|
| 1 | + Protocol update commentary |
| 2 | + |
| 3 | +Protocol Version: 7 |
| 4 | +Builds on Protocol Version: 6 |
| 5 | + |
| 6 | +Protocol version 7 introduces protocol changes in the following key areas: |
| 7 | +- smart contract costs |
| 8 | +- new smart contract queries |
| 9 | +- modified stake cooldown behavior |
| 10 | +- removal of shielded transactions |
| 11 | +- redefined block hashing |
| 12 | + |
| 13 | +This document provides commentary on each of these changes, elaborating on |
| 14 | +the rationale for each. |
| 15 | + |
| 16 | + 1. Smart Contract Costs |
| 17 | + |
| 18 | +The cost of a smart contract transaction (such as a contract init or update) |
| 19 | +is a function of the WebAssembly instructions that are execute in computing |
| 20 | +the outcome of the transaction. Each instruction is associated with a cost |
| 21 | +(measured in "interpreter energy"). When a smart contract module is deployed |
| 22 | +on the Concordium blockchain, the nodes apply a transformation on the |
| 23 | +WebAssembly code that instruments it with metering instructions, which track |
| 24 | +the interpreter energy usage during program execution. A smart contract |
| 25 | +transaction (as with other transactions) has an energy limit associated with |
| 26 | +it. If the energy usage during execution exceeds this limit, the transaction |
| 27 | +will simply fail. The energy used by the transaction is ultimately paid for |
| 28 | +by the sender of the transaction in a proportional amount of CCD, and these |
| 29 | +fees are used to recompense validators. |
| 30 | + |
| 31 | +The purpose of all of this is to limit the demands that individual |
| 32 | +transactions can place on the resources of nodes in the concordium blockchain, |
| 33 | +specifically, execution time. Accordingly, the costs associated with |
| 34 | +instructions are intended to be a close proxy for the actual execution time. |
| 35 | +The costs are assigned based on benchmarking so that 1000000 energy |
| 36 | +corresponds to roughly 1 second of execution time. (Note that the actual |
| 37 | +execution time cannot be used to determine the cost of smart contract |
| 38 | +transactions, since it will vary from node to node and consensus requires |
| 39 | +that nodes agree on all details.) |
| 40 | + |
| 41 | +Concordium node version 7 improves smart contract execution by employing a |
| 42 | +compilation phase that transforms the stack-machine based WebAssembly into |
| 43 | +a register-based intermediate representation. This representation can be |
| 44 | +interpreted more efficiently, as operations are performed directly on their |
| 45 | +operands, eliminating stack manipulation. The result of this is that |
| 46 | +execution times are typically around 3 times faster. Accordingly the cost |
| 47 | +of WebAssembly instructions is redefined to reflect this. |
| 48 | + |
| 49 | +When a smart contract makes a call to another smart contract, the calling |
| 50 | +contract's state remains in memory, while the callee's state is also |
| 51 | +loaded. In the case of a long chain of such calls, this can use a lot of |
| 52 | +memory, potentially exhausting the resources of nodes. Previously, the |
| 53 | +energy limits were deemed sufficient to limit the resource usage. However, |
| 54 | +in light of reduced energy costs, it was decided to impose a limit on the |
| 55 | +depth of nested inter-contract calls to 384, to guard against resource |
| 56 | +exhaustion. |
| 57 | + |
| 58 | + 2. New Smart Contract Queries |
| 59 | + |
| 60 | +Protocol version 7 introduces new query operations that are available to |
| 61 | +smart contracts. These operations get the module reference and smart |
| 62 | +contract name associated with a smart contract instance. This can be used |
| 63 | +to check if a smart contract instance is an instance of a particular known |
| 64 | +smart contract, for example, or to check if a smart contract has been |
| 65 | +upgraded (in which case, its module reference will change). These kind of |
| 66 | +checks can be useful when designing smart contracts to interact in a |
| 67 | +partial-trust situation: a smart contract can authenticate the other |
| 68 | +contracts it interacts with before determining whether to trust them. |
| 69 | + |
| 70 | +A common question from smart contract developers (particularly those |
| 71 | +coming from Ethereum) is how to implement a factory pattern on Concordium. |
| 72 | +The architecture of Concordium's contracts (separating module deployment |
| 73 | +from contract initialization) means that typically a factory pattern is |
| 74 | +not required. However, these new contract inspection operations provide |
| 75 | +a way of emulating the factory pattern in the cases where it is needed. |
| 76 | +For details, see: |
| 77 | +https://developer.concordium.software/en/mainnet/smart-contracts/guides/factory-pattern.html |
| 78 | + |
| 79 | + 3. Stake Cooldown Changes |
| 80 | + |
| 81 | +The changes to stake cooldown have two main effects. First, when validators |
| 82 | +and delegators reduce (or remove) stake, the amount of the reduction no |
| 83 | +longer contributes to the calculations that determine lottery power and |
| 84 | +rewards (after the following payday), but is held in a cooldown state |
| 85 | +where it cannot be spent. Second, while stake is in cooldown, further |
| 86 | +changes to the stake can be made, such as increasing it, decreasing it |
| 87 | +further, removing it, or even changing between validator and delegator. |
| 88 | + |
| 89 | +The first change brings Concordium closer in line with common industry |
| 90 | +practice, while also strengthening a buffer against nothing-at-stake |
| 91 | +attacks, since a malicious validator cannot sell their stake for a |
| 92 | +certain time after they no longer have any effective power in the |
| 93 | +proof-of-stake consensus. |
| 94 | + |
| 95 | +The second change gives validators and delegators much more flexibility. |
| 96 | +Previously, while stake was in cooldown, the stake could not be changed |
| 97 | +(neither up nor down) and it was impossible to transition directly between |
| 98 | +being a validator or a delegator. In protocol version 7, both of these |
| 99 | +are possible. This change is of particular benefit to custodial staking |
| 100 | +providers, who may hold stake for multiple customers on a single (validator) |
| 101 | +account. The new arrangement allows them to withdraw funds for different |
| 102 | +customers independently. For instance, under the old scheme, if the staking |
| 103 | +provider unstaked customer A's funds, and then wished to also unstake |
| 104 | +customer B's funds, then they would have to wait two full cooldown periods |
| 105 | +before B's funds were unstaked, no matter how soon they requested them after |
| 106 | +A's funds were already being unstaked. In the new scheme, the fact that |
| 107 | +A's funds are in cooldown does nothing to prevent B's funds also moving to |
| 108 | +cooldown. |
| 109 | + |
| 110 | + 4. Removal of Shielded Transactions |
| 111 | + |
| 112 | +Shielded transactions allow accounts to send funds to each other while |
| 113 | +obscuring the exact amount of the transfer. Part of the rationale for |
| 114 | +supporting such transfers was to enhance the privacy for users, since the |
| 115 | +blockchain is an entirely public record. |
| 116 | + |
| 117 | +This feature has not seen wide adoption (at time of writing, less than |
| 118 | +200000 CCD is shielded) and has generally been more confusing than |
| 119 | +beneficial for users, who may have mistakenly shieled their balances |
| 120 | +unnecessarily, without properly understanding the use of shielded transfers. |
| 121 | + |
| 122 | +Furthermore, financial institutions with obligations under |
| 123 | +anti-money-laundering laws may be hesitant to adopt Concordium under the |
| 124 | +impression that such a feature could possibly enable money laundering. |
| 125 | +In fact, the identity disclosure authorities and identity providers can, |
| 126 | +if necessary, unmask the shielded transfers on an account, providing a |
| 127 | +deterrent against and remedy for any use of shielded transfers for money |
| 128 | +laundering. |
| 129 | + |
| 130 | +For these reasons, it was decided to remove shielded transfers, disabling |
| 131 | +the ability to shield balances and to transfer shielded amounts. However, as |
| 132 | +shielded balances are encrypted, there is no way to simply unshield balances |
| 133 | +automatically. Therefore, the ability to unshield balances remains, and |
| 134 | +existing shielded balances on accounts will remain. |
| 135 | + |
| 136 | + 5. Redefined Block Hashing |
| 137 | + |
0 commit comments