From 6a912b1a65b806904e8ba78aed3451afbfc24f6a Mon Sep 17 00:00:00 2001 From: "paritytech-rfc-bot[bot]" Date: Mon, 1 Dec 2025 00:13:02 +0000 Subject: [PATCH] deploy: 072e255c1a97319aeb417635cada3ca9d1e170f9 --- 404.html | 2 +- approved/0001-agile-coretime.html | 2 +- approved/0005-coretime-interface.html | 2 +- approved/0007-system-collator-selection.html | 2 +- approved/0008-parachain-bootnodes-dht.html | 2 +- ...09-improved-net-light-client-requests.html | 2 +- approved/0010-burn-coretime-revenue.html | 2 +- ...12-process-for-adding-new-collectives.html | 2 +- ...uilder-and-core-runtime-apis-for-mbms.html | 2 +- ...rove-locking-mechanism-for-parachains.html | 2 +- approved/0017-coretime-market-redesign.html | 2 +- approved/0022-adopt-encointer-runtime.html | 2 +- approved/0026-sassafras-consensus.html | 2 +- approved/0032-minimal-relay.html | 2 +- approved/0042-extrinsics-state-version.html | 2 +- .../0043-storage-proof-size-hostfunction.html | 2 +- approved/0045-nft-deposits-asset-hub.html | 2 +- ...047-assignment-of-availability-chunks.html | 2 +- approved/0048-session-keys-runtime-api.html | 2 +- approved/0050-fellowship-salaries.html | 2 +- ...0056-one-transaction-per-notification.html | 2 +- .../0059-nodes-capabilities-discovery.html | 2 +- approved/0078-merkleized-metadata.html | 2 +- ...-general-transaction-extrinsic-format.html | 2 +- approved/0091-dht-record-creation-time.html | 2 +- approved/0097-unbonding_queue.html | 2 +- .../0099-transaction-extension-version.html | 2 +- .../0100-xcm-multi-type-asset-transfer.html | 2 +- ...-xcm-transact-remove-max-weight-param.html | 2 +- .../0103-introduce-core-index-commitment.html | 2 +- approved/0105-xcm-improved-fee-mechanism.html | 2 +- approved/0107-xcm-execution-hints.html | 2 +- approved/0108-xcm-remove-testnet-ids.html | 2 +- .../0122-alias-origin-on-asset-transfers.html | 2 +- ...storage-location-for-runtime-upgrades.html | 2 +- approved/0125-xcm-asset-metadata.html | 2 +- approved/0126-introduce-pvq.html | 2 +- approved/0135-compressed-blob-prefixes.html | 2 +- approved/0139-faster-erasure-coding.html | 2 +- approved/0146-deflationary-fee-proposal.html | 2 +- approved/0149-rfc-1-renewal-adjustment.html | 6 +- .../0150-voting-while-delegating.html | 12 +- index.html | 2 +- introduction.html | 2 +- print.html | 1172 ++++++++--------- ...45-remove-unnecessary-allocator-usage.html | 6 +- proposed/0154-multi-slot-aura.html | 6 +- proposed/0156-bls-signatures.html | 2 +- searchindex.js | 2 +- searchindex.json | 2 +- stale/0000-pre-elves_soft.html | 6 +- stale/0000-rewards.html | 2 +- ...04-remove-unnecessary-allocator-usage.html | 2 +- ...namic-pricing-for-bulk-coretime-sales.html | 2 +- ...-absolute-location-account-derivation.html | 2 +- ...ction-voting-delegation-modifications.html | 2 +- stale/0044-rent-based-registration.html | 2 +- stale/0054-remove-heap-pages.html | 2 +- stale/0070-x-track-kusamanetwork.html | 2 +- stale/0073-referedum-deposit-track.html | 2 +- stale/0074-stateful-multisig-pallet.html | 2 +- ...gth-of-identity-pgp-fingerprint-value.html | 2 +- ...t-purchaser-reputation-reserved-cores.html | 2 +- ...0xx-secondary-marketplace-for-regions.html | 2 +- .../00xx-smart-contracts-coretime-chain.html | 2 +- ...2-offchain-parachain-runtime-upgrades.html | 2 +- stale/0106-xcm-remove-fees-mode.html | 2 +- stale/0111-pure-proxy-replication.html | 2 +- ...-state-response-message-in-state-sync.html | 2 +- stale/0114-secp256r1-hostfunction.html | 2 +- stale/0117-unbrick-collective.html | 2 +- ...enda-confirmation-by-candle-mechanism.html | 2 +- stale/0124-extrinsic-version-5.html | 2 +- .../0138-invulnerable-collator-election.html | 2 +- ...eference-coretime-market-for-polkadot.html | 2 +- stale/0155-pUSD.html | 2 +- ...ust Tipper Track Confirmation Periods.html | 2 +- stale/TODO-stale-nomination-reward-curve.html | 2 +- ...e-the-security-of-proof-of-possession.html | 2 +- 79 files changed, 677 insertions(+), 677 deletions(-) rename {proposed => approved}/0150-voting-while-delegating.html (79%) diff --git a/404.html b/404.html index 4b0b5a2..153b044 100644 --- a/404.html +++ b/404.html @@ -91,7 +91,7 @@ diff --git a/approved/0001-agile-coretime.html b/approved/0001-agile-coretime.html index 548b40a..560f920 100644 --- a/approved/0001-agile-coretime.html +++ b/approved/0001-agile-coretime.html @@ -90,7 +90,7 @@ diff --git a/approved/0005-coretime-interface.html b/approved/0005-coretime-interface.html index c69f7f3..340be92 100644 --- a/approved/0005-coretime-interface.html +++ b/approved/0005-coretime-interface.html @@ -90,7 +90,7 @@ diff --git a/approved/0007-system-collator-selection.html b/approved/0007-system-collator-selection.html index 25f5f4f..fa55b7d 100644 --- a/approved/0007-system-collator-selection.html +++ b/approved/0007-system-collator-selection.html @@ -90,7 +90,7 @@ diff --git a/approved/0008-parachain-bootnodes-dht.html b/approved/0008-parachain-bootnodes-dht.html index 795b49a..8f23f32 100644 --- a/approved/0008-parachain-bootnodes-dht.html +++ b/approved/0008-parachain-bootnodes-dht.html @@ -90,7 +90,7 @@ diff --git a/approved/0009-improved-net-light-client-requests.html b/approved/0009-improved-net-light-client-requests.html index 9a2230e..3a0acf9 100644 --- a/approved/0009-improved-net-light-client-requests.html +++ b/approved/0009-improved-net-light-client-requests.html @@ -90,7 +90,7 @@ diff --git a/approved/0010-burn-coretime-revenue.html b/approved/0010-burn-coretime-revenue.html index b37c21c..e698760 100644 --- a/approved/0010-burn-coretime-revenue.html +++ b/approved/0010-burn-coretime-revenue.html @@ -90,7 +90,7 @@ diff --git a/approved/0012-process-for-adding-new-collectives.html b/approved/0012-process-for-adding-new-collectives.html index ca15231..ad4aaa6 100644 --- a/approved/0012-process-for-adding-new-collectives.html +++ b/approved/0012-process-for-adding-new-collectives.html @@ -90,7 +90,7 @@ diff --git a/approved/0013-prepare-blockbuilder-and-core-runtime-apis-for-mbms.html b/approved/0013-prepare-blockbuilder-and-core-runtime-apis-for-mbms.html index da9c5b6..2a00c62 100644 --- a/approved/0013-prepare-blockbuilder-and-core-runtime-apis-for-mbms.html +++ b/approved/0013-prepare-blockbuilder-and-core-runtime-apis-for-mbms.html @@ -90,7 +90,7 @@ diff --git a/approved/0014-improve-locking-mechanism-for-parachains.html b/approved/0014-improve-locking-mechanism-for-parachains.html index f951f68..157fe80 100644 --- a/approved/0014-improve-locking-mechanism-for-parachains.html +++ b/approved/0014-improve-locking-mechanism-for-parachains.html @@ -90,7 +90,7 @@ diff --git a/approved/0017-coretime-market-redesign.html b/approved/0017-coretime-market-redesign.html index be850da..763d6bc 100644 --- a/approved/0017-coretime-market-redesign.html +++ b/approved/0017-coretime-market-redesign.html @@ -90,7 +90,7 @@ diff --git a/approved/0022-adopt-encointer-runtime.html b/approved/0022-adopt-encointer-runtime.html index 435c3b1..79231a9 100644 --- a/approved/0022-adopt-encointer-runtime.html +++ b/approved/0022-adopt-encointer-runtime.html @@ -90,7 +90,7 @@ diff --git a/approved/0026-sassafras-consensus.html b/approved/0026-sassafras-consensus.html index 6a8002d..2eb72ba 100644 --- a/approved/0026-sassafras-consensus.html +++ b/approved/0026-sassafras-consensus.html @@ -90,7 +90,7 @@ diff --git a/approved/0032-minimal-relay.html b/approved/0032-minimal-relay.html index f989f1d..f60079b 100644 --- a/approved/0032-minimal-relay.html +++ b/approved/0032-minimal-relay.html @@ -90,7 +90,7 @@ diff --git a/approved/0042-extrinsics-state-version.html b/approved/0042-extrinsics-state-version.html index 51adc3e..7c6899c 100644 --- a/approved/0042-extrinsics-state-version.html +++ b/approved/0042-extrinsics-state-version.html @@ -90,7 +90,7 @@ diff --git a/approved/0043-storage-proof-size-hostfunction.html b/approved/0043-storage-proof-size-hostfunction.html index 466210b..d87b2ed 100644 --- a/approved/0043-storage-proof-size-hostfunction.html +++ b/approved/0043-storage-proof-size-hostfunction.html @@ -90,7 +90,7 @@ diff --git a/approved/0045-nft-deposits-asset-hub.html b/approved/0045-nft-deposits-asset-hub.html index 2961e6c..455147d 100644 --- a/approved/0045-nft-deposits-asset-hub.html +++ b/approved/0045-nft-deposits-asset-hub.html @@ -90,7 +90,7 @@ diff --git a/approved/0047-assignment-of-availability-chunks.html b/approved/0047-assignment-of-availability-chunks.html index e446784..d68d712 100644 --- a/approved/0047-assignment-of-availability-chunks.html +++ b/approved/0047-assignment-of-availability-chunks.html @@ -90,7 +90,7 @@ diff --git a/approved/0048-session-keys-runtime-api.html b/approved/0048-session-keys-runtime-api.html index e55f4ed..a70ce6f 100644 --- a/approved/0048-session-keys-runtime-api.html +++ b/approved/0048-session-keys-runtime-api.html @@ -90,7 +90,7 @@ diff --git a/approved/0050-fellowship-salaries.html b/approved/0050-fellowship-salaries.html index c9ea49c..43ee49e 100644 --- a/approved/0050-fellowship-salaries.html +++ b/approved/0050-fellowship-salaries.html @@ -90,7 +90,7 @@ diff --git a/approved/0056-one-transaction-per-notification.html b/approved/0056-one-transaction-per-notification.html index 1317900..4e23c14 100644 --- a/approved/0056-one-transaction-per-notification.html +++ b/approved/0056-one-transaction-per-notification.html @@ -90,7 +90,7 @@ diff --git a/approved/0059-nodes-capabilities-discovery.html b/approved/0059-nodes-capabilities-discovery.html index f68b949..92150b2 100644 --- a/approved/0059-nodes-capabilities-discovery.html +++ b/approved/0059-nodes-capabilities-discovery.html @@ -90,7 +90,7 @@ diff --git a/approved/0078-merkleized-metadata.html b/approved/0078-merkleized-metadata.html index 615061e..16f7f74 100644 --- a/approved/0078-merkleized-metadata.html +++ b/approved/0078-merkleized-metadata.html @@ -90,7 +90,7 @@ diff --git a/approved/0084-general-transaction-extrinsic-format.html b/approved/0084-general-transaction-extrinsic-format.html index 65741d4..281d3d8 100644 --- a/approved/0084-general-transaction-extrinsic-format.html +++ b/approved/0084-general-transaction-extrinsic-format.html @@ -90,7 +90,7 @@ diff --git a/approved/0091-dht-record-creation-time.html b/approved/0091-dht-record-creation-time.html index 9d0cefb..d15dcd2 100644 --- a/approved/0091-dht-record-creation-time.html +++ b/approved/0091-dht-record-creation-time.html @@ -90,7 +90,7 @@ diff --git a/approved/0097-unbonding_queue.html b/approved/0097-unbonding_queue.html index 5a09b7a..5bda87d 100644 --- a/approved/0097-unbonding_queue.html +++ b/approved/0097-unbonding_queue.html @@ -90,7 +90,7 @@ diff --git a/approved/0099-transaction-extension-version.html b/approved/0099-transaction-extension-version.html index fbecdb2..afa583d 100644 --- a/approved/0099-transaction-extension-version.html +++ b/approved/0099-transaction-extension-version.html @@ -90,7 +90,7 @@ diff --git a/approved/0100-xcm-multi-type-asset-transfer.html b/approved/0100-xcm-multi-type-asset-transfer.html index 21082c7..e9e408e 100644 --- a/approved/0100-xcm-multi-type-asset-transfer.html +++ b/approved/0100-xcm-multi-type-asset-transfer.html @@ -90,7 +90,7 @@ diff --git a/approved/0101-xcm-transact-remove-max-weight-param.html b/approved/0101-xcm-transact-remove-max-weight-param.html index 7fd1234..927c230 100644 --- a/approved/0101-xcm-transact-remove-max-weight-param.html +++ b/approved/0101-xcm-transact-remove-max-weight-param.html @@ -90,7 +90,7 @@ diff --git a/approved/0103-introduce-core-index-commitment.html b/approved/0103-introduce-core-index-commitment.html index 6ad76f9..853e9bb 100644 --- a/approved/0103-introduce-core-index-commitment.html +++ b/approved/0103-introduce-core-index-commitment.html @@ -90,7 +90,7 @@ diff --git a/approved/0105-xcm-improved-fee-mechanism.html b/approved/0105-xcm-improved-fee-mechanism.html index 103a285..f419f3f 100644 --- a/approved/0105-xcm-improved-fee-mechanism.html +++ b/approved/0105-xcm-improved-fee-mechanism.html @@ -90,7 +90,7 @@ diff --git a/approved/0107-xcm-execution-hints.html b/approved/0107-xcm-execution-hints.html index 58b6867..d2b371d 100644 --- a/approved/0107-xcm-execution-hints.html +++ b/approved/0107-xcm-execution-hints.html @@ -90,7 +90,7 @@ diff --git a/approved/0108-xcm-remove-testnet-ids.html b/approved/0108-xcm-remove-testnet-ids.html index 0a6456e..eadcf95 100644 --- a/approved/0108-xcm-remove-testnet-ids.html +++ b/approved/0108-xcm-remove-testnet-ids.html @@ -90,7 +90,7 @@ diff --git a/approved/0122-alias-origin-on-asset-transfers.html b/approved/0122-alias-origin-on-asset-transfers.html index 8bd9014..5cec9ff 100644 --- a/approved/0122-alias-origin-on-asset-transfers.html +++ b/approved/0122-alias-origin-on-asset-transfers.html @@ -90,7 +90,7 @@ diff --git a/approved/0123-pending-code-as-storage-location-for-runtime-upgrades.html b/approved/0123-pending-code-as-storage-location-for-runtime-upgrades.html index 8d5677b..3f76f1c 100644 --- a/approved/0123-pending-code-as-storage-location-for-runtime-upgrades.html +++ b/approved/0123-pending-code-as-storage-location-for-runtime-upgrades.html @@ -90,7 +90,7 @@ diff --git a/approved/0125-xcm-asset-metadata.html b/approved/0125-xcm-asset-metadata.html index 5ee4e19..5cabca6 100644 --- a/approved/0125-xcm-asset-metadata.html +++ b/approved/0125-xcm-asset-metadata.html @@ -90,7 +90,7 @@ diff --git a/approved/0126-introduce-pvq.html b/approved/0126-introduce-pvq.html index 7df4c30..f24db13 100644 --- a/approved/0126-introduce-pvq.html +++ b/approved/0126-introduce-pvq.html @@ -90,7 +90,7 @@ diff --git a/approved/0135-compressed-blob-prefixes.html b/approved/0135-compressed-blob-prefixes.html index 64880f9..3dee789 100644 --- a/approved/0135-compressed-blob-prefixes.html +++ b/approved/0135-compressed-blob-prefixes.html @@ -90,7 +90,7 @@ diff --git a/approved/0139-faster-erasure-coding.html b/approved/0139-faster-erasure-coding.html index f65bdbd..9004a87 100644 --- a/approved/0139-faster-erasure-coding.html +++ b/approved/0139-faster-erasure-coding.html @@ -90,7 +90,7 @@ diff --git a/approved/0146-deflationary-fee-proposal.html b/approved/0146-deflationary-fee-proposal.html index 1d5cdf9..c770e6f 100644 --- a/approved/0146-deflationary-fee-proposal.html +++ b/approved/0146-deflationary-fee-proposal.html @@ -90,7 +90,7 @@ diff --git a/approved/0149-rfc-1-renewal-adjustment.html b/approved/0149-rfc-1-renewal-adjustment.html index 26d2d08..e577b6b 100644 --- a/approved/0149-rfc-1-renewal-adjustment.html +++ b/approved/0149-rfc-1-renewal-adjustment.html @@ -90,7 +90,7 @@ @@ -346,7 +346,7 @@ a few cores not for sale should be enough to mitigate such a situation.

- @@ -360,7 +360,7 @@ a few cores not for sale should be enough to mitigate such a situation.

- diff --git a/proposed/0150-voting-while-delegating.html b/approved/0150-voting-while-delegating.html similarity index 79% rename from proposed/0150-voting-while-delegating.html rename to approved/0150-voting-while-delegating.html index f36210f..98d45fa 100644 --- a/proposed/0150-voting-while-delegating.html +++ b/approved/0150-voting-while-delegating.html @@ -90,7 +90,7 @@ @@ -174,7 +174,7 @@
-

(source)

+

(source)

Table of Contents

diff --git a/index.html b/index.html index a0083f4..301df4d 100644 --- a/index.html +++ b/index.html @@ -90,7 +90,7 @@ diff --git a/introduction.html b/introduction.html index a0083f4..301df4d 100644 --- a/introduction.html +++ b/introduction.html @@ -90,7 +90,7 @@ diff --git a/print.html b/print.html index 1f48d65..5c12c86 100644 --- a/print.html +++ b/print.html @@ -91,7 +91,7 @@ @@ -921,138 +921,6 @@ $$

A runtime function called through such an entrypoint gets the length of SCALE-encoded input data as its only argument. After that, the function must allocate exactly the amount of bytes it is requested, and call the ext_input_read host function to obtain the encoded input data.

If a runtime happens to import both functions that allocate on the host side and functions that allocate on the runtime side, the host must not proceed with execution of such a runtime, aborting before the execution takes place.

-

(source)

-

Table of Contents

- -

RFC-150: Allow Voting While Delegating

-
- - - -
Start DateJune 5th, 2025
DescriptionAllow voters to simultaneously delegate and vote
Authorspolka.dom (polkadotdom)
-
-

Summary

-

This RFC proposes changes to pallet-conviction-voting that allow for simultaneous voting and delegation. For example, Alice could delegate to Bob, then later vote on a referendum while keeping their delegation to Bob intact. It is a strict subset of Leemo's RFC 35.

-

Motivation

-

Backdrop

-

Under our current voting system, a voter can either vote or delegate. To vote, they must first ensure they have no delegate, and to delegate, they must first clear their current votes.

-

The Issue

-

Empirically, the vast majority of people do not vote on day to day policy. This was foreseen and is the reason governance has delegation. However, more worriedly, it has also been observed that most people do not delegate either, leaving a large percentage of our voting population unrepresented.

-

Factors Limiting Delegation

-

One could think of three major reasons for this lack of delegation.

- -

This RFC aims to solve the second and third issue and thus more accurately align governance to the true voter preferences.

-

An Aside

-

One may ask, could a voter not just undelegate, vote, then delegate again? Could this just be built into the user interface? Unfortunately, this does not work due to the need to clear their votes before redelegation. In practice the voter would undelegate, vote, wait until the referendum is closed, hope that there's no other referenda they would like to vote on, then redelegate. At best it's a temporally extended friction. At worst the voter goes unrepresented in voting for the duration of the vote clearing period.

-

Stakeholders

-

Runtime developers: If runtime developers are relying on the previous assumptions for their VotingHooks implementations, they will need to rethink their approach. In addition, a runtime migration is needed. Lastly, it is a serious change in governance that requires some consideration beyond the technical.

-

App developers: Apps like Subsquare and Polkassembly would need to update their user interface logic. They will also need to handle the new error.

-

Users: We will want users to be aware of the new functionality, though not required.

-

Technical Writers: This change will require rewrites of documentation and tutorials.

-

Explanation

-

New Data & Runtime Logic

-

The new logic allows a delegator's vote on a specific poll to override their delegation for that poll only. When a delegator votes, their delegated voting power is temporarily "clawed back" from their delegate for that single referendum. This ensures a delegator's direct vote takes precedence.

-

The core of the algorithm is as follows:

-
    -
  1. -

    Calculating a User's Voting Power: A user's total voting power on any given poll is their own balance plus the total balance delegated to them, minus the total amount retracted by any of their delegators who chose to vote directly on that poll.

    -
    2. -
  2. -

    Tracking Clawbacks: When a delegator votes, the system records the full amount of their delegated stake as "retracted" on their delegate's account for that specific poll. This clawback is always for the delegator's full delegated amount, regardless of the amount they personally vote with. This is for simplicity and to avoid making assumptions about the delegator's intent. Crucially, clawbacks from multiple delegators can be accumulated, such that only one tracking entry per referendum is necessary.

    -
    3. -
-

Here is how the logic plays out in different scenarios:

- -

A key consequence of this design is that a delegator's vote can alter their delegate's storage. If adding a "retracted votes" entry pushes the delegate's voting data beyond the MaxVotes limit, the delegator's transaction will fail. A new error will be introduced to signal this specific case. While a constraint, this will incentivize delegates to regularly clear their voting data for concluded referenda, and given our current referenda rates and MaxVotes set to 512, this scenario is unlikely to occur.

-

Locked Balance

-

A user's locked balance will be the greater of the delegation lock and the voting lock.

-

Migrations

-

A multi-block runtime migration is necessary. It would iterate over the VotingFor storage item and convert the old vote data structure to the new structure.

-

Drawbacks

-

There are two potential drawbacks to this system -

-

An unbounded rate of change of the voter preferences function

-

If implemented, there will be no friction in delegating, undelegating, and voting. Therefore, there could be large and immediate shifts in the voter preferences function. In other voting systems we see bounds added to the rate of change (voting cycles, etc). That said, it is unclear whether this is desired or advantageous. Additionally, there are more easily parameterized and analytically tractable ways to handle this than what we currently have. See future directions.

-

Lessened value in becoming a delegate

-

If a delegate's voting power can be stripped from them at any point, then there is necessarily a reduction in their power within the system. This provides less incentive to become a delegate. But again, there are more customizable ways to handle this if it proves necessary.

-

Testing, Security, and Privacy

-

The changes herein would allow for a cost-symmetric grief in which a delegator votes on every referendum, adding more votes to the delegate's record, then accepts the lock and waits until the delegate themselves pays to remove the vote from their record-- costing the delegate cost_of_removal_per_ref * number_of_refs_not_voted_on. This cost will inevitably be small and accepted by aspirational delegates, considering they'll be voting on most refs anyway. However, for those who don't want to incur the possibility of this cost, we introduce a per voting class flag that toggles delegator voting on/off.

-

In addition, these changes would mean a more complicated STF, which would increase the difficulty of hardening. Though sufficient unit testing should handle this with ease.

-

Performance, Ergonomics, and Compatibility

-

Performance

-

The proposed changes would increase both the compute and storage requirements by about 2x for all voting functions. No change in complexity.

-

Ergonomics

-

Voting and delegation will both become more ergonomic for users, as there are no longer hard constraints affecting what you can do and when you can do it.

-

Compatibility

-

Runtime developers will need to add the migration and ensure their hooks still work.

-

App developers will need to update their user interfaces to accommodate the new functionality. They will need to handle the new error as well.

-

Prior Art and References

-

A current implementation can be found here.

-

Unresolved Questions

-

None

- -

It is possible we would like to add a system parameter for the rate of change of the voting/delegation system. This could prevent wild swings in the voter preferences function and motivate/shield delegates by solidifying their positions over some amount of time. However, it's unclear that this would be valuable or even desirable.

(source)

Table of Contents

-

Prior Art and References

+

Prior Art and References

Robert Habermeier initially wrote on the subject of Polkadot blockspace-centric in the article Polkadot Blockspace over Blockchains. While not going into details, the article served as an early reframing piece for moving beyond one-slot-per-chain models and building out secondary market infrastructure for resource allocation.

(source)

Table of Contents

@@ -1880,10 +1748,10 @@ InstaPoolHistory: (empty) AuthorsGavin Wood, Robert Habermeier -

Summary

+

Summary

In the Agile Coretime model of the Polkadot Ubiquitous Computer, as proposed in RFC-1 and RFC-3, it is necessary for the allocating parachain (envisioned to be one or more pallets on a specialised Brokerage System Chain) to communicate the core assignments to the Relay-chain, which is responsible for ensuring those assignments are properly enacted.

This is a proposal for the interface which will exist around the Relay-chain in order to communicate this information and instructions.

-

Motivation

+

Motivation

The background motivation for this interface is splitting out coretime allocation functions and secondary markets from the Relay-chain onto System parachains. A well-understood and general interface is necessary for ensuring the Relay-chain receives coretime allocation instructions from one or more System chains without introducing dependencies on the implementation details of either side.

Requirements

-

Stakeholders

+

Stakeholders

Primary stakeholder sets are:

Socialization:

This content of this RFC was discussed in the Polkdot Fellows channel.

-

Explanation

+

Explanation

The interface has two sections: The messages which the Relay-chain is able to receive from the allocating parachain (the UMP message types), and messages which the Relay-chain is able to send to the allocating parachain (the DMP message types). These messages are expected to be able to be implemented in a well-known pallet and called with the XCM Transact instruction.

Future work may include these messages being introduced into the XCM standard.

UMP Message Types

@@ -1978,17 +1846,17 @@ assert_eq!(targets.iter().map(|x| x.1).sum(), 57600);

Realistic Limits of the Usage

For request_revenue_info, a successful request should be possible if when is no less than the Relay-chain block number on arrival of the message less 100,000.

For assign_core, a successful request should be possible if begin is no less than the Relay-chain block number on arrival of the message plus 10 and workload contains no more than 100 items.

-

Performance, Ergonomics and Compatibility

+

Performance, Ergonomics and Compatibility

No specific considerations.

-

Testing, Security and Privacy

+

Testing, Security and Privacy

Standard Polkadot testing and security auditing applies.

The proposal introduces no new privacy concerns.

- +

RFC-1 proposes a means of determining allocation of Coretime using this interface.

RFC-3 proposes a means of implementing the high-level allocations within the Relay-chain.

Drawbacks, Alternatives and Unknowns

None at present.

-

Prior Art and References

+

Prior Art and References

None.

(source)

Table of Contents

@@ -2034,13 +1902,13 @@ assert_eq!(targets.iter().map(|x| x.1).sum(), 57600); AuthorsJoe Petrowski -

Summary

+

Summary

As core functionality moves from the Relay Chain into system chains, so increases the reliance on the liveness of these chains for the use of the network. It is not economically scalable, nor necessary from a game-theoretic perspective, to pay collators large rewards. This RFC proposes a mechanism -- part technical and part social -- for ensuring reliable collator sets that are resilient to attemps to stop any subsytem of the Polkadot protocol.

-

Motivation

+

Motivation

In order to guarantee access to Polkadot's system, the collators on its system chains must propose blocks (provide liveness) and allow all transactions to eventually be included. That is, some collators may censor transactions, but there must exist one collator in the set who will include a @@ -2076,12 +1944,12 @@ to censor any subset of transactions.

  • Collators selected by governance SHOULD have a reasonable expectation that the Treasury will reimburse their operating costs.
    • -

    Stakeholders

    +

    Stakeholders

    -

    Explanation

    +

    Explanation

    This protocol builds on the existing Collator Selection pallet and its notion of Invulnerables. Invulnerables are collators (identified by their AccountIds) who @@ -2117,27 +1985,27 @@ approximately:

  • of which 15 are Invulnerable, and
  • five are elected by bond.
    • -

    Drawbacks

    +

    Drawbacks

    The primary drawback is a reliance on governance for continued treasury funding of infrastructure costs for Invulnerable collators.

    -

    Testing, Security, and Privacy

    +

    Testing, Security, and Privacy

    The vast majority of cases can be covered by unit testing. Integration test should ensure that the Collator Selection UpdateOrigin, which has permission to modify the Invulnerables and desired number of Candidates, can handle updates over XCM from the system's governance location.

    -

    Performance, Ergonomics, and Compatibility

    +

    Performance, Ergonomics, and Compatibility

    This proposal has very little impact on most users of Polkadot, and should improve the performance of system chains by reducing the number of missed blocks.

    -

    Performance

    +

    Performance

    As chains have strict PoV size limits, care must be taken in the PoV impact of the session manager. Appropriate benchmarking and tests should ensure that conservative limits are placed on the number of Invulnerables and Candidates.

    -

    Ergonomics

    +

    Ergonomics

    The primary group affected is Candidate collators, who, after implementation of this RFC, will need to compete in a bond-based election rather than a race to claim a Candidate spot.

    -

    Compatibility

    +

    Compatibility

    This RFC is compatible with the existing implementation and can be handled via upgrades and migration.

    -

    Prior Art and References

    +

    Prior Art and References

    Written Discussions

    -

    Unresolved Questions

    +

    Unresolved Questions

    None at this time.

    - +

    There may exist in the future system chains for which this model of collator selection is not appropriate. These chains should be evaluated on a case-by-case basis.

    (source)

    @@ -2193,10 +2061,10 @@ appropriate. These chains should be evaluated on a case-by-case basis.

    AuthorsPierre Krieger -

    Summary

    +

    Summary

    The full nodes of the Polkadot peer-to-peer network maintain a distributed hash table (DHT), which is currently used for full nodes discovery and validators discovery purposes.

    This RFC proposes to extend this DHT to be used to discover full nodes of the parachains of Polkadot.

    -

    Motivation

    +

    Motivation

    The maintenance of bootnodes has long been an annoyance for everyone.

    When a bootnode is newly-deployed or removed, every chain specification must be updated in order to take the update into account. This has lead to various non-optimal solutions, such as pulling chain specifications from GitHub repositories. When it comes to RPC nodes, UX developers often have trouble finding up-to-date addresses of parachain RPC nodes. With the ongoing migration from RPC nodes to light clients, similar problems would happen with chain specifications as well.

    @@ -2205,9 +2073,9 @@ When it comes to RPC nodes, UX developers often have trouble finding up-to-date

    Because the list of bootnodes in chain specifications is so annoying to modify, the consequence is that the number of bootnodes is rather low (typically between 2 and 15). In order to better resist downtimes and DoS attacks, a better solution would be to use every node of a certain chain as potential bootnode, rather than special-casing some specific nodes.

    While this RFC doesn't solve these problems for relay chains, it aims at solving it for parachains by storing the list of all the full nodes of a parachain on the relay chain DHT.

    Assuming that this RFC is implemented, and that light clients are used, deploying a parachain wouldn't require more work than registering it onto the relay chain and starting the collators. There wouldn't be any need for special infrastructure nodes anymore.

    -

    Stakeholders

    +

    Stakeholders

    This RFC has been opened on my own initiative because I think that this is a good technical solution to a usability problem that many people are encountering and that they don't realize can be solved.

    -

    Explanation

    +

    Explanation

    The content of this RFC only applies for parachains and parachain nodes that are "Substrate-compatible". It is in no way mandatory for parachains to comply to this RFC.

    Note that "Substrate-compatible" is very loosely defined as "implements the same mechanisms and networking protocols as Substrate". The author of this RFC believes that "Substrate-compatible" should be very precisely specified, but there is controversy on this topic.

    While a lot of this RFC concerns the implementation of parachain nodes, it makes use of the resources of the Polkadot chain, and as such it is important to describe them in the Polkadot specification.

    @@ -2244,10 +2112,10 @@ message Response {

    The maximum size of a response is set to an arbitrary 16kiB. The responding side should make sure to conform to this limit. Given that fork_id is typically very small and that the only variable-length field is addrs, this is easily achieved by limiting the number of addresses.

    Implementers should be aware that addrs might be very large, and are encouraged to limit the number of addrs to an implementation-defined value.

    -

    Drawbacks

    +

    Drawbacks

    The peer_id and addrs fields are in theory not strictly needed, as the PeerId and addresses could be always equal to the PeerId and addresses of the node being registered as the provider and serving the response. However, the Cumulus implementation currently uses two different networking stacks, one of the parachain and one for the relay chain, using two separate PeerIds and addresses, and as such the PeerId and addresses of the other networking stack must be indicated. Asking them to use only one networking stack wouldn't feasible in a realistic time frame.

    The values of the genesis_hash and fork_id fields cannot be verified by the requester and are expected to be unused at the moment. Instead, a client that desires connecting to a parachain is expected to obtain the genesis hash and fork ID of the parachain from the parachain chain specification. These fields are included in the networking protocol nonetheless in case an acceptable solution is found in the future, and in order to allow use cases such as discovering parachains in a not-strictly-trusted way.

    -

    Testing, Security, and Privacy

    +

    Testing, Security, and Privacy

    Because not all nodes want to be used as bootnodes, implementers are encouraged to provide a way to disable this mechanism. However, it is very much encouraged to leave this mechanism on by default for all parachain nodes.

    This mechanism doesn't add or remove any security by itself, as it relies on existing mechanisms. However, if the principle of chain specification bootnodes is entirely replaced with the mechanism described in this RFC (which is the objective), then it becomes important whether the mechanism in this RFC can be abused in order to make a parachain unreachable.

    @@ -2256,22 +2124,22 @@ Furthermore, when a large number of providers (here, a provider is a bootnode) a

    For this reason, an attacker can abuse this mechanism by randomly generating libp2p PeerIds until they find the 20 entries closest to the key representing the target parachain. They are then in control of the parachain bootnodes. Because the key changes periodically and isn't predictable, and assuming that the Polkadot DHT is sufficiently large, it is not realistic for an attack like this to be maintained in the long term.

    Furthermore, parachain clients are expected to cache a list of known good nodes on their disk. If the mechanism described in this RFC went down, it would only prevent new nodes from accessing the parachain, while clients that have connected before would not be affected.

    -

    Performance, Ergonomics, and Compatibility

    -

    Performance

    +

    Performance, Ergonomics, and Compatibility

    +

    Performance

    The DHT mechanism generally has a low overhead, especially given that publishing providers is done only every 24 hours.

    Doing a Kademlia iterative query then sending a provider record shouldn't take more than around 50 kiB in total of bandwidth for the parachain bootnode.

    Assuming 1000 parachain full nodes, the 20 Polkadot full nodes corresponding to a specific parachain will each receive a sudden spike of a few megabytes of networking traffic when the key rotates. Again, this is relatively negligible. If this becomes a problem, one can add a random delay before a parachain full node registers itself to be the provider of the key corresponding to BabeApi_next_epoch.

    Maybe the biggest uncertainty is the traffic that the 20 Polkadot full nodes will receive from light clients that desire knowing the bootnodes of a parachain. Light clients are generally encouraged to cache the peers that they use between restarts, so they should only query these 20 Polkadot full nodes at their first initialization. If this every becomes a problem, this value of 20 is an arbitrary constant that can be increased for more redundancy.

    -

    Ergonomics

    +

    Ergonomics

    Irrelevant.

    -

    Compatibility

    +

    Compatibility

    Irrelevant.

    -

    Prior Art and References

    +

    Prior Art and References

    None.

    -

    Unresolved Questions

    +

    Unresolved Questions

    While it fundamentally doesn't change much to this RFC, using BabeApi_currentEpoch and BabeApi_nextEpoch might be inappropriate. I'm not familiar enough with good practices within the runtime to have an opinion here. Should it be an entirely new pallet?

    - +

    It is possible that in the future a client could connect to a parachain without having to rely on a trusted parachain specification.

    (source)

    Table of Contents

    @@ -2304,9 +2172,9 @@ If this every becomes a problem, this value of 20 is an arbitrary constant that AuthorsPierre Krieger -

    Summary

    +

    Summary

    Improve the networking messages that query storage items from the remote, in order to reduce the bandwidth usage and number of round trips of light clients.

    -

    Motivation

    +

    Motivation

    Clients on the Polkadot peer-to-peer network can be divided into two categories: full nodes and light clients. So-called full nodes are nodes that store the content of the chain locally on their disk, while light clients are nodes that don't. In order to access for example the balance of an account, a full node can do a disk read, while a light client needs to send a network message to a full node and wait for the full node to reply with the desired value. This reply is in the form of a Merkle proof, which makes it possible for the light client to verify the exactness of the value.

    Unfortunately, this network protocol is suffering from some issues:

    Once Polkadot and Kusama will have transitioned to state_version = 1, which modifies the format of the trie entries, it will be possible to generate Merkle proofs that contain only the hashes of values in the storage. Thanks to this, it is already possible to prove the existence of a key without sending its entire value (only its hash), or to prove that a value has changed or not between two blocks (by sending just their hashes). Thus, the only reason why aforementioned issues exist is because the existing networking messages don't give the possibility for the querier to query this. This is what this proposal aims at fixing.

    -

    Stakeholders

    +

    Stakeholders

    This is the continuation of https://github.com/w3f/PPPs/pull/10, which itself is the continuation of https://github.com/w3f/PPPs/pull/5.

    -

    Explanation

    +

    Explanation

    The protobuf schema of the networking protocol can be found here: https://github.com/paritytech/substrate/blob/5b6519a7ff4a2d3cc424d78bc4830688f3b184c0/client/network/light/src/schema/light.v1.proto

    The proposal is to modify this protocol in this way:

    @@ -11,6 +11,7 @@ message Request {
@@ -2376,26 +2244,26 @@ An alternative could have been to specify the child_trie_info for e
 Also note that child tries aren't considered as descendants of the main trie when it comes to the includeDescendants flag. In other words, if the request concerns the main trie, no content coming from child tries is ever sent back.
    
 
    This protocol keeps the same maximum response size limit as currently exists (16 MiB). It is not possible for the querier to know in advance whether its query will lead to a reply that exceeds the maximum size. If the reply is too large, the replier should send back only a limited number (but at least one) of requested items in the proof. The querier should then send additional requests for the rest of the items. A response containing none of the requested items is invalid.
    
 
    The server is allowed to silently discard some keys of the request if it judges that the number of requested keys is too high. This is in line with the fact that the server might truncate the response.
    
-
    Drawbacks
    
+
    Drawbacks
    
 
    This proposal doesn't handle one specific situation: what if a proof containing a single specific item would exceed the response size limit? For example, if the response size limit was 1 MiB, querying the runtime code (which is typically 1.0 to 1.5 MiB) would be impossible as it's impossible to generate a proof less than 1 MiB. The response size limit is currently 16 MiB, meaning that no single storage item must exceed 16 MiB.
    
 
    Unfortunately, because it's impossible to verify a Merkle proof before having received it entirely, parsing the proof in a streaming way is also not possible.
    
 
    A way to solve this issue would be to Merkle-ize large storage items, so that a proof could include only a portion of a large storage item. Since this would require a change to the trie format, it is not realistically feasible in a short time frame.
    
-
    Testing, Security, and Privacy
    
+
    Testing, Security, and Privacy
    
 
    The main security consideration concerns the size of replies and the resources necessary to generate them. It is for example easily possible to ask for all keys and values of the chain, which would take a very long time to generate. Since responses to this networking protocol have a maximum size, the replier should truncate proofs that would lead to the response being too large. Note that it is already possible to send a query that would lead to a very large reply with the existing network protocol. The only thing that this proposal changes is that it would make it less complicated to perform such an attack.
    
 
    Implementers of the replier side should be careful to detect early on when a reply would exceed the maximum reply size, rather than inconditionally generate a reply, as this could take a very large amount of CPU, disk I/O, and memory. Existing implementations might currently be accidentally protected from such an attack thanks to the fact that requests have a maximum size, and thus that the list of keys in the query was bounded. After this proposal, this accidental protection would no longer exist.
    
 
    Malicious server nodes might truncate Merkle proofs even when they don't strictly need to, and it is not possible for the client to (easily) detect this situation. However, malicious server nodes can already do undesirable things such as throttle down their upload bandwidth or simply not respond. There is no need to handle unnecessarily truncated Merkle proofs any differently than a server simply not answering the request.
    
-
    Performance, Ergonomics, and Compatibility
    
-
    Performance
    
+
    Performance, Ergonomics, and Compatibility
    
+
    Performance
    
 
    It is unclear to the author of the RFC what the performance implications are. Servers are supposed to have limits to the amount of resources they use to respond to requests, and as such the worst that can happen is that light client requests become a bit slower than they currently are.
    
-
    Ergonomics
    
+
    Ergonomics
    
 
    Irrelevant.
    
-
    Compatibility
    
+
    Compatibility
    
 
    The prior networking protocol is maintained for now. The older version of this protocol could get removed in a long time.
    
-
    Prior Art and References
    
+
    Prior Art and References
    
 
    None. This RFC is a clean-up of an existing mechanism.
    
-
    Unresolved Questions
    
+
    Unresolved Questions
    
 
    None
    
-
+
 
    The current networking protocol could be deprecated in a long time. Additionally, the current "state requests" protocol (used for warp syncing) could also be deprecated in favor of this one.
    
 
    (source)
    
 
    Table of Contents
    
@@ -2416,13 +2284,13 @@ Also note that child tries aren't considered as descendants of the main trie whe
 AuthorsJonas Gehrlein
 
 
-
    Summary
    
+
    Summary
    
 
    The Polkadot UC will generate revenue from the sale of available Coretime. The question then arises: how should we handle these revenues? Broadly, there are two reasonable paths – burning the revenue and thereby removing it from total issuance or divert it to the Treasury. This Request for Comment (RFC) presents arguments favoring burning as the preferred mechanism for handling revenues from Coretime sales.
    
-
    Motivation
    
+
    Motivation
    
 
    How to handle the revenue accrued from Coretime sales is an important economic question that influences the value of DOT and should be properly discussed before deciding for either of the options. Now is the best time to start this discussion.
    
-
    Stakeholders
    
+
    Stakeholders
    
 
    Polkadot DOT token holders.
    
-
    Explanation
    
+
    Explanation
    
 
    This RFC discusses potential benefits of burning the revenue accrued from Coretime sales instead of diverting them to Treasury. Here are the following arguments for it.
    
 
    It's in the interest of the Polkadot community to have a consistent and predictable Treasury income, because volatility in the inflow can be damaging, especially in situations when it is insufficient. As such, this RFC operates under the presumption of a steady and sustainable Treasury income flow, which is crucial for the Polkadot community's stability. The assurance of a predictable Treasury income, as outlined in a prior discussion here, or through other equally effective measures, serves as a baseline assumption for this argument. 
    
 
    Consequently, we need not concern ourselves with this particular issue here. This naturally begs the question - why should we introduce additional volatility to the Treasury by aligning it with the variable Coretime sales? It's worth noting that Coretime revenues often exhibit an inverse relationship with periods when Treasury spending should ideally be ramped up. During periods of low Coretime utilization (indicated by lower revenue), Treasury should spend more on projects and endeavours to increase the demand for Coretime. This pattern underscores that Coretime sales, by their very nature, are an inconsistent and unpredictable source of funding for the Treasury. Given the importance of maintaining a steady and predictable inflow, it's unnecessary to rely on another volatile mechanism. Some might argue that we could have both: a steady inflow (from inflation) and some added bonus from Coretime sales, but burning the revenue would offer further benefits as described below.
    
@@ -2465,13 +2333,13 @@ Also note that child tries aren't considered as descendants of the main trie whe
 AuthorsJoe Petrowski
 
 
-
    Summary
    
+
    Summary
    
 
    Since the introduction of the Collectives parachain, many groups have expressed interest in forming
 new -- or migrating existing groups into -- on-chain collectives. While adding a new collective is
 relatively simple from a technical standpoint, the Fellowship will need to merge new pallets into
 the Collectives parachain for each new collective. This RFC proposes a means for the network to
 ratify a new collective, thus instructing the Fellowship to instate it in the runtime.
    
-
    Motivation
    
+
    Motivation
    
 
    Many groups have expressed interest in representing collectives on-chain. Some of these include:
    
 
      
 
    • Parachain technical fellowship (new)
      • 
@@ -2487,12 +2355,12 @@ path to having its collective accepted on-chain as part of the protocol. Accepta
 the Fellowship to include the new collective with a given initial configuration into the runtime.
 However, the network, not the Fellowship, should ultimately decide which collectives are in the
 interest of the network.
      
-
      Stakeholders
      
+
      Stakeholders
      
 
        
 
      • Polkadot stakeholders who would like to organize on-chain.
        • 
 
      • Technical Fellowship, in its role of maintaining system runtimes.
        • 
 
      
-
      Explanation
      
+
      Explanation
      
 
      The group that wishes to operate an on-chain collective should publish the following information:
      
 
        
 
      • Charter, including the collective's mandate and how it benefits Polkadot. This would be similar
@@ -2526,22 +2394,22 @@ Fellowship would help them identify the pallet indices associated with a given c
 or not the Fellowship member agrees with removal.
        
 
        Collective removal may also come with other governance calls, for example voiding any scheduled
 Treasury spends that would fund the given collective.
        
-
        Drawbacks
        
+
        Drawbacks
        
 
        Passing a Root origin referendum is slow. However, given the network's investment (in terms of code
 maintenance and salaries) in a new collective, this is an appropriate step.
        
-
        Testing, Security, and Privacy
        
+
        Testing, Security, and Privacy
        
 
        No impacts.
        
-
        Performance, Ergonomics, and Compatibility
        
+
        Performance, Ergonomics, and Compatibility
        
 
        Generally all new collectives will be in the Collectives parachain. Thus, performance impacts
 should strictly be limited to this parachain and not affect others. As the majority of logic for
 collectives is generalized and reusable, we expect most collectives to be instances of similar
 subsets of modules. That is, new collectives should generally be compatible with UIs and other
 services that provide collective-related functionality, with little modifications to support new
 ones.
        
-
        Prior Art and References
        
+
        Prior Art and References
        
 
        The launch of the Technical Fellowship, see the
 initial forum post.
        
-
        Unresolved Questions
        
+
        Unresolved Questions
        
 
        None at this time.
        
 
        (source)
        
 
        Table of Contents
        
@@ -2578,13 +2446,13 @@ ones.
        
 AuthorsOliver Tale-Yazdi
 
 
-
        Summary
        
+
        Summary
        
 
        Introduces breaking changes to the Core runtime API by letting Core::initialize_block return an enum. The versions of Core is bumped from 4 to 5.
        
-
        Motivation
        
+
        Motivation
        
 
        The main feature that motivates this RFC are Multi-Block-Migrations (MBM); these make it possible to split a migration over multiple blocks.
        
 Further it would be nice to not hinder the possibility of implementing a new hook poll, that runs at the beginning of the block when there are no MBMs and has access to AllPalletsWithSystem. This hook can then be used to replace the use of on_initialize and on_finalize for non-deadline critical logic.
        
 In a similar fashion, it should not hinder the future addition of a System::PostInherents callback that always runs after all inherents were applied.
        
-
        Stakeholders
        
+
        Stakeholders
        
 
          
 
        • Substrate Maintainers: They have to implement this, including tests, audit and
 maintenance burden.
          • 
@@ -2592,7 +2460,7 @@ maintenance burden.
 
        • Polkadot Parachain Teams: They have to adapt to the breaking changes but then eventually have
 multi-block migrations available.
          • 
 
        
-
        Explanation
        
+
        Explanation
        
 
        Core::initialize_block
        
 
        This runtime API function is changed from returning () to ExtrinsicInclusionMode:
        
 
        fn initialize_block(header: &<Block as BlockT>::Header)
@@ -2613,23 +2481,23 @@ multi-block migrations available.
        • 
 
        1. Multi-Block-Migrations: The runtime is being put into lock-down mode for the duration of the migration process by returning OnlyInherents from initialize_block. This ensures that no user provided transaction can interfere with the migration process. It is absolutely necessary to ensure this, otherwise a transaction could call into un-migrated storage and violate storage invariants.
        
 
        2. poll is possible by using apply_extrinsic as entry-point and not hindered by this approach. It would not be possible to use a pallet inherent like System::last_inherent to achieve this for two reasons: First is that pallets do not have access to AllPalletsWithSystem which is required to invoke the poll hook on all pallets. Second is that the runtime does currently not enforce an order of inherents. 
        
 
        3. System::PostInherents can be done in the same manner as poll.
        
-
        Drawbacks
        
+
        Drawbacks
        
 
        The previous drawback of cementing the order of inherents has been addressed and removed by redesigning the approach. No further drawbacks have been identified thus far.
        
-
        Testing, Security, and Privacy
        
+
        Testing, Security, and Privacy
        
 
        The new logic of initialize_block can be tested by checking that the block-builder will skip transactions when OnlyInherents is returned.
        
 
        Security: n/a
        
 
        Privacy: n/a
        
-
        Performance, Ergonomics, and Compatibility
        
-
        Performance
        
+
        Performance, Ergonomics, and Compatibility
        
+
        Performance
        
 
        The performance overhead is minimal in the sense that no clutter was added after fulfilling the
 requirements. The only performance difference is that initialize_block also returns an enum that needs to be passed through the WASM boundary. This should be negligible.
        
-
        Ergonomics
        
+
        Ergonomics
        
 
        The new interface allows for more extensible runtime logic. In the future, this will be utilized for
 multi-block-migrations which should be a huge ergonomic advantage for parachain developers.
        
-
        Compatibility
        
+
        Compatibility
        
 
        The advice here is OPTIONAL and outside of the RFC. To not degrade
 user experience, it is recommended to ensure that an updated node can still import historic blocks.
        
-
        Prior Art and References
        
+
        Prior Art and References
        
 
        The RFC is currently being implemented in polkadot-sdk#1781 (formerly substrate#14275). Related issues and merge
 requests:
        
 
-
        Unresolved Questions
        
+
        Unresolved Questions
        
 
        Please suggest a better name for BlockExecutiveMode. We already tried: RuntimeExecutiveMode,
 ExtrinsicInclusionMode. The names of the modes Normal and Minimal were also called
 AllExtrinsics and OnlyInherents, so if you have naming preferences; please post them.
        
 => renamed to ExtrinsicInclusionMode
        
 
        Is post_inherents more consistent instead of last_inherent? Then we should change it.
        
 => renamed to last_inherent
        
-
+
 
        The long-term future here is to move the block building logic into the runtime. Currently there is a tight dance between the block author and the runtime; the author has to call into different runtime functions in quick succession and exact order. Any misstep causes the block to be invalid.
        
 This can be unified and simplified by moving both parts into the runtime.
        
 
        (source)
        
@@ -2683,14 +2551,14 @@ This can be unified and simplified by moving both parts into the runtime.
        
 AuthorsBryan Chen
 
 
-
        Summary
        
+
        Summary
        
 
        This RFC proposes a set of changes to the parachain lock mechanism. The goal is to allow a parachain manager to self-service the parachain without root track governance action.
        
 
        This is achieved by remove existing lock conditions and only lock a parachain when:
        
 
          
 
        • A parachain manager explicitly lock the parachain
          • 
 
        • OR a parachain block is produced successfully
          • 
 
        
-
        Motivation
        
+
        Motivation
        
 
        The manager of a parachain has permission to manage the parachain when the parachain is unlocked. Parachains are by default locked when onboarded to a slot. This requires the parachain wasm/genesis must be valid, otherwise a root track governance action on relaychain is required to update the parachain.
        
 
        The current reliance on root track governance actions for managing parachains can be time-consuming and burdensome. This RFC aims to address this technical difficulty by allowing parachain managers to take self-service actions, rather than relying on general public voting.
        
 
        The key scenarios this RFC seeks to improve are:
        
@@ -2709,12 +2577,12 @@ This can be unified and simplified by moving both parts into the runtime.
        
 
      • A parachain SHOULD be locked when it successfully produced the first block.
        • 
 
      • A parachain manager MUST be able to perform lease swap without having a running parachain.
        • 
 
      
-
      Stakeholders
      
+
      Stakeholders
      
 
        
 
      • Parachain teams
        • 
 
      • Parachain users
        • 
 
      
-
      Explanation
      
+
      Explanation
      
 
      Status quo
      
 
      A parachain can either be locked or unlocked3. With parachain locked, the parachain manager does not have any privileges. With parachain unlocked, the parachain manager can perform following actions with the paras_registrar pallet:
      
 
        
@@ -2754,31 +2622,31 @@ This can be unified and simplified by moving both parts into the runtime.
        
 
      • Parachain never produced a block. Including from expired leases.
        • 
 
      • Parachain manager never explicitly lock the parachain.
        • 
 
      
-
      Drawbacks
      
+
      Drawbacks
      
 
      Parachain locks are designed in such way to ensure the decentralization of parachains. If parachains are not locked when it should be, it could introduce centralization risk for new parachains.
      
 
      For example, one possible scenario is that a collective may decide to launch a parachain fully decentralized. However, if the parachain is unable to produce block, the parachain manager will be able to replace the wasm and genesis without the consent of the collective.
      
 
      It is considered this risk is tolerable as it requires the wasm/genesis to be invalid at first place. It is not yet practically possible to develop a parachain without any centralized risk currently.
      
 
      Another case is that a parachain team may decide to use crowdloan to help secure a slot lease. Previously, creating a crowdloan will lock a parachain. This means crowdloan participants will know exactly the genesis of the parachain for the crowdloan they are participating. However, this actually providers little assurance to crowdloan participants. For example, if the genesis block is determined before a crowdloan is started, it is not possible to have onchain mechanism to enforce reward distributions for crowdloan participants. They always have to rely on the parachain team to fulfill the promise after the parachain is alive.
      
 
      Existing operational parachains will not be impacted.
      
-
      Testing, Security, and Privacy
      
+
      Testing, Security, and Privacy
      
 
      The implementation of this RFC will be tested on testnets (Rococo and Westend) first.
      
 
      An audit maybe required to ensure the implementation does not introduce unwanted side effects.
      
 
      There is no privacy related concerns.
      
-
      Performance
      
+
      Performance
      
 
      This RFC should not introduce any performance impact.
      
-
      Ergonomics
      
+
      Ergonomics
      
 
      This RFC should improve the developer experiences for new and existing parachain teams
      
-
      Compatibility
      
+
      Compatibility
      
 
      This RFC is fully compatibility with existing interfaces.
      
-
      Prior Art and References
      
+
      Prior Art and References
      
 
        
 
      • Parachain Slot Extension Story: https://github.com/paritytech/polkadot/issues/4758
        • 
 
      • Allow parachain to renew lease without actually run another parachain: https://github.com/paritytech/polkadot/issues/6685
        • 
 
      • Always treat parachain that never produced block for a significant amount of time as unlocked: https://github.com/paritytech/polkadot/issues/7539
        • 
 
      
-
      Unresolved Questions
      
+
      Unresolved Questions
      
 
      None at this stage.
      
-
+
 
      This RFC is only intended to be a short term solution. Slots will be removed in future and lock mechanism is likely going to be replaced with a more generalized parachain manage & recovery system in future. Therefore long term impacts of this RFC are not considered.
      
 
      1
 
      https://github.com/paritytech/cumulus/issues/377
@@ -2830,11 +2698,11 @@ This can be unified and simplified by moving both parts into the runtime.
      
 AuthorsJonas Gehrlein
 
 
      
-
      Summary
      
+
      Summary
      
 
      This document proposes a restructuring of the bulk markets in Polkadot's coretime allocation system to improve efficiency and fairness. The proposal suggests splitting the BULK_PERIOD into three consecutive phases: MARKET_PERIOD, RENEWAL_PERIOD, and SETTLEMENT_PERIOD. This structure enables market-driven price discovery through a clearing-price Dutch auction, followed by renewal offers during the RENEWAL_PERIOD.
      
 
      With all coretime consumers paying a unified price, we propose removing all liquidity restrictions on cores purchased either during the initial market phase or renewed during the renewal phase. This allows a meaningful SETTLEMENT_PERIOD, during which final agreements and deals between coretime consumers can be orchestrated on the social layer—complementing the agility this system seeks to establish.
      
 
      In the new design, we obtain a uniform price, the clearing_price, which anchors new entrants and current tenants. To complement market-based price discovery, the design includes a dynamic reserve price adjustment mechanism based on actual core consumption. Together, these two components ensure robust price discovery while mitigating price collapse in cases of slight underutilization or collusive behavior.
      
-
      Motivation
      
+
      Motivation
      
 
      After exposing the initial system introduced in RFC-1 to real-world conditions, several weaknesses have become apparent. These lie especially in the fact that cores captured at very low prices are removed from the open market and can effectively be retained indefinitely, as renewal costs are minimal. The key issue here is the absence of price anchoring, which results in two divergent price paths: one for the initial purchase on the open market, and another fully deterministic one via the renewal bump mechanism.
      
 
      This proposal addresses these issues by anchoring all prices to a value derived from the market, while still preserving necessary privileges for current coretime consumers. The goal is to produce robust results across varying demand conditions (low, high, or volatile).
      
 
      In particular, this proposal introduces the following key changes:
      
@@ -2845,14 +2713,14 @@ This can be unified and simplified by moving both parts into the runtime.
      
 
    
 
    The premise of this proposal is to offer a straightforward design that discovers the price of coretime within a period as a clearing_price. Long-term coretime holders still retain the privilege to keep their cores if they can pay the price discovered by the market (with some premium for that privilege). The proposed model aims to strike a balance between leveraging market forces for allocation while operating within defined bounds. In particular, prices are capped within a BULK_PERIOD, which gives some certainty about prices to existing teams. It must be noted, however, that under high demand, prices could increase exponentially between multiple market cycles. This is a necessary feature to ensure proper price discovery and efficient coretime allocation.
    
 
    Ultimately, the framework proposed here seeks to adhere to all requirements originally stated in RFC-1.
    
-
    Stakeholders
    
+
    Stakeholders
    
 
    Primary stakeholder sets are:
    
 
      
 
    • Protocol researchers, developers, and the Polkadot Fellowship.
      • 
 
    • Polkadot Parachain teams both present and future, and their users.
      • 
 
    • Polkadot DOT token holders.
      • 
 
    
-
    Explanation
    
+
    Explanation
    
 
    Overview
    
 
    The BULK_PERIOD has been restructured into two primary segments: the MARKET_PERIOD and the RENEWAL_PERIOD, along with an auxiliarySETTLEMENT_PERIOD. The latter does not require any active participation from the coretime system chain except to simply execute transfers of ownership between market participants. A significant departure from the current design lies in the timing of renewals, which now occur after the market phase. This adjustment aims to harmonize renewal prices with their market counterparts, ensuring a more consistent and equitable pricing model.
    
 
    Market Period (14 days)
    
@@ -2964,7 +2832,7 @@ To mitigate this, we propose preventing the market from closing at the ope
 
 
 
-
    Prior Art and References
    
+
    Prior Art and References
    
 
    This RFC builds extensively on the available ideas put forward in RFC-1. 
    
 
    Additionally, I want to express a special thanks to Samuel Haefner, Shahar Dobzinski, and Alistair Stewart for fruitful discussions and helping me structure my thoughts.
    
 
    (source)
    
@@ -2992,19 +2860,19 @@ To mitigate this, we propose preventing the market from closing at the ope
 Authors@brenzi for Encointer Association, 8000 Zurich, Switzerland
 
 
-
    Summary
    
+
    Summary
    
 
    Encointer is a system chain on Kusama since Jan 2022 and has been developed and maintained by the Encointer association. This RFC proposes to treat Encointer like any other system chain and include it in the fellowship repo with this PR.
    
-
    Motivation
    
+
    Motivation
    
 
    Encointer does not seek to be in control of its runtime repository. As a decentralized system, the fellowship has a more suitable structure to maintain a system chain runtime repo than the Encointer association does.
    
 
    Also, Encointer aims to update its runtime in batches with other system chains in order to have consistency for interoperability across system chains. 
    
-
    Stakeholders
    
+
    Stakeholders
    
 
      
 
    • Fellowship: Will continue to take upon them the review and auditing work for the Encointer runtime, but the process is streamlined with other system chains and therefore less time-consuming compared to the separate repo and CI process we currently have.
      • 
 
    • Kusama Network: Tokenholders can easily see the changes of all system chains in one place.
      • 
 
    • Encointer Association: Further decentralization of the Encointer Network necessities like devops.
      • 
 
    • Encointer devs: Being able to work directly in the Fellowship runtimes repo to streamline and synergize with other developers. 
      • 
 
    
-
    Explanation
    
+
    Explanation
    
 
    Our PR has all details about our runtime and how we would move it into the fellowship repo.
    
 
    Noteworthy: All Encointer-specific pallets will still be located in encointer's repo for the time being: https://github.com/encointer/pallets 
    
 
    It will still be the duty of the Encointer team to keep its runtime up to date and provide adequate test fixtures. Frequent dependency bumps with Polkadot releases would be beneficial for interoperability and could be streamlined with other system chains but that will not be a duty of fellowship. Whenever possible, all system chains could be upgraded jointly (including Encointer) with a batch referendum.
    
@@ -3013,17 +2881,17 @@ To mitigate this, we propose preventing the market from closing at the ope
 
  • Encointer will publish all its crates crates.io
    • 
 
  • Encointer does not carry out external auditing of its runtime nor pallets. It would be beneficial but not a requirement from our side if Encointer could join the auditing process of other system chains. 
    • 
 
-
    Drawbacks
    
+
    Drawbacks
    
 
    Other than all other system chains, development and maintenance of the Encointer Network is mainly financed by the KSM Treasury and possibly the DOT Treasury in the future. Encointer is dedicated to maintaining its network and runtime code for as long as possible, but there is a dependency on funding which is not in the hands of the fellowship. The only risk in the context of funding, however, is that the Encointer runtime will see less frequent updates if there's less funding. 
    
-
    Testing, Security, and Privacy
    
+
    Testing, Security, and Privacy
    
 
    No changes to the existing system are proposed. Only changes to how maintenance is organized.
    
-
    Performance, Ergonomics, and Compatibility
    
+
    Performance, Ergonomics, and Compatibility
    
 
    No changes
    
-
    Prior Art and References
    
+
    Prior Art and References
    
 
    Existing Encointer runtime repo
    
-
    Unresolved Questions
    
+
    Unresolved Questions
    
 
    None identified
    
-
+
 
    More info on Encointer: encointer.org
    
 
    (source)
    
 
    Table of Contents
    
@@ -3943,11 +3811,11 @@ other privacy-enhancing mechanisms to address this concern.
 AuthorsJoe Petrowski, Gavin Wood
 
 
-
    Summary
    
+
    Summary
    
 
    The Relay Chain contains most of the core logic for the Polkadot network. While this was necessary
 prior to the launch of parachains and development of XCM, most of this logic can exist in
 parachains. This is a proposal to migrate several subsystems into system parachains.
    
-
    Motivation
    
+
    Motivation
    
 
    Polkadot's scaling approach allows many distinct state machines (known generally as parachains) to
 operate with common guarantees about the validity and security of their state transitions. Polkadot
 provides these common guarantees by executing the state transitions on a strict subset (a backing
@@ -3959,13 +3827,13 @@ blockspace) to the network.
    
 
    By minimising state transition logic on the Relay Chain by migrating it into "system chains" -- a
 set of parachains that, with the Relay Chain, make up the Polkadot protocol -- the Polkadot
 Ubiquitous Computer can maximise its primary offering: secure blockspace.
    
-
    Stakeholders
    
+
    Stakeholders
    
 
      
 
    • Parachains that interact with affected logic on the Relay Chain;
      • 
 
    • Core protocol and XCM format developers;
      • 
 
    • Tooling, block explorer, and UI developers.
      • 
 
    
-
    Explanation
    
+
    Explanation
    
 
    The following pallets and subsystems are good candidates to migrate from the Relay Chain:
    
 
      
 
    • Identity
      • 
@@ -3990,7 +3858,7 @@ Ubiquitous Computer can maximise its primary offering: secure blockspace.
      
 
    
 
    Note: The Auctions and Crowdloan pallets will be replaced by Coretime, its system chain and
 interface described in RFC-1 and RFC-5, respectively.
    
-
    Migrations
    
+
    Migrations
    
 
    Some subsystems are simpler to move than others. For example, migrating Identity can be done by
 simply preventing state changes in the Relay Chain, using the Identity-related state as the genesis
 for a new chain, and launching that new chain with the genesis and logic (pallet) needed.
    
@@ -4111,36 +3979,36 @@ sensible to rehearse a migration.
    
 Staking is the subsystem most constrained by PoV limits. Ensuring that elections, payouts, session
 changes, offences/slashes, etc. work in a parachain on Kusama -- with its larger validator set --
 will give confidence to the chain's robustness on Polkadot.
    
-
    Drawbacks
    
+
    Drawbacks
    
 
    These subsystems will have reduced resources in cores than on the Relay Chain. Staking in particular
 may require some optimizations to deal with constraints.
    
-
    Testing, Security, and Privacy
    
+
    Testing, Security, and Privacy
    
 
    Standard audit/review requirements apply. More powerful multi-chain integration test tools would be
 useful in developement.
    
-
    Performance, Ergonomics, and Compatibility
    
+
    Performance, Ergonomics, and Compatibility
    
 
    Describe the impact of the proposal on the exposed functionality of Polkadot.
    
-
    Performance
    
+
    Performance
    
 
    This is an optimization. The removal of public/user transactions on the Relay Chain ensures that its
 primary resources are allocated to system performance.
    
-
    Ergonomics
    
+
    Ergonomics
    
 
    This proposal alters very little for coretime users (e.g. parachain developers). Application
 developers will need to interact with multiple chains, making ergonomic light client tools
 particularly important for application development.
    
 
    For existing parachains that interact with these subsystems, they will need to configure their
 runtimes to recognize the new locations in the network.
    
-
    Compatibility
    
+
    Compatibility
    
 
    Implementing this proposal will require some changes to pallet APIs and/or a pub-sub protocol.
 Application developers will need to interact with multiple chains in the network.
    
-
    Prior Art and References
    
+
    Prior Art and References
    
 
-
    Unresolved Questions
    
+
    Unresolved Questions
    
 
    There remain some implementation questions, like how to use balances for both Staking and
 Governance. See, for example, Moving Staking off the Relay
 Chain.
    
-
+
 
    Ideally the Relay Chain becomes transactionless, such that not even balances are represented there.
 With Staking and Governance off the Relay Chain, this is not an unreasonable next step.
    
 
    With Identity on Polkadot, Kusama may opt to drop its People Chain.
    
@@ -4175,13 +4043,13 @@ With Staking and Governance off the Relay Chain, this is not an unreasonable nex
 AuthorsVedhavyas Singareddi
 
 
-
    Summary
    
+
    Summary
    
 
    At the moment, we have system_version field on RuntimeVersion that derives which state version is used for the
 Storage.
 We have a use case where we want extrinsics root is derived using StateVersion::V1. Without defining a new field
 under RuntimeVersion,
 we would like to propose adding system_version that can be used to derive both storage and extrinsic state version.
    
-
    Motivation
    
+
    Motivation
    
 
    Since the extrinsic state version is always StateVersion::V0, deriving extrinsic root requires full extrinsic data.
 This would be problematic when we need to verify the extrinsics root if the extrinsic sizes are bigger. This problem is
 further explored in https://github.com/polkadot-fellows/RFCs/issues/19
    
@@ -4193,11 +4061,11 @@ One of the main challenge here is some extrinsics could be big enough that this
 included in the Consensus block due to Block's weight restriction.
 If the extrinsic root is derived using StateVersion::V1, then we do not need to pass the full extrinsic data but
 rather at maximum, 32 byte of extrinsic data.
    
-
    Stakeholders
    
+
    Stakeholders
    
 
      
 
    • Technical Fellowship, in its role of maintaining system runtimes.
      • 
 
    
-
    Explanation
    
+
    Explanation
    
 
    In order to use project specific StateVersion for extrinsic roots, we proposed
 an implementation that introduced
 parameter to frame_system::Config but that unfortunately did not feel correct.
@@ -4223,26 +4091,26 @@ pub const VERSION: RuntimeVersion = RuntimeVersion {
 		system_version: 1,
 	};
 }
    -

    Drawbacks

    +

    Drawbacks

    There should be no drawbacks as it would replace state_version with same behavior but documentation should be updated so that chains know which system_version to use.

    -

    Testing, Security, and Privacy

    +

    Testing, Security, and Privacy

    AFAIK, should not have any impact on the security or privacy.

    -

    Performance, Ergonomics, and Compatibility

    +

    Performance, Ergonomics, and Compatibility

    These changes should be compatible for existing chains if they use state_version value for system_verision.

    -

    Performance

    +

    Performance

    I do not believe there is any performance hit with this change.

    -

    Ergonomics

    +

    Ergonomics

    This does not break any exposed Apis.

    -

    Compatibility

    +

    Compatibility

    This change should not break any compatibility.

    -

    Prior Art and References

    +

    Prior Art and References

    We proposed introducing a similar change by introducing a parameter to frame_system::Config but did not feel that is the correct way of introducing this change.

    -

    Unresolved Questions

    +

    Unresolved Questions

    I do not have any specific questions about this change at the moment.

    - +

    IMO, this change is pretty self-contained and there won't be any future work necessary.

    (source)

    Table of Contents

    @@ -4271,9 +4139,9 @@ is the correct way of introducing this change.

    AuthorsSebastian Kunert -

    Summary

    +

    Summary

    This RFC proposes a new host function for parachains, storage_proof_size. It shall provide the size of the currently recorded storage proof to the runtime. Runtime authors can use the proof size to improve block utilization by retroactively reclaiming unused storage weight.

    -

    Motivation

    +

    Motivation

    The number of extrinsics that are included in a parachain block is limited by two constraints: execution time and proof size. FRAME weights cover both concepts, and block-builders use them to decide how many extrinsics to include in a block. However, these weights are calculated ahead of time by benchmarking on a machine with reference hardware. The execution-time properties of the state-trie and its storage items are unknown at benchmarking time. Therefore, we make some assumptions about the state-trie:

    • Trie Depth: We assume a trie depth to account for intermediary nodes.
      • @@ -4282,12 +4150,12 @@ is the correct way of introducing this change.

      These pessimistic assumptions lead to an overestimation of storage weight, negatively impacting block utilization on parachains.

      In addition, the current model does not account for multiple accesses to the same storage items. While these repetitive accesses will not increase storage-proof size, the runtime-side weight monitoring will account for them multiple times. Since the proof size is completely opaque to the runtime, we can not implement retroactive storage weight correction.

      A solution must provide a way for the runtime to track the exact storage-proof size consumed on a per-extrinsic basis.

      -

      Stakeholders

      +

      Stakeholders

      • Parachain Teams: They MUST include this host function in their runtime and node.
      • Light-client Implementors: They SHOULD include this host function in their runtime and node.
      -

      Explanation

      +

      Explanation

      This RFC proposes a new host function that exposes the storage-proof size to the runtime. As a result, runtimes can implement storage weight reclaiming mechanisms that improve block utilization.

      This RFC proposes the following host function signature:

      #![allow(unused)]
@@ -4295,14 +4163,14 @@ is the correct way of introducing this change.
      
       fn ext_storage_proof_size_version_1() -> u64;
 }

      The host function MUST return an unsigned 64-bit integer value representing the current proof size. In block-execution and block-import contexts, this function MUST return the current size of the proof. To achieve this, parachain node implementors need to enable proof recording for block imports. In other contexts, this function MUST return 18446744073709551615 (u64::MAX), which represents disabled proof recording.

      -

      Performance, Ergonomics, and Compatibility

      -

      Performance

      +

      Performance, Ergonomics, and Compatibility

      +

      Performance

      Parachain nodes need to enable proof recording during block import to correctly implement the proposed host function. Benchmarking conducted with balance transfers has shown a performance reduction of around 0.6% when proof recording is enabled.

      -

      Ergonomics

      +

      Ergonomics

      The host function proposed in this RFC allows parachain runtime developers to keep track of the proof size. Typical usage patterns would be to keep track of the overall proof size or the difference between subsequent calls to the host function.

      -

      Compatibility

      +

      Compatibility

      Parachain teams will need to include this host function to upgrade.

      -

      Prior Art and References

      +

      Prior Art and References

      • Pull Request including proposed host function: PoV Reclaim (Clawback) Node Side.
      • Issue with discussion: [FRAME core] Clawback PoV Weights For Dispatchables
        • @@ -4356,12 +4224,12 @@ is the correct way of introducing this change.

        AuthorsAurora Poppyseed, Just_Luuuu, Viki Val, Joe Petrowski -

        Summary

        +

        Summary

        This RFC proposes changing the current deposit requirements on the Polkadot and Kusama Asset Hub for creating an NFT collection, minting an individual NFT, and lowering its corresponding metadata and attribute deposits. The objective is to lower the barrier to entry for NFT creators, fostering a more inclusive and vibrant ecosystem while maintaining network integrity and preventing spam.

        -

        Motivation

        +

        Motivation

        The current deposit of 10 DOT for collection creation (along with 0.01 DOT for item deposit and 0.2 DOT for metadata and attribute deposits) on the Polkadot Asset Hub and 0.1 KSM on Kusama Asset Hub presents a significant financial barrier for many NFT creators. By lowering the deposit @@ -4378,7 +4246,7 @@ low.

        • Deposits SHOULD be derived from deposit function, adjusted by correspoding pricing mechansim.
        -

        Stakeholders

        +

        Stakeholders

        • NFT Creators: Primary beneficiaries of the proposed change, particularly those who found the current deposit requirements prohibitive.
          • @@ -4392,7 +4260,7 @@ collections, enhancing the overall ecosystem.

          Previous discussions have been held within the Polkadot Forum, with artists expressing their concerns about the deposit amounts.

          -

          Explanation

          +

          Explanation

          This RFC proposes a revision of the deposit constants in the configuration of the NFTs pallet on the Polkadot Asset Hub. The new deposit amounts would be determined by a standard deposit formula.

          As of v1.1.1, the Collection Deposit is 10 DOT and the Item Deposit is 0.01 DOT (see @@ -4463,7 +4331,7 @@ application to avoid sudden rate changes, as in:

          where the constant a moves the inflection to lower or higher x values, the constant b adjusts the rate of the deposit increase, and the independent variable x is the number of collections or items, depending on application.

          -

          Drawbacks

          +

          Drawbacks

          Modifying deposit requirements necessitates a balanced assessment of the potential drawbacks. Highlighted below are cogent points extracted from the discourse on the Polkadot Forum conversation, @@ -4492,22 +4360,22 @@ stakeholders wouldn't be much affected. As of date 9th January 2024 there are 42 Polkadot Asset Hub and 191 on Kusama Asset Hub with a relatively low volume.

          -

          Testing, Security, and Privacy

          +

          Testing, Security, and Privacy

          Security concerns

          As noted above, state bloat is a security concern. In the case of abuse, governance could adapt by increasing deposit rates and/or using forceDestroy on collections agreed to be spam.

          -

          Performance, Ergonomics, and Compatibility

          -

          Performance

          +

          Performance, Ergonomics, and Compatibility

          +

          Performance

          The primary performance consideration stems from the potential for state bloat due to increased activity from lower deposit requirements. It's vital to monitor and manage this to avoid any negative impact on the chain's performance. Strategies for mitigating state bloat, including efficient data management and periodic reviews of storage requirements, will be essential.

          -

          Ergonomics

          +

          Ergonomics

          The proposed change aims to enhance the user experience for artists, traders, and utilizers of Kusama and Polkadot Asset Hubs, making Polkadot and Kusama more accessible and user-friendly.

          -

          Compatibility

          +

          Compatibility

          The change does not impact compatibility as a redeposit function is already implemented.

          -

          Unresolved Questions

          +

          Unresolved Questions

          If this RFC is accepted, there should not be any unresolved questions regarding how to adapt the implementation of deposits for NFT collections.

          Addendum

          @@ -4595,11 +4463,11 @@ Polkadot and Kusama networks.

          AuthorsAlin Dima -

          Summary

          +

          Summary

          Propose a way of permuting the availability chunk indices assigned to validators, in the context of recovering available data from systematic chunks, with the purpose of fairly distributing network bandwidth usage.

          -

          Motivation

          +

          Motivation

          Currently, the ValidatorIndex is always identical to the ChunkIndex. Since the validator array is only shuffled once per session, naively using the ValidatorIndex as the ChunkIndex would pose an unreasonable stress on the first N/3 validators during an entire session, when favouring availability recovery from systematic chunks.

          @@ -4607,9 +4475,9 @@ validators during an entire session, when favouring availability recovery from s systematic availability chunks to different validators, based on the relay chain block and core. The main purpose is to ensure fair distribution of network bandwidth usage for availability recovery in general and in particular for systematic chunk holders.

          -

          Stakeholders

          +

          Stakeholders

          Relay chain node core developers.

          -

          Explanation

          +

          Explanation

          Systematic erasure codes

          An erasure coding algorithm is considered systematic if it preserves the original unencoded data as part of the resulting code. @@ -4763,7 +4631,7 @@ struct (added in https://github.com/paritytech/polkadot-sdk/pull/2177Configuration::set_node_feature extrinsic. Once the feature is enabled and new configuration is live, the validator->chunk mapping ceases to be a 1:1 mapping and systematic recovery may begin.

          -

          Drawbacks

          +

          Drawbacks

          • Getting access to the core_index that used to be occupied by a candidate in some parts of the dispute protocol is very complicated (See appendix A). This RFC assumes that availability-recovery processes initiated during @@ -4773,28 +4641,28 @@ mitigate this problem and will likely be needed in the future for CoreJam and/or Related discussion about updating CandidateReceipt
          • It's a breaking change that requires all validators and collators to upgrade their node version at least once.
          -

          Testing, Security, and Privacy

          +

          Testing, Security, and Privacy

          Extensive testing will be conducted - both automated and manual. This proposal doesn't affect security or privacy.

          -

          Performance, Ergonomics, and Compatibility

          -

          Performance

          +

          Performance, Ergonomics, and Compatibility

          +

          Performance

          This is a necessary data availability optimisation, as reed-solomon erasure coding has proven to be a top consumer of CPU time in polkadot as we scale up the parachain block size and number of availability cores.

          With this optimisation, preliminary performance results show that CPU time used for reed-solomon coding/decoding can be halved and total POV recovery time decrease by 80% for large POVs. See more here.

          -

          Ergonomics

          +

          Ergonomics

          Not applicable.

          -

          Compatibility

          +

          Compatibility

          This is a breaking change. See upgrade path section above. All validators and collators need to have upgraded their node versions before the feature will be enabled via a governance call.

          -

          Prior Art and References

          +

          Prior Art and References

          See comments on the tracking issue and the in-progress PR

          -

          Unresolved Questions

          +

          Unresolved Questions

          Not applicable.

          - +

          This enables future optimisations for the performance of availability recovery, such as retrieving batched systematic chunks from backers/approval-checkers.

          Appendix A

          @@ -4869,7 +4737,7 @@ dispute scenarios.

          AuthorsBastian Köcher -

          Summary

          +

          Summary

          This RFC proposes to changes the SessionKeys::generate_session_keys runtime api interface. This runtime api is used by validator operators to generate new session keys on a node. The public session keys are then registered manually on chain by the validator operator. Before this RFC it was not possible by the on chain logic to ensure that the account setting the public session keys is also in @@ -4877,7 +4745,7 @@ possession of the private session keys. To solve this the RFC proposes to pass t registration on chain to generate_session_keys. Further this RFC proposes to change the return value of the generate_session_keys function also to not only return the public session keys, but also the proof of ownership for the private session keys. The validator operator will then need to send the public session keys and the proof together when registering new session keys on chain.

          -

          Motivation

          +

          Motivation

          When submitting the new public session keys to the on chain logic there doesn't exist any verification of possession of the private session keys. This means that users can basically register any kind of public session keys on chain. While the on chain logic ensures that there are no duplicate keys, someone could try to prevent others from registering new session keys by setting them first. While this wouldn't bring @@ -4885,13 +4753,13 @@ the "attacker" any kind of advantage, more like disadvantages (potenti e.g. changing its session key in the event of a private session key leak.

          After this RFC this kind of attack would not be possible anymore, because the on chain logic can verify that the sending account is in ownership of the private session keys.

          -

          Stakeholders

          +

          Stakeholders

          • Polkadot runtime implementors
          • Polkadot node implementors
          • Validator operators
          -

          Explanation

          +

          Explanation

          We are first going to explain the proof format being used:

          #![allow(unused)]
 fn main() {
@@ -4925,31 +4793,31 @@ actual exported function signature looks like:
          
 already gets the proof passed as Vec<u8>. This proof needs to be decoded to
 the actual Proof type as explained above. The proof and the SCALE encoded
 account_id of the sender are used to verify the ownership of the SessionKeys.
          
-
          Drawbacks
          
+
          Drawbacks
          
 
          Validator operators need to pass the their account id when rotating their session keys in a node. 
 This will require updating some high level docs and making users familiar with the slightly changed ergonomics.
          
-
          Testing, Security, and Privacy
          
+
          Testing, Security, and Privacy
          
 
          Testing of the new changes only requires passing an appropriate owner for the current testing context. 
 The changes to the proof generation and verification got audited to ensure they are correct.
          
-
          Performance, Ergonomics, and Compatibility
          
-
          Performance
          
+
          Performance, Ergonomics, and Compatibility
          
+
          Performance
          
 
          The session key generation is an offchain process and thus, doesn't influence the performance of the 
 chain. Verifying the proof is done on chain as part of the transaction logic for setting the session keys. 
 The verification of the proof is a signature verification number of individual session keys times. As setting
 the session keys is happening quite rarely, it should not influence the overall system performance.
          
-
          Ergonomics
          
+
          Ergonomics
          
 
          The interfaces have been optimized to make it as easy as possible to generate the ownership proof.
          
-
          Compatibility
          
+
          Compatibility
          
 
          Introduces a new version of the SessionKeys runtime api. Thus, nodes should be updated before 
 a runtime is enacted that contains these changes otherwise they will fail to generate session keys. 
 The RPC that exists around this runtime api needs to be updated to support passing the account id 
 and for returning the ownership proof alongside the public session keys.
          
 
          UIs would need to be updated to support the new RPC and the changed on chain logic.
          
-
          Prior Art and References
          
+
          Prior Art and References
          
 
          None.
          
-
          Unresolved Questions
          
+
          Unresolved Questions
          
 
          None.
          
-
+
 
          Substrate implementation of the RFC.
          
 
          (source)
          
 
          Table of Contents
          
@@ -4987,10 +4855,10 @@ and for returning the ownership proof alongside the public session keys.
          
 AuthorsJoe Petrowski, Gavin Wood
 
 
-
          Summary
          
+
          Summary
          
 
          The Fellowship Manifesto states that members should receive a monthly allowance on par with gross
 income in OECD countries. This RFC proposes concrete amounts.
          
-
          Motivation
          
+
          Motivation
          
 
          One motivation for the Technical Fellowship is to provide an incentive mechanism that can induct and
 retain technical talent for the continued progress of the network.
          
 
          In order for members to uphold their commitment to the network, they should receive support to
@@ -5000,12 +4868,12 @@ on par with a full-time job. Providing a livable wage to those making such contr
 pragmatic to work full-time on Polkadot.
          
 
          Note: Goals of the Fellowship, expectations for each Dan, and conditions for promotion and demotion
 are all explained in the Manifesto. This RFC is only to propose concrete values for allowances.
          
-
          Stakeholders
          
+
          Stakeholders
          
 
            
 
          • Fellowship members
            • 
 
          • Polkadot Treasury
            • 
 
          
-
          Explanation
          
+
          Explanation
          
 
          This RFC proposes agreeing on salaries relative to a single level, the III Dan. As such, changes to
 the amount or asset used would only be on a single value, and all others would adjust relatively. A
 III Dan is someone whose contributions match the expectations of a full-time individual contributor.
@@ -5065,19 +4933,19 @@ other hand, more people will likely join the Fellowship in the coming years.
          
 
          Updates
          
 
          Updates to these levels, whether relative ratios, the asset used, or the amount, shall be done via
 RFC.
          
-
          Drawbacks
          
+
          Drawbacks
          
 
          By not using DOT for payment, the protocol relies on the stability of other assets and the ability
 to acquire them. However, the asset of choice can be changed in the future.
          
-
          Testing, Security, and Privacy
          
+
          Testing, Security, and Privacy
          
 
          N/A.
          
-
          Performance, Ergonomics, and Compatibility
          
-
          Performance
          
+
          Performance, Ergonomics, and Compatibility
          
+
          Performance
          
 
          N/A
          
-
          Ergonomics
          
+
          Ergonomics
          
 
          N/A
          
-
          Compatibility
          
+
          Compatibility
          
 
          N/A
          
-
          Prior Art and References
          
+
          Prior Art and References
          
 
-
          Unresolved Questions
          
+
          Unresolved Questions
          
 
          None at present.
          
 
          (source)
          
 
          Table of Contents
          
@@ -5118,11 +4986,11 @@ States
 AuthorsPierre Krieger
 
 
-
          Summary
          
+
          Summary
          
 
          When two peers connect to each other, they open (amongst other things) a so-called "notifications protocol" substream dedicated to gossiping transactions to each other.
          
 
          Each notification on this substream currently consists in a SCALE-encoded Vec<Transaction> where Transaction is defined in the runtime.
          
 
          This RFC proposes to modify the format of the notification to become (Compact(1), Transaction). This maintains backwards compatibility, as this new format decodes as a Vec of length equal to 1.
          
-
          Motivation
          
+
          Motivation
          
 
          There exists three motivations behind this change:
          
 
            
 
          • 
@@ -5135,9 +5003,9 @@ States
            • 
 
            It makes the implementation way more straight-forward by not having to repeat code related to back-pressure. See explanations below.
            
 
 
          
-
          Stakeholders
          
+
          Stakeholders
          
 
          Low-level developers.
          
-
          Explanation
          
+
          Explanation
          
 
          To give an example, if you send one notification with three transactions, the bytes that are sent on the wire are:
          
 
          concat(
     leb128(total-size-in-bytes-of-the-rest),
@@ -5157,23 +5025,23 @@ A SCALE-compact encoded 1 is one byte of value 4. In o
 This is equivalent to forcing the Vec<Transaction> to always have a length of 1, and I expect the Substrate implementation to simply modify the sending side to add a for loop that sends one notification per item in the Vec.
          
 
          As explained in the motivation section, this allows extracting scale(transaction) items without having to know how to decode them.
          
 
          By "flattening" the two-steps hierarchy, an implementation only needs to back-pressure individual notifications rather than back-pressure notifications and transactions within notifications.
          
-
          Drawbacks
          
+
          Drawbacks
          
 
          This RFC chooses to maintain backwards compatibility at the cost of introducing a very small wart (the Compact(1)).
          
 
          An alternative could be to introduce a new version of the transactions notifications protocol that sends one Transaction per notification, but this is significantly more complicated to implement and can always be done later in case the Compact(1) is bothersome.
          
-
          Testing, Security, and Privacy
          
+
          Testing, Security, and Privacy
          
 
          Irrelevant.
          
-
          Performance, Ergonomics, and Compatibility
          
-
          Performance
          
+
          Performance, Ergonomics, and Compatibility
          
+
          Performance
          
 
          Irrelevant.
          
-
          Ergonomics
          
+
          Ergonomics
          
 
          Irrelevant.
          
-
          Compatibility
          
+
          Compatibility
          
 
          The change is backwards compatible if done in two steps: modify the sender to always send one transaction per notification, then, after a while, modify the receiver to enforce the new format.
          
-
          Prior Art and References
          
+
          Prior Art and References
          
 
          Irrelevant.
          
-
          Unresolved Questions
          
+
          Unresolved Questions
          
 
          None.
          
-
+
 
          None. This is a simple isolated change.
          
 
          (source)
          
 
          Table of Contents
          
@@ -5213,20 +5081,20 @@ This is equivalent to forcing the Vec<Transaction> to always
 AuthorsPierre Krieger
 
 
-
          Summary
          
+
          Summary
          
 
          This RFC proposes to make the mechanism of RFC #8 more generic by introducing the concept of "capabilities".
          
 
          Implementations can implement certain "capabilities", such as serving old block headers or being a parachain bootnode.
          
 
          The discovery mechanism of RFC #8 is extended to be able to discover nodes of specific capabilities.
          
-
          Motivation
          
+
          Motivation
          
 
          The Polkadot peer-to-peer network is made of nodes. Not all these nodes are equal. Some nodes store only the headers of recent blocks, some nodes store all the block headers and bodies since the genesis, some nodes store the storage of all blocks since the genesis, and so on.
          
 
          It is currently not possible to know ahead of time (without connecting to it and asking) which nodes have which data available, and it is not easily possible to build a list of nodes that have a specific piece of data available.
          
 
          If you want to download for example the header of block 500, you have to connect to a randomly-chosen node, ask it for block 500, and if it says that it doesn't have the block, disconnect and try another randomly-chosen node.
 In certain situations such as downloading the storage of old blocks, nodes that have the information are relatively rare, and finding through trial and error a node that has the data can take a long time.
          
 
          This RFC attempts to solve this problem by giving the possibility to build a list of nodes that are capable of serving specific data.
          
-
          Stakeholders
          
+
          Stakeholders
          
 
          Low-level client developers.
 People interested in accessing the archive of the chain.
          
-
          Explanation
          
+
          Explanation
          
 
          Reading RFC #8 first might help with comprehension, as this RFC is very similar.
          
 
          Please keep in mind while reading that everything below applies for both relay chains and parachains, except mentioned otherwise.
          
 
          Capabilities
          
@@ -5262,30 +5130,30 @@ If blocks pruning is enabled and the chain is a relay chain, then Substrate unfo
 
          Implementations that have the head of the chain provider capability do not register themselves as providers, but instead are the nodes that participate in the main DHT. In other words, they are the nodes that serve requests of the /<genesis_hash>/kad protocol.
          
 
          Any implementation that isn't a head of the chain provider (read: light clients) must not participate in the main DHT. This is already presently the case.
          
 
          Implementations must not participate in the main DHT if they don't fulfill the capability yet. For example, a node that is still in the process of warp syncing must not participate in the main DHT. However, assuming that warp syncing doesn't last more than a few seconds, it is acceptable to ignore this requirement in order to avoid complicating implementations too much.
          
-
          Drawbacks
          
+
          Drawbacks
          
 
          None that I can see.
          
-
          Testing, Security, and Privacy
          
+
          Testing, Security, and Privacy
          
 
          The content of this section is basically the same as the one in RFC 8.
          
 
          This mechanism doesn't add or remove any security by itself, as it relies on existing mechanisms.
          
 
          Due to the way Kademlia works, it would become the responsibility of the 20 Polkadot nodes whose sha256(peer_id) is closest to the key (described in the explanations section) to store the list of nodes that have specific capabilities.
 Furthermore, when a large number of providers are registered, only the providers closest to the key are kept, up to a certain implementation-defined limit.
          
 
          For this reason, an attacker can abuse this mechanism by randomly generating libp2p PeerIds until they find the 20 entries closest to the key representing the target capability. They are then in control of the list of nodes with that capability. While doing this can in no way be actually harmful, it could lead to eclipse attacks.
          
 
          Because the key changes periodically and isn't predictable, and assuming that the Polkadot DHT is sufficiently large, it is not realistic for an attack like this to be maintained in the long term.
          
-
          Performance, Ergonomics, and Compatibility
          
-
          Performance
          
+
          Performance, Ergonomics, and Compatibility
          
+
          Performance
          
 
          The DHT mechanism generally has a low overhead, especially given that publishing providers is done only every 24 hours.
          
 
          Doing a Kademlia iterative query then sending a provider record shouldn't take more than around 50 kiB in total of bandwidth for the parachain bootnode.
          
 
          Assuming 1000 nodes with a specific capability, the 20 Polkadot full nodes corresponding to that capability will each receive a sudden spike of a few megabytes of networking traffic when the key rotates. Again, this is relatively negligible. If this becomes a problem, one can add a random delay before a node registers itself to be the provider of the key corresponding to BabeApi_next_epoch.
          
 
          Maybe the biggest uncertainty is the traffic that the 20 Polkadot full nodes will receive from light clients that desire knowing the nodes with a capability. If this every becomes a problem, this value of 20 is an arbitrary constant that can be increased for more redundancy.
          
-
          Ergonomics
          
+
          Ergonomics
          
 
          Irrelevant.
          
-
          Compatibility
          
+
          Compatibility
          
 
          Irrelevant.
          
-
          Prior Art and References
          
+
          Prior Art and References
          
 
          Unknown.
          
-
          Unresolved Questions
          
+
          Unresolved Questions
          
 
          While it fundamentally doesn't change much to this RFC, using BabeApi_currentEpoch and BabeApi_nextEpoch might be inappropriate. I'm not familiar enough with good practices within the runtime to have an opinion here. Should it be an entirely new pallet?
          
-
+
 
          This RFC would make it possible to reliably discover archive nodes, which would make it possible to reliably send archive node requests, something that isn't currently possible. This could solve the problem of finding archive RPC node providers by migrating archive-related request to using the native peer-to-peer protocol rather than JSON-RPC.
          
 
          If we ever decide to break backwards compatibility, we could divide the "history" and "archive" capabilities in two, between nodes capable of serving older blocks and nodes capable of serving newer blocks.
 We could even add to the peer-to-peer network nodes that are only capable of serving older blocks (by reading from a database) but do not participate in the head of the chain, and that just exist for historical purposes.
          
@@ -5334,12 +5202,12 @@ We could even add to the peer-to-peer network nodes that are only capable of ser
 AuthorsZondax AG, Parity Technologies
 
 
-
          Summary
          
+
          Summary
          
 
          To interact with chains in the Polkadot ecosystem it is required to know how transactions are encoded and how to read state. For doing this, Polkadot-SDK, the framework used by most of the chains in the Polkadot ecosystem, exposes metadata about the runtime to the outside. UIs, wallets, and others can use this metadata to interact with these chains. This makes the metadata a crucial piece of the transaction encoding as users are relying on the interacting software to encode the transactions in the correct format.
          
 
          It gets even more important when the user signs the transaction in an offline wallet, as the device by its nature cannot get access to the metadata without relying on the online wallet to provide it. This makes it so that the offline wallet needs to trust an online party, deeming the security assumptions of the offline devices, mute. 
          
 
          This RFC proposes a way for offline wallets to leverage metadata, within the constraints of these. The design idea is that the metadata is chunked and these chunks are put into a merkle tree. The root hash of this merkle tree represents the metadata. The offline wallets can use the root hash to decode transactions by getting proofs for the individual chunks of the metadata. This root hash is also included in the signed data of the transaction (but not sent as part of the transaction). The runtime is then including its known metadata root hash when verifying the transaction. If the metadata root hash known by the runtime differs from the one that the offline wallet used, it very likely means that the online wallet provided some fake data and the verification of the transaction fails.
          
 
          Users depend on offline wallets to correctly display decoded transactions before signing. With merkleized metadata, they can be assured of the transaction's legitimacy, as incorrect transactions will be rejected by the runtime.
          
-
          Motivation
          
+
          Motivation
          
 
          Polkadot's innovative design (both relay chain and parachains) present the ability to developers to upgrade their network as frequently as they need. These systems manage to have integrations working after the upgrades with the help of FRAME Metadata. This Metadata, which is in the order of half a MiB for most Polkadot-SDK chains, completely describes chain interfaces and properties. Securing this metadata is key for users to be able to interact with the Polkadot-SDK chain in the expected way.
          
 
          On the other hand, offline wallets provide a secure way for Blockchain users to hold their own keys (some do a better job than others). These devices seldomly get upgraded, usually account for one particular network and hold very small internal memories. Currently in the Polkadot ecosystem there is no secure way of having these offline devices know the latest Metadata of the Polkadot-SDK chain they are interacting with. This results in a plethora of similar yet slightly different offline wallets for all different Polkadot-SDK chains, as well as the impediment of keeping these regularly updated, thus not fully leveraging Polkadot-SDK’s unique forkless upgrade feature.
          
 
          The two main reasons why this is not possible today are:
          
@@ -5366,14 +5234,14 @@ We could even add to the peer-to-peer network nodes that are only capable of ser
 
        • Chunks handling mechanism SHOULD support chunks being sent in any order without memory utilization overhead;
          • 
 
        • Unused enum variants MUST be stripped (this has great impact on transmitted metadata size; examples: era enum, enum with all calls for call batching).
          • 
 
-
          Stakeholders
          
+
          Stakeholders
          
 
            
 
          • Runtime implementors
            • 
 
          • UI/wallet implementors
            • 
 
          • Offline wallet implementors
            • 
 
          
 
          The idea for this RFC was brought up by runtime implementors and was extensively discussed with offline wallet implementors. It was designed in such a way that it can work easily with the existing offline wallet solutions in the Polkadot ecosystem.
          
-
          Explanation
          
+
          Explanation
          
 
          The FRAME metadata provides a wide range of information about a FRAME based runtime. It contains information about the pallets, the calls per pallet, the storage entries per pallet, runtime APIs, and type information about most of the types that are used in the runtime. For decoding extrinsics on an offline wallet, what is mainly required is type information. Most of the other information in the FRAME metadata is actually not required for decoding extrinsics and thus it can be removed. Therefore, the following is a proposal on a custom representation of the metadata and how this custom metadata is chunked, ensuring that only the needed chunks required for decoding a particular extrinsic are sent to the offline wallet. The necessary information to transform the FRAME metadata type information into the type information presented in this RFC will be provided. However, not every single detail on how to convert from FRAME metadata into the RFC type information is described.
          
 
          First, the MetadataDigest is introduced. After that, ExtrinsicMetadata is covered and finally the actual format of the type information. Then pruning of unrelated type information is covered and how to generate the TypeRefs. In the latest step, merkle tree calculation is explained.
          
 
          Metadata digest
          
@@ -5644,23 +5512,23 @@ nodes: [[[2, 3], [4, 5]], [0, 1]]
 
        • Included in the extrinsic is u8, the "mode". The mode is either 0 which means to not include the metadata hash in the signed data or the mode is 1 to include the metadata hash in V1.
          • 
 
        • Included in the signed data is an Option<[u8; 32]>. Depending on the mode the value is either None or Some(metadata_hash).
          •
        -

        Drawbacks

        +

        Drawbacks

        The chunking may not be the optimal case for every kind of offline wallet.

        -

        Testing, Security, and Privacy

        +

        Testing, Security, and Privacy

        All implementations are required to strictly follow the RFC to generate the metadata hash. This includes which hash function to use and how to construct the metadata types tree. So, all implementations are following the same security criteria. As the chains will calculate the metadata hash at compile time, the build process needs to be trusted. However, this is already a solved problem in the Polkadot ecosystem by using reproducible builds. So, anyone can rebuild a chain runtime to ensure that a proposal is actually containing the changes as advertised.

        Implementations can also be tested easily against each other by taking some metadata and ensuring that they all come to the same metadata hash.

        Privacy of users should also not be impacted. This assumes that wallets will generate the metadata hash locally and don't leak any information to third party services about which chunks a user will send to their offline wallet. Besides that, there is no leak of private information as getting the raw metadata from the chain is an operation that is done by almost everyone.

        -

        Performance, Ergonomics, and Compatibility

        -

        Performance

        +

        Performance, Ergonomics, and Compatibility

        +

        Performance

        There should be no measurable impact on performance to Polkadot or any other chain using this feature. The metadata root hash is calculated at compile time and at runtime it is optionally used when checking the signature of a transaction. This means that at runtime no performance heavy operations are done.

        Ergonomics & Compatibility

        The proposal alters the way a transaction is built, signed, and verified. So, this imposes some required changes to any kind of developer who wants to construct transactions for Polkadot or any chain using this feature. As the developer can pass 0 for disabling the verification of the metadata root hash, it can be easily ignored.

        -

        Prior Art and References

        +

        Prior Art and References

        RFC 46 produced by the Alzymologist team is a previous work reference that goes in this direction as well.

        On other ecosystems, there are other solutions to the problem of trusted signing. Cosmos for example has a standardized way of transforming a transaction into some textual representation and this textual representation is included in the signed data. Basically achieving the same as what the RFC proposes, but it requires that for every transaction applied in a block, every node in the network always has to generate this textual representation to ensure the transaction signature is valid.

        -

        Unresolved Questions

        +

        Unresolved Questions

        None.

        - +
        • Does it work with all kind of offline wallets?
        • Generic types currently appear multiple times in the metadata with each instantiation. It could be may be useful to have generic type only once in the metadata and declare the generic parameters at their instantiation.
          • @@ -5698,20 +5566,20 @@ nodes: [[[2, 3], [4, 5]], [0, 1]] AuthorsGeorge Pisaltu -

          Summary

          +

          Summary

          This RFC proposes a change to the extrinsic format to incorporate a new transaction type, the "general" transaction.

          -

          Motivation

          +

          Motivation

          "General" transactions, a new type of transaction that this RFC aims to support, are transactions which obey the runtime's extensions and have according extension data yet do not have hard-coded signatures. They are first described in Extrinsic Horizon and supported in 3685. They enable users to authorize origins in new, more flexible ways (e.g. ZK proofs, mutations over pre-authenticated origins). As of now, all transactions are limited to the account signing model for origin authorization and any additional origin changes happen in extrinsic logic, which cannot leverage the validation process of extensions.

          An example of a use case for such an extension would be sponsoring the transaction fee for some other user. A new extension would be put in place to verify that a part of the initial payload was signed by the author under who the extrinsic should run and change the origin, but the payment for the whole transaction should be handled under a sponsor's account. A POC for this can be found in 3712.

          The new "general" transaction type would coexist with both current transaction types for a while and, therefore, the current number of supported transaction types, capped at 2, is insufficient. A new extrinsic type must be introduced alongside the current signed and unsigned types. Currently, an encoded extrinsic's first byte indicate the type of extrinsic using the most significant bit - 0 for unsigned, 1 for signed - and the 7 following bits indicate the extrinsic format version, which has been equal to 4 for a long time.

          By taking one bit from the extrinsic format version encoding, we can support 2 additional extrinsic types while also having a minimal impact on our capability to extend and change the extrinsic format in the future.

          -

          Stakeholders

          +

          Stakeholders

          • Runtime users
          • Runtime devs
          • Wallet devs
          -

          Explanation

          +

          Explanation

          An extrinsic is currently encoded as one byte to identify the extrinsic type and version. This RFC aims to change the interpretation of this byte regarding the reserved bits for the extrinsic type and version. In the following explanation, bits represented using T make up the extrinsic type and bits represented using V make up the extrinsic version.

          Currently, the bit allocation within the leading encoded byte is 0bTVVV_VVVV. In practice in the Polkadot ecosystem, the leading byte would be 0bT000_0100 as the version has been equal to 4 for a long time.

          This RFC proposes for the bit allocation to change to 0bTTVV_VVVV. As a result, the extrinsic format version will be bumped to 5 and the extrinsic type bit representation would change as follows:

          @@ -5722,23 +5590,23 @@ nodes: [[[2, 3], [4, 5]], [0, 1]] 11reserved -

          Drawbacks

          +

          Drawbacks

          This change would reduce the maximum possible transaction version from the current 127 to 63. In order to bypass the new, lower limit, the extrinsic format would have to change again.

          -

          Testing, Security, and Privacy

          +

          Testing, Security, and Privacy

          There is no impact on testing, security or privacy.

          -

          Performance, Ergonomics, and Compatibility

          +

          Performance, Ergonomics, and Compatibility

          This change would allow Polkadot to support new types of transactions, with the specific "general" transaction type in mind at the time of writing this proposal.

          -

          Performance

          +

          Performance

          There is no performance impact.

          -

          Ergonomics

          +

          Ergonomics

          The impact to developers and end-users is minimal as it would just be a bitmask update on their part for parsing the extrinsic type along with the version.

          -

          Compatibility

          +

          Compatibility

          This change breaks backwards compatiblity because any transaction that is neither signed nor unsigned, but a new transaction type, would be interpreted as having a future extrinsic format version.

          -

          Prior Art and References

          +

          Prior Art and References

          The original design was originally proposed in the TransactionExtension PR, which is also the motivation behind this effort.

          -

          Unresolved Questions

          +

          Unresolved Questions

          None.

          - +

          Following this change, the "general" transaction type will be introduced as part of the Extrinsic Horizon effort, which will shape future work.

          (source)

          Table of Contents

          @@ -5771,16 +5639,16 @@ nodes: [[[2, 3], [4, 5]], [0, 1]] AuthorsAlex Gheorghe (alexggh) -

          Summary

          +

          Summary

          Extend the DHT authority discovery records with a signed creation time, so that nodes can determine which record is newer and always decide to prefer the newer records to the old ones.

          -

          Motivation

          +

          Motivation

          Currently, we use the Kademlia DHT for storing records regarding the p2p address of an authority discovery key, the problem is that if the nodes decide to change its PeerId/Network key it will publish a new record, however because of the distributed and replicated nature of the DHT there is no way to tell which record is newer so both old PeerId and the new PeerId will live in the network until the old one expires(36h), that creates all sort of problem and leads to the node changing its address not being properly connected for up to 36h.

          After this RFC, nodes are extended to decide to keep the new record and propagate the new record to nodes that have the old record stored, so in the end all the nodes will converge faster to the new record(in the order of minutes, not 36h)

          Implementation of the rfc: https://github.com/paritytech/polkadot-sdk/pull/3786.

          Current issue without this enhacement: https://github.com/paritytech/polkadot-sdk/issues/3673

          -

          Stakeholders

          +

          Stakeholders

          Polkadot node developers.

          -

          Explanation

          +

          Explanation

          This RFC heavily relies on the functionalities of the Kademlia DHT already in use by Polkadot. You can find a link to the specification here.

          In a nutshell, on a specific node the current authority-discovery protocol publishes Kademila DHT records at startup and periodically. The records contain the full address of the node for each authorithy key it owns. The node tries also to find the full address of all authorities in the network by querying the DHT and picking up the first record it finds for each of the authority id it found on chain.

          @@ -5813,24 +5681,24 @@ You can find a link to the specification Drawbacks +

          Drawbacks

          In theory the new protocol creates a bit more traffic on the DHT network, because it waits for DHT records to be received from more than one node, while in the current implementation we just take the first record that we receive and cancel all in-flight requests to other peers. However, because the redundancy factor will be relatively small and this operation happens rarerly, every 10min, this cost is negligible.

          -

          Testing, Security, and Privacy

          +

          Testing, Security, and Privacy

          This RFC's implementation https://github.com/paritytech/polkadot-sdk/pull/3786 had been tested on various local test networks and versi.

          With regard to security the creation time is wrapped inside SignedAuthorityRecord wo it will be signed with the authority id key, so there is no way for other malicious nodes to manipulate this field without the received node observing.

          -

          Performance, Ergonomics, and Compatibility

          +

          Performance, Ergonomics, and Compatibility

          Irrelevant.

          -

          Performance

          +

          Performance

          Irrelevant.

          -

          Ergonomics

          +

          Ergonomics

          Irrelevant.

          -

          Compatibility

          +

          Compatibility

          The changes are backwards compatible with the existing protocol, so nodes with both the old protocol and newer protocol can exist in the network, this is achieved by the fact that we use protobuf for serializing and deserializing the records, so new fields will be ignore when deserializing with the older protocol and vice-versa when deserializing an old record with the new protocol the new field will be None and the new code accepts this record as being valid.

          -

          Prior Art and References

          +

          Prior Art and References

          The enhancements have been inspired by the algorithm specified in here

          -

          Unresolved Questions

          +

          Unresolved Questions

          N/A

          - +

          N/A

          (source)

          Table of Contents

          @@ -5876,23 +5744,23 @@ in order to speed up the time until all nodes have the newest record, nodes can AuthorsJonas Gehrlein & Alistair Stewart -

          Summary

          +

          Summary

          This RFC proposes a flexible unbonding mechanism for tokens that are locked from staking on the Relay Chain (DOT/KSM), aiming to enhance user convenience without compromising system security.

          Locking tokens for staking ensures that Polkadot is able to slash tokens backing misbehaving validators. With changing the locking period, we still need to make sure that Polkadot can slash enough tokens to deter misbehaviour. This means that not all tokens can be unbonded immediately, however we can still allow some tokens to be unbonded quickly.

          The new mechanism leads to a signficantly reduced unbonding time on average, by queuing up new unbonding requests and scaling their unbonding duration relative to the size of the queue. New requests are executed with a minimum of 2 days, when the queue is comparatively empty, to the conventional 28 days, if the sum of requests (in terms of stake) exceed some threshold. In scenarios between these two bounds, the unbonding duration scales proportionately. The new mechanism will never be worse than the current fixed 28 days.

          In this document we also present an empirical analysis by retrospectively fitting the proposed mechanism to the historic unbonding timeline and show that the average unbonding duration would drastically reduce, while still being sensitive to large unbonding events. Additionally, we discuss implications for UI, UX, and conviction voting.

          Note: Our proposition solely focuses on the locks imposed from staking. Other locks, such as governance, remain unchanged. Also, this mechanism should not be confused with the already existing feature of FastUnstake, which lets users unstake tokens immediately that have not received rewards for 28 days or longer.

          As an initial step to gauge its effectiveness and stability, it is recommended to implement and test this model on Kusama before considering its integration into Polkadot, with appropriate adjustments to the parameters. In the following, however, we limit our discussion to Polkadot.

          -

          Motivation

          +

          Motivation

          Polkadot has one of the longest unbonding periods among all Proof-of-Stake protocols, because security is the most important goal. Staking on Polkadot is still attractive compared to other protocols because of its above-average staking APY. However the long unbonding period harms usability and deters potential participants that want to contribute to the security of the network.

          The current length of the unbonding period imposes significant costs for any entity that even wants to perform basic tasks such as a reorganization / consolidation of their stashes, or updating their private key infrastructure. It also limits participation of users that have a large preference for liquidity.

          The combination of long unbonding periods and high returns has lead to the proliferation of liquid staking, where parachains or centralised exchanges offer users their staked tokens before the 28 days unbonding period is over either in original DOT/KSM form or derivative tokens. Liquid staking is harmless if few tokens are involved but it could result in many validators being selected by a few entities if a large fraction of DOTs were involved. This may lead to centralization (see here for more discussion on threats of liquid staking) and an opportunity for attacks.

          The new mechanism greatly increases the competitiveness of Polkadot, while maintaining sufficient security.

          -

          Stakeholders

          +

          Stakeholders

          • Every DOT/KSM token holder
          -

          Explanation

          +

          Explanation

          Before diving into the details of how to implement the unbonding queue, we give readers context about why Polkadot has a 28-day unbonding period in the first place. The reason for it is to prevent long-range attacks (LRA) that becomes theoretically possible if more than 1/3 of validators collude. In essence, a LRA describes the inability of users, who disconnect from the consensus at time t0 and reconnects later, to realize that validators which were legitimate at a certain time, say t0 but dropped out in the meantime, are not to be trusted anymore. That means, for example, a user syncing the state could be fooled by trusting validators that fell outside the active set of validators after t0, and are building a competitive and malicious chain (fork).

          LRAs of longer than 28 days are mitigated by the use of trusted checkpoints, which are assumed to be no more than 28 days old. A new node that syncs Polkadot will start at the checkpoint and look for proofs of finality of later blocks, signed by 2/3 of the validators. In an LRA fork, some of the validator sets may be different but only if 2/3 of some validator set in the last 28 days signed something incorrect.

          If we detect an LRA of no more than 28 days with the current unbonding period, then we should be able to detect misbehaviour from over 1/3 of validators whose nominators are still bonded. The stake backing these validators is considerable fraction of the total stake (empirically it is 0.287 or so). If we allowed more than this stake to unbond, without checking who it was backing, then the LRA attack might be free of cost for an attacker. The proposed mechansim allows up to half this stake to unbond within 28 days. This halves the amount of tokens that can be slashed, but this is still very high in absolute terms. For example, at the time of writing (19.06.2024) this would translate to around 120 millions DOTs.

          @@ -5950,23 +5818,23 @@ The analysis can be reproduced or changed to other parameters using Potential Extension

          In addition to a simple queue, we could add a market component that lets users always unbond from staking at the minimum possible waiting time)(== LOWER_BOUND, e.g., 2 days), by paying a variable fee. To achieve this, it is reasonable to split the total unbonding capacity into two chunks, with the first capacity for the simple queue and the remaining capacity for the fee-based unbonding. By doing so, we allow users to choose whether they want the quickest unbond and paying a dynamic fee or join the simple queue. Setting a capacity restriction for both queues enables us to guarantee a predictable unbonding time in the simple queue, while allowing users with the respective willingness to pay to get out even earlier. The fees are dynamically adjusted and are proportional to the unbonding stake (and thereby expressed in a percentage of the requested unbonding stake). In contrast to a unified queue, this prevents the issue that users paying a fee jump in front of other users not paying a fee, pushing their unbonding time back (which would be bad for UX). The revenue generated could be burned.

          This extension and further specifications are left out of this RFC, because it adds further complexity and the empirical analysis above suggests that average unbonding times will already be close the LOWER_BOUND, making a more complex design unnecessary. We advise to first implement the discussed mechanism and assess after some experience whether an extension is desirable.

          -

          Drawbacks

          +

          Drawbacks

          • Lower security for LRAs: Without a doubt, the theoretical security against LRAs decreases. But, as we argue, the attack is still costly enough to deter attacks and the attack is sufficiently theoretical. Here, the benefits outweigh the costs.
          • Griefing attacks: A large holder could pretend to unbond a large amount of their tokens to prevent other users to exit the network earlier. This would, however be costly due to the fact that the holder loses out on staking rewards. The larger the impact on the queue, the higher the costs. In any case it must be noted that the UPPER_BOUND is still 28 days, which means that nominators are never left with a longer unbonding period than currently. There is not enough gain for the attacker to endure this cost.
          • Challenge for Custodians and Liquid Staking Providers: Changing the unbonding time, especially making it flexible, requires entities that offer staking derivatives to rethink and rework their products.
          -

          Testing, Security, and Privacy

          +

          Testing, Security, and Privacy

          NA

          -

          Performance, Ergonomics, and Compatibility

          +

          Performance, Ergonomics, and Compatibility

          NA

          -

          Performance

          +

          Performance

          The authors cannot see any potential impact on performance.

          -

          Ergonomics

          +

          Ergonomics

          The authors cannot see any potential impact on ergonomics for developers. We discussed potential impact on UX/UI for users above.

          -

          Compatibility

          +

          Compatibility

          The authors cannot see any potential impact on compatibility. This should be assessed by the technical fellows.

          -

          Prior Art and References

          +

          Prior Art and References

          • Ethereum proposed a similar solution
          • Alistair did some initial write-up
            • @@ -6003,20 +5871,20 @@ The analysis can be reproduced or changed to other parameters using Summary +

            Summary

            This RFC proposes a change to the extrinsic format to include a transaction extension version.

            -

            Motivation

            +

            Motivation

            The extrinsic format supports to be extended with transaction extensions. These transaction extensions are runtime specific and can be different per chain. Each transaction extension can add data to the extrinsic itself or extend the signed payload. This means that adding a transaction extension is breaking the chain specific extrinsic format. A recent example was the introduction of the CheckMetadatHash to Polkadot and all its system chains. As the extension was adding one byte to the extrinsic, it broke a lot of tooling. By introducing an extra version for the transaction extensions it will be possible to introduce changes to these transaction extensions while still being backwards compatible. Based on the version of the transaction extensions, each chain runtime could decode the extrinsic correctly and also create the correct signed payload.

            -

            Stakeholders

            +

            Stakeholders

            • Runtime users
            • Runtime devs
            • Wallet devs
            -

            Explanation

            +

            Explanation

            RFC84 introduced the extrinsic format 5. The idea is to piggyback onto this change of the extrinsic format to add the extra version for the transaction extensions. If required, this could also come as extrinsic format 6, but 5 is not yet deployed anywhere.

            The extrinsic format supports the following types of transactions:

            @@ -6032,25 +5900,25 @@ as extrinsic format 6, but 5 is not yet deployed anywh

          The Version being a SCALE encoded u8 representing the version of the transaction extensions.

          In the chain runtime the version can be used to determine which set of transaction extensions should be used to decode and to validate the transaction.

          -

          Drawbacks

          +

          Drawbacks

          This adds one byte more to each signed transaction.

          -

          Testing, Security, and Privacy

          +

          Testing, Security, and Privacy

          There is no impact on testing, security or privacy.

          -

          Performance, Ergonomics, and Compatibility

          +

          Performance, Ergonomics, and Compatibility

          This will ensure that changes to the transactions extensions can be done in a backwards compatible way.

          -

          Performance

          +

          Performance

          There is no performance impact.

          -

          Ergonomics

          +

          Ergonomics

          Runtime developers need to take care of the versioning and ensure to bump as required, so that there are no compatibility breaking changes without a bump of the version. It will also add a little bit more code in the runtime to decode these old versions, but this should be neglectable.

          -

          Compatibility

          +

          Compatibility

          When introduced together with extrinsic format version 5 from RFC84, it can be implemented in a backwards compatible way. So, transactions can still be send using the old extrinsic format and decoded by the runtime.

          -

          Prior Art and References

          +

          Prior Art and References

          None.

          -

          Unresolved Questions

          +

          Unresolved Questions

          None.

          - +

          None.

          (source)

          Table of Contents

          @@ -6087,14 +5955,14 @@ old extrinsic format and decoded by the runtime.

          AuthorsAdrian Catangiu -

          Summary

          +

          Summary

          This RFC proposes a new instruction that provides a way to initiate on remote chains, asset transfers which transfer multiple types (teleports, local-reserve, destination-reserve) of assets, using XCM alone.

          The currently existing instructions are too opinionated and force each XCM asset transfer to a single transfer type (teleport, local-reserve, destination-reserve). This results in inability to combine different types of transfers in single transfer which results in overall poor UX when trying to move assets across chains.

          -

          Motivation

          +

          Motivation

          XCM is the de-facto cross-chain messaging protocol within the Polkadot ecosystem, and cross-chain assets transfers is one of its main use-cases. Unfortunately, in its current spec, it does not support initiating on a remote chain, one or more transfers that combine assets with different transfer types.
          @@ -6116,14 +5984,14 @@ For example, allows single XCM program execution to transfer multiple assets fro Kusama Asset Hub, over the bridge through Polkadot Asset Hub with final destination ParaP on Polkadot.

          With current XCM, we are limited to doing multiple independent transfers for each individual hop in order to move both "interesting" assets, but also "supporting" assets (used to pay fees).

          -

          Stakeholders

          +

          Stakeholders

          • Runtime users
          • Runtime devs
          • Wallet devs
          • dApps devs
          -

          Explanation

          +

          Explanation

          A new instruction InitiateAssetsTransfer is introduced that initiates an assets transfer from the chain it is executed on, to another chain. The executed transfer is point-to-point (chain-to-chain) with all of the transfer properties specified in the instruction parameters. The instruction also @@ -6311,9 +6179,9 @@ by executing a single XCM message, even though we'll be mixing multiple ).unwrap(); }) } -

          Drawbacks

          +

          Drawbacks

          No drawbacks identified.

          -

          Testing, Security, and Privacy

          +

          Testing, Security, and Privacy

          There should be no security risks related to the new instruction from the XCVM perspective. It follows the same pattern as with single-type asset transfers, only now it allows combining multiple types at once.

          Improves security by enabling @@ -6322,16 +6190,16 @@ which minimizes the potential free/unpaid work that a receiving chain has to do. required execution fee payment, part of the instruction logic through the remote_fees: Option<AssetTransferFilter> parameter, which will make sure the remote XCM starts with a single-asset-holding-loading-instruction, immediately followed by a BuyExecution using said asset.

          -

          Performance, Ergonomics, and Compatibility

          +

          Performance, Ergonomics, and Compatibility

          This brings no impact to the rest of the XCM spec. It is a new, independent instruction, no changes to existing instructions.

          Enhances the exposed functionality of Polkadot. Will allow multi-chain transfers that are currently forced to happen in multiple programs per asset per "hop", to be possible in a single XCM program.

          -

          Performance

          +

          Performance

          No performance changes/implications.

          -

          Ergonomics

          +

          Ergonomics

          The proposal enhances developers' and users' cross-chain asset transfer capabilities. This enhancement is optimized for XCM programs transferring multiple assets, needing to run their logic across multiple chains.

          -

          Compatibility

          +

          Compatibility

          Does this proposal break compatibility with existing interfaces, older versions of implementations? Summarize necessary migrations or upgrade strategies, if any.

          This enhancement is compatible with all existing XCM programs and versions.

          @@ -6340,11 +6208,11 @@ success. A program where the new instruction is used to initiate multiple types of asset transfers, cannot be downgraded to older XCM versions, because there is no equivalent capability there. Such conversion attempts will explicitly fail.

          -

          Prior Art and References

          +

          Prior Art and References

          None.

          -

          Unresolved Questions

          +

          Unresolved Questions

          None.

          - +

          None.

          (source)

          Table of Contents

          @@ -6377,10 +6245,10 @@ Such conversion attempts will explicitly fail.

          AuthorsAdrian Catangiu -

          Summary

          +

          Summary

          The Transact XCM instruction currently forces the user to set a specific maximum weight allowed to the inner call and then also pay for that much weight regardless of how much the call actually needs in practice.

          This RFC proposes improving the usability of Transact by removing that parameter and instead get and charge the actual weight of the inner call from its dispatch info on the remote chain.

          -

          Motivation

          +

          Motivation

          The UX of using Transact is poor because of having to guess/estimate the require_weight_at_most weight used by the inner call on the target.

          We've seen multiple Transact on-chain failures caused by guessing wrong values for this require_weight_at_most even though the rest of the XCM program would have worked.

          In practice, this parameter only adds UX overhead with no real practical value. Use cases fall in one of two categories:

          @@ -6393,40 +6261,40 @@ weight limit parameter.

          We've had multiple OpenGov root/whitelisted_caller proposals initiated by core-devs completely or partially fail because of incorrect configuration of require_weight_at_most parameter. This is a strong indication that the instruction is hard to use.

          -

          Stakeholders

          +

          Stakeholders

          • Runtime Users,
          • Runtime Devs,
          • Wallets,
          • dApps,
          -

          Explanation

          +

          Explanation

          The proposed enhancement is simple: remove require_weight_at_most parameter from the instruction:

          - Transact { origin_kind: OriginKind, require_weight_at_most: Weight, call: DoubleEncoded<Call> },
 + Transact { origin_kind: OriginKind, call: DoubleEncoded<Call> },

          The XCVM implementation shall no longer use require_weight_at_most for weighing. Instead, it shall weigh the Transact instruction by decoding and weighing the inner call.

          -

          Drawbacks

          +

          Drawbacks

          No drawbacks, existing scenarios work as before, while this also allows new/easier flows.

          -

          Testing, Security, and Privacy

          +

          Testing, Security, and Privacy

          Currently, an XCVM implementation can weigh a message just by looking at the decoded instructions without decoding the Transact's call, but assuming require_weight_at_most weight for it. With the new version it has to decode the inner call to know its actual weight.

          But this does not actually change the security considerations, as can be seen below.

          With the new Transact the weighing happens after decoding the inner call. The entirety of the XCM program containing this Transact needs to be either covered by enough bought weight using a BuyExecution, or the origin has to be allowed to do free execution.

          The security considerations around how much can someone execute for free are the same for both this new version and the old. In both cases, an "attacker" can do the XCM decoding (including Transact inner calls) for free by adding a large enough BuyExecution without actually having the funds available.

          In both cases, decoding is done for free, but in both cases execution fails early on BuyExecution.

          -

          Performance, Ergonomics, and Compatibility

          -

          Performance

          +

          Performance, Ergonomics, and Compatibility

          +

          Performance

          No performance change.

          -

          Ergonomics

          +

          Ergonomics

          Ergonomics are slightly improved by simplifying Transact API.

          -

          Compatibility

          +

          Compatibility

          Compatible with previous XCM programs.

          -

          Prior Art and References

          +

          Prior Art and References

          None.

          -

          Unresolved Questions

          +

          Unresolved Questions

          None.

          - +

          None.

          (source)

          Table of Contents

          @@ -6470,13 +6338,13 @@ both this new version and the old. In both cases, an "attacker" can do AuthorsAndrei Sandu -

          Summary

          +

          Summary

          Elastic scaling is not resilient against griefing attacks without a way for a PoV (Proof of Validity) to commit to the particular core index it was intended for. This RFC proposes a way to include core index information in the candidate commitments and the CandidateDescriptor data structure in a backward compatible way. Additionally, it proposes the addition of a SessionIndex field in the CandidateDescriptor to make dispute resolution more secure and robust.

          -

          Motivation

          +

          Motivation

          This RFC proposes a way to solve two different problems:

          1. For Elastic Scaling, it prevents anyone who has acquired a valid collation to DoS the parachain @@ -6491,14 +6359,14 @@ dispute. The dispute may concern a relay chain block not yet imported by a validator. In this case, validators can safely assume the session index refers to the session the candidate has appeared in, otherwise, the chain would have rejected the candidate.
          -

          Stakeholders

          +

          Stakeholders

          • Polkadot core developers.
          • Cumulus node developers.
          • Tooling, block explorer developers.

          This approach and alternatives have been considered and discussed in this issue.

          -

          Explanation

          +

          Explanation

          The approach proposed below was chosen primarily because it minimizes the number of breaking changes, the complexity and takes less implementation and testing time. The proposal is to change the existing primitives while keeping binary compatibility with the older versions. We repurpose @@ -6644,28 +6512,28 @@ A candidate must not be backed if any of the following are true:

          as backers did off-chain. It currently stores the claim queue at the newest allowed relay parent corresponding to the claim queue offset 0. The runtime needs to be changed to store a claim queue snapshot at all allowed relay parents.

          -

          Drawbacks

          +

          Drawbacks

          The only drawback is that further additions to the descriptor are limited to the amount of remaining unused space.

          -

          Testing, Security, and Privacy

          +

          Testing, Security, and Privacy

          Standard testing (unit tests, CI zombienet tests) for functionality and mandatory security audit to ensure the implementation does not introduce any new security issues.

          Backward compatibility of the implementation will be tested on testnets (Versi and Westend).

          There is no impact on privacy.

          -

          Performance

          +

          Performance

          Overall performance will be improved by not checking the collator signatures in runtime and nodes. The impact on the UMP queue and candidate receipt processing is negligible.

          The ClaimQueueOffset along with the relay parent choice allows parachains to optimize their block production for either throughput or lower XCM message processing latency. A value of 0 with the newest relay parent provides the best latency while picking older relay parents avoids re-orgs.

          -

          Ergonomics

          +

          Ergonomics

          It is mandatory for elastic parachains to switch to the new receipt format and commit to a core by sending the UMPSignal::SelectCore message. It is optional but desired that all parachains switch to the new receipts for providing the session index for disputes.

          The implementation of this RFC itself must not introduce any breaking changes for the parachain runtime or collator nodes.

          -

          Compatibility

          +

          Compatibility

          The proposed changes are not fully backward compatible, because older validators verify the collator signature of candidate descriptors.

          Additional care must be taken before enabling the new descriptors by waiting for at least @@ -6690,12 +6558,12 @@ present in the receipt.

          Any tooling that decodes UMP XCM messages needs an update to support or ignore the new UMP messages, but they should be fine to decode the regular XCM messages that come before the separator.

          -

          Prior Art and References

          +

          Prior Art and References

          Forum discussion about a new CandidateReceipt format: https://forum.polkadot.network/t/pre-rfc-discussion-candidate-receipt-format-v2/3738

          -

          Unresolved Questions

          +

          Unresolved Questions

          N/A

          - +

          The implementation is extensible and future-proof to some extent. With minimal or no breaking changes, additional fields can be added in the candidate descriptor until the reserved space is exhausted

          @@ -6737,7 +6605,7 @@ by using the version field of the descriptor introduced in this RFC AuthorsFrancisco Aguirre -

          Summary

          +

          Summary

          XCM already handles execution fees in an effective and efficient manner using the BuyExecution instruction. However, other types of fees are not handled as effectively -- for example, delivery fees. Fees exist that can't be measured using Weight -- as execution fees can -- so a new method should be thought up for those cases. @@ -6746,7 +6614,7 @@ This RFC proposes making the fee handling system simpler and more general, by do

        • Adding a fees register
        • Deprecating BuyExecution and adding a new instruction PayFees with new semantics to ultimately replace it.
        -

        Motivation

        +

        Motivation

        Execution fees are handled correctly by XCM right now. However, the addition of extra fees, like for message delivery, result in awkward ways of integrating them into the XCVM implementation. This is because these types of fees are not included in the language. @@ -6754,14 +6622,14 @@ The standard should have a way to correctly deal with these implementation speci The new instruction moves the specified amount of fees from the holding register to a dedicated fees register that the XCVM can use in flexible ways depending on its implementation. The XCVM implementation is free to use these fees to pay for execution fees, transport fees, or any other type of fee that might be necessary. This moves the specifics of fees further away from the XCM standard, and more into the actual underlying XCVM implementation, which is a good thing.

        -

        Stakeholders

        +

        Stakeholders

        • Runtime Users
        • Runtime Devs
        • Wallets
        • dApps
        -

        Explanation

        +

        Explanation

        The new instruction that will replace BuyExecution is a much simpler and general version: PayFees. This instruction takes one Asset, takes it from the holding register, and puts it into a new fees register. The XCVM implementation can now use this Asset to make sure every necessary fee is paid for, this includes execution fees, delivery fees, and any other type of fee @@ -6792,27 +6660,27 @@ BuyExecution { asset, weight_limit } PayFees { asset } // ...rest } -

        Drawbacks

        +

        Drawbacks

        There needs to be an explicit change from BuyExecution to PayFees, most often accompanied by a reduction in the assets passed in.

        -

        Testing, Security, and Privacy

        +

        Testing, Security, and Privacy

        It might become a security concern if leftover fees are trapped, since a lot of them are expected.

        -

        Performance, Ergonomics, and Compatibility

        -

        Performance

        +

        Performance, Ergonomics, and Compatibility

        +

        Performance

        There should be no performance downsides to this approach. The fees register is a simplification that may actually result in better performance, in the case an implementation is doing a workaround to achieve what this RFC proposes.

        -

        Ergonomics

        +

        Ergonomics

        The interface is going to be very similar to the already existing one. Even simpler since PayFees will only receive one asset. That asset will allow users to limit the amount of fees they are willing to pay.

        -

        Compatibility

        +

        Compatibility

        This RFC can't just change the semantics of the BuyExecution instruction since that instruction accepts any funds, uses what it needs and returns the rest immediately. The new proposed instruction, PayFees, doesn't return the leftover immediately, it keeps it in the fees register. In practice, the deprecated BuyExecution needs to be slowly rolled out in favour of PayFees.

        -

        Prior Art and References

        +

        Prior Art and References

        The closed RFC PR on the xcm-format repository, before XCM RFCs got moved to fellowship RFCs: https://github.com/polkadot-fellows/xcm-format/pull/53.

        -

        Unresolved Questions

        +

        Unresolved Questions

        None

        - +

        This proposal would greatly benefit from an improved asset trapping system.

        CustomAssetClaimer is also related, as it directly improves the ergonomics of this proposal.

        LeftoverAssetsDestination execution hint would also similarly improve the ergonomics.

        @@ -6848,12 +6716,12 @@ In practice, the deprecated BuyExecution needs to be slowly rolled AuthorsFrancisco Aguirre -

        Summary

        +

        Summary

        A previous XCM RFC (https://github.com/polkadot-fellows/xcm-format/pull/37) introduced a SetAssetClaimer instruction. This idea of instructing the XCVM to change some implementation-specific behavior is useful. In order to generalize this mechanism, this RFC introduces a new instruction SetHints and makes the SetAssetClaimer be just one of many possible execution hints.

        -

        Motivation

        +

        Motivation

        There is a need for specifying how certain implementation-specific things should behave. Things like who can claim the assets or what can be done instead of trapping assets. Another idea for a hint:

        @@ -6861,13 +6729,13 @@ Another idea for a hint:

      • AssetForFees: to signify to the executor what asset the user prefers to use for fees.
      • LeftoverAssetsDestination: for depositing leftover assets to a destination instead of trapping them
      -

      Stakeholders

      +

      Stakeholders

      • Runtime devs
      • Wallets
      • dApps
      -

      Explanation

      +

      Explanation

      A new instruction, SetHints, will be added. This instruction will take a single parameter of type Hint, an enumeration. The first variant for this enum is AssetClaimer, which allows to specify a location that should be able to claim trapped assets. @@ -6888,27 +6756,27 @@ enum Hint { type NumVariants = /* Number of variants of the `Hint` enum */; } -

      Drawbacks

      +

      Drawbacks

      The SetHints instruction might be hard to benchmark, since we should look into the actual hints being set to know how much weight to attribute to it.

      -

      Testing, Security, and Privacy

      +

      Testing, Security, and Privacy

      Hints are specified on a per-message basis, so they have to be specified at the beginning of a message. If they were to be specified at the end, hints like AssetClaimer would be useless if an error occurs beforehand and assets get trapped before ever reaching the hint.

      The instruction takes a bounded vector of hints so as to not force barriers to allow an arbitrary number of SetHint instructions.

      -

      Performance, Ergonomics, and Compatibility

      -

      Performance

      +

      Performance, Ergonomics, and Compatibility

      +

      Performance

      None.

      -

      Ergonomics

      +

      Ergonomics

      The SetHints instruction provides a better integration with barriers. If we had to add one barrier for SetAssetClaimer and another for each new hint that's added, barriers would need to be changed all the time. Also, this instruction would make it simpler to write XCM programs. You only need to specify the hints you want in one single instruction at the top of your program.

      -

      Compatibility

      +

      Compatibility

      None.

      -

      Prior Art and References

      +

      Prior Art and References

      The previous RFC PR in the xcm-format repository before XCM RFCs moved to fellowship RFCs: https://github.com/polkadot-fellows/xcm-format/pull/59.

      -

      Unresolved Questions

      +

      Unresolved Questions

      None.

      - +

      None.

      (source)

      Table of Contents

      @@ -6941,36 +6809,36 @@ You only need to specify the hints you want in one single instruction at the top Authors -

      Summary

      +

      Summary

      This RFC aims to remove the NetworkIds of Westend and Rococo, arguing that testnets shouldn't go in the language.

      -

      Motivation

      +

      Motivation

      We've already seen the plans to phase out Rococo and Paseo has appeared. Instead of constantly changing the testnets included in the language, we should favor specifying them via their genesis hash, using NetworkId::ByGenesis.

      -

      Stakeholders

      +

      Stakeholders

      • Runtime devs
      • Wallets
      • dApps
      -

      Explanation

      +

      Explanation

      Remove Westend and Rococo from the included NetworkIds in the language.

      -

      Drawbacks

      +

      Drawbacks

      This RFC will make it less convenient to specify a testnet, but not by a large amount.

      -

      Testing, Security, and Privacy

      +

      Testing, Security, and Privacy

      None.

      -

      Performance, Ergonomics, and Compatibility

      -

      Performance

      +

      Performance, Ergonomics, and Compatibility

      +

      Performance

      None.

      -

      Ergonomics

      +

      Ergonomics

      It will very slightly reduce the ergonomics of testnet developers but improve the stability of the language.

      -

      Compatibility

      +

      Compatibility

      NetworkId::Rococo and NetworkId::Westend can just use NetworkId::ByGenesis, as can other testnets.

      -

      Prior Art and References

      +

      Prior Art and References

      A previous attempt to add NetworkId::Paseo: https://github.com/polkadot-fellows/xcm-format/pull/58.

      -

      Unresolved Questions

      +

      Unresolved Questions

      None.

      - +

      None.

      (source)

      Table of Contents

      @@ -7009,11 +6877,11 @@ using NetworkId::ByGenesis.

      AuthorsAdrian Catangiu -

      Summary

      +

      Summary

      XCM programs generated by the InitiateAssetTransfer instruction shall have the option to carry over the original origin all the way to the final destination. They shall do so by internally making use of AliasOrigin or ClearOrigin depending on given parameters.

      This allows asset transfers to retain their original origin even across multiple hops.

      Ecosystem chains would have to change their trusted aliasing rules to effectively make use of this feature.

      -

      Motivation

      +

      Motivation

      Currently, all XCM asset transfer instructions ultimately clear the origin in the remote XCM message by use of the ClearOrigin instruction. This is done for security considerations to ensure that subsequent (user-controlled) instructions cannot command the authority of the sending chain.

      The problem with this approach is that it limits what can be achieved on remote chains through XCM. Most XCM operations require having an origin, and following any asset transfer the origin is lost, meaning not much can be done other than depositing the transferred assets to some local account or transferring them onward to another chain.

      For example, we cannot transfer some funds for buying execution, then do a Transact (all in the same XCM message).

      @@ -7021,9 +6889,9 @@ using NetworkId::ByGenesis.

      Transact XCM programs today require a two step process:

      Transact Today

      And we want to be able to do it using a single XCM program.

      -

      Stakeholders

      +

      Stakeholders

      Runtime Users, Runtime Devs, wallets, cross-chain dApps.

      -

      Explanation

      +

      Explanation

      In the case of XCM programs going from source-chain directly to dest-chain without an intermediary hop, we can enable scenarios such as above by using the AliasOrigin instruction instead of the ClearOrigin instruction.

      Instead of clearing the source-chain origin, the destination chain shall attempt to alias source-chain to "original origin" on the source chain. Most common such origin aliasing would be X1(Parachain(source-chain)) -> X2(Parachain(source-chain), AccountId32(origin-account)) for the case of a single hop transfer where the initiator is a (signed/pure/proxy) account origin-account on source-chain. @@ -7073,35 +6941,35 @@ involved chains.

    • user on ParaA on Polkdaot calls function on Ethereum, pays with ETH,
    Transact Over Bridge -

    Drawbacks

    +

    Drawbacks

    In terms of ergonomics and user experience, this support for combining an asset transfer with a subsequent action (like Transact) is a net positive.

    In terms of performance, and privacy, this is neutral with no changes.

    In terms of security, the feature by itself is also neutral because it allows preserve_origin: false usage for operating with no extra trust assumptions. When wanting to support preserving origin, chains need to configure secure origin aliasing filters. The one suggested in this RFC should be the right choice for the majority of chains, but each chain will ultimately choose depending on their business model and logic (e.g. chain does not plan to integrate with Asset Hub). It is up to the individual chains to configure accordingly.

    -

    Testing, Security, and Privacy

    +

    Testing, Security, and Privacy

    Barriers should now allow AliasOrigin, DescendOrigin or ClearOrigin.

    Normally, XCM program builders should audit their programs and eliminate assumptions of "no origin" on remote side of this instruction. In this case, the InitiateAssetsTransfer has not been released yet, it will be part of XCMv5, and we can make this change part of the same XCMv5 so that there isn't even the possibility of someone in the wild having built XCM programs using this instruction on those wrong assumptions.

    The working assumption going forward is that the origin on the remote side can either be cleared or it can be the local origin's reanchored location. This assumption is in line with the current behavior of remote XCM programs sent over using pallet_xcm::send.

    The existing DepositReserveAsset, InitiateReserveWithdraw and InitiateTeleport cross chain asset transfer instructions will not attempt to do origin aliasing and will always clear origin same as before for compatibility reasons.

    -

    Performance, Ergonomics, and Compatibility

    -

    Performance

    +

    Performance, Ergonomics, and Compatibility

    +

    Performance

    No impact.

    -

    Ergonomics

    +

    Ergonomics

    Improves ergonomics by allowing the local origin to operate on the remote chain even when the XCM program includes an asset transfer.

    -

    Compatibility

    +

    Compatibility

    At the executor-level this change is backwards and forwards compatible. Both types of programs can be executed on new and old versions of XCM with no changes in behavior.

    New version of the InitiateAssetsTransfer instruction acts same as before when used with preserve_origin: false.

    For using the new capabilities, the XCM builder has to verify that the involved chains have the required origin-aliasing filters configured and use some new version of Barriers aware of AliasOrigin as an allowed alternative to ClearOrigin.

    For compatibility reasons, this RFC proposes this mechanism be added as an enhancement to the yet unreleased InitiateAssetsTransfer instruction, thus eliminating possibilities of XCM logic breakages in the wild. Following the same logic, the existing DepositReserveAsset, InitiateReserveWithdraw and InitiateTeleport cross chain asset transfer instructions will not attempt to do origin aliasing and will always clear the origin same as before for compatibility reasons.

    Any one of DepositReserveAsset, InitiateReserveWithdraw and InitiateTeleport instructions can be replaced with a InitiateAssetsTransfer instruction with or without origin aliasing, thus providing a clean and clear upgrade path for opting-in this new feature.

    -

    Prior Art and References

    +

    Prior Art and References

    -

    Unresolved Questions

    +

    Unresolved Questions

    None

    - +

    (source)

    Table of Contents

      @@ -7132,39 +7000,39 @@ Following the same logic, the existing DepositReserveAsset, I AuthorsBastian Köcher -

      Summary

      +

      Summary

      The code of a runtime is stored in its own state, and when performing a runtime upgrade, this code is replaced. The new runtime can contain runtime migrations that adapt the state to the state layout as defined by the runtime code. This runtime migration is executed when building the first block with the new runtime code. Anything that interacts with the runtime state uses the state layout as defined by the runtime code. So, when trying to load something from the state in the block that applied the runtime upgrade, it will use the new state layout but will decode the data from the non-migrated state. In the worst case, the data is incorrectly decoded, which may lead to crashes or halting of the chain.

      This RFC proposes to store the new runtime code under a different storage key when applying a runtime upgrade. This way, all the off-chain logic can still load the old runtime code under the default storage key and decode the state correctly. The block producer is then required to use this new runtime code to build the next block. While building the next block, the runtime is executing the migrations and moves the new runtime code to the default runtime code location. So, the runtime code found under the default location is always the correct one to decode the state from which the runtime code was loaded.

      -

      Motivation

      +

      Motivation

      While the issue of having undecodable state only exists for the one block in which the runtime upgrade was applied, it still impacts anything that reads state data, like block explorers, UIs, nodes, etc. For block explorers, the issue mainly results in indexing invalid data and UIs may show invalid data to the user. For nodes, reading incorrect data may lead to a performance degradation of the network. There are also ways to prevent certain decoding issues from happening, but it requires that developers are aware of this issue and also requires introducing extra code, which could introduce further bugs down the line.

      So, this RFC tries to solve these issues by fixing the underlying problem of having temporary undecodable state.

      -

      Stakeholders

      +

      Stakeholders

      • Relay chain/Parachain node developers
      • Relay chain/Parachain node operators
      -

      Explanation

      +

      Explanation

      The runtime code is stored under the special key :code in the state. Nodes and other tooling read the runtime code under this storage key when they want to interact with the runtime for e.g., building/importing blocks or getting the metadata to read the state. To update the runtime code the runtime overwrites the value at :code, and then from the next block on, the new runtime will be loaded. This RFC proposes to first store the new runtime code under :pending_code in the state for one block. When the next block is being built, the block builder first needs to check if :pending_code is set, and if so, it needs to load the runtime from this storage key. While building the block the runtime will move :pending_code to :code to have the runtime code at the default location. Nodes importing the block will also need to load :pending_code if it exists to ensure that the correct runtime code is used. By doing it this way, the runtime code found at :code in the state of a block will always be able to decode the state. Furthermore, this RFC proposes to introduce system_version: 3. The system_version was introduced in RFC42. Version 3 would then enable the usage of :pending_code when applying a runtime code upgrade. This way, the feature can be introduced first and enabled later when the majority of the nodes have upgraded.

      -

      Drawbacks

      +

      Drawbacks

      Because the first block built with the new runtime code will move the runtime code from :pending_code to :code, the runtime code will need to be loaded. This means the runtime code will appear in the proof of validity of a parachain for the first block built with the new runtime code. Generally this is not a problem as the runtime code is also loaded by the parachain when setting the new runtime code. There is still the possibility of having state that is not migrated even when following the proposal as presented by this RFC. The issue is that if the amount of data to be migrated is too big, not all of it can be migrated in one block, because either it takes more time than there is assigned for a block or parachains for example have a fixed budget for their proof of validity. To solve this issue there already exist multi-block migrations that can chunk the migration across multiple blocks. Consensus-critical data needs to be migrated in the first block to ensure that block production etc., can continue. For the other data being migrated by multi-block migrations the migrations could for example expose to the outside which keys are being migrated and should not be indexed until the migration is finished.

      -

      Testing, Security, and Privacy

      +

      Testing, Security, and Privacy

      Testing should be straightforward and most of the existing testing should already be good enough. Extending with some checks that :pending_code is moved to :code.

      -

      Performance, Ergonomics, and Compatibility

      -

      Performance

      +

      Performance, Ergonomics, and Compatibility

      +

      Performance

      The performance should not be impacted besides requiring loading the runtime code in the first block being built with the new runtime code.

      -

      Ergonomics

      +

      Ergonomics

      It only alters the way blocks are produced and imported after applying a runtime upgrade. This means that only nodes need to be adapted to the changes of this RFC.

      -

      Compatibility

      +

      Compatibility

      The change will require that the nodes are upgraded before the runtime starts using this feature. Otherwise they will fail to import the block build by :pending_code. For Polkadot/Kusama this means that also the parachain nodes need to be running with a relay chain node version that supports this new feature. Otherwise the parachains will stop producing/finalizing nodes as they can not sync the relay chain any more.

      -

      Prior Art and References

      +

      Prior Art and References

      The issue initially reported a bug that led to this RFC. It also discusses multiple solutions for the problem.

      -

      Unresolved Questions

      +

      Unresolved Questions

      None

      - +
      • Solve the issue of requiring loading the entire runtime code to move it into a different location by introducing a low-level move function. When using the V1 trie layout every value bigger than 32 bytes is put into the db separately. This means a low level move function would only need to move the hash of the runtime code from :code to :pending_code.
      @@ -7203,9 +7071,9 @@ For Polkadot/Kusama this means that also the parachain nodes need to be running AuthorsDaniel Shiposha -

      Summary

      +

      Summary

      This RFC proposes a metadata format for XCM-identifiable assets (i.e., for fungible/non-fungible collections and non-fungible tokens) and a set of instructions to communicate it across chains.

      -

      Motivation

      +

      Motivation

      Currently, there is no way to communicate metadata of an asset (or an asset instance) via XCM.

      The ability to query and modify the metadata is useful for two kinds of entities:

        @@ -7225,9 +7093,9 @@ For Polkadot/Kusama this means that also the parachain nodes need to be running

      Besides metadata modification, the ability to read it is also valuable. On-chain logic can interpret the NFT metadata, i.e., the metadata could have not only the media meaning but also a utility function within a consensus system. Currently, such a way of using NFT metadata is possible only within one consensus system. This RFC proposes making it possible between different systems via XCM so different chains can fetch and analyze the asset metadata from other chains.

      -

      Stakeholders

      +

      Stakeholders

      Runtime users, Runtime devs, Cross-chain dApps, Wallets.

      -

      Explanation

      +

      Explanation

      The Asset Metadata is information bound to an asset class (fungible or NFT collection) or an asset instance (an NFT). The Asset Metadata could be represented differently on different chains (or in other consensus entities). However, to communicate metadata between consensus entities via XCM, we need a general format so that any consensus entity can make sense of such information.

      @@ -7372,23 +7240,23 @@ The request can only be executed or rejected in its entirety. It must not be exe This RFC proposes to use the Undefined variant of a collection identified by an AssetId as a synonym of the collection itself. I.e., an asset Asset { id: <AssetId>, fun: NonFungible(AssetInstance::Undefined) } is considered an NFT representing the collection itself.

      As a singleton non-fungible instance is barely distinguishable from its collection, this convention shouldn't cause any problems.

      Thus, the AssetInstance docs must be updated accordingly in the implementations.

      -

      Drawbacks

      +

      Drawbacks

      Regarding ergonomics, no drawbacks were noticed.

      As for the user experience, it could discover new cross-chain use cases involving asset collections and NFTs, indicating a positive impact.

      There are no security concerns except for the ReportMetadata instruction, which implies that the source of the information must be trusted.

      In terms of performance and privacy, there will be no changes.

      -

      Testing, Security, and Privacy

      +

      Testing, Security, and Privacy

      The implementations must honor the contract for the new instructions. Namely, if the instance field has the value of AssetInstance::Undefined, the metadata must relate to the asset collection but not to a non-fungible token inside it.

      -

      Performance, Ergonomics, and Compatibility

      -

      Performance

      +

      Performance, Ergonomics, and Compatibility

      +

      Performance

      No significant impact.

      -

      Ergonomics

      +

      Ergonomics

      Introducing a standard metadata format and a way of communicating it is a valuable addition to the XCM format that potentially increases cross-chain interoperability without the need to form ad-hoc chain-to-chain integrations via Transact.

      -

      Compatibility

      +

      Compatibility

      This RFC proposes new functionality, so there are no compatibility issues.

      -

      Prior Art and References

      +

      Prior Art and References

      RFC: XCM Asset Metadata

      - +

      The original RFC draft contained additional metadata instructions. Though they could be useful, they're clearly outside the basic logic. So, this RFC version omits them to make the metadata discussion more focused on the core things. Nonetheless, there is hope that metadata approval instructions might be useful in the future, so they are mentioned here.

      You can read about the details in the original draft.

      (source)

      @@ -7433,9 +7301,9 @@ This RFC proposes to use the Undefined variant of a collection iden AuthorsBryan Chen, Jiyuan Zheng -

      Summary

      +

      Summary

      This proposal introduces PVQ (PolkaVM Query), a unified query interface that bridges different chain runtime implementations and client tools/UIs. PVQ provides an extension-based system where runtime developers can expose chain-specific functionality through standardized interfaces, while allowing client-side developers to perform custom computations on the data through PolkaVM programs. By abstracting away concrete implementations across chains and supporting both off-chain and cross-chain scenarios, PVQ aims to reduce code duplication and development complexity while maintaining flexibility for custom use cases.

      -

      Motivation

      +

      Motivation

      In Substrate, runtime APIs facilitate off-chain clients in reading the state of the consensus system. However, the APIs defined and implemented by individual chains often fall short of meeting the diverse requirements of client-side developers. For example, client-side developers may want some aggregated data from multiple pallets, or apply various custom transformations on the raw data. @@ -7470,12 +7338,12 @@ As a result, client-side developers frequently resort to directly accessing stor

    -

    Stakeholders

    +

    Stakeholders

    • Runtime Developers
    • Tools/UI Developers
    -

    Explanation

    +

    Explanation

    The core idea of PVQ is to have a unified interface that meets the aforementioned requirements.

    On the runtime side, an extension-based system is introduced to serve as a standardization layer across different chains. Each extension specification defines a set of cohesive APIs. @@ -7742,12 +7610,12 @@ enum PvqError {

  • ExceedsMaxMessageSize
  • Transport
    • -

    Drawbacks

    +

    Drawbacks

    Performance issues

    • PVQ Program Size: The size of a complicated PVQ program may be too large to be suitable for efficient storage and transmission via XCMP/HRMP.
    -

    Testing, Security, and Privacy

    +

    Testing, Security, and Privacy

    • Testing:

      @@ -7784,27 +7652,27 @@ enum PvqError { N/A

    -

    Performance, Ergonomics, and Compatibility

    -

    Performance

    +

    Performance, Ergonomics, and Compatibility

    +

    Performance

    As a newly introduced feature, PVQ operates independently and does not impact or degrade the performance of existing runtime implementations.

    -

    Ergonomics

    +

    Ergonomics

    From the perspective of off-chain tooling, this proposal streamlines development by unifying multiple chain-specific RuntimeAPIs under a single consistent interface. This significantly benefits wallet and dApp developers by eliminating the need to handle individual implementations for similar operations across different chains. The proposal also enhances development flexibility by allowing custom computations to be modularly encapsulated as PolkaVM programs that interact with the exposed APIs.

    -

    Compatibility

    +

    Compatibility

    For RuntimeAPI integration, the proposal defines new APIs, which do not break compatibility with existing interfaces. For XCM Integration, the proposal does not modify the existing XCM message format, which is backwards compatible.

    -

    Prior Art and References

    +

    Prior Art and References

    There are several discussions related to the proposal, including:

    • Original discussion about having a mechanism to avoid code duplications between the runtime and front-ends/wallets. In the original design, the custom computations are compiled as a wasm function.
    • View functions aims to provide view-only functions at the pallet level. Additionally, Facade Project aims to gather and return commonly wanted information in runtime level. PVQ does not conflict with them, and it can take advantage of these Pallet View Functions / Runtime APIs and allow people to build arbitrary PVQ programs to obtain more custom/complex data that is not otherwise expressed by these two proposals.
    -

    Unresolved Questions

    +

    Unresolved Questions

    • The specific conversion between gas and weight has not been finalized and will likely require development of a suitable benchmarking methodology.
    - +

    Once PVQ and the aforementioned Facade Project are ready, there are opportunities to consolidate overlapping functionality between the two systems. For example, the metadata APIs could potentially be unified to provide a more cohesive interface for runtime information. This would help reduce duplication and improve maintainability while preserving the distinct benefits of each approach.

    (source)

    Table of Contents

    @@ -7842,14 +7710,14 @@ PVQ does not conflict with them, and it can take advantage of these Pallet View Authorss0me0ne-unkn0wn (13WGadgNgqSjiGQvfhimw9pX26mvGdYQ6XgrjPANSEDRoGMt) -

    Summary

    +

    Summary

    This RFC proposes a change that makes it possible to identify types of compressed blobs stored on-chain, as well as used off-chain, without the need for decompression.

    -

    Motivation

    +

    Motivation

    Currently, a compressed blob does not give any idea of what's inside because the only thing that can be inside, according to the spec, is Wasm. In reality, other blob types are already being used, and more are to come. Apart from being error-prone by itself, the current approach does not allow to properly route the blob through the execution paths before its decompression, which will result in suboptimal implementations when more blob types are used. Thus, it is necessary to introduce a mechanism allowing to identify the blob type without decompressing it.

    This proposal is intended to support future work enabling Polkadot to execute PolkaVM and, more generally, other-than-Wasm parachain runtimes, and allow developers to introduce arbitrary compression methods seamlessly in the future.

    -

    Stakeholders

    +

    Stakeholders

    Node developers are the main stakeholders for this proposal. It also creates a foundation on which parachain runtime developers will build.

    -

    Explanation

    +

    Explanation

    Overview

    The current approach to compressing binary blobs involves using zstd compression, and the resulting compressed blob is prefixed with a unique 64-bit magic value specified in that subsection. The same procedure is used to compress both Wasm code blobs and proofs-of-validity. Currently, having solely a compressed blob, it's impossible to tell what's inside it without decompression, a Wasm blob, or a PoV. That doesn't cause problems in the current protocol, as Wasm blobs and PoV blobs take completely different execution paths in the code.

    The changes proposed below are intended to define the means for distinguishing compressed blob types in a backward-compatible and future-proof way.

    @@ -7870,26 +7738,26 @@ PVQ does not conflict with them, and it can take advantage of these Pallet View
  • Conservatively, wait until no more PVFs prefixed with CBLOB_ZSTD_LEGACY remain on-chain. That may take quite some time. Alternatively, create a migration that alters prefixes of existing blobs;
  • Removing CBLOB_ZSTD_LEGACY prefix will be possible after all the nodes in all the networks cease using the prefix which is a long process, and additional incentives should be offered to the community to make people upgrade.
    • -

    Drawbacks

    +

    Drawbacks

    Currently, the only requirement for a compressed blob prefix is not to coincide with Wasm magic bytes (as stated in code comments). Changes proposed here increase prefix collision risk, given that arbitrary data may be compressed in the future. However, it must be taken into account that:

    • Collision probability per arbitrary blob is ≈5,4×10⁻²⁰ for a single random 64-bit prefix (current situation) and ≈2,17×10⁻¹⁹ for the proposed set of four 64-bit prefixes (proposed situation), which is still low enough;
    • The current de facto protocol uses the current compression implementation to compress PoVs, which are arbitrary binary data, so the collision risk already exists and is not introduced by changes proposed here.
    -

    Testing, Security, and Privacy

    +

    Testing, Security, and Privacy

    As the change increases granularity, it will positively affect both testing possibilities and security, allowing developers to check what's inside a given compressed blob precisely. Testing the change itself is trivial. Privacy is not affected by this change.

    -

    Performance, Ergonomics, and Compatibility

    -

    Performance

    +

    Performance, Ergonomics, and Compatibility

    +

    Performance

    The current implementation's performance is not affected by this change. Future implementations allowing for the execution of other-than-Wasm parachain runtimes will benefit from this change performance-wise.

    -

    Ergonomics

    +

    Ergonomics

    The end-user ergonomics is not affected. The ergonomics for developers will benefit from this change as it enables exact checks and less guessing.

    -

    Compatibility

    +

    Compatibility

    The change is designed to be backward-compatible.

    -

    Prior Art and References

    +

    Prior Art and References

    SDK PR#6704 (WIP) introduces a mechanism similar to that described in this proposal and proves the necessity of such a change.

    -

    Unresolved Questions

    +

    Unresolved Questions

    None

    - +

    This proposal creates a foundation for two future work directions:

    • Proposing to introduce other-than-Wasm code executors, including PolkaVM, allowing parachain runtime authors to seamlessly change execution platform using the existing mechanism of runtime upgrades;
      • @@ -7929,9 +7797,9 @@ PVQ does not conflict with them, and it can take advantage of these Pallet View Authorsordian -

      Summary

      +

      Summary

      This RFC proposes changes to the erasure coding algorithm and the method for computing the erasure root on Polkadot to improve performance of both processes.

      -

      Motivation

      +

      Motivation

      The Data Availability (DA) Layer in Polkadot provides a foundation for shared security, enabling Approval Checkers and Collators to download Proofs-of-Validity (PoV) for security and liveness purposes respectively. @@ -7948,12 +7816,12 @@ The proposed change is orthogonal to RFC-47 and can be used in conjunction with collator nodes), we propose bundling another performance-enhancing breaking change that addresses the CPU bottleneck in the erasure coding process, but using a separate node feature (NodeFeatures part of HostConfiguration) for its activation.

      -

      Stakeholders

      +

      Stakeholders

      • Infrastructure providers (operators of validator/collator nodes) will need to upgrade their client version in a timely manner
      -

      Explanation

      +

      Explanation

      We propose two specific changes:

      1. @@ -7987,24 +7855,24 @@ faster deployment for most parachains but would add complexity.

      2. Activate RFC-47 via Configuration::set_node_feature runtime change.
      3. Activate the new erasure coding scheme using another Configuration::set_node_feature runtime change.
      -

      Drawbacks

      +

      Drawbacks

      Bundling this breaking change with RFC-47 might reset progress in updating collators. However, the omni node initiative should help mitigate this issue.

      -

      Testing, Security, and Privacy

      +

      Testing, Security, and Privacy

      Testing is needed to ensure binary compatibility across implementations in multiple languages.

      Performance and Compatibility

      -

      Performance

      +

      Performance

      According to benchmarks:

      • A proper SIMD implementation of Reed-Solomon is 3-4× faster for encoding and up to 9× faster for full decoding
      • Binary Merkle Trees produce proofs that are 4× smaller and slightly faster to generate and verify
      -

      Compatibility

      +

      Compatibility

      This requires a breaking change that can be coordinated following the same approach as in RFC-47.

      -

      Prior Art and References

      +

      Prior Art and References

      JAM already utilizes the same optimizations described in the Graypaper.

      -

      Unresolved Questions

      +

      Unresolved Questions

      None.

      - +

      Future improvements could include:

      • Using ZK proofs to eliminate the need for re-encoding data to verify correct encoding
        • @@ -8034,7 +7902,7 @@ faster deployment for most parachains but would add complexity.

        AuthorsJonas Gehrlein -

        Summary

        +

        Summary

        This RFC proposes burning 80% of transaction fees accrued on Polkadot’s Relay Chain and, more significantly, on all its system parachains. The remaining 20% would continue to incentivize Validators (on the Relay Chain) and Collators (on system parachains) for including transactions. The 80:20 split is motivated by preserving the incentives for Validators, which are crucial for the security of the network, while establishing a consistent fee policy across the Relay Chain and all system parachains.

        • @@ -8045,7 +7913,7 @@ faster deployment for most parachains but would add complexity.

        This proposal extends the system's deflationary direction and is enabling direct value capture for DOT holders of an overall increased activity on the network.

        -

        Motivation

        +

        Motivation

        Historically, transaction fees on both the Relay Chain and the system parachains (with a few exceptions) have been relatively low. This is by design—Polkadot is built to scale and offer low-cost transactions. While this principle remains unchanged, growing network activity could still result in a meaningful accumulation of fees over time.

        Implementing this RFC ensures that potentially increasing activity manifesting in more fees is captured for all token holders. It further aligns the way that the network is handling fees (such as from transactions or for coretime usage) is handled. The arguments in support of this are close to those outlined in RFC0010. Specifically, burning transaction fees has the following benefits:

        Compensation for Coretime Usage

        @@ -8053,7 +7921,7 @@ faster deployment for most parachains but would add complexity.

        Value Accrual and Deflationary Pressure

        By burning the transaction fees, the system effectively reduces the token supply and thereby increase the scarcity of the native token. This deflationary pressure can increase the token's long-term value and ensures that the value captured is translated equally to all existing token holders.

        This proposal requires only minimal code changes, making it inexpensive to implement, yet it introduces a consistent policy for handling transaction fees across the network. Crucially, it positions Polkadot for a future where fee burning could serve as a counterweight to an otherwise inflationary token model, ensuring that value generated by network usage is returned to all DOT holders.

        -

        Stakeholders

        +

        Stakeholders

        • All DOT Token Holders: Benefit from reduced supply and direct value capture as network usage increases.

          @@ -8091,12 +7959,12 @@ faster deployment for most parachains but would add complexity.

          Authorseskimor -

          Summary

          +

          Summary

          This RFC proposes an amendment to RFC-1 Agile Coretime: Renewal prices will no longer only be adjusted based on a configurable renewal bump, but also to the lower end of the current sale - if that turns out higher.

          An implementation can be found here.

          -

          Motivation

          +

          Motivation

          In RFC-1, we strived for perfect predictability on renewal prices, but what we expected unfortunately got proven in practice: Perfect predictability allows for core hoarding and cheap market manipulation, with the effect that both on @@ -8108,9 +7976,9 @@ extend to elastic scaling and in practice, even existing teams wanting to keep their core, because they forgot to renew in the interlude.

          In a nutshell the current situation is severely hindering teams from deploying on Polkadot: We are essentially in a Denial of Service situation.

          -

          Stakeholders

          +

          Stakeholders

          Stakeholders should be existing teams already having a core and new teams wanting to join the ecosystem.

          -

          Explanation

          +

          Explanation

          This RFC proposes to fix this situation, by limiting renewal price predictability to reasonable levels, by introducing a weak coupling to the current market price: We ensure that the price for renewals is at least as high @@ -8178,13 +8046,13 @@ ensures that any additional attack will be expensive: 10 cores, results in to 100% capacity to have some leeway for governance in case of unforeseen attacks/weaknesses.

          • -

          Drawbacks

          +

          Drawbacks

          We are dropping almost perfect predictability on renewal prices, in favor of predictability within reasonable bounds. The introduction of a minimum price, will also result in huge relative price adjustments for existing tenants, because prices were so unreasonably low on Kusama. In practice this should not be an issue for any real project.

          -

          Testing, Security, and Privacy

          +

          Testing, Security, and Privacy

          This RFC is proposing a single line of code change. A test has been added to make sure it is working as expected.

          @@ -8207,15 +8075,15 @@ tenants. Having them exposed at least with this 10x reduction seems a sensible valuation.

          There are no privacy concerns.

          -

          Performance, Ergonomics, and Compatibility

          +

          Performance, Ergonomics, and Compatibility

          The proposed changes are backwards compatible. No interfaces are changed. Performance is not affected. Ergonomics should be greatly improved especially for new entrants, as cores will be available for sale again. A configured minimum price also ensures that the starting price of the Dutch auction stays reasonably high, deterring sniping all the cores at the beginning of a sale.

          -

          Prior Art and References

          +

          Prior Art and References

          This RFC is altering RFC-1 and taking ideas from RFC-17, mainly the introduction of a minimum price.

          - +

          This RFC should solve the immediate problems we are seeing in production right now. Longer term, improvements to the market in terms of price discovery (RFC-17) should be considered, especially once demand grows.

          @@ -8230,6 +8098,138 @@ now. Longer term, improvements to the market in terms of price discovery

          Mitigation for this edge case is relatively simple: Bump renewals more aggressively the less cores are available on the free market. For now, leaving a few cores not for sale should be enough to mitigate such a situation.

          +

          (source)

          +

          Table of Contents

          + +

          RFC-150: Allow Voting While Delegating

          +
          + + + +
          Start DateJune 5th, 2025
          DescriptionAllow voters to simultaneously delegate and vote
          Authorspolka.dom (polkadotdom)
          +
          +

          Summary

          +

          This RFC proposes changes to pallet-conviction-voting that allow for simultaneous voting and delegation. For example, Alice could delegate to Bob, then later vote on a referendum while keeping their delegation to Bob intact. It is a strict subset of Leemo's RFC 35.

          +

          Motivation

          +

          Backdrop

          +

          Under our current voting system, a voter can either vote or delegate. To vote, they must first ensure they have no delegate, and to delegate, they must first clear their current votes.

          +

          The Issue

          +

          Empirically, the vast majority of people do not vote on day to day policy. This was foreseen and is the reason governance has delegation. However, more worriedly, it has also been observed that most people do not delegate either, leaving a large percentage of our voting population unrepresented.

          +

          Factors Limiting Delegation

          +

          One could think of three major reasons for this lack of delegation.

          +
            +
          • The voter does not know of anyone who accurately represents them.
            • +
          • The voter does not want their right to vote stripped, in consideration of some yet unknown, highly important, referendum.
            • +
          • The voter does not want to clear their voting data so as to delegate.
            • +
          +

          This RFC aims to solve the second and third issue and thus more accurately align governance to the true voter preferences.

          +

          An Aside

          +

          One may ask, could a voter not just undelegate, vote, then delegate again? Could this just be built into the user interface? Unfortunately, this does not work due to the need to clear their votes before redelegation. In practice the voter would undelegate, vote, wait until the referendum is closed, hope that there's no other referenda they would like to vote on, then redelegate. At best it's a temporally extended friction. At worst the voter goes unrepresented in voting for the duration of the vote clearing period.

          +

          Stakeholders

          +

          Runtime developers: If runtime developers are relying on the previous assumptions for their VotingHooks implementations, they will need to rethink their approach. In addition, a runtime migration is needed. Lastly, it is a serious change in governance that requires some consideration beyond the technical.

          +

          App developers: Apps like Subsquare and Polkassembly would need to update their user interface logic. They will also need to handle the new error.

          +

          Users: We will want users to be aware of the new functionality, though not required.

          +

          Technical Writers: This change will require rewrites of documentation and tutorials.

          +

          Explanation

          +

          New Data & Runtime Logic

          +

          The new logic allows a delegator's vote on a specific poll to override their delegation for that poll only. When a delegator votes, their delegated voting power is temporarily "clawed back" from their delegate for that single referendum. This ensures a delegator's direct vote takes precedence.

          +

          The core of the algorithm is as follows:

          +
            +
          1. +

            Calculating a User's Voting Power: A user's total voting power on any given poll is their own balance plus the total balance delegated to them, minus the total amount retracted by any of their delegators who chose to vote directly on that poll.

            +
            2. +
          2. +

            Tracking Clawbacks: When a delegator votes, the system records the full amount of their delegated stake as "retracted" on their delegate's account for that specific poll. This clawback is always for the delegator's full delegated amount, regardless of the amount they personally vote with. This is for simplicity and to avoid making assumptions about the delegator's intent. Crucially, clawbacks from multiple delegators can be accumulated, such that only one tracking entry per referendum is necessary.

            +
            3. +
          +

          Here is how the logic plays out in different scenarios:

          +
            +
          • +

            When a Delegator Votes:

            +
              +
            1. Alice delegates 10 UNITS to Bob. She then votes 'Aye' on Referendum #5 with her own 5 UNITS.
              2. +
            2. The system adds Alice's 5 UNITS to the 'Aye' tally for Referendum #5.
              3. +
            3. Simultaneously, the system creates a "retracted votes" entry on Bob's account, specific to Referendum #5, for the full 10 UNITS. If he had already voted, the tally would be adjusted to remove Alice's 10 UNITS.
              4. +
            4. If Bob now votes, or changes his previous vote, his voting power will be his own balance plus all delegations except for Alice's 10 UNITS for this specific poll.
              5. +
            +
            • +
          • +

            When a Delegator Removes Their Vote:

            +
              +
            1. Following the above, Alice removes her vote from Referendum #5.
              2. +
            2. The system removes her 5 UNITS from the 'Aye' tally.
              3. +
            3. The system also removes the "retracted votes" entry from Bob's account. This action "returns" the 10 UNITS of voting power to Bob for Referendum #5. If Bob has a vote, the poll tally is updated accordingly.
              4. +
            4. The cleanup of the delegate's state is handled by the delegator's transaction to ensure no orphaned data remains.
              5. +
            +
            • +
          +

          A key consequence of this design is that a delegator's vote can alter their delegate's storage. If adding a "retracted votes" entry pushes the delegate's voting data beyond the MaxVotes limit, the delegator's transaction will fail. A new error will be introduced to signal this specific case. While a constraint, this will incentivize delegates to regularly clear their voting data for concluded referenda, and given our current referenda rates and MaxVotes set to 512, this scenario is unlikely to occur.

          +

          Locked Balance

          +

          A user's locked balance will be the greater of the delegation lock and the voting lock.

          +

          Migrations

          +

          A multi-block runtime migration is necessary. It would iterate over the VotingFor storage item and convert the old vote data structure to the new structure.

          +

          Drawbacks

          +

          There are two potential drawbacks to this system -

          +

          An unbounded rate of change of the voter preferences function

          +

          If implemented, there will be no friction in delegating, undelegating, and voting. Therefore, there could be large and immediate shifts in the voter preferences function. In other voting systems we see bounds added to the rate of change (voting cycles, etc). That said, it is unclear whether this is desired or advantageous. Additionally, there are more easily parameterized and analytically tractable ways to handle this than what we currently have. See future directions.

          +

          Lessened value in becoming a delegate

          +

          If a delegate's voting power can be stripped from them at any point, then there is necessarily a reduction in their power within the system. This provides less incentive to become a delegate. But again, there are more customizable ways to handle this if it proves necessary.

          +

          Testing, Security, and Privacy

          +

          The changes herein would allow for a cost-symmetric grief in which a delegator votes on every referendum, adding more votes to the delegate's record, then accepts the lock and waits until the delegate themselves pays to remove the vote from their record-- costing the delegate cost_of_removal_per_ref * number_of_refs_not_voted_on. This cost will inevitably be small and accepted by aspirational delegates, considering they'll be voting on most refs anyway. However, for those who don't want to incur the possibility of this cost, we introduce a per voting class flag that toggles delegator voting on/off.

          +

          In addition, these changes would mean a more complicated STF, which would increase the difficulty of hardening. Though sufficient unit testing should handle this with ease.

          +

          Performance, Ergonomics, and Compatibility

          +

          Performance

          +

          The proposed changes would increase both the compute and storage requirements by about 2x for all voting functions. No change in complexity.

          +

          Ergonomics

          +

          Voting and delegation will both become more ergonomic for users, as there are no longer hard constraints affecting what you can do and when you can do it.

          +

          Compatibility

          +

          Runtime developers will need to add the migration and ensure their hooks still work.

          +

          App developers will need to update their user interfaces to accommodate the new functionality. They will need to handle the new error as well.

          +

          Prior Art and References

          +

          A current implementation can be found here.

          +

          Unresolved Questions

          +

          None

          + +

          It is possible we would like to add a system parameter for the rate of change of the voting/delegation system. This could prevent wild swings in the voter preferences function and motivate/shield delegates by solidifying their positions over some amount of time. However, it's unclear that this would be valuable or even desirable.

          (source)

          Table of Contents

            diff --git a/proposed/0145-remove-unnecessary-allocator-usage.html b/proposed/0145-remove-unnecessary-allocator-usage.html index 59ea877..3dcd437 100644 --- a/proposed/0145-remove-unnecessary-allocator-usage.html +++ b/proposed/0145-remove-unnecessary-allocator-usage.html @@ -90,7 +90,7 @@ @@ -924,7 +924,7 @@ $$

            - @@ -938,7 +938,7 @@ $$

            - diff --git a/proposed/0154-multi-slot-aura.html b/proposed/0154-multi-slot-aura.html index 39a1673..c59c678 100644 --- a/proposed/0154-multi-slot-aura.html +++ b/proposed/0154-multi-slot-aura.html @@ -90,7 +90,7 @@ @@ -266,7 +266,7 @@ This approach is compatible with the Slot-Based collation and the currently depl