[Dijkstra] CIP-159-10: Apply batch-wide direct deposits in LEDGER rule (#1122)#1161
Open
williamdemeo wants to merge 1 commit into1117-cip-159-05-update-utxo-for-dir-deps-bal-intervalsfrom
Conversation
williamdemeo
force-pushed
the
1122-cip-159-10-update-ledger-direct-deps-and-account-bals
branch
from
6b7ea58 to
76e3fb5
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Applies CIP-159 batch-wide direct deposits at the end of a valid LEDGER transition by updating the final CertState (and ensuring the computational proof produces the same final state).
Changes:
- Update
LEDGER-Vto applyapplyDirectDeposits (allDirectDeposits tx)to the finalCertStateand use that state forrmOrphanDRepVotesand the outputLedgerState. - Update
computeProof(valid branch) to construct/use the same post-depositCertState. - Add documentation and a CHANGELOG entry describing ordering rationale and phantom-asset prevention.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| src/Ledger/Dijkstra/Specification/Ledger.lagda.md | Applies batch-wide direct deposits in LEDGER-V output and documents the ordering/rationale. |
| src/Ledger/Dijkstra/Specification/Ledger/Properties/Computational.lagda.md | Aligns computeProof output with the updated LEDGER-V post-deposit CertState. |
| CHANGELOG.md | Notes the behavioral/spec change for CIP-159 direct deposits in LEDGER-V. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
11 tasks
4 tasks
williamdemeo
force-pushed
the
1117-cip-159-05-update-utxo-for-dir-deps-bal-intervals
branch
from
37f2bf6 to
33b565b
Compare
williamdemeo
force-pushed
the
1122-cip-159-10-update-ledger-direct-deps-and-account-bals
branch
from
76e3fb5 to
f74ea80
Compare
williamdemeo
force-pushed
the
1117-cip-159-05-update-utxo-for-dir-deps-bal-intervals
branch
from
33b565b to
0c5d520
Compare
williamdemeo
force-pushed
the
1122-cip-159-10-update-ledger-direct-deps-and-account-bals
branch
from
f74ea80 to
a3ea21c
Compare
williamdemeo
force-pushed
the
1117-cip-159-05-update-utxo-for-dir-deps-bal-intervals
branch
from
0c5d520 to
389d947
Compare
williamdemeo
force-pushed
the
1122-cip-159-10-update-ledger-direct-deps-and-account-bals
branch
2 times, most recently
from
b889649 to
d08050d
Compare
#1122) After all sub-rule transitions (`SUBLEDGERS`, `CERTS`, `GOVS`, `UTXOW`), apply batch-wide direct deposits to the final CertState via `applyDirectDeposits` and `allDirectDeposits`. `Ledger.lagda.md`: + Update `LEDGER-V` output: compute `certStateFinal` by applying `allDirectDeposits` to `certState₂`, use `certStateFinal` in the output `LedgerState` and in `rmOrphanDRepVotes`; + `LEDGER-I` unchanged (invalid batches don't apply deposits); + Document direct deposit application ordering and phantom asset prevention rationale. `Ledger/Properties/Computational.lagda.md`: + Update `computeProof` valid branch to compute `certStateFinal` and use it in the output `LedgerState`. + Clean up redundant code.
williamdemeo
force-pushed
the
1122-cip-159-10-update-ledger-direct-deps-and-account-bals
branch
from
d08050d to
b7ce2de
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR closes Issue #1122.
NOTE FOR REVIEWER. This PR depends on #1160 (UTxO rules; Issue #1117) which added
accountBalancesthreading. The heavy lifting was already done in that PR; this PR merely adds the direct deposit application step to the LEDGER rule, so the target branch is that of PR #1160 (1117-cip-159-05-update-utxo-for-dir-deps-bal-intervals).Changes
src/Ledger/Dijkstra/Specification/Ledger.lagda.md:Updated
LEDGER-Voutput. After all sub-rule transitions, batch-wide direct deposits are applied to the finalCertState:The output
LedgerStateusescertStateFinalinstead ofcertState₂, andrmOrphanDRepVotesreceivescertStateFinalso it sees the post-deposit state.LEDGER-Iunchanged since invalid batches (IsValidFlagOf tx ≡ false) do not apply direct deposits, consistent with existing collateral collection semantics.New documentation. Explains the application ordering and the phantom asset prevention rationale.
src/Ledger/Dijkstra/Specification/Ledger/Properties/Computational.lagda.md:Updated
computeProof(valid branch). ComputescertStateFinaland uses it in the outputLedgerState. The invalid branch is unchanged.completeness(valid branch) Requires no changes — bothcomputeProofand theLEDGER-Vconclusion compute the samecertStateFinalterm, soreflholds.Design Notes
Batch-level, not per-sub-transaction. Direct deposits are applied once after all transitions, not interleaved with sub-transaction processing. CIP-159 explicitly forbids per-sub-transaction application to prevent phantom asset attacks (where a deposit from one subtransaction inflates the balance available for withdrawal by another subtransaction).
Applied after CERTS. Withdrawals in
CERTSare checked against pre-batch balances (viaaccountBalancesinUTxOEnv). Applying deposits after ensures withdrawals can't access freshly deposited funds within the same batch.depositsChangeusescertState₂, notcertStateFinal. The deposit change computation reflects registration/deregistration deposit changes only — not direct deposit value transfers. This is correct because direct deposits are not gov proposal deposits.rmOrphanDRepVotesusescertStateFinal. Semantically correct (it should see the final DRep state), though in practiceapplyDirectDepositsonly modifiesrewards, notvoteDelegsordreps, so the result is the same either way.allDirectDepositsandapplyDirectDepositsare pre-existing.allDirectDeposits(inTransaction.lagda.md) aggregates direct deposits across the batch using∪⁺.applyDirectDeposits(inCerts.lagda.md) applies them to aDStatevia∪⁺.Acceptance criteria checklist
accountBalancesfield inUTxOEnv/SubUTxOEnv/SubLedgerEnv(done in [Dijkstra] CIP-159-05: Update UTxO rules for direct deposits and balance intervals #1117)LEDGER-VpopulatesaccountBalancesfromcertState₀(done in [Dijkstra] CIP-159-05: Update UTxO rules for direct deposits and balance intervals #1117)LEDGER-VoutputLEDGER-Idoes NOT apply direct depositscomputeProofupdated for new output--safeChecklist
CHANGELOG.md