6969 fix vaults error recovery #7020
Conversation
|
This motivates giving clients the ability to exit #6906. |
| } catch (e) { | ||
| console.error('CAUGHT HERE', e); | ||
| } | ||
| execFileSync('agd', [`query`, 'bank', 'balances', opts.from], { |
There was a problem hiding this comment.
indexing under ambient authority #2160
(not to mention sync io)
| @@ -863,6 +864,8 @@ export const prepareVaultManagerKit = ( | |||
| vaultId, | |||
| 'never stored during initVaultKit failure', | |||
| ); | |||
| } finally { | |||
There was a problem hiding this comment.
this seems to be a different try/catch than the one that used to contain seat.exit()
There was a problem hiding this comment.
Good catch! My eye was fooled into doing the wrong curly matching for some reason.
There was a problem hiding this comment.
Good eyes! Thankfully the tests caught this too
turadg
force-pushed
the
6969-fix-recovery
branch
from
b710d84 to
2321d8a
Compare
turadg
force-pushed
the
6969-fix-recovery
branch
from
2321d8a to
08a449c
Compare
turadg
force-pushed
the
6969-fix-recovery
branch
from
08a449c to
e0fe6f3
Compare
| [clientSeat, vaultSeat, { [KW.Attestation]: giveColl }], | ||
| [vaultSeat, clientSeat, { [KW.Attestation]: wantColl }], | ||
| [clientSeat, vaultSeat, { [KW.Debt]: give }], |
There was a problem hiding this comment.
Could be
| [clientSeat, vaultSeat, { [KW.Attestation]: giveColl }], | |
| [vaultSeat, clientSeat, { [KW.Attestation]: wantColl }], | |
| [clientSeat, vaultSeat, { [KW.Debt]: give }], | |
| [clientSeat, vaultSeat, { [KW.Attestation]: giveColl, [KW.Debt]: give }], | |
| [vaultSeat, clientSeat, { [KW.Attestation]: wantColl }], |
Do you prefer the existing version?
There was a problem hiding this comment.
I tried that and the line wrapping made it less readable. I think this style make it more clear what's going on, coming from the stageDelta style.
| /** @type {import('@agoric/zoe/src/contractSupport/atomicTransfer.js').TransferPart[]} */ | ||
| const transfers = [ | ||
| ...nonMintTransfers, | ||
| [stage, vaultFactorySeat, { Minted: fee }], |
There was a problem hiding this comment.
Please rename stage, and drop the stage.clear() on line 97. It's no longer being used for staging, and people familiar with stagings will be confused by this naming.
Are there other calls to .clear() in vaults or staking that can also be dropped?
| // Make best efforts to burn the newly minted tokens, for hygiene. | ||
| // That only relies on the internal mint, so it cannot fail without | ||
| // there being much larger problems. There's no risk of tokens being | ||
| // stolen here because the staging for them was already cleared. |
There was a problem hiding this comment.
There's no staging remaining, right? What is this referring to?
There was a problem hiding this comment.
This was just copied over. But that means I should revert the change here and go update vaultDirector and stakeFactory to not talk about staging.
| Object.values(stage.getCurrentAllocation()).every(a => | ||
| AmountMath.isEmpty(a), | ||
| ), | ||
| X`Stage should be empty of Minted`, |
turadg
force-pushed
the
6969-fix-recovery
branch
from
e0fe6f3 to
2406cc4
Compare
turadg
force-pushed
the
6969-fix-recovery
branch
from
2406cc4 to
3986485
Compare
| export const TransferPartShape = M.arrayOf( | ||
| M.or(SeatShape, AmountKeywordRecordShape), | ||
| ); |
There was a problem hiding this comment.
Seems surprisingly loose. Trying a tighter pattern at #7040 , but do not yet know what CI has to say about it.
Have not yet looked at the TransferPart type, but clearly they should be co-maintained
|
Only requested changes because I saw this PR was already on the merge train. Now that it's knocked off, I'll approve (with my suggestion), but remove the automerge label first. |
turadg
force-pushed
the
6969-fix-recovery
branch
from
bb8322c to
1d23fb1
Compare
turadg
added
the
automerge:no-update
Co-Authored-By: Mark S. Miller <[email protected]>
turadg
force-pushed
the
6969-fix-recovery
branch
from
1d23fb1 to
4a550ee
Compare
closes: #6969
Description
When a vault failed to init, the seat wouldn't be exited. This resulted in the funds hanging on the seat and not being returned to the caller. The fix was to move the
exit()tofinally.This then sometimes errored with stagings due to #7024 . The solution is to stop using stages, so this does that for vaultFactory as part of #7025. It also does it for stakeFactory because they have a coupling through a shared a dependency on
chargeInterest.Along the way I tried making a smart wallet integration test to detect the #6969 but it's only with vaults and we can't test that integration until #6880. I left the test in anyway.
This also has a CLI feature that was helpful while debugging,
And a drive-by for a different state problem,
Security Considerations
Prevents a theoretical exploit,
Scaling Considerations
--
Documentation Considerations
--
Testing Considerations
Using
start-local-chainmade vaults that used to error and lose funds. Then made the fix and verified the funds are restored after error.