Introducing AssetBalance type

[Janislav]

Pull Request

Closes: PRO-1466

Checklist

Please conduct a thorough self-review before opening the PR.

• I am confident that the code works.
• I have written sufficient tests.
• I have written and tested required migrations.
• I have updated documentation where appropriate.

Summary

Please include a succinct description of the purpose and content of the PR. What problem does it solve, and how? Link issues, discussions, other PRs, and anything else that will help the reviewer.

Non-Breaking changes

If this PR includes non-breaking changes, select the non-breaking label. On merge, CI will automatically cherry-pick the commit to a PR against the release branch.

[codecov]

Codecov Report

Attention: Patch coverage is 87.46439% with 44 lines in your changes missing coverage. Please review.

Project coverage is 70%. Comparing base (e7c9706) to head (2f52dce).

Files with missing lines	Patch %	Lines
state-chain/primitives/src/accounting.rs	86%	18 Missing ⚠️
state-chain/pallets/cf-asset-balances/src/lib.rs	83%	12 Missing and 2 partials ⚠️
state-chain/runtime/src/lib.rs	0%	0 Missing and 7 partials ⚠️
api/lib/src/queries.rs	0%	5 Missing ⚠️

Additional details and impacted files

@@          Coverage Diff           @@
##            main   #5290    +/-   ##
======================================
- Coverage     70%     70%    -0%     
======================================
  Files        487     488     +1     
  Lines      87463   87568   +105     
  Branches   87463   87568   +105     
======================================
+ Hits       61511   61519     +8     
- Misses     22672   22758    +86     
- Partials    3280    3291    +11     

Flag	Coverage Δ
	70% <87%> (-<1%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[dandanlen]

I think there are some issues with this.

I want to have a go at refactoring it, I have some ideas on how to split up the types/traits etc a bit more clearly.

Will put the PR in draft mode for now.

[dandanlen]

nit: some of these doc comments don't add much information.

[dandanlen]

What happened to must_use?

[dandanlen]

These methods should not exist. If we allow the checks to be trivially avoided like this, then this whole change is a bit pointless.

[Janislav]

We also had methods like this in your first draft, so I was thinking this can be useful or should be possible. But yeah, I was also wondering...

[dandanlen]

Nope the first draft didn't have these. The reason was that we also want to try to track ownership (this why we don't implement Clone or Copy).

[dandanlen]

These don't need to be derived, they are provided through partial_cmp

[dandanlen]

Since we don't actually own these assets, I don't think use AssetBalance is correct here - should be AssetAmount.

[Janislav]

I don't understand what you mean by "own"

[dandanlen]

What I mean is that the idea is that AssetBalance represents some assets that owned by network: controlled by the validators. Liabilities is for tracking things that are owed by the network: fees we have paid and need to refund, for example.

[dandanlen]

Here too - the amount owed is not some amount of asset that is owned on-chain, it's amount that is owed. I think using AssetAmount here would make more sense.

[Janislav]

It makes sense in a way that everywhere you use AssetBalance you have more guarantees, and it's saver to use also if you change the implementation in the future. If you assume that the implementation is 100% correct, and we will never do any changes again that could introduce new bugs mixing up assets or accounting assets in a wrong way, then there is not much point in changing it at all in my opinion.

[dandanlen]

I agree checking the Asset might make sense here, but this is a rare case where we're comparing assets (owned) to liabilities (not owned). Most of the time we are dealing exclusively with assets owned by the network.

[dandanlen]

This also doesn't make much sense: we effectively delete other, which is what we're trying to avoid.

[Janislav]

That is exactly what we want, or? We have 2 assets, we add the other asset to self, so other doesn't exist anymore (burned/destroyed/what ever). The whole point of this is to use the type system of rust to enforce handling an
value of an AssetBalance type in a way of a physical thing that is gone after I have used it. Like a coin for ex. I am a bit confused now...

[dandanlen]

Yes this function signature would make sense for adding, but not reducing. How can can you reduce an amount by consuming some other amount? You can't.

[Janislav]

I think you can. Lets say you have two Assets. A (self) is 50 B (other) is 30. You reduce A by B. B is consumed by saturating_reduce and A is 20. B is consumed and gone. Makes total sense to me.

[dandanlen]

Where did B go in this example?

It's like saying: I have €10 and you give me €2, I reduce my 10 by 2 and now I have €8.

[dandanlen]

This doesn't take ownership of self, so it duplicates funds: after calling this, the caller still owns self but now also has the result, which is self+other.

[Janislav]

Indeed, the doc comment is not correct here. I changed the implementation after writing this. The intense was to have exactly something like checked_add (which is useful) but with the check of the assets.

[dandanlen]

There were 2 things we wanted to achieve: 1. avoid mixing assets. 2. avoid duplicating funds. This method duplicates funds.

[Janislav]

Okay, I see what you mean... It's true that checked_add doesn't make a lost of sense here

[dandanlen]

Same.

[dandanlen]

I think deriving these is fine. (same for Ord and PartialEq).

[dandanlen]

In fact maybe it makes sense to not implement Eq/PartialEq (or only PartialEq?)... We might want to compare asset, or amount, but one balance is only equal to another balance if they are then same and we are ensuring that we can't duplicate balances.

In other words: if I have 1€ and you have 1€, we have the same amounts, and the same currency, but they are not the same coins. So asking "is my coin equal to yours?" is kind of meaningless.

Also Ord: it doesn't make sense to compare $1 to 1FLIP, so PartialOrd might be sufficient (which can return an ordering of None).

[Janislav]

My 2 cents: So after reading your comments, I am not sure if this change really makes a lot of sense. The only real benefit we get is that we are more safe in the future with the guarantee a new type can offer (don't mix assets, don't account in a wrong way). It will not add more benefit to our current codebase (assuming it is correct) other than making the code more complex because it's more complex to handle this type and possibly adding new bugs because we have to do a lot of refracting. Most likely we will end up in a scenario where we use in some places AssetBalance and in some other AssetAmount and after some time no one will remember why we use type A here and type B there and everything is getting even more confusing.

[dandanlen]

You're entitled to your opinion - I think the change makes sense if we can figure out how to implement it properly and with minimal friction. We have had bugs in the past that would have been caught by a system like this.

assuming it is correct

Exactly - we have to just 'assume' that everywhere we deal with asset balances, it's always correct. Instead, if we make this change, we only have to assume that the AssetBalances type is implemented correcty. That's a much smaller assumption :)

I agree it's not an urgent priority though - I'll keep working on it in the background.