In the current design, Tuxedo has a very strong separation between the logic that allows a single input to be consumed and the logic that checks whether a transaction is valid. This issue is to consider the pros and cons of that separation and decide to what extent it should be kept.

Note on Terminology

Before going on, I'll observe that I accidentally used the same terms as IOHK's abstract model with different meanings :facepalm:

| Tuxedo Term | Abstract Model Term | Definition | | ----------- | ------------------- | ---------- | | Verifier | None - token logic hard coded | The logic used to determine whether the consumed inputs and created outputs meet all necessary constraints | | Redeemer | Verifier | The logic used to determine whether an individual input can be consumed | | Witness | Redeemer | The data, likely a signature, that satisfies the logic to consume an input

Arguments for the strong separation

Pro 1: Writing pieces is very simple

With the current separation in place, the author of a piece doesn't need to care anything about whether individual inputs can be consumed. This is entirely handled by tuxedo executive. By the time the execution reaches the individual piece all that is left is typed data for the piece to check.

Arguments against the strong separation

Con 1: Pieces can't forcefully consume inputs

In some cases it is useful to consume a UTXO for housekeeping purposes.

Example 1: Consider a coupon with an expiration date. This UTXO would likely be guarded by a CheckSig so only the owner can use it. But if the expiration date passes, anyone should be able to clean up the state.

Example 2: In the proof of existence piece, two users could claim the same hash. When these competing claims are discovered anyone should be able to clean up the latter claim because the former is more legitimate. This is encountered in the current codebase

This can be addressed with a notion of evictions. See below.

Con 2: Dynamic ownership is not immediately intuitive

In FRAME, pallet sudo is commonly used to guard functionality behind a signature by the sudo key. This is similar to hoe SigCheck works except that the key is dynamic. In Tuxedo this cannot be implemented as a redeemer because the sudo key is stored in state (a utxo) but redeemers do not have access to other state.

This could also be solved with evictions. (Again, see below).

Con 3: Paying a private user

In many cases, a Tuxedo piece may want to pay assets to a specific private user. Consider a a treasury that wants to make a payment to a user, or a NFT game that charges some fees and allocates them to the original developer. When the output redeemers are not available, this cannot be done.

Possible Design Changes

Evictions

The idea of evictions is to add a field to the transaction that is similar to inputs or peeks (see #16), but the evicted inputs will be consumed regardless of whether their redeemer is satisfied. They will be forcefully removed.

This solves Con 1 by allowing anyone to call, for example, a CleanupExpiredCoupon verifier or a ResolvePoeDispute verifier which will forcefully remove the outdated state.

This also solves Con 2 with a little creative design. For an output that is intended to only be spent by root, make the redeemer NobodyCanEverSpend, then write a SpendByRoot that verifier evicts it as long as the payload to the verifier contains a signature by the sudo key.

Pass full outputs to verifier

Another alternative is to change the interface so that entire Outputs, including the redeemer, are passed to the verifiers. This solves Con 3 but has the disadvantage that the Verifier must now know which redeemers are available to the aggregate runtime.

Pass full transaction to verifier

We could weaken the separation even more by passing the entire transaction to the verifier. This has the all of the disadvantages of passing just the full outputs. It also has the disadvantage that it is the verifiers responsibility to check the redeemers. It has the advantage that evictions are no longer necessary because any verifier can simply choose to ignore the redeemer.

Both of the above

It may be possible, to expose all of these APIs to piece developers, letting them choose which to implement. Pieces that can get by with a simple API can use it, and ones that require more powerful but more complex and dangerous APIs can use them. This may be possible with blanket implementations. Something like.

trait SimpleVerifier {
  // --snip--
}

trait PowerfulVerifier {
  // --snip--
}

impl<T: SimpleVerifier> PowerfulVerifier for T {
  // --snip--
}

This is the start of the migration to a new simple verifier as discussed in #27 this includes the following tasks:

• [x] migrate old verifiers to new SimpleVerifier trait.
• [x] update Executive logic
• [x] Migrate old tests and old code depending old verifier logic

This PR adds significant test coverage to the tuxedo-core crate.

I hope to achieve 100% according to cargo tarpaulin, but I'm not sure how practical that is. In any case, this will add enough coverage to give tuxedo users peace of mind that the core code is working as expected.

Currently the tuxedo executive checks that there are no duplicate outputs in a given transaction. https://github.com/Off-Narrative-Labs/Tuxedo/blob/main/tuxedo-core/src/executive.rs#L53-L60

This logic is also present in the earlier utxo workshop. https://github.com/JoshOrndorff/utxo-workshop/blob/joshy-update-deps-may-2022/runtime/src/utxo.rs#L188-L191

But why is it necessary? It is perfectly valid for a transaction to consume a 20 token input and create two new outputs each worth 5 tokens that belong to the same pubkey.

Digging back through the git history, it seems this check has been present since a much older 2019 edition of the utxo-workshop where each output contained a user-provided salt. The user-provided salt was never realistic and was a hack to get something working in the early days. @nczhu noticed this and solved it in https://github.com/substrate-developer-hub/utxo-workshop/pull/45 (still an impressive PR after all this time!).

With the salt hack long-gone, I think it is safe to remove the duplicate output check.

Wallet for basics should:

• [ ] Spend coins from Alice's genesis coin
• [ ] Specify the output address and amounts for the outputs
• [ ] check state and see the new coins

This PR strives to add caching to the CI. I've just blindly installed the action which supposedly has "sensible defaults". Let's see whether it reduced CI time.

Most of tuxedo executive needs better test coverage. Although we have some end-to-end testing through the wallet, and we have pretty good test coverage on the redeemers, we still need unit tests for the transaction checking and storage updating logic.

Yep, this is seriously the first issue on the repo :rocket:

I don't want to dive into the long history of which is fundamentally better. Because the answer is "neither; they're both fine; stop fussing about it and get back to coding". I just want to decide what is better in the context of this project in the Substrate ecosystem.

In #11 I added some CI, but cargo fmt is currently disabled because we have a combination of tabs and spaces and need to decide.

In favor of tabs

• This is what the rest of the Substrate ecosystem uses, because this is what Gavin likes. Following suit will make it easier to merge changes from the upstream node template.

In favor of spaces

• This is the default for cargo fmt and sticking with the default means we don't need to have a config file for cargo fmt. The repo is slightly simpler.
• Tabs are used in the rest of the Substrate ecosystem because Gavin likes them. And we are Off Narrative Labs :rofl:

Tuxedo does not yet have any real PoS- or even PoA- style authority set management pieces. So for now we use simple hard-coded authority sets.

This PR improves this situation slightly by making all of the standard (Alice, Bob, Charlie, etc) keys readily available and providing comments explaining that that's what is happening.

This PR primarily adds tests for the amoeba example piece. It also fixes one small error that the tests found.

And finally, it moves the Bogus type from the money piece to a reusable location in the tuxedo core crate so that it can be used in tests for all pieces.

This work combines the ideas from #1 and #2 to establish a tuxedo core as well as an example node that includes several pieces.

This should NOT be squashed because we want to keep all the history. In fact, if we agree to it, we should just push it to main with the cli rather than using the github ui.

This PR adds the peek functionality for reading state without consuming it as described in the original grant proposal.

This will help facilitate concurrency down the road. Even before that, it makes it nice that you can read state without re-writing it and therefore changing its OutputRef.

Currently the wallet requires the user to manually remember what OutputRef's belong to them. A real wallet will maintain a local database of UTXOs belonging to the keys in its keystore.

General Syncing Strategy

The wallet will need to scan the blockchain and check each transaction to see if any new outputs are available for any of the keys it controls (or more generally, if it knows how to produce a redeemer that satisfies the corresponding validator). This process is kind of roughly described in https://bitcoin.stackexchange.com/q/75840

To sync, we could add a subcommand Sync. When given this command, the wallet will look up the last block to which it synced from the filesystem, and query the node for all blocks from there to the tip, noting any new UTXOs along the way.

New Keys

When a new key is added, the user should specify from which block the wallet should resync. If no block is provided no resyncing happens. This is what a user would want when inserting never-before-used keys which couldn't have any possible existing UTXOs.

If the key has been used before and is just being restored to this wallet, the wallet will query the node for all blocks starting at the block the user provides (possibly genesis) to check for owned utxos.

Manually specifying owned UTXOs

We could consider letting the user skip the syncing, and instead manually specify the UTXOs that they already know are relevant. Maybe they are exported from another wallet. Although this may be premature optimization.

Storage Optimization

Users may choose to delete keys at any time. When this happens the wallet should also prune the now-useless database of UTXOs owned by the deleted keys. To make this operation performant, the wallet should store the database on a per-key basis.

Forks and Reorgs

We have to handle the reality of re-orgs. If the wallet syncs its local database to the tip of the chain, and then a few blocks are orphaned, the wallet will have inconsistent data. I haven't fully thought this through yet.

One strategy would be to rely on finality. But not all chains provide finality, and even when finality is available, this may lead to an unacceptable lag for the user.

Another strategy is to keep the local database stored on a per-block basis so that the wallet can actually revert the affected portion easily. When starting a sync, the wallet would query the node to see if its best known block is currently canonical. If so great, just do a linear sync. If not, find a common ancestor, revert local state after the fork block, and then do a linear resync. We'll have to see what RPCs the node provides to make this possible. There may also be some hints in Polkadot JS for a good strategy.

There is now a good amount of code in the wallet, and it will continue to grow. It needs to be tested in an automated way.

I'm not exactly sure how to test CLI app code. This wallet interacts with user input, a filesystem, and a running node via RPC connection. That seems harder to test than simple functions.

This PR uses the Substrate keystore for key management in the wallet. This allows users to insert existing keys and generate new keys that will be persisted on disk between sessions. It also allows constructing transactions with inputs belonging to different public keys (and inputs that are up for grabs or a combination).

Not yet tested.

• [x] Integrate sc- and sp-keystore
• [x] Allow inserting pre-existing keys
• [x] Allow generating new keys
• [x] Allow signing transactions with inputs from multiple owners - [ ] Actually test it -- I tested it manually. Opened #47 for proper tests

We should consider using metadata so we can have a dynamic wallet to submit transactions. We could take inspiration from https://github.com/paritytech/frame-metadata.