Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rent Based Registration Model #44

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Rent Based Registration Model #44

wants to merge 8 commits into from

Conversation

Szegoo
Copy link

@Szegoo Szegoo commented Nov 6, 2023

This RFC proposes a new model for sustainable on-demand parachain registration, involving a smaller initial deposit and periodic rent payments.

Initial discussion on this topic can be found here

@Szegoo Szegoo mentioned this pull request Nov 6, 2023
Closed
eskimor
eskimor reviewed Nov 7, 2023
View reviewed changes
Copy link

@eskimor eskimor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work!

text/0044-rent-based-registration.md Outdated Show resolved Hide resolved
text/0044-rent-based-registration.md

If the rent is not paid, anyone has the option to prune the on-demand parachain and claim a portion of the initial deposit reserved for storing the validation code. Pruning only removes the validation code, while the head data and validation code hash are retained. The validation code hash is stored to allow anyone to register it again as well as to enable quicker re-registration by skipping the pre-checking process.

The moment the rent is no longer paid, the parachain won't be able to purchase on-demand access, meaning no new blocks are allowed. This stage is called the "hibernation" stage, during which all the parachain-related data is still stored on-chain, but new blocks are not permitted. The reason for this is to ensure that the validation code is available in case it is needed in the dispute or approval checking subsystems. Waiting for one entire session will be enough to ensure it is safe to deregister the parachain.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is a soft form of deregistration though. ParaId is still claimed, only the PVF is pruned.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I think it can be called so. The main reason for this is to allow anyone to re-register the parachain under the same ParaId after it has been pruned.

Of course, there is always the option to perform a complete deregistration of a parachain by calling the deregister extrinsic.

@phillux
Copy link

phillux commented Nov 7, 2023
edited
Loading

@Szegoo thanks for putting together this RFC. Overall, deposits need to be adjusted regularly and be as cheap as possible while maintaining sybil resistance and DoS protection. I think the rent model makes sense but there are two issues I'm uncertain of:

  1. Effectively this may be no different than lowering the cost-per-byte to a fraction of what it is now. From an attacker's point of view, they simply now can register multiple wasm blobs for the previous cost of one, then fail to pay rent later. Failing to pay the rent later is not an issue for an attacker in a DoS scenario.
  2. Besides pruning, how is rent adjusted for runtime upgrades that add more bytes to their wasm blob?

For No. 2, this comes from a recent question I have not yet gotten a clear answer on, which is:

Can an attacker pay one deposit, get a parachain registered, then perform runtime upgrades once per block (or are they only allowed one per epoch?) that spams the validators on the network without registering a new or modified deposit?

Overall, I think the RFC takes a good approach by increasing cost-per-byte while lowering initial setup costs. Provided the issues I've raised are clarified or addressed, I'd fully support this RFC.

@Szegoo
Copy link
Author

Szegoo commented Nov 10, 2023
edited
Loading

Effectively this may be no different than lowering the cost-per-byte to a fraction of what it is now. From an attacker's point of view, they simply now can register multiple wasm blobs for the previous cost of one, then fail to pay rent later. Failing to pay the rent later is not an issue for an attacker in a DoS scenario.

I don't think this is a problem since the attacker is risking their initial deposit.

Besides pruning, how is rent adjusted for runtime upgrades that add more bytes to their wasm blob?

This is a good point and I was a bit surprised to realize that the current implementation doesn't cover this scenario. The solution should probably be to simply request a deposit to cover the difference in the wasm blob size and based on that also re-adjust the recurring payment. I will add a new section to cover this. (Related issue: paritytech/polkadot-sdk#669 (comment))

@anaelleltd anaelleltd added the Stale Is no longer pursued. label Sep 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eskimor eskimor eskimor left review comments

@rphmeier rphmeier rphmeier left review comments

Assignees
No one assigned
Labels
Stale Is no longer pursued.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Szegoo @phillux @eskimor @rphmeier @anaelleltd