Skip to main content

56 posts tagged with "ledger"

View All Tags

· 4 min read
Alexey Kuleshevich

High level summary

Major Conway related development was the refactoring of how we distinguish Plutus language versions in every era, thus drasticly improving the type safety and getting us much closer to PlutusV3 integration.

There has also been many bug fixes and improvements since the last update. Some important bug fixes are:

  • missing "protocolVersion" field in JSON instance for Babbage and Conway protocol parameters
  • requiring witnesses for DRep registration
  • new committee governance action ratification was implemented incorrectly
  • guard against invalid protocol versions in hard fork initiation proposals
  • failures during updates of Plutus CostModels were not retained
  • fixed the types for some protocol parameters in order to prevent values that are too large
  • serialization and CDDL fixes

A few useful features have been also implemented, like new ledger events, doubling the limit for Url length, consensus query, JSON instances and so on. It was also required for testing to implement a reliable transaction fee estimation function, which is now available not only for testing, but also for cardano-cli.

Low level summary

Conway

  • pull-3915 - Utilize Inject type class for Val's inject
  • pull-3899 - Bring Plutus language version to the type level
  • pull-3917 - Ensure DRepRegistration certificate requires a witness
  • pull-3921 - Fix committee validation in Ratify
  • pull-3935 - Fixed a bug in Conway.Rules.Gov
  • pull-3956 - Allow 128 byte Url and DnsNames for decoder version atleast 9.
  • pull-3954 - Fix how we update CostModels
  • pull-3947 - Change the type of some pparam fields to align with how they are represented in Consensus
  • pull-3951 - Conway genesis DRep injection
  • pull-3961 - Switch ContextError to an injective type family from a data family
  • pull-3963 - Abstract getWitsVKeyNeeded
  • pull-3933 - Improve cbor serialization of TxWits in Conway
  • pull-3971 - ToJson instances for context error
  • pull-3977 - Added GetAccountStateQuery
  • pull-3975 - Add policy hash protection to TreasuryWithdrawals and ParameterChange

Testing

  • pull-3892 - Translate DRep expiry test from ConwayFeatures to Imp GovSpec
  • pull-3913 - Add certs to conformance testing
  • pull-3911 - Add a Preds to generate valid GovActionStates.
  • pull-3929 - Improve comment on unit_interval in cddl
  • pull-3950 - Use discard to avoid bad traces for fixOutput
  • pull-3935 - Add some Imp tests for HardForkInitiation.
  • pull-3964 - Ignore thunks in utxosDeposited
  • pull-3962 - Add estimateMinFeeTx
  • pull-3976 - Introduce accurate min fee calculation function: calcMinFeeTx

Improvements

  • pull-3930 - Change type of mintedTxBodyL to PolicyID
  • pull-3924 - Split type classes out of eras Core module
  • pull-3934 - Type safety bugfixes
  • pull-3949 - Add FromJSON BabbagePParams instance
  • pull-3953 - Babbage / Conway PParams JSON serialization
  • pull-3946 - Epoch interval instances
  • pull-3932 - Add ledger event TxUTxODiff
  • pull-3969 - Add missing stake key deposit in formal spec
  • pull-3973 - Move functionality of Cardano.Ledger.Pretty to Test.Cardano.Ledger.Generic.PrettyCore

Releasing

· 2 min read
Alexey Kuleshevich

High level summary

This period we reached a major milestone, namely we now have an initial version of Conway conformance testing working. We are now able to generate random valid data with the help of constraint based testing framework, apply that data to Conway Ledger rules and verify that the output matches to the one produced by the executable version of the Formal Ledger Specification, when it is applied to the same random data.

We also had a couple of Conway bugs fixed and a few new predicate check implemented. Get Constitutional Committee query is complete and tested. Various improvements to the testing tools. Addition of more test cases.

Low level summary

Conway

  • pull-3888 - Add checks for valid ProtVer when a proposal is a HardFork
  • pull-3902 - Fix pvCanFollow usage in Conway and improve clarity in Shelley
  • pull-3855 - Remove unreachable proposals
  • pull-3903 - Add lenient decoder for Addr
  • pull-3878 - Committee query - implement next epoch change

Testing

  • pull-3893 - Move tree-diff dependency to tests together with all instances
  • pull-3896 - Fix Brute force failure
  • pull-3904 - New ListWhere Pred added to the Constrained Solver.
  • pull-3907 - cardano-ledger-conformance: Remove CHANGELOG.md from cabal file
  • pull-3883 - Committee QuerySpec Imp Test
  • pull-3909 - Make impAnn a bit more useful, by making the logs scoped by impAnn
  • pull-3908 - Use upstream testing instances for very basic types
  • pull-3912 - Removed call to tail, and the 'watchPulser' test
  • pull-3852 - Added constrained generators to conformance tests - Part 1

Improvements and releasing

· 2 min read
Alexey Kuleshevich

High level summary

Last two weeks progress was mainly on testing, bug fixes and improvements to clarity of CDDL specification. Important bugfixes include:

  • Fix deserialization of ValueNotConservedUTxO predicate failure that could not previously report zero ADA.
  • Fix deserialization of CostModels in the PParamsUpdate. Invalid CostModels are no longer allowed, only CostModels for unrecognized Plutus versions are allowed starting with Conway
  • Fix returning of Deposits for ProposalProcedures

Testing tooling has been improved and new tests have been implemented for Conway era.

Low level summary

Conway

  • pull-3858 - Restructure computing Refunds and Deposits in a TxBody across all eras
  • pull-3860 - Removed mock/crypto.cddl, added optional tag to sets
  • pull-3864 - Fix Proposal deposits and add deposit tests to imp tests
  • pull-3859 - Rename ProposalsSnapshot to Proposals
  • pull-3867 - MaryValue fixes
  • pull-3869 - Indicate that tag 258 is optional for OSet. Fix rational CDDL
  • pull-3863 - Improve deposits refunds re-usability
  • pull-3861 - Fail PParamsUpdate deserialization for invalid costmodels in Conway
  • pull-3875 - Fix cddl spec for CostModels in Conway
  • pull-3876 - Change 4 PParam fields from EpochNo to EpochInterval
  • pull-3884 - Relax requirement on the Set tag 258 to be enforced in the next era

Testing

  • pull-3868 - Improvements to support property tests on Traces with simple Tx with DRep related Certs
  • pull-3792 - RATIFY and GOV constraint tests
  • pull-3885 - Added a test for genTxAndNewEpoch
  • pull-3886 - QuickCheck Imp integration

Improvements and releasing

· 6 min read
Kevin Hammond

High level summary

We have undertaken an initial high-level security analysis of the CIP-1694 design. We summarise the analysis and our responses here.

Initial CIP-1694 Security Analysis and Responses

Section: The constitutional committee

  • “For example, if we consider the hypothetical Constitution rule "The Cardano network must always be able to produce new blocks" - In this example, if the governance action to reduce block size to 0 is passed, then there will be no way of passing or enacting further proposals. That is, this governance action is completely non-reversable. Suggestion: Instating a built-in mechanism that checks (and perhaps enforces) that the proposed governance actions, if passed, can be reverted in the future.

There is a 'guardrails document' in preparation which captures issues such as these. Some of them may be automatable, as suggested; others will need to be evaluated by humans.

Section: Size of the constitutional committee

  • A possible issue with very large committee sizes (or large number of proposals/voters in general) is that it may take longer to have votes appear on-chain, which in extreme cases may require longer voting periods.

Thanks. Yes, we’ve been thinking about this issue for a long time, see for example the section ‘Final safety measure, post bootstrapping’. We don’t consider this as an issue for the CC since they need to be elected while DReps can just register, so we expect the number of CC members to be much less than the number of DReps

Section: Terms

  • The following sentence is a bit awkward to read: “For example, a committee of size five with a threshold of 3/5 a minimum size of three and two expired members can still pass governance actions if two non-expired members vote Yes.” —> Suggestion: “For example, if we have a committee of size five with a threshold of 3/5, then a committee of three non-expired and two expired members can still pass governance actions if two non-expired members vote Yes.”

Thanks. Yes, that suggestion is a bit easier to read.

Section: Registered DReps

  • “Additionally, registered DReps will need to vote regularly to still be considered active.” - There is a minor issue with requiring “voting regularly”. That is, if there are no proposals to vote on for a long time, this means that no DRep can vote regularly (or they have to issue bogus proposals just to vote on them).

Thanks. We’ve added a mechanism to prevent that issue in the spec/code where if there’s nothing to vote on for an entire epoch, we increment the epoch that each DRep expires.

Section: Ratification

  • It is a bit unclear why protocol changes: network group and technical group are two separate groups.

These correspond exactly to the groups that are administered by the Parameter Committee.

  • I didn’t understand the rationale for requiring 100% “Yes” votes to pass “Info” type governance actions? It seems they have the least potential to harm the system.

Yes, it’s not about harming the system, since Info actions have no direct effect on the operation of Cardano. The motivation is simply to record the actual level of support for the action.

Once an action is enacted it’s no longer possible to vote on it. So if there was e.g. a threshold of 50%, then there is no way of telling whether the support for it might eventually have reached 90% or higher if it was not immediately enacted when the threshold was reached.

Section: Content

  • For Hard-fork initiation, the changed parameters should probably also be required as part of Additional data.

Protocol parameters can be changed in arbitrary ways by the hard fork and new ones might be introduced, so anything this action pins down might not actually be the value that will be present after the hard fork.

Section: Protocol Parameter groups

  • It is a bit unclear to the reader what some of these parameters mean, for example: monetary expansion (rho) and treasury expansion (tau). Suggestion: Include brief explanations for the non-obvious parameters.

These are existing protocol parameters, described in e.g. https://cips.cardano.org/cips/cip9/9 or The Cardano Protocol Parameters Guide.

  • With the current set of governance actions, it seems that it is not possible to add new types of protocol parameters, or categories of governance voting thresholds. Suggestion: Consider possibility of incorporating governance actions that allow addition of new protocol parameters, deletion of defunct protocol parameters, or modification of governance voting threshold categories.

All of this needs to be done via a hard fork. If we had an action that added a parameter then there is no way of giving it semantics anyway, since that must be done by logic in the code.

Section: Votes

  • Is a constitutional committee member also a DRep? If so, do they vote twice, once as a committee member and once as a DRep?

They may or may not be (and they could also be an SPO). Note that this is fine, since these are completely separate tallies. This is also not preventable, since we don’t have an on-chain mechanism for identity. And yes, each credential gets to vote on each action for all roles in the governance system it has.

Section: Separation of Hard Fork Initiation from Standard Protocol Parameter Changes

  • It is unclear whether there would be automated checks for whether a proposal is indeed a soft fork or hard fork, which would reduce human error in categorising proposals.

There is no on-chain mechanism that could enforce this, the best we could do is some kind of certificate. However, this may not be trustworthy, of course. We will consider this in future versions of Voltaire.

Section: Changes post Edinburgh workshop (July 2023)

  • “All governance actions are enacted one epoch after they are ratified.” - I’m not sure if this line is currently in the main body of the CIP?

It is, but it is phrased differently: ‘All governance actions are enacted on the epoch boundary after their ratification.’

Section: Reduced deposits for some government actions

  • Another downside of requiring endorsement from the constitutional committee is that this likely does not apply to constitutional committee-related proposals, such as no-confidence votes.

Indeed. We have no plans for this at the moment.

· 3 min read
Alexey Kuleshevich

High level summary

This update contains mostly improvements to quality of Conway era implementation and tooling that we use for testing Ledger. Major Conway bugs that were discovered and squashed are:

  • PParamsUpdate proposals will now correctly use DRep thresholds for ratification
  • Treasury withdrawals are now properly enacted.
  • Corrected snapshotting and DRep Stake Distribution Pulser initialization
  • Delegation to non-existent Stake pool is no longer possible

Other important quality of life improvements are addition of reusable interfaces for an ordered set OSet and ordered map OMap. Which allowed us to disable duplicate certificates and proposals in a transaction. As a precursor to PlutusV3 integration, a serious reorganization of Plutus related functionality was performed.

Conway related additions that are noteworthy: Conway Ledger events, disallowing voting on expired proposals, addition of Anchor to Constitutional Committee resignation proposals.

Significant improvements have been made to a specialized "Imp" test library that allows us writing concise stateful unit tests for verifying the Ledger logic. Serious progress has been made on the conformance testing, where we can now interface with Haskell generated code from the Agda specification. Serialization testing has been extended to increase binary conformance coverage.

Low level summary

Conway

  • pull-3808 - Enhance CommitteeMembersState query to return quorum and NoConfidence
  • pull-3801 - Fix epoch rule and tests
  • pull-3803 - Fix delegation validation
  • pull-3759 - Reshuffle things to the DRepPulser incorporates some snap shot things
  • pull-3779 - Prevent duplicate certs and proposals
  • pull-3794 - Added anchor to resign certs
  • pull-3797 - Cleanup JSON instances for Conway governance
  • pull-3848 - Plutus modules restructure
  • pull-3840 - Fix anomalies in Deposits in the Conway Era
  • pull-3856 - Add governance related ledger events
  • pull-3825 - Prevent voting on expired GovActions
  • pull-3831 - Treasury withdrawal fix
  • pull-3791 - Use a Data.OMap.Strict to replace ProposalsSnapshot
  • pull-3836 - PParamsUpdate enactment fix
  • pull-3846 - Revert argument order swap.

Testing

  • pull-3782 - Move ImpTest to Shelley testlib
  • pull-3842 - Imp improvements
  • pull-3844 - Add mappings to Agda types
  • pull-3853 - Fix strange assertion failure, which hides real Block too big problem.
  • pull-3809 - CDDL roundtrip testing
  • pull-3832 - Treasury withdrawals tests
  • pull-3839 - Added cardano-ledger-conformance
  • pull-3841 - Add sha256 to cardano-ledger-executable-spec

Improvements and releasing

  • pull-3843 - Add ...WithLogs versions of evalScripts and friends
  • pull-3795 - Bump plutus to 1.15
  • pull-3798 - Bump urllib3 from 1.26.17 to 1.26.18 in /doc
  • pull-3799 - Changes needed for 8.6 release
  • pull-3807 - Add invalidBeforeL and invalidHereAfterL functions
  • pull-3819 - Fixups needed for a release
  • pull-3829 - Post release CHANGELOG version bumps
  • pull-3830 - Bump aeson to 2.2
  • pull-3833 - Backport release cardano-ledger-conway-1.10.1.0
  • pull-3828 - Add changelog for node release 8.6