Add ICRC-2 Advisory Clarifying Deduplication, Error Semantics, and Fees #205
Add ICRC-2 Advisory Clarifying Deduplication, Error Semantics, and Fees #205
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds a non-normative advisory document (ADVISORY.md) to clarify underspecified aspects of the ICRC-2 standard that were identified during a security review. The advisory provides explicit guidance to reduce ambiguity for ledger implementers and client developers without changing compliance requirements.
- Clarifies transaction deduplication behavior for
approveandtransfer_fromoperations - Defines error semantics and atomicity expectations for externally observable ledger effects
- Specifies fee charging expectations for ICRC-2 operations
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
tmu0
left a comment
tmu0
left a comment
There was a problem hiding this comment.
LGTM overall 🚀
Just two minor remarks:
In (1) I would use more consistent wording for duplicates (see suggestions). In Transaction Identity we define what a duplicate is, independently of ledger behaviour. The ledger can then decide to either process a duplicate or not.
Nit: In the whole document I would include the ICRC prefix in the method names and call them icrc2_approve and icrc2_transfer_from.
Co-authored-by: tmu0 <108675202+tmu0@users.noreply.github.com>
Co-authored-by: tmu0 <108675202+tmu0@users.noreply.github.com>
|
Thanks @tmu0! I've accepted your suggestions. For completeness, I've added an advisory for ICRC-1 that parallels the text on errors/atomicity expectations. |
dietersommer
left a comment
dietersommer
left a comment
There was a problem hiding this comment.
Good and nice-to-read content overall.
My comments mainly concern:
- editorial aspects;
- style improvements; and
- making formulations more crisp to support their intention.
Please address at your discretion.
dietersommer
left a comment
dietersommer
left a comment
There was a problem hiding this comment.
Update: Once my comments have been considered at your discretion, consider the PR approved.
Add ICRC-1, ICRC-2 Advisory Clarifying Deduplication, Error Semantics, and Fees
This PR adds an
ADVISORY.mddocument next tostandards/ICRC-2/README.mdto clarify several aspects of the ICRC-2 standard that were previously underspecified, and raised within a security review.The advisory is non-normative and does not change the ICRC-2 interface or compliance requirements. Its purpose is to reduce ambiguity for ledger implementers and client developers by making certain expectations explicit.
Specifically, the advisory clarifies:
approveandtransfer_from, including that retrying calls with identical parameters is safe when deduplication is implemented -- SECFIND-1088approveandtransfer_fromare expected to charge the fee returned byicrc1_fee-- SECFIND-1090The advisory documents common expectations and best practices without retroactively invalidating existing implementations.