated
There was a problem hiding this comment.
Ok noted, will update these costs accordingly once the changes have been done.
|
|
||
| ## Backwards Compatibility | ||
|
|
||
| This feature does not introduce any breaking changes. The transaction without |
There was a problem hiding this comment.
This feature does not introduce any breaking changes
it breaks consensus. everything the implementation touches in runtime must be feature gated
There was a problem hiding this comment.
Yes agreed, I think it is described.
| If the dapps want to rebate PRAW fees they have to implement very | ||
| carefully the logic of rebate. They should be very meticulous before calling | ||
| rebate so that a malicious user could not use this feature to bypass | ||
| PRAW fees. Dapp developers also have to implement additional |
There was a problem hiding this comment.
good that you recognized how brittle this proposal is in practice. we need to fix that. writelock spamming does not come about by demonstration of intelligence by user nor dapp developer.
There was a problem hiding this comment.
This is not the place to discuss any individual's intelligence.
There was a problem hiding this comment.
ah. this one. apologies this was meant to imply that we're going to get into this situation by greed, not careful thought. i can see how it might be taken as ad hominen if read literally 😅
Co-authored-by: Trent Nelson <[email protected]>
Co-authored-by: Trent Nelson <[email protected]>
Co-authored-by: Trent Nelson <[email protected]>
|
This seems like a lot of work for limited gain. This proposal depends on being able to distinguish spam from regular user congestion using on-chain program logic, which is traditionally a losing war. Spamming is usually easier and less risky than defending against such spam, especially when such defenses have to be implemented in on-chain program logic. Worse, these upfront fees introduce additional risk to users of programs, who now have to trust the program that excess fees will be returned. I would therefore recommend against implementing this proposal. I suggest using a fee mechanism reflects supply (account write/read rate) and demand (spam, user txns) instead. While this may be more expensive to users in the case of spam, it can be assumed that honest users can outprice spammers. |
Is there any technical complexity to implementing this on the firedancer side? Dapp developers can figure out strategies to reduce spamming when given some authority. Dapps can see reduced activity because most of the transactions in the block are errored spams. Currently there is no incentive to write proper bot code, nor to create transactions after reading the state of the cluster. Sufficient PRAW fees will encourage spammers to write more sophisticated code, and read the state of the cluster before making transactions to maximize gains instead of just spamming transactions and losing PRAW fees. |
|
@ripatel-fd @t-nelson @ptaffet-jump @jacobcreech Can we arrange a call to sort it out for this SIMD ? |
I don't see, why this is a valid assumption, our experience from observing live usage is exactly opposite.
Gross simplification: in cases where distinguishing is complex, a congestion control e.g. local 1559 can be implemented. Application already deploy on-chain program logic for congestion control, this just adds way more powerful arrows to the quiver. |
Do you have some experimental results based on observations from actual spammers? |
not if praw gets i'm generally in agreement with comments from the jump folks here, this is pretty invasive and not solving all that it could be. tack on the self-admitted difficulty of using it correctly and i think we need to keep thinking on this problem |
Basically every time there is a large amount of liquidations on-chain. Most risk engines with permissionless liquidation endpoints experience this effect. My favorite suspect was a company launching a network of around 20 machines in different data centers to spam failing transactions as fast as possible. Unfortunately I don't have their measurements, but I am sure that no one ends up with such a solution when they don't have reason to justify the expense. Another example was abas an arbitrage bot many users were running (30+) to capture the spreads between mango v3 & drift v2, which debuted on-chain simulation because rpc level simulation didn't lead to the expected profit margins. Both deployments were easy to identify and would have been easily kept at bay, without any complex logic on the application side. Simulation of risk free arbitrage with another program as well as a liquidation (write lock of another user's account) are easy to identify and penalize. I don't get where these theories of "impossible cat and mouse game" are coming from. There are very simple solutions that only this SIMD allows that prevent 90% of the issues we have seen. |
What are you referring to with Apart from that I don't understand your argument, what exactly is difficult (for you? for me?)?
This is not trying to solve every problem we see with a silver bullet, but it's aimed to precisely address an issue we will always see, no matter how cluster wide contention issues are resolved. A lot of the critique seems to come from the disappointment that it doesn't provide a solution to that problem, but that is not the intention. Different problems need different solutions. This is not a block building paradigm, this is purely a feature for dapp developers to enforce users to not use stale state to form transaction and split their transactions to be easy to parallelize by the scheduler. |
|
I haven't chimed in a while, but I left a lot of comments: I hope they make clear, that the base layer has the duty to adequately protect the blockspace available to the applications. If it can not create an environment that protects application resources from being denied access momentarily by external parties "just because they can afford higher priority fee". It's simply the equivalent of a corrupt government. Hence account ownership means nothing if the write access to the account can not be governed by the application. This problem is in discussion now for 12 months, there is no other design currently proposed as a SIMD, I would be very happy to read one, as I just want to get rid of the problem. To me this is an indication that we sussed out all directions and this is actually the only way to solve the problem in reasonable timeframe. I see a lot of comments from different people on this proposal, that's great and I appreciate most of them. I just want to mention that the clear lack of ownership is frustrating to deal with. In a conversation with Michael Vines on last Friday, and I want to quote him here "we can just merge it" there was 0 appeal to this. This was in a meeting, that has regularly happened for nearly a year, which @t-nelson never did care to attend albeit being invited. Trent, if you can clear you schedule for a few hours anytime you want, we can run through this with you. If you are so busy, let us be flexible, this would be a great way for us to work towards a solution. |
these are the soon to be free bytes from
the state-local scarcity mentioned above is also what motivates my contention here, that we need to make the most use of these bytes possible i think the broad strokes of this design are good. the mechanics and incentives are what concern me.
these are my main sticking points. i don't believe resolving them is far enough off of this proposal to justify a new one, though i suppose we could go that route. the footguns can likely be resolved by docs and education.
i don't recall being invited to any such meetings. there was one last week that i was unable to attend, but i was under the impression that its topic was your grant more broadly, of which i have little knowledge of the terms (and did leave some feedback prior with others who were attending). happy to attend any future calls, just please make sure i'm in fact on the invite! |
After thinking over weekend, I have the following conclusions and points of disagreement that should be resolved:
This SIMD highlights the difference of opinion between L1 and dapp developers. It is hard to change L1 without providing any concrete solution that resolves most of the issue, and dapp developers cannot enforce how their dapps are used. So in summary, SIMD-16 solved many issues but fails to get consensus over some philosophical questions and one technical issue about changing the account structure. |
mvines
changed the title
jacobcreech
added
standard
…count_fees_changes_oct_2023 Changes to remove rebates syscall and update the motivation
|
Updated the proposal to make motivation more clear. |
|
whats currently blocking this going through? |
This comment was marked as off-topic.
This comment was marked as off-topic.
A few things
I too am strongly against this proposal. |
|
This proposal has been stagnant for 4 months without a clear direction for its future. I believe this proposal, although its technical formulation is largely sufficient for acceptance, it introduces many questions and many issues. Certainly many more than it addresses:
The best engineering/economic solutions have answers to questions like these, or can at least defend against the alternatives. Every one of these questions has had a pretty nasty counterpoint that other simpler, tried solutions do not suffer from. For these reasons, I plan to move this PR into a stagnant state soon. |
This proposal is widely loved by many while equally hated by many. Technically it will reuse rent epoch space to save the required information with little to nothing performance impact. Question 1. Is a philosophical question while the arguments why the dApp should receive the fees has been explained in the proposal, there are also a few reasons not to do so. Question 2. Theoretically reduces spam but testing its effect is hard to predict unless it lands the mainnet. Question 3. Frankly did not understand the 3rd question. Question 4. We have been approached by many protocols showed us their support and who were ready to adopt, but it would have required additional development on their side. Question 5. I have been wondering of this question for a long time. In any case I agree to move this proposal to a stagnant state soon. I can revive the proposal whenever I have more support from the community. |
|
I am marking this SIMD as stagnant. |
SIMD for what was discussed solana-labs/solana#21883
A POC is also implemented for the same link at the end of the document.