This document discusses an implementation of an IE contract and some design challenges.

IE Contract Spec

Important Design Challenges

Pull vs Push Payments

Pull vs Push payments is simply a tradeoff between contract security and costs vs user experience. It seems like pull vs push payments will ultimately be a IE design chose by the implementer since there are use cases where using one or the other seems a much better design choice.

	Push Payments	Pull Payments
Cost	Gas costs of sending FIL to thousands of users is not trivial. Costs will add up and ultimately there has to be a portion of earnings reduced to gas costs. Even then, there might be participants earnings less FIL than the cost of gas required to send that FIL to them (this is already a scenario happening with Saturn) so operating the IE can come at a loss.	No gas costs from the IE side. The gas costs now fall to the user.
Security	When you send FIL to an address, that address can be a contract. That contract can have a fallback function when it receives FIL. A fallback function is a function that is automatically triggered when some event occurs, such as receiving FIL. This fallback function can be customized in a smart contract and it can be customized to something malicious. For example, it can be customized to consume tons of gas or to revert the transaction. This will effectively lock the whole transaction and blocking users from receiving earnings. There are some solutions to this, such as ignoring failed transfers using send instead of transfer . There can also be a function that removes failed transfer participants from the IE and return their earnings to the IE. Still, this introduces a security risk that has to be dealt with very carefully.	Pull payments are much more secure. The responsibility of claiming falls to the user and that transaction is isolated. Users cannot simply block each other from claiming.
Scale	There are limits to transfers and that means we have to batch transfers. Batching costs more money and a lot more time. There might be some clever ways to compress and optimize transactions, but it doesn’t fully resolve the issue. IPC can perform huge carries here.	Pull payments also have to be batch deployed. Batching costs more money and a lot more time. There might be some clever ways to compress and optimize transactions, but it doesn’t fully resolve the issue. IPC can perform huge carries here.
IE Compatibility	This makes it easy to chain multiple IE’s together	This makes it rather difficult to chain multiple IE’s together. There could be fallback functions from each IE though, but that adds extra design complexity.
UX	Less work for operators and also cost. Might impact folks who want control over their earnings due some reasons (e.g tax)	This adds considerable work for the end user. The user has to have initial funds in their wallet to submit a transaction.
Incentives	This creates a non-ideal incentive for participants. Some participants might earn less than costs in gas to send them their earnings. This works excellently at scale for multinoders.	Creates better incentives as nodes have to pay to claim earnings. This dis-incentivizes multinoding and to focus work on one single node.
Legal	TODO	TODO

Scale

Scale is a hard hitting problem in almost every aspect of IE design.

We have to carefully evaluate which problems IPC subnets can solve for us scale wise.

Here are a list of scale issues to consider:

Gas Cost: As number of participants increase, gas costs increase. A suggestion is that participants can only scale if rewards scale as well to ensure gas costs are manageable. That is assuming of course that gas costs increase linearly.
Smart Contract limits:
- Message Size: FVM has a limit on message size, and therefore deployments have to be batched. Batching adds design complexity, increases time, and cost of operating IE rounds.
- Gas Limits: Transactions on FVM have gas limits, and therefore internally within contracts we cannot have unbounded behaviour, otherwise we risk a transaction going over the gas limit.
- Storage / Memory Limits: Storage on contracts costs gas. The use of storage should be limited and heavily optimized.
Deployment Time: Submitting things to the blockchain is morbidly slow, and as the network grows, we have to make more submissions and hence it takes a lot more time to conclude a deployment.

Future Optimizations

IE Factorization

Our current design leverages one IE smart contract that orchestrates operation of an IE and keeps track of measurements, rounds, etc. Here are the issues with this: