In this TZIP, we propose a protocol amendment where, for any chain other than Tezos mainnet, a chosen “dictator key” may force a protocol upgrade. The chain automatically upgrades to this protocol at the end of the voting period.
I suspect the TZIP author have a WIP implementation already, but if not I started a draft implementation (totally untested yet). If it lightens the workload for the TZIP authors, I will be happy to continue working on it, and grab or share the bounty
I agree that this proposal will improve the testnets. I would like to make a small suggestion, though, of naming conventions. I don’t think that this feature is limited in use to test networks. I think that a company that deploys a private chain might also use this feature. As such, I would suggest that the “testnet_” prefix should be removed from the parameter name.
Your implementation differs from this part of the specification in the TZIP:
The protocol where this mechanism is injected contains special constant migration code, which sets the dictator key to a key managed by Oxhead Alpha when the chain identifier is NetXnHfVqm9iesp, the chain id of Ithacanet (or, if this proposal is accepted later, the relevant network at the time). For mainnet and any other chain, this variable remains unset. This special constant migration code can be removed in future protocols.
Instead, you set the dictator key to None in migration. I think this is preferable because on top of checking the chain_id it’s impossible for mainnet to even have a dictator key set. However, it would require restarting a testnet with this protocol and the dictator key in the parameters.json.
I have updated the tzip to version 1 with the following changes:
clarify that the goal of the improvement is to prevent the testnet tokens from having value
rename testnet_governance_dictator_source to just governance_dictator_source per @elric1 , since this mechanism may be useful to private chains as well as testnets
reference the current implementation and tests
add oxhead’s public key hash for ithacanet migration
Your implementation differs from this part of the specification in the TZIP:
Instead, you set the dictator key to None in migration. I think this is preferable because on top of checking the chain_id it’s impossible for mainnet to even have a dictator key set. However, it would require restarting a testnet with this protocol and the dictator key in the parameters.json .
@sophia you are right, we would have to start a testnet if we don’t write migration code for testnets that already exist. Let’s not forget that we always start the testnet for protocol N with protocol N-1 in order to test migration, so it would be prohibitively long to wait for this permanent testnet to exist in the absence of migration code.
@G_B_Fefe The migration logic is now clearly specified in the new version of the TZIP. May I ask you to implement it? I have specified the public key hash for the ithacanet dictator key. Also, in your implementation, please change the parameter to the new name governance_dictator_source
Regarding the question on whether the “if not mainnet” logic is useful as a second security layer, I am in favor of keeping it (since you already wrote it) hence I left it in the tzip v1.
My dear @G_B_Fefe I owe you some Tezos. Would you be okay sharing an address publicly so I can prove I honored my bounty? You’re welcome to message me in private with an address if you’d prefer, if so, I would appreciate it if you’d confirm here that I have paid out the bounty.
@G_B_Fefe it has been brought to my attention that you included the address ‘tz1X81bCXPtMiHu1d4UZF4GPhMPkvkp56ssb’ as an invoice address on one of your merge requests.