Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: auctioneer detects failing priceAuthority; requests new one #8691

Merged
merged 4 commits into from
Jan 9, 2024

Conversation

Chris-Hibbert
Copy link
Contributor

refs: #8675

Description

When observeNotifier() on the quoteNotifier detects an error, request a new notifier and restart the observer.

Security Considerations

robustness for the chain.

Scaling Considerations

Not a scaling issue.

Documentation Considerations

No user docs required.

Testing Considerations

Added a test that the auctioneer switches when the manual authority throws an error.

Upgrade Considerations

The priceAuthority is holding onto cyclic data structures involving exitObjects. In order to force GC of those objects, we plan to fix the problem in Zoe and then abandon the old priceAuthorities. This fix allows the Auctions to survive when the old priceAuthority is killed.

@Chris-Hibbert Chris-Hibbert added performance Performance related issues resource-exhaustion Threats to availability from resource exhaustion attacks oracle Related to on-chain oracles. auction labels Dec 22, 2023
@Chris-Hibbert Chris-Hibbert self-assigned this Dec 22, 2023
@Chris-Hibbert
Copy link
Contributor Author

I added a commit ("If the quoteNotifier throws, don't restart immediately") that doesn't restart immediately in the failure case, based on a test that failed with an infinite restart loop when the ATOM-USD_price_feed vat was restarted, but scaledPriceAuthority-ATOM remained alive. Please give me an opinion on whether this code is worth including.

With this fix in, the change to restart-vats.js isn't necessary.

@Chris-Hibbert Chris-Hibbert force-pushed the 8675-auction-newPA branch 2 times, most recently from c00dbe2 to d940a99 Compare December 26, 2023 21:31
packages/inter-protocol/src/auction/auctionBook.js Outdated Show resolved Hide resolved
packages/inter-protocol/src/auction/auctionBook.js Outdated Show resolved Hide resolved
Comment on lines 495 to 496
fail: _reason => {
trace('fail', _reason);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no strong opinion here, but the value is used.

Suggested change
fail: _reason => {
trace('fail', _reason);
fail: reason => {
trace('fail', reason);

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I improved the Trace message, and renamed it to reason

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same issue with _done

},
finish: _done => {
trace('finish', _done);
facets.helper.observeQuoteNotifier();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
facets.helper.observeQuoteNotifier();
// start a fresh observer
facets.helper.observeQuoteNotifier();

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I copied the version from fail(). In testing, I noticed that if it's really broken, resetting the notifier immediately makes an infinite loop. Setting the quote to empty OTOH, makes a much slower infinite loop. (It only retries at the auction frequency, which means other auctions can continue.)

packages/inter-protocol/src/auction/auctionBook.js Outdated Show resolved Hide resolved
@@ -58,15 +58,15 @@ const test = anyTest;

const trace = makeTracer('Test AuctContract', false);

const defaultParams = {
const defaultParams = harden({
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@turadg
Copy link
Member

turadg commented Jan 4, 2024

Please give me an opinion on whether this code is worth including

I don't have a strong position either way. I first look to the runtime impact, I don't know the cost of restarting the observer unnecessarily. My next consideration is code complexity (interpretability and maintenance). The creates an extra state to have to understand and more room for bugs, but it also improves encapsulation by not requiring changes in restart-vats.

But… what happens if a quote is requested and the price is zero? Could that cause new failures downstream?

If it's any risk I say leave it out.

@@ -630,6 +679,12 @@ export const prepareAuctionBook = (baggage, zcf, makeRecorderKit) => {
const { facets, state } = this;

trace(`capturing oracle price `, state.updatingOracleQuote);
if (AmountMath.isEmpty(state.updatingOracleQuote.numerator)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

checking for empty seemed a little magic to me and I had to keep track of the Ratio getting out as an actual quote.

I thought a null value would be more clear. To test it out I made the changes locally. They passed and since I know this PR is somewhat urgent I pushed the change. I'm approving with the change. If I missed something and it's a bad idea, please re-request review and help me understand.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks.

@Chris-Hibbert Chris-Hibbert added the automerge:squash Automatically squash merge label Jan 6, 2024
@turadg
Copy link
Member

turadg commented Jan 6, 2024

@Chris-Hibbert now that there are no zero ratios, I think your e3b0e6b is low risk and worthwhile for the encapsulation

Copy link

github-actions bot commented Jan 7, 2024

@Chris-Hibbert - This PR appears to be stuck. It's had a merge label for > 24 hours

If the quoteNotifier is broken, set updatingOracleQuote to null. If
updatingOracleQuote is null when attempting to capture the oracle
price, restart observeQuoteNotifier

Vaults detects failing priceAuthority and requests new one (#8696)
@Chris-Hibbert Chris-Hibbert removed the automerge:squash Automatically squash merge label Jan 8, 2024
@Chris-Hibbert
Copy link
Contributor Author

@turadg Since #8697 was merged here, the change to restart-vats, (since reverted) showed that vaultManager wasn't as robust as auctions to a priceAuthority failing. I've made it more robust, but this isn't a trivial change, so I'm removing the automerge label and re-requesting review.

@@ -452,7 +452,15 @@ export const prepareVaultManagerKit = (
ephemera.storedCollateralQuote = value;
},
onRejected() {
facets.helper.observeQuoteNotifier();
// XXX drastic action, if the quoteNotifier fails, we don't know
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great comment overall.

XXX marks tech debt. Do you have ideas for improving this? If not, it seems more like a NOTE or NB (https://en.wikipedia.org/wiki/Nota_bene)

also, small typo: ingorance.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed.

Copy link
Member

@turadg turadg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Logic looks good. One type annotation request before approving

// notifier immediately, we'll trigger an infinite loop, so try
// to restart each time we get a request.

// @ts-expect-error reset value
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should be put into the typedef instead of suppressed.
line 205:

 *   storedCollateralQuote: PriceQuote | null;

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@Chris-Hibbert Chris-Hibbert added the automerge:squash Automatically squash merge label Jan 9, 2024
@mergify mergify bot merged commit 8604b01 into master Jan 9, 2024
66 checks passed
@mergify mergify bot deleted the 8675-auction-newPA branch January 9, 2024 23:13
@Chris-Hibbert Chris-Hibbert mentioned this pull request Feb 7, 2024
14 tasks
anilhelvaci pushed a commit to Jorge-Lopes/agoric-sdk that referenced this pull request Feb 16, 2024
…oric#8691)

* feat: auctioneer/vaults detect failing priceAuthority & request new

If the quoteNotifier is broken, set updatingOracleQuote to null. If
updatingOracleQuote is null when attempting to capture the oracle
price, restart observeQuoteNotifier

Vaults detects failing priceAuthority and requests new one (Agoric#8696)

* feat: make vaultManager robust against failing priceAuthority

* chore: fix types, drop expect-error

---------

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auction automerge:squash Automatically squash merge oracle Related to on-chain oracles. performance Performance related issues resource-exhaustion Threats to availability from resource exhaustion attacks
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants