Background
DEX is planned to be implemented as Iroha 2.0 module.
Action items
Problem
Decentralized exchange provides an ability to transfer assets between accounts in exchange for other assets. :
Peer to Peer Scenario
Plant UML
@startuml
Buyer -> Iroha: Place Exchange Order(20XOR, 100USD)
Seller -> Iroha: Place Exchange Order(100USD, 20XOR)
Iroha -> Iroha: Transfer 20XOR from Seller to Buyer
alt Success:
Iroha -> Iroha: Transfer 100USD from Buyer to Seller
end
@enduml
So Iroha should secure peer to peer exchanges across the ledger from malicious actions. In this case Iroha does a good job, the only thing it should check is an ability to transfer assets from and to accounts.
But there are more corner cases when we deal with exchanges via bridge:
Peer to Peer across Bridge Scenario
- Cross blockchain rates should be taken into consideration
- Iroha should prevent double spent of assets
- Additionally to transferring assets, Iroha should mint and de-mint them
Simple scenario:
Plant UML
@startuml
Buyer -> Iroha: Place Exchange Order(20ETH, 1BTC)
Seller -> Iroha: Place Exchange Order(1BTC, 20ETH)
Iroha -> "BTC bridge": Mint 1BTC to Seller
alt Success:
Iroha -> Iroha: Transfer 1BTC from Seller to Buyer
alt Success:
Iroha -> "ETH bridge": Mint 20ETH to Buyer
alt Success:
Iroha -> Iroha: Transfer 20ETH from Buyer to Seller
end
end
end
@enduml
Liquidity Pools is another dimension in this set of scenarios for Decentralized Exchanges. Basically it can be used in pair with or without bridges, so let's take a more clean example without them. But let's not stick to an Exchange Pair and work with multi-currency liquidity:
Plant UML
@startuml
"Liquidity Provider" -> Iroha: Register Exchange Liquidity [20XOR, 20ETH, 1BTC]
Seller -> Iroha: Place Exchange Order(1BTC, 20ETH)
Iroha -> "BTC bridge": Mint 1BTC to Seller
alt Success:
Iroha -> Iroha: Transfer 1BTC from Seller to "Liquidity Provider"
alt Success:
Iroha -> Iroha: Transfer 20ETH from "Liquidity Provider" to Seller
end
end
@enduml
From the high level perspective this scenario looks very similar with two previous because all of them are based on top of two Iroha functions:
- Assets Transfer
- Iroha Triggers
Resulting Behavior
Let's write all three scenarios as one feature description according to BDD with more details:
Click here to expand...
Feature: Decentralized Exchange
Scenario: Buyer exchanges 20xor for 100usd
Given Iroha Peer is up
And Iroha DEX module enabled
And Peer has Domain with name exchange
And Peer has Account with name buyer and domain exchange
And Peer has Account with name seller and domain exchange
And Peer has Asset Definition with name xor and domain exchange
And Peer has Asset Definition with name usd and domain exchange
And buyer Account in domain exchange has 100 amount of Asset with definition usd in domain exchange
And seller Account in domain exchange has 20 amount of Asset with definition xor in domain exchange
When buyer Account places Exchange Order 20xor for 100usd
And seller Account places Exchange Order 100usd for 20 xor
Then Iroha transfer 20 amount of Asset with definition xor in domain exchange from seller account in domain exchange to buyer account in domain exchange
And Iroha transfer 100 amount of Asset with definition usd in domain exchange from account buyer in domain exchange to seller account in domain exchange
Scenario: Buyer exchanges 1btc for 20eth across bridges
Given Iroha Peer is up
And Iroha Bridge module enabled
And Iroha DEX module enabled
And Peer has Domain with name exchange
And Peer has Account with name buyer and domain exchange
And Peer has Account with name seller and domain exchange
And Peer has Asset Definition with name btc and domain exchange
And Peer has Asset Definition with name eth and domain exchange
And Peer has Bridge with name btc and owner btc_owner
And Peer has Bridge with name eth and owner eth_owner
And eth Brdige has buyer Account in domain exchange registered
And btc Brdige has seller Account in domain exchange registered
When buyer Account places Exchange Order 20xor for 100usd
And seller Account places Exchange Order 100usd for 20 xor
Then Iroha mint 1 amount of Asset with definition btc in domain exchange to seller Account in domain exchange using btc Bridge
And Iroha mint 20 amount of Asset with definition eth in domain exchange to buyer Account in domain exchange using eth Bridge
And Iroha transfer 1 amount of Asset with definition btc in domain exchange from seller account in domain exchange to buyer account in domain exchange
And Iroha transfer 20 amount of Asset with definition eth in domain exchange from buyer account in domain exchange to seller account in domain exchange
Scenario: Buyer exchanges 20xor for 100usd
Given Iroha Peer is up
And Iroha DEX module enabled
And Peer has Domain with name exchange
And Peer has Account with name liquidity_provider and domain exchange
And Peer has Account with name seller and domain exchange
And Peer has Asset Definition with name xor and domain exchange
And Peer has Asset Definition with name btc and domain exchange
And Peer has Asset Definition with name eth and domain exchange
And liquidity_provider Account in domain exchange has 1 amount of Asset with definition btc in domain exchange
And liquidity_provider Account in domain exchange has 20 amount of Asset with definition eth in domain exchange
And liquidity_provider Account in domain exchange has 20 amount of Asset with definition xor in domain exchange
And seller Account in domain exchange has 20 amount of Asset with definition eth in domain exchange
When liquidity_provider Account registers Exchange Liquidity 20xor and 20eth and 1btc
And seller Account places Exchange Order 20eth for 1btc
Then Iroha transfer 1 amount of Asset with definition btc in domain exchange from seller account in domain exchange to liquidity_provider account in domain exchange
And Iroha transfer 20 amount of Asset with definition eth in domain exchange from liquidity_provider account in domain exchange to seller account in domain exchange
Solution
DEX realated entities could be represented via Iroha model (Domains, Assets and their definitions), while complex sequences of actions could be implemented via Iroha Special Instructions + Triggers.
Decisions
- Introduce a new module "DEX" with a dependency on "Bridge" module with additional set of Iroha Special Instructions and Queries and new Abstractions like Order (Combination of a Trigger and Asset with a predefined Asset Definition)
- Implement Use cases
- Implement Iroha Special Instructions DSL
Alternatives
- Provide out-of-the-box entities and instructions for DEX - breaks modular approach giving to much information about private API to DEX module and making it mandatory for all peers once it introduced to the ledger
- Make World State View public API - removes possibility to improve internal processes without breaking back compatibility
Concerns
- Users without deep knowledge of Iroha model and instructions may fail to implement this
Assumptions
- Iroha modules need to be optional Iroha features
- Iroha Special Instructions DSL is separated from execution implementations
Risks
- Given functionality will not cover all corner cases `[3;8]`
- Performance may be insufficient for DEX `[2;9]`
5 Comments
Nikita Puzankov
Buyer should place an order to exchange 20ETH that it has for 1BTC from some seller. This order placed as trigger and assets in Iroha.
Seller may fulfill the order by minting 1BTC and transferring them to the buyer which will trigger a minting of 20ETH by buyer and transferring them to seller.
Nikita Puzankov
From Egor Ivkov
Iurii Vinogradov
Nikita, Sorry but DEX is not related to Iroha2 team. Thank you for the nice diagrams, but you cannot give tasks about DEX. There is a lot of needed functionality in Iroha2 core to be completed and to work on it - that is what for you. We already working on DEX in our fork.
When we will be ready to merge it with original iroha2 you will be able to discuss implementation. But before that time Iroha2 should meet requirements defined in previous RFCs.
You can ask for a call with me if you have questions and want to contribute.
Iurii Vinogradov
Comment from our team.
We'd like to focus on the case with the Liquidity pool because it is closer to what we are interested in. Focus on this case gives more chances to cover most questions, So it is better to iroha2 concepts used as an implementation for this case from Iroha2 team.
Our team also updated list of questions which we'd like to see covered in implementation example. Some requirements may depend on realization, but in general, it can be applied in all or in most cases.
Also, requirements from Iroha Additional Requirements should be taken into account during implementation of the example case.
Vladislav updated Asset-store data reading & writing RFC to make it more general. I will copy the text here to have everything in one place. The reader should focus on extracting general requirements for implementation and security.
* Asset-store data reading & writing
Consider a case of assets exchange with the following algorithm:
Requirements for this case are the following:
Additional requirements for the algorithm:
Another list of requirements from my side written in a little bit different way and in Broader context. Some of the requirements a the same with Vladislav's version, others extend it.
1. If we combine complex ISI using core ISI and we need to pass an argument from one ISI to another
(both inside complex ISI), how we can do it? For example, if we should send results of Math ISI to other
ISI or Transfer result nd amount to other ISI.
2. If the token can be minted to everyone, like a Pool token, but only if the specified function was executed(say and liquidity) how we can control that everyone can mint that asset, but only executing specified ISI.
3. How we can guarantee, that we can give access to change storage only for a specified set of complex instructions or triggers. It should be not possible to write a new complex ISI, that will change this storage.
For example, if this is a log of liquidity changes in a pool and we want only ISI which adds liquidity and others which removes liquidity can add this data. But everyone can add and remove liquidity, so we cannot use the user's authority here.
4. We need to guarantee that only specified ISI can change the storage and users cannot change it themself.
For example the same case with log data as from #3.
5. How will the information from the asset-stores get to any other ISI? Same as custom validation requirement from new requirements RFC. These checks might be needed when we add/get data from storage or when we pass arguments from one function to another.
6. How we can control who can write new complex ISI(or triggers or anything else) to work with specified storage and who cannot. Because seems that everyone can create their own complex ISI on the client-side and make changes
Nikita Puzankov