slidechain: possible flakiness in post-pegout tx

[bobg]

The post-pegout TxVM transaction retires exported funds after a successful peg-out on the Stellar side. (Alternatively, it repays the TxVM funds to the exporter if pegging out encounters a permanent error.)

This works by invoking the second phase of a smart contract in which the TxVM funds were locked during export. Invoking the second phase means constructing the contract in the exact form it had at the end of its first phase, which ended with output. Reconstructing the contract happens here.

A possible problem here is that the refdata value on the contract's stack is computed via a call to json.Marshal (here).

This is probably fine. On the other hand, the encoding/json package does not make a guarantee about always producing the bytewise identical output for the same input. If a future version of encoding/json produced an equivalent JSON object encoded slightly differently, it could lead to a loss-of-funds scenario.

A safer approach would be to store the JSON string from the contract's phase 1 in the database, then recover and double-check it during phase 2, instead of recomputing it.