[Protocol] Enforce that a service exists before a supplier can stake for it

[Olshansk]

Objective

Ensure that when a supplier stakes for a new service, a source owner has already added it.

Origin Document

This is to prevent unauthorized service staking by suppliers. [Add link or screenshot if applicable]

See this conversation that surfaced this issue.

Goals

• Validate that a source owner has added the service before a supplier can stake for it.
• Throw an error if the service is not pre-approved by a source owner.

Deliverables

• Implement a check to verify if the service has been added by a source owner before allowing a supplier to stake.
• Add error handling to throw an error if the service is not pre-approved.
• Update relevant documentation to reflect the new check and error handling.

Non-goals / Non-deliverables

• Implementing additional features unrelated to the staking process.
• Refactoring the existing staking logic beyond the scope of this check.

General deliverables

• Comments: Add/update TODOs and comments alongside the source code so it is easier to follow.
• Testing: Add new unit tests to ensure the new check and error handling work as expected.
• Documentation: Update development READMEs to include details of the new service pre-approval check.

---

Creator: @Olshansk
Co-Owners: @moatus

[Olshansk]

Adding the text from the screenshot for copy-pastability.

tl;dr There are no issues but we forgot to add the default services.

---

Thanks for bringing this up.

Going to sync on it with @kdas next week.

For reference, this is how you can query services:

poktrolld q service all-services --node=https://testnet-validated-validator-rpc.poktroll.com

The service add fee is currently 1000 POKT, so I had to use PNF to fund my account

Funding

poktrolld tx bank send pnf pokt1d22c8k8nytmzssmzede29exmxmrtv5hdy082gz 2000000000upokt --node=https://testnet-validated-validator-rpc.poktroll.com  --keyring-dir=/Users/olshansky/.ignite/accounts --keyring-backend=test --from pnf

And then I add the service like so:

poktrolld tx service add-service olsh "Olshansky Service" --node=https://testnet-validated-validator-rpc.poktroll.com --from source_owner --keyring-dir=/Users/olshansky/.ignite/accounts --keyring-backend=test

So when you query services now, you should see:

pagination:
  total: "1"
service:
- id: olsh
  name: Olshansky Service

@yn_alex If you want to add a few services, drop your testnet address here and I'll send you funds. The faucet won't be enough for it.

I'll coordinate with @kdas next week to udpate all the things (configs, docs, instructions, etc...)

[moatus]

Validate that a source owner has added the service before a supplier can stake for it.

Who in this context is a "source owner"? Right now, PNF is the one who authorize of new ServiceIDs in Morse, is this to match that in Shannon?

[Olshansk]

Who in this context is a "source owner"? Right now, PNF is the one who authorize of new ServiceIDs in Morse, is this to match that in Shannon?

It is the address in the MsgAddService proto found here.

Copy-pasting the definition for a better reader experience:

// MsgAddService defines a message for adding a new message to the network.
// Services can be added by any actor in the network making them truly
// permissionless.
// TODO_BETA: Add Champions / Sources once its fully defined.
message MsgAddService {
  option (cosmos.msg.v1.signer) = "address"; // https://docs.cosmos.network/main/build/building-modules/messages-and-queries
  string address = 1 [(cosmos_proto.scalar) = "cosmos.AddressString"]; // The Bech32 address of the service supplier using cosmos' ScalarDescriptor
  poktroll.shared.Service service = 2 [(gogoproto.nullable) = false]; // The Service for which the supplier is adding to the network
}

Next Steps

Next steps would be:

1. Replace address with an Owner structure that embed address
2. Enforce the bug outlined here
3. Determine the cost of adding a new service on-chain (payable to the chain) to prevent sybil attacks

Tangentinal Conversation

A conversation we have had yet, which I believe you and I differ on (philosophically) is that:

1. @Olshansk: Services should be permissionless, can be added by anyone, and Sybil attacks are prevented via on-chain costs.
2. @moatus Services are permissioned and controlled by PNF, so for example, we can have multiple "Ethereum" services advertised on-chain by random people "pretending" to be the real Ethereum.

I have explicitly chosen not to discuss this YET because I thought the conversation was premature and put timeslines at risk but have a personal TODO to tend to it. If you think now is the right time to shift focus to this discussion, let's open up an action item (i.e. github issue) whose deliverable will be to align on a decision for this.

[red-0ne]

Closed as per #693