Delegation PoC

[cam-schultz]

Why this should be merged

Partially fixes #441

How this works

• Adds initialize/resend/complete methods for adding and removing delegators
• Adds pack/unpack methods for SubnetValidatorWeightUpdate Warp messages
• Unit tests for the above
• Various cleanup items in the existing implementations (especially regarding nonce + weight management)

How this was tested

CI, new unit tests

How is this documented

N/A

[minghinmatthewlam]

did we want to offer delegation by default? Thought it was going to be an extension

[cam-schultz]

Generally speaking, I prefer to make features optional rather than add complexity to the inheritance graph by adding extensions to support those features. Inheritance is best used as an abstraction tool to reduce shared code or provide polymorphism.

Regardless, for now I'm going to keep this as part of the PoSValidatorManager for the PoC, and we can revisit inheritance later.

[minghinmatthewlam]

I think more so thinking to allow Subnets to choose validator manager contract's that don't include delegation by default, and they can simply deploy the contract without delegation logic, as opposed to for reducing shared code.

[cam-schultz]

I agree that validators should have the option to not support delegation. There are many ways to do that, such as providing that toggle as a constructor argument, or leaving it up to the individual validator to specify when they register. I'll enumerate those options and defer to a followup.

[minghinmatthewlam]

sounds good I'm good with deferring. Likely would push back as a constructor argument for turn on/off, since that increases contract bytecode and deployment costs.

[geoff-vball]

I don't think we need to worry about deployment costs, as these contracts will be deployed by subnet owners

[minghinmatthewlam]

will delegators be able to update their delegations and add more stake to the same validationID? Seems like a use case we should support

[cam-schultz]

Let's defer this to a followup.

I think the safest way to this would be to come up with a unique delegation ID that takes into account the validatorID, the delegator address, and maybe the starting timestamp for uniquenes. Then add a separate delegation owner field, rather than using the delegator address for that purpose. That would also be more general, since the address that adds the delegation would not need to be the same address that claims rewards.

[bernard-avalabs]

I'm not sure if this would make a big UX difference for delegators. Couldn't they just start a separate delegation with the additional stake in most cases?

[geoff-vball]

Yeah, I agree with Cam here. Let's use the timestamp for uniqueness for the ID, that way one address can make multiple delegations, which prevents us from ever having to change the details of a delegation. We should have a way for any given address to access all of their delegations though

[iansuvak]

I'm not sure if this would make a big UX difference for delegators. Couldn't they just start a separate delegation with the additional stake in most cases?

In the current case they could but would have to use a separate address given this check. I do like the idea of the delegation owner field being tracked separately from the delegator address

[minghinmatthewlam]

good with deferring

[geoff-vball]

So far I've just gone over the implementations. I'll look over the tests next week :)

[geoff-vball]

Yeah, I agree with Cam here. Let's use the timestamp for uniqueness for the ID, that way one address can make multiple delegations, which prevents us from ever having to change the details of a delegation. We should have a way for any given address to access all of their delegations though

[geoff-vball]

If we were to store the latest acked nonce for a given validationID, we could have a much cheaper function to complete a delegator registration if the nonce of the registration is less than or equal to the latest acked nonce, which would save on the warp message verification. Feel free to defer this

[cam-schultz]

Going to defer this to a followup, since it is an optimization. Definitely think we should support this though.

[geoff-vball]

We should be checking uptime, giving out rewards, and returning stake in here I think?

For uptime, I think anyone should be able to provide an uptime proof for a validator. Since we track the seconds of uptime, a proof can be provided basically at any point, and if the highest reported uptimeSeconds is at least 80% of the time from the validation period starting and the MIN(validation end, current time), then we can disburse rewards.

[cam-schultz]

I'm going to defer uptime/rewards handling since I think there are still some open design questions here.

[cam-schultz]

I implemented uptime handling here: #520

Happy to merge that into this branch and include it in this PR if you prefer.

[geoff-vball]

Technically our resends for starting or ending a delegation would only need to resend the current validator total weight with the highest nonce we've used so far. We don't need to store any of these messages, we just need to send our current state.

[cam-schultz]

I'm going to leave this PR storing the pending messages in the contract state, both for consistency, and because there's a potential gas tradeoff to reconstructing the Warp message when calling the resend methods. I'll create an issue to quantify that and proceed accordingly.

[geoff-vball]

I imagine the storage will cost more than the computation, and we should probably be optimizing for the happy path instead of the resend case. Happy to defer this to another ticket though

[cam-schultz]

Yup, don't want to make any assumptions about gas cost, so will defer that analysis and any implementation changes to a followup item.

[michaelkaplan13]

I think it may make more sense here to create a notion of a delegationID (similar to validationID) to key these maps on.

Theoretically, an address should be able to delegate to the same validation ID multiple times. This would also have the benefit of having a single ID to refer to a delegation rather than a composite key, and hopefully reduce the number of state lookups since there won't be nested mappings.

The delegationID could be a hash of the (validationID,nonce), where the nonce is the nonce used in the SetSubnetValidatorWeight message that added the delegator.

[cam-schultz]

This idea came up previously. I agree that using a unique delegation ID rather than the address is the way to go, but going to defer that to a followup.

Using the nonce rather than a timestamp (as originally suggested in the linked conversation) seems like the way to go.

[minghinmatthewlam]

i like the (validationID, nonce) hash combo

[bernard-avalabs]

Generally makes sense to me. I assume there are no side effects from moving the weight update from completeEndDelegation to initializeEndDelegation.

[geoff-vball]

I think we're going to need a new field to track the original weight of the validator. It'll be needed if the validator ends validation period to calculate their rewards, because right now we'd have to use the total weight with the delegations included.

[minghinmatthewlam]

sounds right to me, but we can defer to when handling delegation exit rewards

[cam-schultz]

I went ahead and added that here, so that it doesn't fall through the cracks.

[minghinmatthewlam]

I would advocate to only add it in when needed because future changes might not need it or want to implement differently, for example, whether startTime is only needed for PoS, or using a separate mechanism as a whole. Not a big deal though now that's already added.

[minghinmatthewlam]

why do we need start and ending nonce again, as opposed to saving latest nonce for delegator? Then the check here would instead check that Warp message received is latest nonce for delegator

[minghinmatthewlam]

nvm it's because P-chain is only willing to sign latest nonce weight update message. We keep a start nonce to check for registration completion, and ending nonce for ending completion.

[minghinmatthewlam]

LGTM