Document limitation/assumption of the system (ALD)

[boolafish]

Using this as a place holder first and also a tracker of the task. We want this for both us and the auditor and our user to be easier to track our system.

[boolafish]

Limitation

• Global assumption of the design
  • outputId should be unique
  • tx bytes should be unique aside from deposit tx
  • exitableAt timestamp using size of 64 bits (Limit from priority implementation)
  • txpos should not exceed 128 bit size. (Limit from priority implementation)
  • at most enqueue 2^64 -1 times. enqueue using nonce of size 64
• Assumption on current exit games
  • output index is max to TX_OFFSET (10000)
  • exit id protects collision with 151 bits instead of 160 or 256.
  • utxoPos can at most be uint192. We use 192 to optimize gas saving cost.

Flow

• PaymentExitGame contract should renounceOwnership before register to PlasmaFramework.
  • we use OutputGuardParserRegistry and PaymentSpendingConditionRegistry to inject dependency for PaymentExitGame.
  • The reason is we want the main code to not need to re-audit and only re-audit the extension part.
  • However, we don't want it to be injectable after registering to the framework, thus need to renounceOwnership to block the feature after things are set.

Abstraction Assumption on Exit Game contracts (Currently Payment Tx only)

• Wire Transaction:
  • tx type is of the first field during RLP encoding
  • output lists is of the third field of the transaction. And each output is of the format: (outputType, guard, token, amount)