-
Notifications
You must be signed in to change notification settings - Fork 986
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shielded refund design #4168
Comments
I don't think the reason we don't have shielded refunds is a matter of how we handle the tx from the ibc perspective. If I remember right we tried two ways:
The problem with solution 1 is that we can verify the amount and the token but we cannot verify the actual recipient, so the relayer could misbehave and target a different address. @yito88, @murisi please correct me if I've said something wrong |
Ah I see, you are correct about point 2. But we could still fallback to a transparent refund, in case the masp epoch had changed. This would improve the UX a bit. Anyway, including the refund shielding tx as the memo does sound more simple. Something like: {
"namada": {
"ibc_shielding_refund": {
"shielding_data": "<... shielding tx data>",
"shielded_at_masp_epoch": 12,
"fallback_refund_taddr": "tnam1..."
}
}
} This can be implemented in a fairly straightforward way over If we could map packet sequence numbers to masp epochs, then we could even remove |
Sounds good! We could do that without the memo if the shielding transaction is stored in the storage associated with |
just another note: we also need to handle timeouts. the refund logic under timeouts is the same as when we get an ack error |
I think you could also avoid adding the shielding epoch, you can just try to execute the refund shielding transaction and fallback on the disposable address on failure (even though we's need to be careful with the Also @sug0, why is this Some other thoughts on this since it seems like the main goal of this is to improve on UX:
In case of a failing IBC tx and assuming no change in the masp epoch this solution is indeed an improvement, but it looks to me like we might be adding some cost to the happy path trying to improve on the unhappy one (essentially producing and storing a shielding transaction that might not be needed). I guess this could depend on the ratio of failing shielded actions which I'm not sure we can estimate right now |
Currently, Namada does not support the shielded refunding of some tx. However, it may be possible to do so, with the following:
send_transfer_execute
handler fromibc-rs
, and stores the generated shielding transaction associated with thisport
,channel
andsequence-number
triplet.on_acknowledgement_packet_execute
handler fromibc-rs
, and retrieve the shielding tx associated with theport
,channel
andsequence-number
triplet retrieved from the packet.success
, the shielding transfer is deleted from storage with no further action.The text was updated successfully, but these errors were encountered: