diff --git a/404.html b/404.html
index 87b79f0c..829c42dc 100644
--- a/404.html
+++ b/404.html
@@ -91,7 +91,7 @@
diff --git a/approved/0001-agile-coretime.html b/approved/0001-agile-coretime.html
index 80794a26..54254701 100644
--- a/approved/0001-agile-coretime.html
+++ b/approved/0001-agile-coretime.html
@@ -90,7 +90,7 @@
diff --git a/approved/0005-coretime-interface.html b/approved/0005-coretime-interface.html
index 168dee17..d7757033 100644
--- a/approved/0005-coretime-interface.html
+++ b/approved/0005-coretime-interface.html
@@ -90,7 +90,7 @@
diff --git a/approved/0007-system-collator-selection.html b/approved/0007-system-collator-selection.html
index 1db12009..6699cb16 100644
--- a/approved/0007-system-collator-selection.html
+++ b/approved/0007-system-collator-selection.html
@@ -90,7 +90,7 @@
diff --git a/approved/0008-parachain-bootnodes-dht.html b/approved/0008-parachain-bootnodes-dht.html
index cc7f12ab..206b74f4 100644
--- a/approved/0008-parachain-bootnodes-dht.html
+++ b/approved/0008-parachain-bootnodes-dht.html
@@ -90,7 +90,7 @@
diff --git a/approved/0010-burn-coretime-revenue.html b/approved/0010-burn-coretime-revenue.html
index 15193208..0ae05292 100644
--- a/approved/0010-burn-coretime-revenue.html
+++ b/approved/0010-burn-coretime-revenue.html
@@ -90,7 +90,7 @@
diff --git a/approved/0012-process-for-adding-new-collectives.html b/approved/0012-process-for-adding-new-collectives.html
index 3b41362c..72c069de 100644
--- a/approved/0012-process-for-adding-new-collectives.html
+++ b/approved/0012-process-for-adding-new-collectives.html
@@ -90,7 +90,7 @@
diff --git a/approved/0013-prepare-blockbuilder-and-core-runtime-apis-for-mbms.html b/approved/0013-prepare-blockbuilder-and-core-runtime-apis-for-mbms.html
index 81aa9a03..995b33e8 100644
--- a/approved/0013-prepare-blockbuilder-and-core-runtime-apis-for-mbms.html
+++ b/approved/0013-prepare-blockbuilder-and-core-runtime-apis-for-mbms.html
@@ -90,7 +90,7 @@
diff --git a/approved/0014-improve-locking-mechanism-for-parachains.html b/approved/0014-improve-locking-mechanism-for-parachains.html
index 50ebd4ab..5b8b69a2 100644
--- a/approved/0014-improve-locking-mechanism-for-parachains.html
+++ b/approved/0014-improve-locking-mechanism-for-parachains.html
@@ -90,7 +90,7 @@
diff --git a/approved/0022-adopt-encointer-runtime.html b/approved/0022-adopt-encointer-runtime.html
index 0389c0a9..e1536f93 100644
--- a/approved/0022-adopt-encointer-runtime.html
+++ b/approved/0022-adopt-encointer-runtime.html
@@ -90,7 +90,7 @@
diff --git a/approved/0026-sassafras-consensus.html b/approved/0026-sassafras-consensus.html
index 2b3b5d6e..3d8facc0 100644
--- a/approved/0026-sassafras-consensus.html
+++ b/approved/0026-sassafras-consensus.html
@@ -90,7 +90,7 @@
diff --git a/approved/0032-minimal-relay.html b/approved/0032-minimal-relay.html
index 072616cb..a81dfc96 100644
--- a/approved/0032-minimal-relay.html
+++ b/approved/0032-minimal-relay.html
@@ -90,7 +90,7 @@
diff --git a/approved/0042-extrinsics-state-version.html b/approved/0042-extrinsics-state-version.html
index 7d97de95..e70b4d13 100644
--- a/approved/0042-extrinsics-state-version.html
+++ b/approved/0042-extrinsics-state-version.html
@@ -90,7 +90,7 @@
diff --git a/approved/0043-storage-proof-size-hostfunction.html b/approved/0043-storage-proof-size-hostfunction.html
index 34b90eb4..1ad89759 100644
--- a/approved/0043-storage-proof-size-hostfunction.html
+++ b/approved/0043-storage-proof-size-hostfunction.html
@@ -90,7 +90,7 @@
diff --git a/approved/0045-nft-deposits-asset-hub.html b/approved/0045-nft-deposits-asset-hub.html
index d9bd08c6..ad80677d 100644
--- a/approved/0045-nft-deposits-asset-hub.html
+++ b/approved/0045-nft-deposits-asset-hub.html
@@ -90,7 +90,7 @@
diff --git a/approved/0047-assignment-of-availability-chunks.html b/approved/0047-assignment-of-availability-chunks.html
index 59dd40a8..631840ba 100644
--- a/approved/0047-assignment-of-availability-chunks.html
+++ b/approved/0047-assignment-of-availability-chunks.html
@@ -90,7 +90,7 @@
diff --git a/approved/0048-session-keys-runtime-api.html b/approved/0048-session-keys-runtime-api.html
index 2affbbf5..1db54e49 100644
--- a/approved/0048-session-keys-runtime-api.html
+++ b/approved/0048-session-keys-runtime-api.html
@@ -90,7 +90,7 @@
diff --git a/approved/0050-fellowship-salaries.html b/approved/0050-fellowship-salaries.html
index bf0af3ff..6033f81e 100644
--- a/approved/0050-fellowship-salaries.html
+++ b/approved/0050-fellowship-salaries.html
@@ -90,7 +90,7 @@
diff --git a/approved/0056-one-transaction-per-notification.html b/approved/0056-one-transaction-per-notification.html
index 1be29db1..b849ef0a 100644
--- a/approved/0056-one-transaction-per-notification.html
+++ b/approved/0056-one-transaction-per-notification.html
@@ -90,7 +90,7 @@
diff --git a/approved/0059-nodes-capabilities-discovery.html b/approved/0059-nodes-capabilities-discovery.html
index 9d584687..7a0f3261 100644
--- a/approved/0059-nodes-capabilities-discovery.html
+++ b/approved/0059-nodes-capabilities-discovery.html
@@ -90,7 +90,7 @@
diff --git a/approved/0078-merkleized-metadata.html b/approved/0078-merkleized-metadata.html
index db7906d7..7d047adf 100644
--- a/approved/0078-merkleized-metadata.html
+++ b/approved/0078-merkleized-metadata.html
@@ -90,7 +90,7 @@
diff --git a/approved/0084-general-transaction-extrinsic-format.html b/approved/0084-general-transaction-extrinsic-format.html
index 30cb1739..2474994c 100644
--- a/approved/0084-general-transaction-extrinsic-format.html
+++ b/approved/0084-general-transaction-extrinsic-format.html
@@ -90,7 +90,7 @@
diff --git a/approved/0091-dht-record-creation-time.html b/approved/0091-dht-record-creation-time.html
index f45199d5..ade3d52e 100644
--- a/approved/0091-dht-record-creation-time.html
+++ b/approved/0091-dht-record-creation-time.html
@@ -90,7 +90,7 @@
diff --git a/approved/0097-unbonding_queue.html b/approved/0097-unbonding_queue.html
index ade12484..6476237c 100644
--- a/approved/0097-unbonding_queue.html
+++ b/approved/0097-unbonding_queue.html
@@ -90,7 +90,7 @@
diff --git a/approved/0099-transaction-extension-version.html b/approved/0099-transaction-extension-version.html
index 6ba0070c..46d85cf7 100644
--- a/approved/0099-transaction-extension-version.html
+++ b/approved/0099-transaction-extension-version.html
@@ -90,7 +90,7 @@
diff --git a/approved/0100-xcm-multi-type-asset-transfer.html b/approved/0100-xcm-multi-type-asset-transfer.html
index bcc68837..f0bd61e0 100644
--- a/approved/0100-xcm-multi-type-asset-transfer.html
+++ b/approved/0100-xcm-multi-type-asset-transfer.html
@@ -90,7 +90,7 @@
diff --git a/approved/0101-xcm-transact-remove-max-weight-param.html b/approved/0101-xcm-transact-remove-max-weight-param.html
index 7544eead..ae5f6b5e 100644
--- a/approved/0101-xcm-transact-remove-max-weight-param.html
+++ b/approved/0101-xcm-transact-remove-max-weight-param.html
@@ -90,7 +90,7 @@
diff --git a/approved/0103-introduce-core-index-commitment.html b/approved/0103-introduce-core-index-commitment.html
index 34d43527..092403c7 100644
--- a/approved/0103-introduce-core-index-commitment.html
+++ b/approved/0103-introduce-core-index-commitment.html
@@ -90,7 +90,7 @@
diff --git a/approved/0105-xcm-improved-fee-mechanism.html b/approved/0105-xcm-improved-fee-mechanism.html
index 21f71bf5..f1f2aedf 100644
--- a/approved/0105-xcm-improved-fee-mechanism.html
+++ b/approved/0105-xcm-improved-fee-mechanism.html
@@ -90,7 +90,7 @@
diff --git a/approved/0107-xcm-execution-hints.html b/approved/0107-xcm-execution-hints.html
index 0f6bc233..f112bcfa 100644
--- a/approved/0107-xcm-execution-hints.html
+++ b/approved/0107-xcm-execution-hints.html
@@ -90,7 +90,7 @@
diff --git a/approved/0108-xcm-remove-testnet-ids.html b/approved/0108-xcm-remove-testnet-ids.html
index f4641228..414de0c9 100644
--- a/approved/0108-xcm-remove-testnet-ids.html
+++ b/approved/0108-xcm-remove-testnet-ids.html
@@ -90,7 +90,7 @@
@@ -245,7 +245,7 @@ The protocol change introduces flexibility in the governance structure by enabling the referenda
track list to be modified dynamically at runtime. This is achieved by replacing static slices in
TracksInfo with iterators, facilitating storage-based track management. As a result, governance
tracks can be modified or added based on real-time decisions and without requiring runtime upgrades.
-
+
Polkadot's governance system is designed to be adaptive and decentralized, but modifying the
referenda tracks (which determine decision-making paths for proposals) has historically required
runtime upgrades. This poses an operational challenge, delaying governance changes until an upgrade
@@ -3599,12 +3938,12 @@
-
+
- Network stakeholders: the change means reduced coordination effort for track adjustments.
- Governance participants: this enables more responsive decision-making pathways.
-
+
The protocol modification replaces the current static slice method used for storing referenda tracks
with an iterator-based approach that allows tracks to be managed dynamically using chain storage.
Governance participants can define and modify referenda tracks as needed, which are then accessed
@@ -3616,12 +3955,12 @@
to alter track configurations based on storage data rather than static definitions. This opens up
possibilities for new track types and governance configurations to be deployed without the need for
upgrades that might take up weeks.
-
+
The most significant drawback is the increased complexity for developers managing track configurations
via storage-based iterators, which require careful handling to avoid misuse or inefficiencies.
Additionally, this flexibility could introduce risks if track configurations are modified improperly
during runtime, potentially leading to governance instabilities.
-
+
To ensure security, the change must be tested in testnet environments first (Paseo, Westend),
particularly in scenarios where multiple track changes happen concurrently. Potential
vulnerabilities in governance adjustments must be addressed to prevent abuse.
@@ -3629,27 +3968,27 @@
-
+
+
The proposal optimizes governance track management by avoiding the overhead of runtime upgrades,
reducing downtime, and eliminating the need for full consensus on upgrades. However, there is a
slight performance cost related to runtime access to storage-based iterators, though this is
mitigated by the overall system efficiency gains.
-
+
Developers and governance actors benefit from simplified governance processes but must account for
the technical complexity of managing iterator-based track configurations.
Tools may need to be developed to help streamline track adjustments in runtime.
-
+
The change is backward compatible with existing governance operations, and does not require developers
to adjust how they interact with referenda tracks.
A migration is required to convert existing statically-defined tracks to dynamic storage-based
configurations without disruption.
-
+
This dynamic governance track approach builds on previous work around Polkadot's on-chain governance
and leverages standard iterator patterns in Rust programming to improve runtime flexibility.
Comparable solutions in other governance networks were examined, but this proposal uniquely tailors
them to Polkadot’s decentralized, runtime-upgradable architecture.
-
+
- How to handle governance transitions for currently ongoing referenda when changing configuration
parameters of an existing track? Ideally, most tracks should not have to go through this change,
@@ -3657,7 +3996,7 @@
+
There are already two proposed solutions for both the implementation and
- This Pull Request proposes changing
pallet-referenda's TracksInfo to make tracks
@@ -3702,11 +4041,11 @@
+
XCM programs generated by the InitiateAssetTransfer instruction shall have the option to carry over the original origin all the way to the final destination. They shall do so by internally making use of AliasOrigin or ClearOrigin depending on given parameters.
This allows asset transfers to retain their original origin even across multiple hops.
Ecosystem chains would have to change their trusted aliasing rules to effectively make use of this feature.
-
+
Currently, all XCM asset transfer instructions ultimately clear the origin in the remote XCM message by use of the ClearOrigin instruction. This is done for security considerations to ensure that subsequent (user-controlled) instructions cannot command the authority of the sending chain.
The problem with this approach is that it limits what can be achieved on remote chains through XCM. Most XCM operations require having an origin, and following any asset transfer the origin is lost, meaning not much can be done other than depositing the transferred assets to some local account or transferring them onward to another chain.
For example, we cannot transfer some funds for buying execution, then do a Transact (all in the same XCM message).
@@ -3714,9 +4053,9 @@ Transact XCM programs today require a two step process:
And we want to be able to do it using a single XCM program.
-
+
Runtime Users, Runtime Devs, wallets, cross-chain dApps.
-
+
In the case of XCM programs going from source-chain directly to dest-chain without an intermediary hop, we can enable scenarios such as above by using the AliasOrigin instruction instead of the ClearOrigin instruction.
Instead of clearing the source-chain origin, the destination chain shall attempt to alias source-chain to "original origin" on the source chain.
Most common such origin aliasing would be X1(Parachain(source-chain)) -> X2(Parachain(source-chain), AccountId32(origin-account)) for the case of a single hop transfer where the initiator is a (signed/pure/proxy) account origin-account on source-chain.
@@ -3766,35 +4105,35 @@
-
+
In terms of ergonomics and user experience, this support for combining an asset transfer with a subsequent action (like Transact) is a net positive.
In terms of performance, and privacy, this is neutral with no changes.
In terms of security, the feature by itself is also neutral because it allows preserve_origin: false usage for operating with no extra trust assumptions. When wanting to support preserving origin, chains need to configure secure origin aliasing filters. The one suggested in this RFC should be the right choice for the majority of chains, but each chain will ultimately choose depending on their business model and logic (e.g. chain does not plan to integrate with Asset Hub). It is up to the individual chains to configure accordingly.
-
+
Barriers should now allow AliasOrigin, DescendOrigin or ClearOrigin.
Normally, XCM program builders should audit their programs and eliminate assumptions of "no origin" on remote side of this instruction. In this case, the InitiateAssetsTransfer has not been released yet, it will be part of XCMv5, and we can make this change part of the same XCMv5 so that there isn't even the possibility of someone in the wild having built XCM programs using this instruction on those wrong assumptions.
The working assumption going forward is that the origin on the remote side can either be cleared or it can be the local origin's reanchored location. This assumption is in line with the current behavior of remote XCM programs sent over using pallet_xcm::send.
The existing DepositReserveAsset, InitiateReserveWithdraw and InitiateTeleport cross chain asset transfer instructions will not attempt to do origin aliasing and will always clear origin same as before for compatibility reasons.
-
-
+
+
No impact.
-
+
Improves ergonomics by allowing the local origin to operate on the remote chain even when the XCM program includes an asset transfer.
-
+
At the executor-level this change is backwards and forwards compatible. Both types of programs can be executed on new and old versions of XCM with no changes in behavior.
New version of the InitiateAssetsTransfer instruction acts same as before when used with preserve_origin: false.
For using the new capabilities, the XCM builder has to verify that the involved chains have the required origin-aliasing filters configured and use some new version of Barriers aware of AliasOrigin as an allowed alternative to ClearOrigin.
For compatibility reasons, this RFC proposes this mechanism be added as an enhancement to the yet unreleased InitiateAssetsTransfer instruction, thus eliminating possibilities of XCM logic breakages in the wild.
Following the same logic, the existing DepositReserveAsset, InitiateReserveWithdraw and InitiateTeleport cross chain asset transfer instructions will not attempt to do origin aliasing and will always clear the origin same as before for compatibility reasons.
Any one of DepositReserveAsset, InitiateReserveWithdraw and InitiateTeleport instructions can be replaced with a InitiateAssetsTransfer instruction with or without origin aliasing, thus providing a clean and clear upgrade path for opting-in this new feature.
-
+
-
+
None
-
+
(source)
Table of Contents
@@ -3825,7 +4164,7 @@ | Authors | Leemo / ChaosDAO |
-
+
This RFC proposes to change the duration of the Confirmation Period for the Big Tipper and Small Tipper tracks in Polkadot OpenGov:
-
+
Currently, these are the durations of treasury tracks in Polkadot OpenGov. Confirmation periods for the Spender tracks were adjusted based on RFC20 and its related conversation.
| Track Description | Confirmation Period Duration |
|---|
| Treasurer | 7 Days |
@@ -3849,12 +4188,12 @@ You can see that there is a general trend on the Spender track that when the privilege level (the amount the track can spend) the confirmation period approximately doubles.
I believe that the Big Tipper and Small Tipper track's confirmation periods should be adjusted to match this trend.
In the current state it is possible to somewhat positively snipe these tracks, and whilst the power/privilege level of these tracks is very low (they cannot spend a large amount of funds), I believe we should increase the confirmation periods to something higher. This is backed up by the recent sentiment in the greater community regarding referendums submitted on these tracks. The parameters of Polkadot OpenGov can be adjusted based on the general sentiment of token holders when necessary.
-
+
The primary stakeholders of this RFC are:
– DOT token holders – as this affects the protocol's treasury
– Entities wishing to submit a referendum on these tracks – as this affects the referendum's timeline
– Projects with governance app integrations – see Performance, Ergonomics and Compatibility section below
-
+
This RFC proposes to change the duration of the confirmation period for both the Big Tipper and Small Tipper tracks. To achieve this the confirm_period parameter for those tracks should be changed.
You can see the lines of code that need to be adjusted here:
This RFC proposes to change the confirm_period for the Big Tipper track to DAYS (i.e. 1 Day) and the confirm_period for the Small Tipper track to 12 * HOURS (i.e. 12 Hours).
-
+
The drawback of changing these confirmation periods is that the lifecycle of referenda submitted on those tracks would be ultimately longer, and it would add a greater potential to negatively "snipe" referenda on those tracks by knocking the referendum out of its confirmation period once the decision period has ended. This can be a good or a bad thing depending on your outlook of positive vs negative sniping.
-
+
This referendum will enhance the security of the protocol as it relates to its treasury. The confirmation period is one of the last lines of defense for the Polkadot token holder DAO to react to a potentially bad referendum and vote NAY in order for its confirmation period to be aborted.
-
-
+
+
This is a simple change (code wise) that should not affect the performance of the Polkadot protocol, outside of increasing the duration of the confirmation periods for these 2 tracks.
As per the implementation of changes described in RFC-20, it was identified that governance UIs automatically update to meet the new parameters:
@@ -3880,11 +4219,11 @@
+
N/A
-
+
Some token holders may want these confirmation periods to remain as they are currently and for them not to increase. If this is something that the Polkadot Technical Fellowship considers to be an issue to implement into a runtime upgrade then I can create a Wish For Change to obtain token holder approval.
-
+
The parameters of Polkadot OpenGov will likely continue to change over time, there are additional discussions in the community regarding adjusting the min_support for some tracks so that it does not trend towards 0%, similar to the current state of the Whitelisted Caller track. This is outside of the scope of this RFC and requires a lot more discussion.
(source)
Table of Contents
@@ -3926,9 +4265,9 @@
This proposes a periodic, sale-based method for assigning Polkadot Coretime, the analogue of "block space" within the Polkadot Network. The method takes into account the need for long-term capital expenditure planning for teams building on Polkadot, yet also provides a means to allow Polkadot to capture long-term value in the resource which it sells. It supports the possibility of building rich and dynamic secondary markets to optimize resource allocation and largely avoids the need for parameterization.
-
+
The Polkadot Ubiquitous Computer, or just Polkadot UC, represents the public service provided by the Polkadot Network. It is a trust-free, WebAssembly-based, multicore, internet-native omnipresent virtual machine which is highly resilient to interference and corruption.
The present system of allocating the limited resources of the Polkadot Ubiquitous Computer is through a process known as parachain slot auctions. This is a parachain-centric paradigm whereby a single core is long-term allocated to a single parachain which itself implies a Substrate/Cumulus-based chain secured and connected via the Relay-chain. Slot auctions are on-chain candle auctions which proceed for several days and result in the core being assigned to the parachain for six months at a time up to 24 months in advance. Practically speaking, we only see two year periods being bid upon and leased.
@@ -3949,7 +4288,7 @@ The solution SHOULD avoid creating additional dependencies on functionality which the Relay-chain need not strictly provide for the delivery of the Polkadot UC.
Furthermore, the design SHOULD be implementable and deployable in a timely fashion; three months from the acceptance of this RFC should not be unreasonable.
-
+
Primary stakeholder sets are:
- Protocol researchers and developers, largely represented by the Polkadot Fellowship and Parity Technologies' Engineering division.
@@ -3958,7 +4297,7 @@
Socialization:
The essensials of this proposal were presented at Polkadot Decoded 2023 Copenhagen on the Main Stage. A small amount of socialization at the Parachain Summit preceeded it and some substantial discussion followed it. Parity Ecosystem team is currently soliciting views from ecosystem teams who would be key stakeholders.
-
+
Upon implementation of this proposal, the parachain-centric slot auctions and associated crowdloans cease. Instead, Coretime on the Polkadot UC is sold by the Polkadot System in two separate formats: Bulk Coretime and Instantaneous Coretime.
When a Polkadot Core is utilized, we say it is dedicated to a Task rather than a "parachain". The Task to which a Core is dedicated may change at every Relay-chain block and while one predominant type of Task is to secure a Cumulus-based blockchain (i.e. a parachain), other types of Tasks are envisioned.
@@ -4390,16 +4729,16 @@
- Governance upgrade proposal(s).
- Monitoring of the upgrade process.
-
+
No specific considerations.
Parachains already deployed into the Polkadot UC must have a clear plan of action to migrate to an agile Coretime market.
While this proposal does not introduce documentable features per se, adequate documentation must be provided to potential purchasers of Polkadot Coretime. This SHOULD include any alterations to the Polkadot-SDK software collection.
-
+
Regular testing through unit tests, integration tests, manual testnet tests, zombie-net tests and fuzzing SHOULD be conducted.
A regular security review SHOULD be conducted prior to deployment through a review by the Web3 Foundation economic research group.
Any final implementation MUST pass a professional external security audit.
The proposal introduces no new privacy concerns.
-
+
RFC-3 proposes a means of implementing the high-level allocations within the Relay-chain.
RFC-5 proposes the API for interacting with Relay-chain.
Additional work should specify the interface for the instantaneous market revenue so that the Coretime-chain can ensure Bulk Coretime placed in the instantaneous market is properly compensated.
@@ -4415,7 +4754,7 @@
+
Robert Habermeier initially wrote on the subject of Polkadot blockspace-centric in the article Polkadot Blockspace over Blockchains. While not going into details, the article served as an early reframing piece for moving beyond one-slot-per-chain models and building out secondary market infrastructure for resource allocation.
(source)
Table of Contents
@@ -4448,10 +4787,10 @@
+
In the Agile Coretime model of the Polkadot Ubiquitous Computer, as proposed in RFC-1 and RFC-3, it is necessary for the allocating parachain (envisioned to be one or more pallets on a specialised Brokerage System Chain) to communicate the core assignments to the Relay-chain, which is responsible for ensuring those assignments are properly enacted.
This is a proposal for the interface which will exist around the Relay-chain in order to communicate this information and instructions.
-
+
The background motivation for this interface is splitting out coretime allocation functions and secondary markets from the Relay-chain onto System parachains. A well-understood and general interface is necessary for ensuring the Relay-chain receives coretime allocation instructions from one or more System chains without introducing dependencies on the implementation details of either side.
@@ -4463,7 +4802,7 @@ The interface MUST allow for the allocating chain to instruct changes to the number of cores which it is able to allocate.
- The interface MUST allow for the allocating chain to be notified of changes to the number of cores which are able to be allocated by the allocating chain.
-
+
Primary stakeholder sets are:
- Developers of the Relay-chain core-management logic.
@@ -4471,7 +4810,7 @@
Socialization:
This content of this RFC was discussed in the Polkdot Fellows channel.
-
+
The interface has two sections: The messages which the Relay-chain is able to receive from the allocating parachain (the UMP message types), and messages which the Relay-chain is able to send to the allocating parachain (the DMP message types). These messages are expected to be able to be implemented in a well-known pallet and called with the XCM Transact instruction.
Future work may include these messages being introduced into the XCM standard.
@@ -4546,17 +4885,17 @@
-
+
- Infrastructure providers (people who run validator/collator nodes)
- Polkadot Treasury
-
+
This protocol builds on the existing
Collator Selection pallet
and its notion of Invulnerables. Invulnerables are collators (identified by their AccountIds) who
@@ -4685,27 +5024,27 @@
of which 15 are Invulnerable, and
five are elected by bond.
-
+
The primary drawback is a reliance on governance for continued treasury funding of infrastructure
costs for Invulnerable collators.
-
+
The vast majority of cases can be covered by unit testing. Integration test should ensure that the
Collator Selection UpdateOrigin, which has permission to modify the Invulnerables and desired
number of Candidates, can handle updates over XCM from the system's governance location.
-
+
This proposal has very little impact on most users of Polkadot, and should improve the performance
of system chains by reducing the number of missed blocks.
-
+
As chains have strict PoV size limits, care must be taken in the PoV impact of the session manager.
Appropriate benchmarking and tests should ensure that conservative limits are placed on the number
of Invulnerables and Candidates.
-
+
The primary group affected is Candidate collators, who, after implementation of this RFC, will need
to compete in a bond-based election rather than a race to claim a Candidate spot.
-
+
This RFC is compatible with the existing implementation and can be handled via upgrades and
migration.
-
+
- GitHub: Collator Selection Roadmap
@@ -4720,9 +5059,9 @@ None at this time.
-
+
There may exist in the future system chains for which this model of collator selection is not
appropriate. These chains should be evaluated on a case-by-case basis.
(source)
@@ -4761,10 +5100,10 @@ | Authors | Pierre Krieger |
-
+
The full nodes of the Polkadot peer-to-peer network maintain a distributed hash table (DHT), which is currently used for full nodes discovery and validators discovery purposes.
This RFC proposes to extend this DHT to be used to discover full nodes of the parachains of Polkadot.
-
+
The maintenance of bootnodes has long been an annoyance for everyone.
When a bootnode is newly-deployed or removed, every chain specification must be updated in order to take the update into account. This has lead to various non-optimal solutions, such as pulling chain specifications from GitHub repositories.
When it comes to RPC nodes, UX developers often have trouble finding up-to-date addresses of parachain RPC nodes. With the ongoing migration from RPC nodes to light clients, similar problems would happen with chain specifications as well.
@@ -4773,9 +5112,9 @@ Because the list of bootnodes in chain specifications is so annoying to modify, the consequence is that the number of bootnodes is rather low (typically between 2 and 15). In order to better resist downtimes and DoS attacks, a better solution would be to use every node of a certain chain as potential bootnode, rather than special-casing some specific nodes.
While this RFC doesn't solve these problems for relay chains, it aims at solving it for parachains by storing the list of all the full nodes of a parachain on the relay chain DHT.
Assuming that this RFC is implemented, and that light clients are used, deploying a parachain wouldn't require more work than registering it onto the relay chain and starting the collators. There wouldn't be any need for special infrastructure nodes anymore.
-
+
This RFC has been opened on my own initiative because I think that this is a good technical solution to a usability problem that many people are encountering and that they don't realize can be solved.
-
+
The content of this RFC only applies for parachains and parachain nodes that are "Substrate-compatible". It is in no way mandatory for parachains to comply to this RFC.
Note that "Substrate-compatible" is very loosely defined as "implements the same mechanisms and networking protocols as Substrate". The author of this RFC believes that "Substrate-compatible" should be very precisely specified, but there is controversy on this topic.
While a lot of this RFC concerns the implementation of parachain nodes, it makes use of the resources of the Polkadot chain, and as such it is important to describe them in the Polkadot specification.
@@ -4812,10 +5151,10 @@
+
The peer_id and addrs fields are in theory not strictly needed, as the PeerId and addresses could be always equal to the PeerId and addresses of the node being registered as the provider and serving the response. However, the Cumulus implementation currently uses two different networking stacks, one of the parachain and one for the relay chain, using two separate PeerIds and addresses, and as such the PeerId and addresses of the other networking stack must be indicated. Asking them to use only one networking stack wouldn't feasible in a realistic time frame.
The values of the genesis_hash and fork_id fields cannot be verified by the requester and are expected to be unused at the moment. Instead, a client that desires connecting to a parachain is expected to obtain the genesis hash and fork ID of the parachain from the parachain chain specification. These fields are included in the networking protocol nonetheless in case an acceptable solution is found in the future, and in order to allow use cases such as discovering parachains in a not-strictly-trusted way.
-
+
Because not all nodes want to be used as bootnodes, implementers are encouraged to provide a way to disable this mechanism. However, it is very much encouraged to leave this mechanism on by default for all parachain nodes.
This mechanism doesn't add or remove any security by itself, as it relies on existing mechanisms.
However, if the principle of chain specification bootnodes is entirely replaced with the mechanism described in this RFC (which is the objective), then it becomes important whether the mechanism in this RFC can be abused in order to make a parachain unreachable.
@@ -4824,22 +5163,22 @@
-
+
+
The DHT mechanism generally has a low overhead, especially given that publishing providers is done only every 24 hours.
Doing a Kademlia iterative query then sending a provider record shouldn't take more than around 50 kiB in total of bandwidth for the parachain bootnode.
Assuming 1000 parachain full nodes, the 20 Polkadot full nodes corresponding to a specific parachain will each receive a sudden spike of a few megabytes of networking traffic when the key rotates. Again, this is relatively negligible. If this becomes a problem, one can add a random delay before a parachain full node registers itself to be the provider of the key corresponding to BabeApi_next_epoch.
Maybe the biggest uncertainty is the traffic that the 20 Polkadot full nodes will receive from light clients that desire knowing the bootnodes of a parachain. Light clients are generally encouraged to cache the peers that they use between restarts, so they should only query these 20 Polkadot full nodes at their first initialization.
If this every becomes a problem, this value of 20 is an arbitrary constant that can be increased for more redundancy.
-
+
Irrelevant.
-
+
Irrelevant.
-
+
None.
-
+
While it fundamentally doesn't change much to this RFC, using BabeApi_currentEpoch and BabeApi_nextEpoch might be inappropriate. I'm not familiar enough with good practices within the runtime to have an opinion here. Should it be an entirely new pallet?
-
+
It is possible that in the future a client could connect to a parachain without having to rely on a trusted parachain specification.
(source)
Table of Contents
@@ -4860,13 +5199,13 @@
+
The Polkadot UC will generate revenue from the sale of available Coretime. The question then arises: how should we handle these revenues? Broadly, there are two reasonable paths – burning the revenue and thereby removing it from total issuance or divert it to the Treasury. This Request for Comment (RFC) presents arguments favoring burning as the preferred mechanism for handling revenues from Coretime sales.
-
+
How to handle the revenue accrued from Coretime sales is an important economic question that influences the value of DOT and should be properly discussed before deciding for either of the options. Now is the best time to start this discussion.
-
+
Polkadot DOT token holders.
-
+
This RFC discusses potential benefits of burning the revenue accrued from Coretime sales instead of diverting them to Treasury. Here are the following arguments for it.
It's in the interest of the Polkadot community to have a consistent and predictable Treasury income, because volatility in the inflow can be damaging, especially in situations when it is insufficient. As such, this RFC operates under the presumption of a steady and sustainable Treasury income flow, which is crucial for the Polkadot community's stability. The assurance of a predictable Treasury income, as outlined in a prior discussion here, or through other equally effective measures, serves as a baseline assumption for this argument.
Consequently, we need not concern ourselves with this particular issue here. This naturally begs the question - why should we introduce additional volatility to the Treasury by aligning it with the variable Coretime sales? It's worth noting that Coretime revenues often exhibit an inverse relationship with periods when Treasury spending should ideally be ramped up. During periods of low Coretime utilization (indicated by lower revenue), Treasury should spend more on projects and endeavours to increase the demand for Coretime. This pattern underscores that Coretime sales, by their very nature, are an inconsistent and unpredictable source of funding for the Treasury. Given the importance of maintaining a steady and predictable inflow, it's unnecessary to rely on another volatile mechanism. Some might argue that we could have both: a steady inflow (from inflation) and some added bonus from Coretime sales, but burning the revenue would offer further benefits as described below.
@@ -4909,13 +5248,13 @@ | Authors | Joe Petrowski |
-
+
Since the introduction of the Collectives parachain, many groups have expressed interest in forming
new -- or migrating existing groups into -- on-chain collectives. While adding a new collective is
relatively simple from a technical standpoint, the Fellowship will need to merge new pallets into
the Collectives parachain for each new collective. This RFC proposes a means for the network to
ratify a new collective, thus instructing the Fellowship to instate it in the runtime.
-
+
Many groups have expressed interest in representing collectives on-chain. Some of these include:
- Parachain technical fellowship (new)
@@ -4931,12 +5270,12 @@
-
+
- Polkadot stakeholders who would like to organize on-chain.
- Technical Fellowship, in its role of maintaining system runtimes.
-
+
The group that wishes to operate an on-chain collective should publish the following information:
- Charter, including the collective's mandate and how it benefits Polkadot. This would be similar
@@ -4970,22 +5309,22 @@
-
+
Please suggest a better name for BlockExecutiveMode. We already tried: RuntimeExecutiveMode,
ExtrinsicInclusionMode. The names of the modes Normal and Minimal were also called
AllExtrinsics and OnlyInherents, so if you have naming preferences; please post them.
=> renamed to ExtrinsicInclusionMode
Is post_inherents more consistent instead of last_inherent? Then we should change it.
=> renamed to last_inherent
-
+
The long-term future here is to move the block building logic into the runtime. Currently there is a tight dance between the block author and the runtime; the author has to call into different runtime functions in quick succession and exact order. Any misstep causes the block to be invalid.
This can be unified and simplified by moving both parts into the runtime.
(source)
@@ -5127,14 +5466,14 @@ | Authors | Bryan Chen |
-
+
This RFC proposes a set of changes to the parachain lock mechanism. The goal is to allow a parachain manager to self-service the parachain without root track governance action.
This is achieved by remove existing lock conditions and only lock a parachain when:
- A parachain manager explicitly lock the parachain
- OR a parachain block is produced successfully
-
+
The manager of a parachain has permission to manage the parachain when the parachain is unlocked. Parachains are by default locked when onboarded to a slot. This requires the parachain wasm/genesis must be valid, otherwise a root track governance action on relaychain is required to update the parachain.
The current reliance on root track governance actions for managing parachains can be time-consuming and burdensome. This RFC aims to address this technical difficulty by allowing parachain managers to take self-service actions, rather than relying on general public voting.
The key scenarios this RFC seeks to improve are:
@@ -5153,12 +5492,12 @@ A parachain SHOULD be locked when it successfully produced the first block.
- A parachain manager MUST be able to perform lease swap without having a running parachain.
-
+
- Parachain teams
- Parachain users
-
+
A parachain can either be locked or unlocked. With parachain locked, the parachain manager does not have any privileges. With parachain unlocked, the parachain manager can perform following actions with the paras_registrar pallet:
@@ -5198,31 +5537,31 @@
- Parachain never produced a block. Including from expired leases.
- Parachain manager never explicitly lock the parachain.
-
+
Parachain locks are designed in such way to ensure the decentralization of parachains. If parachains are not locked when it should be, it could introduce centralization risk for new parachains.
For example, one possible scenario is that a collective may decide to launch a parachain fully decentralized. However, if the parachain is unable to produce block, the parachain manager will be able to replace the wasm and genesis without the consent of the collective.
It is considered this risk is tolerable as it requires the wasm/genesis to be invalid at first place. It is not yet practically possible to develop a parachain without any centralized risk currently.
Another case is that a parachain team may decide to use crowdloan to help secure a slot lease. Previously, creating a crowdloan will lock a parachain. This means crowdloan participants will know exactly the genesis of the parachain for the crowdloan they are participating. However, this actually providers little assurance to crowdloan participants. For example, if the genesis block is determined before a crowdloan is started, it is not possible to have onchain mechanism to enforce reward distributions for crowdloan participants. They always have to rely on the parachain team to fulfill the promise after the parachain is alive.
Existing operational parachains will not be impacted.
-
+
The implementation of this RFC will be tested on testnets (Rococo and Westend) first.
An audit maybe required to ensure the implementation does not introduce unwanted side effects.
There is no privacy related concerns.
-
+
This RFC should not introduce any performance impact.
-
+
This RFC should improve the developer experiences for new and existing parachain teams
-
+
This RFC is fully compatibility with existing interfaces.
-
+
- Parachain Slot Extension Story: https://github.com/paritytech/polkadot/issues/4758
- Allow parachain to renew lease without actually run another parachain: https://github.com/paritytech/polkadot/issues/6685
- Always treat parachain that never produced block for a significant amount of time as unlocked: https://github.com/paritytech/polkadot/issues/7539
-
+
None at this stage.
-
+
This RFC is only intended to be a short term solution. Slots will be removed in future and lock mechanism is likely going to be replaced with a more generalized parachain manage & recovery system in future. Therefore long term impacts of this RFC are not considered.
-
+
The Relay Chain contains most of the core logic for the Polkadot network. While this was necessary
prior to the launch of parachains and development of XCM, most of this logic can exist in
parachains. This is a proposal to migrate several subsystems into system parachains.
-
+
Polkadot's scaling approach allows many distinct state machines (known generally as parachains) to
operate with common guarantees about the validity and security of their state transitions. Polkadot
provides these common guarantees by executing the state transitions on a strict subset (a backing
@@ -6223,13 +6562,13 @@
By minimising state transition logic on the Relay Chain by migrating it into "system chains" -- a
set of parachains that, with the Relay Chain, make up the Polkadot protocol -- the Polkadot
Ubiquitous Computer can maximise its primary offering: secure blockspace.
-
+
- Parachains that interact with affected logic on the Relay Chain;
- Core protocol and XCM format developers;
- Tooling, block explorer, and UI developers.
-
+
The following pallets and subsystems are good candidates to migrate from the Relay Chain:
- Identity
@@ -6375,36 +6714,36 @@
Staking is the subsystem most constrained by PoV limits. Ensuring that elections, payouts, session
changes, offences/slashes, etc. work in a parachain on Kusama -- with its larger validator set --
will give confidence to the chain's robustness on Polkadot.
-
+
These subsystems will have reduced resources in cores than on the Relay Chain. Staking in particular
may require some optimizations to deal with constraints.
-
+
Standard audit/review requirements apply. More powerful multi-chain integration test tools would be
useful in developement.
-
+
Describe the impact of the proposal on the exposed functionality of Polkadot.
-
+
This is an optimization. The removal of public/user transactions on the Relay Chain ensures that its
primary resources are allocated to system performance.
-
+
This proposal alters very little for coretime users (e.g. parachain developers). Application
developers will need to interact with multiple chains, making ergonomic light client tools
particularly important for application development.
For existing parachains that interact with these subsystems, they will need to configure their
runtimes to recognize the new locations in the network.
-
+
Implementing this proposal will require some changes to pallet APIs and/or a pub-sub protocol.
Application developers will need to interact with multiple chains in the network.
-
+
-
+
There remain some implementation questions, like how to use balances for both Staking and
Governance. See, for example, Moving Staking off the Relay
Chain.
-
+
Ideally the Relay Chain becomes transactionless, such that not even balances are represented there.
With Staking and Governance off the Relay Chain, this is not an unreasonable next step.
With Identity on Polkadot, Kusama may opt to drop its People Chain.
@@ -6439,13 +6778,13 @@
+
At the moment, we have system_version field on RuntimeVersion that derives which state version is used for the
Storage.
We have a use case where we want extrinsics root is derived using StateVersion::V1. Without defining a new field
under RuntimeVersion,
we would like to propose adding system_version that can be used to derive both storage and extrinsic state version.
-
+
Since the extrinsic state version is always StateVersion::V0, deriving extrinsic root requires full extrinsic data.
This would be problematic when we need to verify the extrinsics root if the extrinsic sizes are bigger. This problem is
further explored in https://github.com/polkadot-fellows/RFCs/issues/19
@@ -6457,11 +6796,11 @@ StateVersion::V1, then we do not need to pass the full extrinsic data but
rather at maximum, 32 byte of extrinsic data.
-
+
- Technical Fellowship, in its role of maintaining system runtimes.
-
+
In order to use project specific StateVersion for extrinsic roots, we proposed
an implementation that introduced
parameter to frame_system::Config but that unfortunately did not feel correct.
@@ -6487,26 +6826,26 @@
system_version: 1,
};
}
-
+
There should be no drawbacks as it would replace state_version with same behavior but documentation should be updated
so that chains know which system_version to use.
-
+
AFAIK, should not have any impact on the security or privacy.
-
+
These changes should be compatible for existing chains if they use state_version value for system_verision.
-
+
I do not believe there is any performance hit with this change.
-
+
This does not break any exposed Apis.
-
+
This change should not break any compatibility.
-
+
We proposed introducing a similar change by introducing a
parameter to frame_system::Config but did not feel that
is the correct way of introducing this change.
-
+
I do not have any specific questions about this change at the moment.
-
+
IMO, this change is pretty self-contained and there won't be any future work necessary.
(source)
Table of Contents
@@ -6535,9 +6874,9 @@
+
This RFC proposes a new host function for parachains, storage_proof_size. It shall provide the size of the currently recorded storage proof to the runtime. Runtime authors can use the proof size to improve block utilization by retroactively reclaiming unused storage weight.
-
+
The number of extrinsics that are included in a parachain block is limited by two constraints: execution time and proof size. FRAME weights cover both concepts, and block-builders use them to decide how many extrinsics to include in a block. However, these weights are calculated ahead of time by benchmarking on a machine with reference hardware. The execution-time properties of the state-trie and its storage items are unknown at benchmarking time. Therefore, we make some assumptions about the state-trie:
- Trie Depth: We assume a trie depth to account for intermediary nodes.
@@ -6546,12 +6885,12 @@ These pessimistic assumptions lead to an overestimation of storage weight, negatively impacting block utilization on parachains.
In addition, the current model does not account for multiple accesses to the same storage items. While these repetitive accesses will not increase storage-proof size, the runtime-side weight monitoring will account for them multiple times. Since the proof size is completely opaque to the runtime, we can not implement retroactive storage weight correction.
A solution must provide a way for the runtime to track the exact storage-proof size consumed on a per-extrinsic basis.
-
+
- Parachain Teams: They MUST include this host function in their runtime and node.
- Light-client Implementors: They SHOULD include this host function in their runtime and node.
-
+
This RFC proposes a new host function that exposes the storage-proof size to the runtime. As a result, runtimes can implement storage weight reclaiming mechanisms that improve block utilization.
This RFC proposes the following host function signature:
#![allow(unused)]
@@ -6559,14 +6898,14 @@
fn ext_storage_proof_size_version_1() -> u64;
}
The host function MUST return an unsigned 64-bit integer value representing the current proof size. In block-execution and block-import contexts, this function MUST return the current size of the proof. To achieve this, parachain node implementors need to enable proof recording for block imports. In other contexts, this function MUST return 18446744073709551615 (u64::MAX), which represents disabled proof recording.
-
-
+
+
Parachain nodes need to enable proof recording during block import to correctly implement the proposed host function. Benchmarking conducted with balance transfers has shown a performance reduction of around 0.6% when proof recording is enabled.
-
+
The host function proposed in this RFC allows parachain runtime developers to keep track of the proof size. Typical usage patterns would be to keep track of the overall proof size or the difference between subsequent calls to the host function.
-
+
Parachain teams will need to include this host function to upgrade.
-
+
- Pull Request including proposed host function: PoV Reclaim (Clawback) Node Side.
- Issue with discussion: [FRAME core] Clawback PoV Weights For Dispatchables
@@ -6620,12 +6959,12 @@ This RFC proposes changing the current deposit requirements on the Polkadot and Kusama Asset Hub for
creating an NFT collection, minting an individual NFT, and lowering its corresponding metadata and
attribute deposits. The objective is to lower the barrier to entry for NFT creators, fostering a
more inclusive and vibrant ecosystem while maintaining network integrity and preventing spam.
-
+
The current deposit of 10 DOT for collection creation (along with 0.01 DOT for item deposit and 0.2
DOT for metadata and attribute deposits) on the Polkadot Asset Hub and 0.1 KSM on Kusama Asset Hub
presents a significant financial barrier for many NFT creators. By lowering the deposit
@@ -6642,7 +6981,7 @@
- Deposits SHOULD be derived from
deposit function, adjusted by correspoding pricing mechansim.
-
+
- NFT Creators: Primary beneficiaries of the proposed change, particularly those who found the
current deposit requirements prohibitive.
@@ -6656,7 +6995,7 @@
+
Modifying deposit requirements necessitates a balanced assessment of the potential drawbacks.
Highlighted below are cogent points extracted from the discourse on the Polkadot Forum
conversation,
@@ -6756,22 +7095,22 @@
Polkadot Asset Hub and 191 on Kusama Asset Hub with a relatively low volume.
-
+
As noted above, state bloat is a security concern. In the case of abuse, governance could adapt by
increasing deposit rates and/or using forceDestroy on collections agreed to be spam.
-
-
+
+
The primary performance consideration stems from the potential for state bloat due to increased
activity from lower deposit requirements. It's vital to monitor and manage this to avoid any
negative impact on the chain's performance. Strategies for mitigating state bloat, including
efficient data management and periodic reviews of storage requirements, will be essential.
-
+
The proposed change aims to enhance the user experience for artists, traders, and utilizers of
Kusama and Polkadot Asset Hubs, making Polkadot and Kusama more accessible and user-friendly.
-
+
The change does not impact compatibility as a redeposit function is already implemented.
-
+
If this RFC is accepted, there should not be any unresolved questions regarding how to adapt the
implementation of deposits for NFT collections.
@@ -6859,11 +7198,11 @@
+
Propose a way of permuting the availability chunk indices assigned to validators, in the context of
recovering available data from systematic chunks, with the
purpose of fairly distributing network bandwidth usage.
-
+
Currently, the ValidatorIndex is always identical to the ChunkIndex. Since the validator array is only shuffled once
per session, naively using the ValidatorIndex as the ChunkIndex would pose an unreasonable stress on the first N/3
validators during an entire session, when favouring availability recovery from systematic chunks.
@@ -6871,9 +7210,9 @@
-
+
Relay chain node core developers.
-
+
An erasure coding algorithm is considered systematic if it preserves the original unencoded data as part of the
resulting code.
@@ -7027,7 +7366,7 @@
-
+
Execution fees are handled correctly by XCM right now.
However, the addition of extra fees, like for message delivery, result in awkward ways of integrating them into the XCVM implementation.
This is because these types of fees are not included in the language.
@@ -9018,14 +9357,14 @@
-
+
- Runtime Users
- Runtime Devs
- Wallets
- dApps
-
+
The new instruction that will replace BuyExecution is a much simpler and general version: PayFees.
This instruction takes one Asset, takes it from the holding register, and puts it into a new fees register.
The XCVM implementation can now use this Asset to make sure every necessary fee is paid for, this includes execution fees, delivery fees, and any other type of fee
@@ -9056,27 +9395,27 @@
PayFees { asset }
// ...rest
}
-
+
There needs to be an explicit change from BuyExecution to PayFees, most often accompanied by a reduction in the assets passed in.
-
+
It might become a security concern if leftover fees are trapped, since a lot of them are expected.
-
-
+
+
There should be no performance downsides to this approach.
The fees register is a simplification that may actually result in better performance, in the case an implementation is doing a workaround to achieve what this RFC proposes.
-
+
The interface is going to be very similar to the already existing one.
Even simpler since PayFees will only receive one asset.
That asset will allow users to limit the amount of fees they are willing to pay.
-
+
This RFC can't just change the semantics of the BuyExecution instruction since that instruction accepts any funds, uses what it needs and returns the rest immediately.
The new proposed instruction, PayFees, doesn't return the leftover immediately, it keeps it in the fees register.
In practice, the deprecated BuyExecution needs to be slowly rolled out in favour of PayFees.
-
+
The closed RFC PR on the xcm-format repository, before XCM RFCs got moved to fellowship RFCs: https://github.com/polkadot-fellows/xcm-format/pull/53.
-
+
None
-
+
This proposal would greatly benefit from an improved asset trapping system.
CustomAssetClaimer is also related, as it directly improves the ergonomics of this proposal.
LeftoverAssetsDestination execution hint would also similarly improve the ergonomics.
@@ -9112,12 +9451,12 @@
+
A previous XCM RFC (https://github.com/polkadot-fellows/xcm-format/pull/37) introduced a SetAssetClaimer instruction.
This idea of instructing the XCVM to change some implementation-specific behavior is useful.
In order to generalize this mechanism, this RFC introduces a new instruction SetHints
and makes the SetAssetClaimer be just one of many possible execution hints.
-
+
There is a need for specifying how certain implementation-specific things should behave.
Things like who can claim the assets or what can be done instead of trapping assets.
Another idea for a hint:
@@ -9125,13 +9464,13 @@ AssetForFees: to signify to the executor what asset the user prefers to use for fees.
LeftoverAssetsDestination: for depositing leftover assets to a destination instead of trapping them
-
+
- Runtime devs
- Wallets
- dApps
-
+
A new instruction, SetHints, will be added.
This instruction will take a single parameter of type Hint, an enumeration.
The first variant for this enum is AssetClaimer, which allows to specify a location that should be able to claim trapped assets.
@@ -9152,27 +9491,27 @@
type NumVariants = /* Number of variants of the `Hint` enum */;
}
-
+
The SetHints instruction might be hard to benchmark, since we should look into the actual hints being set to know how much weight to attribute to it.
-
+
Hints are specified on a per-message basis, so they have to be specified at the beginning of a message.
If they were to be specified at the end, hints like AssetClaimer would be useless if an error occurs beforehand and assets get trapped before ever reaching the hint.
The instruction takes a bounded vector of hints so as to not force barriers to allow an arbitrary number of SetHint instructions.
-
-
+
+
None.
-
+
The SetHints instruction provides a better integration with barriers.
If we had to add one barrier for SetAssetClaimer and another for each new hint that's added, barriers would need to be changed all the time.
Also, this instruction would make it simpler to write XCM programs.
You only need to specify the hints you want in one single instruction at the top of your program.
-
+
None.
-
+
The previous RFC PR in the xcm-format repository before XCM RFCs moved to fellowship RFCs: https://github.com/polkadot-fellows/xcm-format/pull/59.
-
+
None.
-
+
None.
(source)
Table of Contents
@@ -9205,376 +9544,37 @@
+
This RFC aims to remove the NetworkIds of Westend and Rococo, arguing that testnets shouldn't go in the language.
-
+
We've already seen the plans to phase out Rococo and Paseo has appeared.
Instead of constantly changing the testnets included in the language, we should favor specifying them via their genesis hash,
using NetworkId::ByGenesis.
-
+
- Runtime devs
- Wallets
- dApps
-
+
Remove Westend and Rococo from the included NetworkIds in the language.
-
+
This RFC will make it less convenient to specify a testnet, but not by a large amount.
-
+
None.
-
-
+
+
None.
-
+
It will very slightly reduce the ergonomics of testnet developers but improve the stability of the language.
-
+
NetworkId::Rococo and NetworkId::Westend can just use NetworkId::ByGenesis, as can other testnets.
-
+
A previous attempt to add NetworkId::Paseo: https://github.com/polkadot-fellows/xcm-format/pull/58.
-
+
None.
-
+
None.
-(source)
-Table of Contents
-
-
- | |
|---|
-| Start Date | 13 July 2024 |
-| Description | Implement off-chain parachain runtime upgrades |
-| Authors | eskimor |
-
-
Change the upgrade process of a parachain runtime upgrade to become an off-chain
-process with regards to the relay chain. Upgrades are still contained in
-parachain blocks, but will no longer need to end up in relay chain blocks nor in
-relay chain state.
-
-Having parachain runtime upgrades go through the relay chain has always been
-seen as a scalability concern. Due to optimizations in statement
-distribution and asynchronous backing it became less crucial and got
-de-prioritized, the original issue can be found
-here.
-With the introduction of Agile Coretime and in general our efforts to reduce
-barrier to entry more for Polkadot more, the issue becomes more relevant again:
-We would like to reduce the required storage deposit for PVF registration, with
-the aim to not only make it cheaper to run a parachain (bulk + on-demand
-coretime), but also reduce the amount of capital required for the deposit. With
-this we would hope for far more parachains to get registered, thousands
-potentially even ten thousands. With so many PVFs registered, updates are
-expected to become more frequent and even attacks on service quality for other
-parachains would become a higher risk.
-
-
-- Parachain Teams
-- Relay Chain Node implementation teams
-- Relay Chain runtime developers
-
-
-The issues with on-chain runtime upgrades are:
-
-- Needlessly costly.
-- A single runtime upgrade more or less occupies an entire relay chain block, thus it
-might affect also other parachains, especially if their candidates are also
-not negligible due to messages for example or they want to uprade their
-runtime at the same time.
-- The signalling of the parachain to notify the relay chain of an upcoming
-runtime upgrade already contains the upgrade. Therefore the only way to rate
-limit upgrades is to drop an already distributed update in the size of
-megabytes: With the result that the parachain missed a block and more
-importantly it will try again with the very next block, until it finally
-succeeds. If we imagine to reduce capacity of runtime upgrades to let's say 1
-every 100 relay chain blocks, this results in lot's of wasted effort and lost
-blocks.
-
-We discussed introducing a separate signalling before submitting the actual
-runtime, but I think we should just go one step further and make upgrades fully
-off-chain. Which also helps bringing down deposit costs in a secure way, as we
-are also actually reducing costs for the network.
-
-As part of elastic scaling we are already planning to increase flexibility of UMP
-messages, we can now use this to our advantage and introduce another UMP message:
-#![allow(unused)]
-fn main() {
-enum UMPSignal {
- // For elastic scaling
- OnCore(CoreIndex),
- // For off-chain upgrades
- RequestCodeUpgrade(Hash),
-}
-}
-We could also make that new message a regular XCM, calling an extrinsic on the
-relay chain, but we will want to look into that message right after validation
-on the backers on the node side, making a straight forward semantic message more
-apt for the purpose.
-
-We will introduce a new request/response protocol for both collators and
-validators, with the following request/response:
-#![allow(unused)]
-fn main() {
-struct RequestBlob {
- blob_hash: Hash,
-}
-
-struct BlobResponse {
- blob: Vec<u8>
-}
-}
-This protocol will be used by backers to request the PVF from collators in the
-following conditions:
-
-- They received a collation sending
RequestCodeUpgrade.
-- They received a collation, but they don't yet have the code that was
-previously registered on the relaychain. (E.g. disk pruned, new validator)
-
-In case they received the collation via PoV distribution instead of from the
-collator itself, they will use the exact same message to fetch from the valiator
-they got the PoV from.
-
-Once the candidate issuing RequestCodeUpgrade got backed on chain, validators
-will start fetching the code from the backers as part of availability
-distribution.
-To mitigate attack vectors we should make sure that serving requests for code
-can be treated as low priority requests. Thus I am suggesting the following
-scheme:
-Validators will notice via a runtime API (TODO: Define) that a new code has been requested, the
-API will return the Hash and a counter, which starts at some configurable
-value e.g. 10. The validators are now aware of the new hash and start fetching,
-but they don't have to wait for the fetch to succeed to sign their bitfield.
-Then on each further candidate from that chain that counter gets decremented.
-Validators which have not yet succeeded fetching will now try again. This game
-continues until the counter reached 0. Now it is mandatory to have to code in
-order to sign a 1 in the bitfield.
-PVF pre-checking will happen after the candidate which brought the counter to
-0 has been successfully included and thus is also able to assume that 2/3 of
-the validators have the code.
-This scheme serves two purposes:
-
-- Fetching can happen over a longer period of time with low priority. E.g. if
-we waited for the PVF at the very first avaialbility distribution, this might
-actually affect liveness of other chains on the same core. Distributing
-megabytes of data to a thousand validators, might take a bit. Thus this helps
-isolating parachains from each other.
-- By configuring the initial counter value we can affect how much an upgrade
-costs. E.g. forcing the parachain to produce 10 blocks, means 10x the cost
-for issuing an update. If too frequent upgrades ever become a problem for the
-system, we have a knob to make them more costly.
-
-
-First when a candidate is backed we need to make the new hash available
-(together with a counter) via a
-runtime API so validators in availability distribution can check for it and
-fetch it if changed (see previous section). For performance reasons, I think we
-should not do an additional call, but replace the existing one with one containing the new additional information (Option<(Hash, Counter)>).
-Once the candidate gets included (counter 0), the hash is given to pre-checking
-and only after pre-checking succeeded (and a full session passed) it is finally
-enacted and the parachain can switch to the new code. (Same process as it used
-to be.)
-
-
-If a backer receives a collation for a parachain it does not yet have the code
-as enacted on chain (see "On-chain code upgrade process"), it will use above
-request/response protocol to fetch it from whom it received the collation.
-
-Validators in availability distribution will be changed to only sign a 1 in
-the bitfield of a candidate if they not only have the chunk, but also the
-currently active PVF. They will fetch it from backers in case they don't have it
-yet.
-
-Two ways:
-
-- Discover collators via relay chain DHT and request from them: Preferred way,
-as it is less load on validators.
-- Request from validators, which will serve on a best effort basis.
-
-
-We covered how validators get hold of new code, but when can they prune old ones?
-In principle it is not an issue, if some validors prune code, because:
-
-- We changed it so that a candidate is not deemed available if validators were
-not able to fetch the PVF.
-- Backers can always fetch the PVF from collators as part of the collation
-fetching.
-
-But the majority of validators should always keep the latest code of any
-parachain and only prune the previous one, once the first candidate using the
-new code got finalized. This ensures that disputes will always be able to
-resolve.
-
-The major drawback of this solution is the same as any solution the moves work
-off-chain, it adds complexity to the node. E.g. nodes needing the PVF, need to
-store them separately, together with their own pruning strategy as well.
-
-Implementations adhering to this RFC, will respond to PVF requests with the
-actual PVF, if they have it. Requesters will persist received PVFs on disk for
-as long as they are replaced by a new one. Implementations must not be lazy
-here, if validators only fetched the PVF when needed, they can be prevented from
-participating in disputes.
-Validators should treat incoming requests for PVFs in general with rather low
-priority, but should prefer fetches from other validators over requests from
-random peers.
-Given that we are altering what set bits in the availability bitfields mean (not
-only chunk, but also PVF available), it is important to have enough validators
-upgraded, before we allow collators to make use of the new runtime upgrade
-mechanism. Otherwise we would risk disputes to not being able to succeed.
-This RFC has no impact on privacy.
-
-
-This proposal lightens the load on the relay chain and is thus in general
-beneficial for the performance of the network, this is achieved by the
-following:
-
-- Code upgrades are still propagated to all validators, but only once, not
-twice (First statements, then via the containing relay chain block).
-- Code upgrades are only communicated to validators and other nodes which are
-interested, not any full node as it has been before.
-- Relay chain block space is preserved. Previously we could only do one runtime
-upgrade per relay chain block, occupying almost all of the blockspace.
-- Signalling an upgrade no longer contains the upgrade, hence if we need to
-push back on an upgrade for whatever reason, no network bandwidth and core
-time gets wasted because of this.
-
-
-End users are only affected by better performance and more stable block times.
-Parachains will need to implement the introduced request/response protocol and
-adapt to the new signalling mechanism via an UMP message, instead of sending
-the code upgrade directly.
-For parachain operators we should emit events on initiated runtime upgrade and
-each block reporting the current counter and how many blocks to go until the
-upgrade gets passed to pre-checking. This is especially important for on-demand
-chains or bulk users not occupying a full core. Further more that behaviour of
-requiring multiple blocks to fully initiate a runtime upgrade needs to be well
-documented.
-
-We will continue to support the old mechanism for code upgrades for a while, but
-will start to impose stricter limits over time, with the number of registered
-parachains going up. With those limits in place parachains not migrating to the
-new scheme might be having a harder time upgrading and will miss more blocks. I
-guess we can be lenient for a while still, so the upgrade path for
-parachains should be rather smooth.
-In total the protocol changes we need are:
-For validators and collators:
-
-- New request/response protocol for fetching PVF data from collators and
-validators.
-- New UMP message type for signalling a runtime upgrade.
-
-Only for validators:
-
-- New runtime API for determining to be enacted code upgrades.
-- Different behaviour of bitfields (only sign a 1 bit, if validator has chunk +
-"hot" PVF).
-- Altered behaviour in availability-distribution: Fetch missing PVFS.
-
-
-Off-chain runtime upgrades have been discussed before, the architecture
-described here is simpler though as it piggybacks on already existing features,
-namely:
-
-- availability-distribution: No separate
I have code messages anymore.
-- Existing pre-checking.
-
-https://github.com/paritytech/polkadot-sdk/issues/971
-
-
-- What about the initial runtime, shall we make that off-chain as well?
-- Good news, at least after the first upgrade, no code will be stored on chain
-any more, this means that we also have to redefine the storage deposit now.
-We no longer charge for chain storage, but validator disk storage -> Should
-be cheaper. Solution to this: Not only store the hash on chain, but also the
-size of the data. Then define a price per byte and charge that, but:
-
-- how do we charge - I guess deposit has to be provided via other means,
-runtime upgrade fails if not provided.
-- how do we signal to the chain that the code is too large for it to reject
-the upgrade? Easy: Make available and vote nay in pre-checking.
-
-
-
-TODO: Fully resolve these questions and incorporate in RFC text.
-
-
-By no longer having code upgrade go through the relay chain, occupying a full relay
-chain block, the impact on other parachains is already greatly reduced, if we
-make distribution and PVF pre-checking low-priority processes on validators. The
-only thing attackers might be able to do is delay upgrades of other parachains.
-Which seems like a problem to be solved once we actually see it as a problem in
-the wild (and can already be mitigated by adjusting the counter). The good thing
-is that we have all the ingredients to go further if need be. Signalling no
-longer actually includes the code, hence there is no need to reject the
-candidate: The parachain can make progress even if we choose not to immediately
-act on the request and no relay chain resources are wasted either.
-We could for example introduce another UMP Signalling message
-RequestCodeUpgradeWithPriority which not just requests a code upgrade, but
-also offers some DOT to get ranked up in a queue.
-
-Making this storage mechanism more general purpose is worth thinking about. E.g.
-by resolving above "fee" question, we might also be able to resolve the pruning
-question in a more generic way and thus could indeed open this storage facility
-for other purposes as well. E.g. smart contracts, so the PoV would only need to
-reference contracts by hash and the actual PoV is stored on validators and
-collators and thus no longer needs to be part of the PoV.
-A possible avenue would be to change the response to:
-#![allow(unused)]
-fn main() {
-enum BlobResponse {
- Blob(Vec<u8>),
- Blobs(MerkleTree),
-}
-}
-With this the hash specified in the request can also be a merkle root and the
-responder will respond with the entire merkle tree (only hashes, no payload).
-Then the requester can traverse the leaf hashes and use the same request
-response protocol to request any locally missing blobs in that tree.
-One leaf would for example be the PVF others could be smart contracts. With a
-properly specified format (e.g. which leaf is the PVF?), what we got here is
-that a parachain can not only update its PVF, but additional data,
-incrementally. E.g. adding another smart contract, does not require resubmitting
-the entire PVF to validators, only the root hash on the relay chain gets
-updated, then validators fetch the merkle tree and only fetch any missing
-leaves. That additional data could be made available to the PVF via a to be
-added host function. The nice thing about this approach is, that while we can
-upgrade incrementally, lifetime is still tied to the PVF and we get all the same
-guarantees. Assuming the validators store blobs by hash, we even get disk
-sharing if multiple parachains use the same data (e.g. same smart contracts).
(source)
Table of Contents
diff --git a/proposed/0000-rewards.html b/proposed/0000-rewards.html
index 0cee252f..f68b83bb 100644
--- a/proposed/0000-rewards.html
+++ b/proposed/0000-rewards.html
@@ -90,7 +90,7 @@
diff --git a/proposed/0004-remove-unnecessary-allocator-usage.html b/proposed/0004-remove-unnecessary-allocator-usage.html
index f3a0763f..de40f53c 100644
--- a/proposed/0004-remove-unnecessary-allocator-usage.html
+++ b/proposed/0004-remove-unnecessary-allocator-usage.html
@@ -90,7 +90,7 @@
diff --git a/proposed/0006-dynamic-pricing-for-bulk-coretime-sales.html b/proposed/0006-dynamic-pricing-for-bulk-coretime-sales.html
index d37d5566..5f1fb2f2 100644
--- a/proposed/0006-dynamic-pricing-for-bulk-coretime-sales.html
+++ b/proposed/0006-dynamic-pricing-for-bulk-coretime-sales.html
@@ -90,7 +90,7 @@
diff --git a/proposed/0009-improved-net-light-client-requests.html b/proposed/0009-improved-net-light-client-requests.html
index be7ce0c1..0552193b 100644
--- a/proposed/0009-improved-net-light-client-requests.html
+++ b/proposed/0009-improved-net-light-client-requests.html
@@ -90,7 +90,7 @@
diff --git a/proposed/0015-market-design-revisit.html b/proposed/0015-market-design-revisit.html
index bcb8bd18..25f86349 100644
--- a/proposed/0015-market-design-revisit.html
+++ b/proposed/0015-market-design-revisit.html
@@ -90,7 +90,7 @@
diff --git a/proposed/0034-xcm-absolute-location-account-derivation.html b/proposed/0034-xcm-absolute-location-account-derivation.html
index 263667d8..58ed321d 100644
--- a/proposed/0034-xcm-absolute-location-account-derivation.html
+++ b/proposed/0034-xcm-absolute-location-account-derivation.html
@@ -90,7 +90,7 @@
diff --git a/proposed/0035-conviction-voting-delegation-modifications.html b/proposed/0035-conviction-voting-delegation-modifications.html
index a3721f96..314eed71 100644
--- a/proposed/0035-conviction-voting-delegation-modifications.html
+++ b/proposed/0035-conviction-voting-delegation-modifications.html
@@ -90,7 +90,7 @@
diff --git a/proposed/0044-rent-based-registration.html b/proposed/0044-rent-based-registration.html
index 95df2601..291077e3 100644
--- a/proposed/0044-rent-based-registration.html
+++ b/proposed/0044-rent-based-registration.html
@@ -90,7 +90,7 @@
diff --git a/proposed/0054-remove-heap-pages.html b/proposed/0054-remove-heap-pages.html
index 5e0e4e78..08046ce1 100644
--- a/proposed/0054-remove-heap-pages.html
+++ b/proposed/0054-remove-heap-pages.html
@@ -90,7 +90,7 @@
diff --git a/proposed/0070-x-track-kusamanetwork.html b/proposed/0070-x-track-kusamanetwork.html
index 65b8efc2..e05ab69d 100644
--- a/proposed/0070-x-track-kusamanetwork.html
+++ b/proposed/0070-x-track-kusamanetwork.html
@@ -90,7 +90,7 @@
diff --git a/proposed/0073-referedum-deposit-track.html b/proposed/0073-referedum-deposit-track.html
index 2f9e3bed..a0e904cc 100644
--- a/proposed/0073-referedum-deposit-track.html
+++ b/proposed/0073-referedum-deposit-track.html
@@ -90,7 +90,7 @@
diff --git a/proposed/0074-stateful-multisig-pallet.html b/proposed/0074-stateful-multisig-pallet.html
index a576b6ef..17400935 100644
--- a/proposed/0074-stateful-multisig-pallet.html
+++ b/proposed/0074-stateful-multisig-pallet.html
@@ -90,7 +90,7 @@
diff --git a/proposed/0077-increase-max-length-of-identity-pgp-fingerprint-value.html b/proposed/0077-increase-max-length-of-identity-pgp-fingerprint-value.html
index 199ee3e1..736f3421 100644
--- a/proposed/0077-increase-max-length-of-identity-pgp-fingerprint-value.html
+++ b/proposed/0077-increase-max-length-of-identity-pgp-fingerprint-value.html
@@ -90,7 +90,7 @@
diff --git a/proposed/0088-broker-pallet-slashable-deposit-purchaser-reputation-reserved-cores.html b/proposed/0088-broker-pallet-slashable-deposit-purchaser-reputation-reserved-cores.html
index e4ff9047..1a41f249 100644
--- a/proposed/0088-broker-pallet-slashable-deposit-purchaser-reputation-reserved-cores.html
+++ b/proposed/0088-broker-pallet-slashable-deposit-purchaser-reputation-reserved-cores.html
@@ -90,7 +90,7 @@
diff --git a/proposed/0089-flexible-inflation.html b/proposed/0089-flexible-inflation.html
index 6734cfb4..f2d8fc00 100644
--- a/proposed/0089-flexible-inflation.html
+++ b/proposed/0089-flexible-inflation.html
@@ -90,7 +90,7 @@
diff --git a/proposed/00xx-secondary-marketplace-for-regions.html b/proposed/00xx-secondary-marketplace-for-regions.html
index a4827cfa..1712572a 100644
--- a/proposed/00xx-secondary-marketplace-for-regions.html
+++ b/proposed/00xx-secondary-marketplace-for-regions.html
@@ -90,7 +90,7 @@
diff --git a/proposed/00xx-smart-contracts-coretime-chain.html b/proposed/00xx-smart-contracts-coretime-chain.html
index e22b9951..2f97275d 100644
--- a/proposed/00xx-smart-contracts-coretime-chain.html
+++ b/proposed/00xx-smart-contracts-coretime-chain.html
@@ -90,7 +90,7 @@
@@ -325,7 +325,7 @@