It is unfortunate that something like CIP-29 is just part of this batch. All other stuff is just additions, however CIP-29 makes significant changes to incentive system.
In ideal world, CIP-29 would have instead parametrized the “grace period” variable and a separate Governance proposal would be requried to actually change the period from 12 blocks to 120 blocks.
There are legitimate reasons to oppose extending the downtime period. While from network general availability perspective it doesn’t matter if 1 node is down for 10 minutes, if nodes are flaky too often, it can lead to block times increasing from 5 seconds to 10 seconds at a higher frequency, that can have some meaningful consequences for use cases that depend on timing. (i.e. use cases like trading and arbitrage, and certain UX/UI use cases too).
But now that CIP-29 is just part of this one big batch, we have no option to actually discuss the change in isolation.
In the call, the community was asked about moving CIP-29 to last call and there was rough consensus to do that. Then, the was a 2 week period for everyone to review the proposal and raise any objections before it went to Accepted state.
I disagree that you have no option to discuss the change, Core Contracts Release 3 is part of the Governance Call happening this Thursday were folks can openly discuss items like CIP-29.
If the issue is implementation of the spec as part of Core Contracts Release 3 vs submitting it as a separate CGP on-chain for voting, I think that’s a valid point worth discussing. If the issue is in the specifications behind CIP-29 itself and its potential impact on the network, then I’m very curious why those concerns weren’t raised before? If it has a serious impact on the network, I welcome you to discuss it in the Governance call.
There is a precedent in the CIP Process to move a specification back to Draft Status from Accepted Status as outlined here if there is a serious flaw and core devs agree that it can be corrected and stuff. So, if you feel the consequence has an impact on the network, we can also schedule a future All-Core Dev Call to dive deep into the ramifications of such a change.
Discussion is different from official voting though. The point i am raising is that, there is difference between adding functionality to the blockchain/smart contracts, vs changing parameters of the network.
Imo, core contracts upgrades should be about code changes and functionality, and not about parameter changes.
An example would be if ExchangeEUR/StableTokenEUR contract additions also came with changes to the exchange spread. That would batch two different types of change (i.e. code/functionality change and a parameter change) and wouldn’t be ideal from either discussion or voting perspective.
Thank you for engaging in this core contracts release process @thezviad! Love seeing folks involved. I’d like to address both parts of your feedback.
There wasn’t enough time / opportunity to opine on this proposal
@Yaz already responded, but I would also like to point out that CIP-29 was published on December 3rd and has already been submitted for an audit after going through the entire CIP process.
Network performance may suffer if the grace window is extended
I believe this was thoroughly addressed in the proposal and would love to hear which parts of our reasoning you disagree with. One bit that I will call out here though (excerpted)
“Our proposal to slightly extend this window to 10 minutes will strengthen Celo while still incentivizing the most stringent uptime requirements among layer 1 protocols.”
Other layer 1 protocols are not suffering from validator downtime despite being several orders of magnitude more lenient. Why do you think Celo performance will degrade?
Parameter changes should happen through governance
As our proposal outlines, we are not changing a network parameter, we are adding a new one. I suppose it is possible for all parameters to be added first and then voted on to set them, but that would very quickly cause voter fatigue as it would be a colossal amount of voting. It is standard practice to set a parameter value when adding a new parameter, which can then be changed via governance.
#2: submit a governance proposal to set GracePeriod to 0.625% after contracts upgrade.
Step #1 would be just a code change. So it would just have to go through code review, code audit and just get deployed as part of standard contract upgrade process. It would just add functionality without changing anything.
Step #2 would be something that actually requires voting and would be voted on independently.
The way it was done, it will require code change once again if we ever want to change this parameter, and it will once again have to be changed without any explicit voting for choosing the threshold.
As for its effect, I did misread this originally and I thought it was extending lookback window from 1 minute to 10 minutes which could be more problematic. But now i understand that it just changes the scoring to have a grace period of total of 10 minutes in an epoch overall, which is certainly less of an issue.
We just received the audit report for release 3 back from OpenZeppelin and they flagged the same low severity issue. Unfortunately the report is currently private, but below is the relevant excerpt:
The grace_period variable of the calculateEpochScore function in the Validators contract is hardcoded and it’s not possible to set it again to another value once the contract is deployed.
To improve flexibility and efficiency of the code base, consider implementing it in such a way that the governance can change its value without re-deploying the contract again.
I recommend we use the audit response as an opportunity to make this parameter governable.