[pallet_transaction_payment]: Share withdrawn tx fee credit with other pallets #9780
Conversation
| /// overestimated. Drawing too much balance will cause the signer to underpay for the | ||
| /// transaction. Too much means that not enough is left to pay for the fee with regard |
There was a problem hiding this comment.
?
| /// overestimated. Drawing too much balance will cause the signer to underpay for the | |
| /// transaction. Too much means that not enough is left to pay for the fee with regard | |
| /// overestimated. Drawing too much balance will cause the signer to overpay for the | |
| /// transaction. Too little means that not enough is left to pay for the fee with regard |
There was a problem hiding this comment.
no I think it's correct, if you draw too much then there is not enough left to pay for what was meant to be used for the tx fee
There was a problem hiding this comment.
I think it is correct. The signer underpays for the tx because the balance was taken away to pay for something else.
|
It had a nasty bug which I fixed the last commt: Putting a |
Co-authored-by: joe petrowski <[email protected]>
There was a problem hiding this comment.
Maybe not for now: the logic to fail the transaction when too much of the credit has been drawn could be implemented in pallet-transaction-pallet instead of the pallet implementing the transaction logic: it could be a new function in the TransactionExtension trait with a no-op blanket implementation that is called before post_dispatch here and where dispatch_transaction changes res to an Error depending on the return value of that function. The code change would be minimal (apart from requiring new benchmarks).
| NextFeeMultiplier::<T>::mutate(|fm| { | ||
| *fm = T::FeeMultiplierUpdate::convert(*fm); | ||
| }); | ||
| TxPaymentCredit::<T>::kill(); |
There was a problem hiding this comment.
Why is this required? At this point the value should always be None, correct? If not, then we would also need to drop the imbalance properly here.
Or is it just not to use any storage in between blocks?
There was a problem hiding this comment.
Why is this required? At this point the value should always be
None, correct?
Yes, the expectation is that it is always None here. We just kill to make sure the value is never carried between blocks.
If not, then we would also need to drop the imbalance properly here.
We cannot know for sure as the behavior is defined by the OnChargeTransaction. So yes, we should make sure to call the drop impl here. Will fix.
| /// | ||
| /// # Warning | ||
| /// | ||
| /// This is only useful if a pallet knows that the pre-dispatch weight was vastly |
There was a problem hiding this comment.
I think that the condition here is more subtle: the pallet is allowed to draw too much balance but would need to fail the transaction if that is the case (this more relaxed condition is required for pallet-revive).
It is important that in this case any effects that the balance was drawn for during execution (e.g., storage deposits) are reverted – in order to protect against DoS.
There was a problem hiding this comment.
You are right. This is what I meant by that but it should be expressed explicitly. Will change the text.
Yes will check if possible. The runtime impact will consist of an additional storage transaction in order to be able to roll back the changes done by the tx. But should be done in a follow up. Let's keep this PR minimal as it is already touching a lot of critical stuff. |
|
@joepetrowski @TorstenStueber I improved the docs on |
|
cc @jakoblell Applied the variable renaming suggestions you sent me. I applied them as-is with one exception: I renamed |
|
All GitHub workflows were cancelled due to failure one of the required jobs. |
|
/cmd fmt |
Replaces #9590.
The audit of #9590 showed that holding the txfee as held balance and especially playing around with
providerscauses a lot of troubles.This PR is a much lighter change. It keeps the original withdraw/deposit pattern. It simply stores the withdrawn
Creditand allows other pallets to withdraw from it.It is also better in terms of performance since all tx signers share a single storage item (instead of a named hold per account).