Add "maximum theoretical fee" to ZIP-317 to provide a wallet safeguard.

[shielded-nate]

A bug in the wild lead to user coin loss in the form of sending (implicit) transaction fees which were very large (> 1 ZEC according to the grapevine).

Given ZIP-317 compliant wallets, there is a theoretical maximum fee which is "maximum number of actions that could fit into the largest txn that could fit into a single block". A ZIP-317 section could spell this out as a "belt-and-suspenders" safe-guard: if the fee is larger than this, wallets should abort sending the txn if possible. Also, nodes should avoid relaying if possible to help buggy wallets as a nicety (with no guarantee).

My hand-wavy guess from memory is that this number is something like price_per_action * max_actions_per_block which I'd guess is 5000 ZAT/ACT * 1000 ACT/TXN = 5,000,000 ZAT/TXN = 0.05 ZEC/TXN.

CAUTION: Like all "global ambient constants" we need to track the dependency on other parameters. For example, if block sizes allow larger transactions with more actions, or other such factors change, this number would need to change.

[daira]

1. That bug was not at all specific to fees. The wallet was using 32-bit values for monetary amounts in general. I don't know how they could possibly think that would work: MAX_MONEY is 51 bits.
2. ZIP 2002 would comprehensively solve the problem.