CIP-0058 (Daml) - Minting escrowed canton coin #1056
Conversation
jose-velasco-ieu
requested a deployment
to
ci-forks
GitHub Actions
Waiting
| beneficiary : Party -- ^ The owner of the `Amulet` to be minted | ||
| amount : Decimal -- ^ The amount of `Amulet` to be minted | ||
| reason : Text -- ^ A reason to mint the `Amulet` | ||
| where |
There was a problem hiding this comment.
@jose-velasco-ieu : nice work!
This is not a full review, but a question from a first view at the approach chosen. Let me know if there's other context that I should/could consume to learn about the answer.
Is there a particular reason that you decided to have the recipient deliver the UnclaimedReward contracts instead of having the dso party deliver them up-front when creating the AmuletMintOffer?
The latter option seems to have the following advantages:
AmuletMintOfferbecome decoupled fromUnclaimedRewardcontracts at the implementation level, which allows them to be used more widely if future changes should demand so.- No explicit disclosure is required (and no related API endpoints), as the SV nodes acting in the name of the DSO party have visibility into the
UnclaimedRewardcontracts. - Every offer stands on its own, and locks the appropriate amount of minting rights.
The disadvantage might be that at the DsoRules level, another extra step might be required to decouple the voting from the selection of the UnclaimedReward contracts. That seems benign though, and follows the approach that we generally try to move complexity out of the user-facing code in splice-amulet to the governance code.
Further question: why does the offer never expire? How could it be retracted by the DSO?
There was a problem hiding this comment.
The disadvantage might be that at the DsoRules level, another extra step might be required to decouple the voting from the selection of the UnclaimedReward contracts. That seems benign though, and follows the approach that we generally try to move complexity out of the user-facing code in splice-amulet to the governance code.
We considered that, but the extra indirection through an extra template and trigger seems more complex than exposing the unclaimed rewards through explicit disclosure. @jose-velasco-ieu will work on a design doc next which I think is a good place to have this discussion.
There was a problem hiding this comment.
Ack. Thanks for the information. Looking forward to reading the doc.
There was a problem hiding this comment.
Further question: why does the offer never expire? How could it be retracted by the DSO?
I didn't consider expiration since the AmuletMintOffer is the result of a successful vote.
Should I add it? @moritzkiefer-da @meiersi-da
There was a problem hiding this comment.
Yep, we should add expiration
There was a problem hiding this comment.
that matches my expectation
There was a problem hiding this comment.
Just to be sure.
The thing is, the party initiating the vote is the beneficiary themselves (requester in DsoRules_RequestVote )
Is it okay for the beneficiary to set the expiration date?
-- This would be the choice requiring confirmation, which gets created by beneficiary using DsoRules_RequestVote (requester)
nonconsuming choice AmuletRules_CreateAmuletMintOffer : AmuletRules_CreateAmuletMintOfferResult
with
beneficiary : Party
amount : Decimal
reason : Text
expiresAt : Time
controller dso
There was a problem hiding this comment.
The thing is, the party initiating the vote is the beneficiary themselves (requester in DsoRules_RequestVote )
That's not the case. The party initiating the vote is an SV node operator, e.g., GSF. The beneficiary could be any party. For the concrete scenario you're working on here, it will still be an SV but that node may just be hosted on the GSF node but it is not an SV node operator.
So the vote creator and the beneficiary receiving CC are not the same. And even if they were, all the other SVs still must approve the vote so it's fine it the vote creator can chose the expiry.
There was a problem hiding this comment.
Got it, thanks for the clarification.
I was confused because of this statement in the CIP
Applicant is required to present a calculation for number of Canton Coin it should earn for meeting the requirements of the milestone
There was a problem hiding this comment.
I'd view this as separate off-ledger processes vs on-ledger processes:
- Off-ledger the applicant is the one that initiates the process.
- On-ledger an existing SV node operator is the one that creates the vote request.
|
@moritzkiefer-da @simonletort-da |
Summary
This PR adds the DAML model logic required to support minting escrowed Canton Coin.
It introduces a new action requiring confirmation:
AmuletRules_CreateAmuletMintOffer, which is exercised via the standard voting procedure usingDsoRules.This choice results in the creation of an
AmuletMintOffercontract, which gives a beneficiary the right to accept the offer in order to receive a newAmulet. In exchange, the beneficiary must provide a sufficient list ofUnclaimedRewardcontracts, which are then archived (burned).The amount of
Amuletto be minted matches the total amount ofUnclaimedRewardto be archived.The beneficiary submits this list using explicit disclosure, since they might not be a stakeholder in the
UnclaimedRewardcontracts.Additionally, this PR introduces:
As the DAML model has been updated, the corresponding DAML artifact versions have been bumped accordingly.
CIP-0058: https://github.com/global-synchronizer-foundation/cips/blob/main/cip-0058/cip-0058.md
Pull Request Checklist
Cluster Testing
/cluster_teston this PR to request it, and ping someone with access to the DA-internal system to approve it. N/A/hdm_teston this PR to request it, and ping someone with access to the DA-internal system to approve it. N/APR Guidelines
Fixes #n, and mention issues worked on using#nN/AMerge Guidelines