Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No repay debt requirement for DeclareFaultsRecovered #20

Merged
merged 5 commits into from
Oct 29, 2020
Merged

No repay debt requirement for DeclareFaultsRecovered #20

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c755d05
Create fip-000x.md
irenegia Oct 23, 2020
9e4360e
Adding a discussion issue
momack2 Oct 27, 2020
b4d769e
Apply suggestions from @momack2 and @anorth
irenegia Oct 27, 2020
63e596d
clarify option for future FIP about PT inflation
irenegia Oct 28, 2020
32dfc82
Update and rename fip-000x.md to fip-0006.md
momack2 Oct 29, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 60 additions & 0 deletions FIPS/fip-000x.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
---
fip: <to be assigned>
title: No repay debt requirement for DeclareFaultsRecovered
author: Nicola (@nicola), Irene (@irenegia)
discussions-to: <URL>
status: Draft
type: Technical
created: 2020-10-23
---


## Simple Summary
Remove the requirement to repay debt from DeclareFaultsRecovered.

## Abstract
Filecoin miners are subject to pay storage fault and consensus fault fees. These are paid using locked funds (ie, unvested block rewards) and then the miner’s available balance. If these two are not enough to cover the total fee amount, the remaining part to pay is recorded in a variable (FeeDebt) in the miner’s state and the miner is declared “in fee debt”.
For a miner in debt, the call to the methods PreCommit, DeclareFaultsRecovered and WithdrawBalance fails. Moreover this miner can not mine blocks.
The fact that a miner in debt can not recover faults creates an undesired loop situation, in which a miner with faulted partitions can not recover, keep increasing its debt (note that continued faults cause more fees), eventually leading to sector termination if the miner does not repay their debt after 14 days. This is especially bad for small miners with little balance. To avoid this we propose to allow recovery of faults for miners in debt.

## Problem Motivation
In the current protocol, recovering faults is not allowed if a miner is in debt (ie, the call to the method “DeclareFaultsRecovered” fails when feeDebts > 0). This can create the following problem:
A miner misses the windowPoSt deadline for some partition for 2 days;
This causes paying storage fault fee and the miner could go in debt;
If it does, the miner can not recover the faulted partitions without obtaining the funds to pay back the debt first and the debt will continue to increase.


## Specification
Remove the call to RepayDebtOrAbort in the method “DeclareFaultsRecovered”;
In other words, no check about the FeeDebt variable is required in the method “DeclareFaultsRecovered”.
Diff from current version: remove the following line of code in the miner actor
https://github.com/filecoin-project/specs-actors/blob/master/actors/builtin/miner/miner_actor.go#L1322.


## Design Rationale
The main motivation for this change is introducing the minimal change that allows miners in debt to recover storage faults in order to stop paying for penalties.

## Backwards Compatibility
This change requires a actor upgrade.
irenegia marked this conversation as resolved.
Show resolved Hide resolved

## Test Cases
N/A

## Implementation
Remove the following line of code in the miner actor
https://github.com/filecoin-project/specs-actors/blob/master/actors/builtin/miner/miner_actor.go#L1322.


## Security Considerations
After this change, a miner in fee debt continues to not be able to produce block and withdraw tokens from its available balance, so the possible actions and strategies for malicious miners are the same as in the current version of the protocol. In particular, a miner that does not recover from debt (ie, a miner that does not pay its fees) can make profit from the power registered in the power table because it is not eligible to mine blocks.
irenegia marked this conversation as resolved.
Show resolved Hide resolved
Miners that recover their faults are still not eligible until they recover from fee debt, this means that their power will still count towards the total power, and the average WinCount is reduced. Although this is not a new problem, this change could worsen the potential power inflation. We do not believe this is a risk for the protocol and this problem should be addressed separately with a new FIP (e.g. allowing miners in debt to miner or remove the power from the power table).
momack2 marked this conversation as resolved.
Show resolved Hide resolved

## Incentive Considerations
After this change, a miner in fee debt continues to be incentivized to repay its debt asap since otherwise it can not win block reward. It allows miners to stop paying for fault penalties if they can recover their sectors early without having the urgent need to acquire tokens or incur more penalties.

## Product Considerations
In the event of a miner going into debt but being able to recover quickly, debt does not increase based on the miner's ability to repay their debt quickly but only depends on storage maintenance. This FIP maintains a strong incentive to recover from faults (no storage growth or block rewards) but also avoid putting miners in a situation where their debt keeps increasing due to their inability to access liquidity in a timely fashion.


## Copyright
Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/).