Skip to main content

50 posts tagged with "ledger"

View All Tags

· 2 min read
Alexey Kuleshevich

High level summary

This period we reached a major milestone, namely we now have an initial version of Conway conformance testing working. We are now able to generate random valid data with the help of constraint based testing framework, apply that data to Conway Ledger rules and verify that the output matches to the one produced by the executable version of the Formal Ledger Specification, when it is applied to the same random data.

We also had a couple of Conway bugs fixed and a few new predicate check implemented. Get Constitutional Committee query is complete and tested. Various improvements to the testing tools. Addition of more test cases.

Low level summary

Conway

  • pull-3888 - Add checks for valid ProtVer when a proposal is a HardFork
  • pull-3902 - Fix pvCanFollow usage in Conway and improve clarity in Shelley
  • pull-3855 - Remove unreachable proposals
  • pull-3903 - Add lenient decoder for Addr
  • pull-3878 - Committee query - implement next epoch change

Testing

  • pull-3893 - Move tree-diff dependency to tests together with all instances
  • pull-3896 - Fix Brute force failure
  • pull-3904 - New ListWhere Pred added to the Constrained Solver.
  • pull-3907 - cardano-ledger-conformance: Remove CHANGELOG.md from cabal file
  • pull-3883 - Committee QuerySpec Imp Test
  • pull-3909 - Make impAnn a bit more useful, by making the logs scoped by impAnn
  • pull-3908 - Use upstream testing instances for very basic types
  • pull-3912 - Removed call to tail, and the 'watchPulser' test
  • pull-3852 - Added constrained generators to conformance tests - Part 1

Improvements and releasing

· 2 min read
Alexey Kuleshevich

High level summary

Last two weeks progress was mainly on testing, bug fixes and improvements to clarity of CDDL specification. Important bugfixes include:

  • Fix deserialization of ValueNotConservedUTxO predicate failure that could not previously report zero ADA.
  • Fix deserialization of CostModels in the PParamsUpdate. Invalid CostModels are no longer allowed, only CostModels for unrecognized Plutus versions are allowed starting with Conway
  • Fix returning of Deposits for ProposalProcedures

Testing tooling has been improved and new tests have been implemented for Conway era.

Low level summary

Conway

  • pull-3858 - Restructure computing Refunds and Deposits in a TxBody across all eras
  • pull-3860 - Removed mock/crypto.cddl, added optional tag to sets
  • pull-3864 - Fix Proposal deposits and add deposit tests to imp tests
  • pull-3859 - Rename ProposalsSnapshot to Proposals
  • pull-3867 - MaryValue fixes
  • pull-3869 - Indicate that tag 258 is optional for OSet. Fix rational CDDL
  • pull-3863 - Improve deposits refunds re-usability
  • pull-3861 - Fail PParamsUpdate deserialization for invalid costmodels in Conway
  • pull-3875 - Fix cddl spec for CostModels in Conway
  • pull-3876 - Change 4 PParam fields from EpochNo to EpochInterval
  • pull-3884 - Relax requirement on the Set tag 258 to be enforced in the next era

Testing

  • pull-3868 - Improvements to support property tests on Traces with simple Tx with DRep related Certs
  • pull-3792 - RATIFY and GOV constraint tests
  • pull-3885 - Added a test for genTxAndNewEpoch
  • pull-3886 - QuickCheck Imp integration

Improvements and releasing

· 6 min read
Kevin Hammond

High level summary

We have undertaken an initial high-level security analysis of the CIP-1694 design. We summarise the analysis and our responses here.

Initial CIP-1694 Security Analysis and Responses

Section: The constitutional committee

  • “For example, if we consider the hypothetical Constitution rule "The Cardano network must always be able to produce new blocks" - In this example, if the governance action to reduce block size to 0 is passed, then there will be no way of passing or enacting further proposals. That is, this governance action is completely non-reversable. Suggestion: Instating a built-in mechanism that checks (and perhaps enforces) that the proposed governance actions, if passed, can be reverted in the future.

There is a 'guardrails document' in preparation which captures issues such as these. Some of them may be automatable, as suggested; others will need to be evaluated by humans.

Section: Size of the constitutional committee

  • A possible issue with very large committee sizes (or large number of proposals/voters in general) is that it may take longer to have votes appear on-chain, which in extreme cases may require longer voting periods.

Thanks. Yes, we’ve been thinking about this issue for a long time, see for example the section ‘Final safety measure, post bootstrapping’. We don’t consider this as an issue for the CC since they need to be elected while DReps can just register, so we expect the number of CC members to be much less than the number of DReps

Section: Terms

  • The following sentence is a bit awkward to read: “For example, a committee of size five with a threshold of 3/5 a minimum size of three and two expired members can still pass governance actions if two non-expired members vote Yes.” —> Suggestion: “For example, if we have a committee of size five with a threshold of 3/5, then a committee of three non-expired and two expired members can still pass governance actions if two non-expired members vote Yes.”

Thanks. Yes, that suggestion is a bit easier to read.

Section: Registered DReps

  • “Additionally, registered DReps will need to vote regularly to still be considered active.” - There is a minor issue with requiring “voting regularly”. That is, if there are no proposals to vote on for a long time, this means that no DRep can vote regularly (or they have to issue bogus proposals just to vote on them).

Thanks. We’ve added a mechanism to prevent that issue in the spec/code where if there’s nothing to vote on for an entire epoch, we increment the epoch that each DRep expires.

Section: Ratification

  • It is a bit unclear why protocol changes: network group and technical group are two separate groups.

These correspond exactly to the groups that are administered by the Parameter Committee.

  • I didn’t understand the rationale for requiring 100% “Yes” votes to pass “Info” type governance actions? It seems they have the least potential to harm the system.

Yes, it’s not about harming the system, since Info actions have no direct effect on the operation of Cardano. The motivation is simply to record the actual level of support for the action.

Once an action is enacted it’s no longer possible to vote on it. So if there was e.g. a threshold of 50%, then there is no way of telling whether the support for it might eventually have reached 90% or higher if it was not immediately enacted when the threshold was reached.

Section: Content

  • For Hard-fork initiation, the changed parameters should probably also be required as part of Additional data.

Protocol parameters can be changed in arbitrary ways by the hard fork and new ones might be introduced, so anything this action pins down might not actually be the value that will be present after the hard fork.

Section: Protocol Parameter groups

  • It is a bit unclear to the reader what some of these parameters mean, for example: monetary expansion (rho) and treasury expansion (tau). Suggestion: Include brief explanations for the non-obvious parameters.

These are existing protocol parameters, described in e.g. https://cips.cardano.org/cips/cip9/9 or The Cardano Protocol Parameters Guide.

  • With the current set of governance actions, it seems that it is not possible to add new types of protocol parameters, or categories of governance voting thresholds. Suggestion: Consider possibility of incorporating governance actions that allow addition of new protocol parameters, deletion of defunct protocol parameters, or modification of governance voting threshold categories.

All of this needs to be done via a hard fork. If we had an action that added a parameter then there is no way of giving it semantics anyway, since that must be done by logic in the code.

Section: Votes

  • Is a constitutional committee member also a DRep? If so, do they vote twice, once as a committee member and once as a DRep?

They may or may not be (and they could also be an SPO). Note that this is fine, since these are completely separate tallies. This is also not preventable, since we don’t have an on-chain mechanism for identity. And yes, each credential gets to vote on each action for all roles in the governance system it has.

Section: Separation of Hard Fork Initiation from Standard Protocol Parameter Changes

  • It is unclear whether there would be automated checks for whether a proposal is indeed a soft fork or hard fork, which would reduce human error in categorising proposals.

There is no on-chain mechanism that could enforce this, the best we could do is some kind of certificate. However, this may not be trustworthy, of course. We will consider this in future versions of Voltaire.

Section: Changes post Edinburgh workshop (July 2023)

  • “All governance actions are enacted one epoch after they are ratified.” - I’m not sure if this line is currently in the main body of the CIP?

It is, but it is phrased differently: ‘All governance actions are enacted on the epoch boundary after their ratification.’

Section: Reduced deposits for some government actions

  • Another downside of requiring endorsement from the constitutional committee is that this likely does not apply to constitutional committee-related proposals, such as no-confidence votes.

Indeed. We have no plans for this at the moment.

· 3 min read
Alexey Kuleshevich

High level summary

This update contains mostly improvements to quality of Conway era implementation and tooling that we use for testing Ledger. Major Conway bugs that were discovered and squashed are:

  • PParamsUpdate proposals will now correctly use DRep thresholds for ratification
  • Treasury withdrawals are now properly enacted.
  • Corrected snapshotting and DRep Stake Distribution Pulser initialization
  • Delegation to non-existent Stake pool is no longer possible

Other important quality of life improvements are addition of reusable interfaces for an ordered set OSet and ordered map OMap. Which allowed us to disable duplicate certificates and proposals in a transaction. As a precursor to PlutusV3 integration, a serious reorganization of Plutus related functionality was performed.

Conway related additions that are noteworthy: Conway Ledger events, disallowing voting on expired proposals, addition of Anchor to Constitutional Committee resignation proposals.

Significant improvements have been made to a specialized "Imp" test library that allows us writing concise stateful unit tests for verifying the Ledger logic. Serious progress has been made on the conformance testing, where we can now interface with Haskell generated code from the Agda specification. Serialization testing has been extended to increase binary conformance coverage.

Low level summary

Conway

  • pull-3808 - Enhance CommitteeMembersState query to return quorum and NoConfidence
  • pull-3801 - Fix epoch rule and tests
  • pull-3803 - Fix delegation validation
  • pull-3759 - Reshuffle things to the DRepPulser incorporates some snap shot things
  • pull-3779 - Prevent duplicate certs and proposals
  • pull-3794 - Added anchor to resign certs
  • pull-3797 - Cleanup JSON instances for Conway governance
  • pull-3848 - Plutus modules restructure
  • pull-3840 - Fix anomalies in Deposits in the Conway Era
  • pull-3856 - Add governance related ledger events
  • pull-3825 - Prevent voting on expired GovActions
  • pull-3831 - Treasury withdrawal fix
  • pull-3791 - Use a Data.OMap.Strict to replace ProposalsSnapshot
  • pull-3836 - PParamsUpdate enactment fix
  • pull-3846 - Revert argument order swap.

Testing

  • pull-3782 - Move ImpTest to Shelley testlib
  • pull-3842 - Imp improvements
  • pull-3844 - Add mappings to Agda types
  • pull-3853 - Fix strange assertion failure, which hides real Block too big problem.
  • pull-3809 - CDDL roundtrip testing
  • pull-3832 - Treasury withdrawals tests
  • pull-3839 - Added cardano-ledger-conformance
  • pull-3841 - Add sha256 to cardano-ledger-executable-spec

Improvements and releasing

  • pull-3843 - Add ...WithLogs versions of evalScripts and friends
  • pull-3795 - Bump plutus to 1.15
  • pull-3798 - Bump urllib3 from 1.26.17 to 1.26.18 in /doc
  • pull-3799 - Changes needed for 8.6 release
  • pull-3807 - Add invalidBeforeL and invalidHereAfterL functions
  • pull-3819 - Fixups needed for a release
  • pull-3829 - Post release CHANGELOG version bumps
  • pull-3830 - Bump aeson to 2.2
  • pull-3833 - Backport release cardano-ledger-conway-1.10.1.0
  • pull-3828 - Add changelog for node release 8.6

· One min read
Alexey Kuleshevich

High level summary

The Ledger team has been shifting focus from implementing Conway related features to testing. For this reason there is a very little amount features that are reported this time aorund. Notable Conway related changes are a specialized ledger query for getting Constitutional Committee state and prevention of submitting proposal procedures that have no valid path to enactment.

Testing related work was mainly on a constraint base system as well as on roundtrip serialization. As a result of this extra testing a bug in Conway Genesis serialization was eliminated.

Low level summary

Conway era

Integration and releasing

Testing

  • pull-3769 - Add roundtrip testing by validating FlatTerm
  • pull-3783 - Update TranslationInstance.hs
  • pull-3775 - Refactor and improve constraint based STS tests
  • pull-3793 - Fix sums with negative RHS.