CODEX-MARKETPLACE: New Raw RFC

[jimstir]

A raw RFC for Codex marketplace design. Open discussion to create a Codex node RFC which should be referenced in this RFC and future Codex RFCs.

Implementation Reference: nim-codex

[jimstir]

This is vaguely defined in the write up. I am proposing that the next RFC should be a Codex node raw rfc. The reference implementation: codex-node

[emizzle]

This is likely a bit off. Are we defining specs for our current implementation or for the end result of what Codex will be in the future?

Codex node roles are defined in the (WIP) whitepaper and likely could be used here. Will DM the link to you.

[jimstir]

Currently defining this spec based on current implementation, past and future designs can be mentioned.

[emizzle]

Great first draft, thank you for starting this!

Is this spec meant to represent the current implementation of Codex, or what it will be as a final product?

[jimstir]

Is this correct, or is it just cancelled?

[dryajov]

Not sure if cancelled is implemented as of now, but we should support it, in that case cancelled and failed are correct states.

[jimstir]

Proposed a separate RFC for dispersal, currently in draft. Should this stay separate or combine into this rfc? #39

[AuHau]

Great start, especially considerating you had to dig up all the details! IMHO it needs a lot of work to have it really in usable state. I will try to help you as much as I can to get it there. I would like to see few things clarified and few to work in.

1. Can you please elaborate "what are we specing"? Are we specing the smart contract or module implementation that interacts with the smart contracts? This should be clarified and also noted in the document. IMHO this spec should be the second.
2. Do you have experience writing spec with "external driver" like a smart contract? Very often some state is dictated by the smart contract and this happens "automatically". Quick question, how much are you familiar with smart contracts and how they work/operate? It would be good idea to find maybe some examples from other projects on how to write this sort of spec.
3. I would like to have some diagram about the states flow of purchasing (eq. client request storage) and sales (eq. storage provider fills the slot) to explain it better to the reader. An example: https://github.com/codex-storage/nim-codex/blob/8b12934fe242381df8a65ac6afd32c6e171dac4a/codex/purchasing/purchase.nim#L6

These are just my initial thoughts, I will do another pass of the review to give more inputs.

[AuHau]

Suggested change

	| Validator Nodes | A Codex node that collects, validates and submits missing storage proofs for a reward. |
	| Validator Nodes | A Codex node that check for missing storage proofs and triggers for a reward. |

In the future, there will be Aggregator nodes that will collect and submit proofs on-chain. In the current design, Validators only check if there are missing proofs. If so, they mark them on-chain, which then triggers slashing and eventually leads to removing the failed host and starting the repair process.

[AuHau]

I am not so familiar with RFC terminology as this is my first main dive into "specs", but I am wondering about the RECOMMENDED part here. Currently, we support only this erasure coding technique. If somebody writes an alternative implementation of Codex and decides to use different erasure coding, they would be effectively non-compatible with "our" Codex as our implementation would not know how to reconstruct the data from the other implementation. Of course, at some point, we could add a new erasure coding technique, but IMHO then the RFC should be amended with the requirement that all implementations will implement the new erasure coding technique in order to maintain the network compatibility.

Soooo shouldn't this be a MUST?

[jimstir]

Sorry I am editing my response from previously, it should be changed to a SHOULD instead of MUST because an implementor can still use a different encoding algorithm and create a slot. Even if the data can not be decoded with wrong erasure coding method, do storage providers check if the proper erasure coding is used before storing the data? This RECOMMENDED I assumed an implementer could use a different algorithm if desired and only run into problems when trying to decode.

[AuHau]

I guess the spec for how to do this exactly should be referenced in some other RFC?

[jimstir]

I will open this for discussion at a later time. @dryajov

[AuHau]

Are we specifying here required parameters for the storage request? Because there is quite much more. Pretty much all the parameters of Request (see here) object needs to be specified (eq. non-zero).

[jimstir]

This describes the required values that a client should provide with a storage request transaction. Is it required that an implementor create the same objects as your reference implementation (here)?

[AuHau]

Wondering about the MUST here. This is done "automatically" by the smart contract, not the node. What needs to happen though, is that the Client node SHOULD withdraw back the remaining funds from the Request and the SPs that filled the slot before expiry SHOULD collect the partial payout for the time they were filling the slot. These actions are not required as the money can be kept in the smart contract indefinitely.

[jimstir]

MUST here describes that the implementation must have all slots of a given request filled before the state is changed to Started, the objects RequestState object. I assumed that the Codex node set a predefined value for expiry instead of the requester creating a new value for each request. As for funds associated with the request, the next statement defines, "If canceled, collateral SHOULD be returned to any storage providers and
reward returned to the requester." Should this statement mention partial payout for time waiting for state change to Started?

[dryajov]

I assumed that the Codex node set a predefined value for expiry instead of the requester creating a new value for each request.

Currently, the requester defines the timeout. The reasoning is that, the requester should define how long it wants to wait for it's contract to start, the minimum and maximum wait values are unspecified as of now, but its something we might want to consider.

Should this statement mention partial payout for time waiting for state change to Started?

Yes, nodes that have provided storage proofs during the "contract initiation" phase, should be compensated (at least this is the current thinking), and as such this should be captured.

[dryajov]

Wondering about the MUST here. This is done "automatically" by the smart contract, not the node.

Regardless of who is initiating this it "MUST" happen.

[AuHau]

What does "SHOULD" mean in this context?

[jimstir]

You are correct, this should be MUST.

[AuHau]

Suggested change

	client nodes MUST split the dataset into data chunks, $(c_1, c_2, c_3, \ldots, c_{20})$.
	client nodes MUST split the dataset into data chunks, $(c_1, c_2, c_3, \ldots, c_{x})$.

We do not split data only into 20 chunks...

[AuHau]

All these parameters are required so most probably it should be MUST?

[jimstir]

MAY in this context refers to the requester's choice of creating a new transaction. SHOULD in this context refers to the requester providing the values for the request. In most cases a MUST is used for described the behavior of the application itself not the user because a user may not provide all the values.

[AuHau]

Again there is the question of "what are we specing here":

the collateral MUST be forfeited

It is not like the nodes MUST "forfeit" their collateral by doing some smart contract call. This is handled by the smart contract in the form of slashing. As smart contracts can not "act automatically" (eq. they automatically slash collateral when nodes miss their proof), these actions need to be triggered by somebody submitting transaction (and paying for it), we could potentially talk about who SHOULD/MUST do this triggering. But honestly I would leave that to separate section where we should spec how Validator node should behave.

Suggested change

	fails to provide enough proofs of storage, the `collateral` MUST be forfeited.
	miss the critical amount of submitted proofs of the storage, the `collateral` will be slashed. If a critical amount of `collateral` is slashed, then the slot is vacated and the repair process kicks in.

[jimstir]

I agree forfeited may be the wrong term to use here. From my understanding slashing refers to a user losing a portion of their tokens. This should be mention as well as total lost of collateral when maxNumOfSlashing occurs.

[dryajov]

I think forfeited is an appropriate term here, I also think that leaving the mechanics of how this is accomplished open ended is the right approach here. The fact that a contract cannot trigger actions internally and has to be externally initiated is an implementation detail, and a limitation of the underlying execution environment and should be captured in a different spec, possibly by the validator spec.

IMO, this spec should be generic enough, that it can be implemented on top of a different execution environment altogether.

So, I overall agree with the current wording.

[dryajov]

An ephemeral node isn't a light client, in fact we avoid the usage of the term light client al together, due to it's ambiguity.

[dryajov]

We should list Mark here as well (I can't tag him in this repo, he should be invited - https://github.com/markspanbroek)

[jimstir]

@markspanbroek

[dryajov]

Great start, lets have Mark review this as well.

[markspanbroek]

Great work pulling this together @jimstir! Sorry that it took me a while to review it; I've had a lot of other things on my todo list. But here's my review, it looks good overall but I have some suggestions below.

[markspanbroek]

The description of node dispersal is now moved inside this document, so we don't need this reference anymore, I think.

[markspanbroek]

This should become a reference to the paragraph below, instead of a reference to a separate document.

[markspanbroek]

Suggested change

	- Mark <mark@status.im>
	- Mark <mark@codex.storage>

[markspanbroek]

Should you not be in the list of contributors @jimstir?

[jimstir]

True 👍

[markspanbroek]

I would remove this last part about the ephemeral module. I don't think it helps to explain what a client node does, yet raises all sorts of questions that are not answered in this document.

[markspanbroek]

Suggested change

	Before a storage provider can download the data, they MUST be selected to obtain a reseversation of a slot.
	Before a storage provider can download the data, they MUST obtain a reservation for a slot.

[markspanbroek]

Suggested change

	The Codex network handles selection by using Kademlia distance function to select eligible storage providers per slot.
	The Codex network uses an expanding window based on the Kademlia distance function to select storage providers that are allowed to reserve a slot.

[markspanbroek]

The word "block" is rather ambiguous in our context, so I'd mention specifically that it's the Ethereum blockhash.

[markspanbroek]

It's not clear to me what A and A_0 mean in this context.

[markspanbroek]

We should probably specify what F is here.

[dryajov]

Not sure where this came from, Codex isn't about data availability, it is strictly about data durability.

[jimstir]

I found this in the codex white-paper, data availability is mentioned often. "This makes data availability one of the principal requirements for decentralized storage. To reach that goal, Codex implements strong incentives and a robust data dispersion scheme that allows for extreme flexibility at the moment of accessing a dataset."

[dryajov]

Don't use light client, better use resource restricted devices.

Suggested change

	Support for light clients, like mobile devices should also be embraced.
	Support for resource restricted devices, like mobile devices should also be embraced.

[dryajov]

I would remove this phrasing. This isn't a concrete goal that can be properly quantified.

[dryajov]

I've noticed this before, but forgot to bring it up - we should not store the Cid as a string but as a byte array/string. It should be changed in the contract implementation and should be correctly captured here.

@markspanbroek @emizzle @AuHau

[markspanbroek]

Good point, we should be using the binary format instead of the stringified form. Adam already created an issue for this: codex-storage/codex-contracts-eth#107

[dryajov]

This wording is a bit weird, I'm not sure what it means.

[jimstir]

Added this in response to feedback from mark, here. I'll word differently

[AuHau]

Okey, I did another round of review, this time I took more direct approach and took the liberty to make more suggestion edits in order to better align. I did not manage to go through the whole document just yet, I will continue later.

[AuHau]

Suggested change

	- Adam <adam[email protected]>
	- Adam <adam@codex.storage>

Should we maybe use our Codex.storage emails?

[AuHau]

Suggested change

	- MUST be a sha-256 hash, [CIDv1](https://github.com/multiformats/cid#cidv1)
	- MUST be a [CIDv1](https://github.com/multiformats/cid#cidv1) with sha-256 based [multihash](https://github.com/multiformats/multihash)

[AuHau]

@markspanbroek interesting, the issue you are linking was only meant for the Availabilities in nim-codex, not for contracts. Should we then change it on the contract level as well? I mean, it makes sense to me, just then I will create issue in the contracts repo to be clear about it, if you agree.

[AuHau]

Suggested change

	The following is related to storage provider who has offered `collateral`
	The following is related to storage provider who has offered `collateral`.

[AuHau]

Suggested change

	and a portion SHOULD be offered as a reward to other storage providers that repair empty [slots](#slots).
	and a portion SHOULD be offered as a reward to other storage providers that repair freed [slots](#slots).

When SPs are kicked out of the slot because of missing too many proofs we "free" the slot and they are then "freed", so lets have the terminology synced please.

[AuHau]

Suggested change

	If the request does not attract enough storage providers after a time set by the requester,
	which is defined by as `expiry`,
	the request MUST be `canceled`.
	If the request does not attract enough storage providers after a time defined by `expiry` runs out, the request is `canceled`.

[AuHau]

Suggested change

	If canceled,
	`collateral` SHOULD be returned to all storage providers that participated in the initiation of the request,
	including a portion of the `reward`.
	If canceled, the storage provider SHOULD initiate a transaction call in order to get back its `collateral` together with a portion of the `reward`.

[AuHau]

Suggested change

	- it is an REQUIRED amount to be included in the transaction for a storage request.
	- it is REQUIRED that the client node [approves](https://docs.openzeppelin.com/contracts/4.x/api/token/erc20#IERC20-approve-address-uint256-) the total amount of `reward` tokens for the given Marketplace smart contract address before making the transaction

ERC20 are not "included with a transaction" like Eth, but the contract "transfers the tokens from the account of the sender to the account of the smart contract"... For this it needs to have approval from the sender.

[AuHau]

I am a bit confused by the "SHOULD" here. We do not offer any other pricing mechanism, like "reward for the whole storage request" or something like that. Should it be therefore really "SHOULD"?

Suggested change

	- it SHOULD be amount of tokens offered per byte per second
	- it MUST be amount of tokens offered per byte per second

[jimstir]

I suggested SHOULD as the user is free to enter any amount with the request transaction. If Codex marketplace rejects a storage request transaction because the reward was not sufficient then it can be a MUST.

[AuHau]

I see, okey, agree 👍

[AuHau]

Suggested change

- it MUST be paid directly to storage providers who fill slots for the `duration` of the request

This is wrong, first, the tokens go to the smart contract for safe-keeping and they are released to the storage providers only after the storage request successfully finishes.

[jimstir]

Changed to, "After tokens are received by the Codex Marketplace,
it MUST be released to storage providers who successfully fill slots until the storage request is complete."

[jimstir]

Discussion moved to codex-storage/codex-spec#2