| CIP No. | Title | Author | Status | Type | Created | Replaced CIPs |
|---|---|---|---|---|---|---|
12 |
Allow Non-Existent Sponsor for Collateral |
Chenxing Li(@Chenxing Li) |
Final |
Spec Breaking |
2020-07-27 |
2 |
We allow a contract with non-zero storage collateral to be destructed. When refunding storage collateral to a dead contract, the refunded tokens will be burnt.
Currently, we forbid the destruction of contracts with non-zero storage collateral. This proposal plans to stop checking storage collateral during contract destruction. If a contract has the same address as a contract destructed previously, it may receive the refunded collateral for the killed contract. So each time a contract receives a collateral refunding, no matter who paid this collateral, the part that exceeds the current storage collateral will be refunded to sponsor balance for collateral and the rest will be burnt.
Currently, we forbid the destruction of contracts with non-zero storage collateral to guarantee the dead contract is not the owner of any storage entry. However, some corner cases break this guarantee. Suppose the sender calls contract A and contract A sponsors the collateral for this transaction. If contract A calls itself and self-destructs, the outside executive can still execute as usual and occupy additional storage entries.
In order to handle this problem, CIP-2 proposed to forbid storage owner to be destructed in a sub-call. This proposal provides a more straightforward solution.
In the SELFDESTRUCT(0xff) operation or the internal contract function destroy(), we no longer check whether contract.storage_collateral > 0.
Each time we're refunding storage collateral to a contract, let v = min(refunding_collateral, contract.storage_collateral). The contract can only receive v refunding collateral and the rest will be burnt. Formally
contract.storage_collateral -= v
contract.sponsor_balance_for_collateral += v
The global statistic values are updated as follows
total_storage_tokens -= refunding_collateral
total_issued_tokens -= refunding_collateral - v
The total_storage_tokens and the total_issued_tokens are updated at the time point of refunding collateral rather than killing contract. Because the storage entries owned by the killed contract should continue to generate collateral interest until they are released.
This CIP changes the behavior of contract execution and further influences the world-state maintenance. So it is not backwards compatible. It will be activated in the next phase of mainnet.
TBA.
TBA.
The sponsor of a contract may fail to retrieve its collaterals. This proposal brings no other security issues.
Copyright and related rights waived via CC0.