-
Notifications
You must be signed in to change notification settings - Fork 209
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: auctioneer detects failing priceAuthority; requests new one #8691
Conversation
7a1784b
to
9583b28
Compare
I added a commit ("If the quoteNotifier throws, don't restart immediately") that doesn't restart immediately in the failure case, based on a test that failed with an infinite restart loop when the ATOM-USD_price_feed vat was restarted, but scaledPriceAuthority-ATOM remained alive. Please give me an opinion on whether this code is worth including. With this fix in, the change to |
c00dbe2
to
d940a99
Compare
fail: _reason => { | ||
trace('fail', _reason); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no strong opinion here, but the value is used.
fail: _reason => { | |
trace('fail', _reason); | |
fail: reason => { | |
trace('fail', reason); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I improved the Trace message, and renamed it to reason
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same issue with _done
}, | ||
finish: _done => { | ||
trace('finish', _done); | ||
facets.helper.observeQuoteNotifier(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
facets.helper.observeQuoteNotifier(); | |
// start a fresh observer | |
facets.helper.observeQuoteNotifier(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I copied the version from fail()
. In testing, I noticed that if it's really broken, resetting the notifier immediately makes an infinite loop. Setting the quote to empty OTOH, makes a much slower infinite loop. (It only retries at the auction frequency, which means other auctions can continue.)
@@ -58,15 +58,15 @@ const test = anyTest; | |||
|
|||
const trace = makeTracer('Test AuctContract', false); | |||
|
|||
const defaultParams = { | |||
const defaultParams = harden({ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
I don't have a strong position either way. I first look to the runtime impact, I don't know the cost of restarting the observer unnecessarily. My next consideration is code complexity (interpretability and maintenance). The creates an extra state to have to understand and more room for bugs, but it also improves encapsulation by not requiring changes in restart-vats. But… what happens if a quote is requested and the price is zero? Could that cause new failures downstream? If it's any risk I say leave it out. |
@@ -630,6 +679,12 @@ export const prepareAuctionBook = (baggage, zcf, makeRecorderKit) => { | |||
const { facets, state } = this; | |||
|
|||
trace(`capturing oracle price `, state.updatingOracleQuote); | |||
if (AmountMath.isEmpty(state.updatingOracleQuote.numerator)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
checking for empty seemed a little magic to me and I had to keep track of the Ratio getting out as an actual quote.
I thought a null value would be more clear. To test it out I made the changes locally. They passed and since I know this PR is somewhat urgent I pushed the change. I'm approving with the change. If I missed something and it's a bad idea, please re-request review and help me understand.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks.
@Chris-Hibbert now that there are no zero ratios, I think your e3b0e6b is low risk and worthwhile for the encapsulation |
@Chris-Hibbert - This PR appears to be stuck. It's had a merge label for > 24 hours |
If the quoteNotifier is broken, set updatingOracleQuote to null. If updatingOracleQuote is null when attempting to capture the oracle price, restart observeQuoteNotifier Vaults detects failing priceAuthority and requests new one (#8696)
4a6d7f4
to
b08d1de
Compare
@@ -452,7 +452,15 @@ export const prepareVaultManagerKit = ( | |||
ephemera.storedCollateralQuote = value; | |||
}, | |||
onRejected() { | |||
facets.helper.observeQuoteNotifier(); | |||
// XXX drastic action, if the quoteNotifier fails, we don't know |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
great comment overall.
XXX
marks tech debt. Do you have ideas for improving this? If not, it seems more like a NOTE
or NB
(https://en.wikipedia.org/wiki/Nota_bene)
also, small typo: ingorance.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed.
7f6aec5
to
bb8ce8c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Logic looks good. One type annotation request before approving
// notifier immediately, we'll trigger an infinite loop, so try | ||
// to restart each time we get a request. | ||
|
||
// @ts-expect-error reset value |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should be put into the typedef instead of suppressed.
line 205:
* storedCollateralQuote: PriceQuote | null;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
…oric#8691) * feat: auctioneer/vaults detect failing priceAuthority & request new If the quoteNotifier is broken, set updatingOracleQuote to null. If updatingOracleQuote is null when attempting to capture the oracle price, restart observeQuoteNotifier Vaults detects failing priceAuthority and requests new one (Agoric#8696) * feat: make vaultManager robust against failing priceAuthority * chore: fix types, drop expect-error --------- Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
refs: #8675
Description
When
observeNotifier()
on thequoteNotifier
detects an error, request a new notifier and restart the observer.Security Considerations
robustness for the chain.
Scaling Considerations
Not a scaling issue.
Documentation Considerations
No user docs required.
Testing Considerations
Added a test that the auctioneer switches when the manual authority throws an error.
Upgrade Considerations
The priceAuthority is holding onto cyclic data structures involving exitObjects. In order to force GC of those objects, we plan to fix the problem in Zoe and then abandon the old priceAuthorities. This fix allows the Auctions to survive when the old priceAuthority is killed.