This document discusses an implementation of an IE contract and some design challenges.
Pull vs Push payments is simply a tradeoff between contract security and costs vs user experience. It seems like pull vs push payments will ultimately be a IE design chose by the implementer since there are use cases where using one or the other seems a much better design choice.
Push Payments | Pull Payments | |
---|---|---|
Cost | Gas costs of sending FIL to thousands of users is not trivial. Costs will add up and ultimately there has to be a portion of earnings reduced to gas costs. Even then, there might be participants earnings less FIL than the cost of gas required to send that FIL to them (this is already a scenario happening with Saturn) so operating the IE can come at a loss. | No gas costs from the IE side. The gas costs now fall to the user. |
Security | When you send FIL to an address, that address can be a contract. That contract can have a fallback function when it receives FIL. A fallback function is a function that is automatically triggered when some event occurs, such as receiving FIL. This fallback function can be customized in a smart contract and it can be customized to something malicious. For example, it can be customized to consume tons of gas or to revert the transaction. This will effectively lock the whole transaction and blocking users from receiving earnings. There are some solutions to this, such as ignoring failed transfers using send instead of transfer . There can also be a function that removes failed transfer participants from the IE and return their earnings to the IE. Still, this introduces a security risk that has to be dealt with very carefully. |
Pull payments are much more secure. The responsibility of claiming falls to the user and that transaction is isolated. Users cannot simply block each other from claiming. |
Scale | There are limits to transfers and that means we have to batch transfers. Batching costs more money and a lot more time. There might be some clever ways to compress and optimize transactions, but it doesn’t fully resolve the issue. IPC can perform huge carries here. | Pull payments also have to be batch deployed. Batching costs more money and a lot more time. There might be some clever ways to compress and optimize transactions, but it doesn’t fully resolve the issue. IPC can perform huge carries here. |
IE Compatibility | This makes it easy to chain multiple IE’s together | This makes it rather difficult to chain multiple IE’s together. There could be fallback functions from each IE though, but that adds extra design complexity. |
UX | Less work for operators and also cost. Might impact folks who want control over their earnings due some reasons (e.g tax) | This adds considerable work for the end user. The user has to have initial funds in their wallet to submit a transaction. |
Incentives | This creates a non-ideal incentive for participants. Some participants might earn less than costs in gas to send them their earnings. This works excellently at scale for multinoders. | Creates better incentives as nodes have to pay to claim earnings. This dis-incentivizes multinoding and to focus work on one single node. |
Legal | TODO | TODO |
Scale is a hard hitting problem in almost every aspect of IE design.
We have to carefully evaluate which problems IPC subnets can solve for us scale wise.
Here are a list of scale issues to consider:
Our current design leverages one IE smart contract that orchestrates operation of an IE and keeps track of measurements, rounds, etc. Here are the issues with this: