-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Actions and Reducer production warning. #1011
Merged
Merged
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
24caedc
feat(actions-and-reducers.mdx): add warning against production use
ymekuria b4873e5
feat(actions-and-reducer.mdx): specify o1js reducer api in production…
ymekuria 1b18d41
feat(actions-and-reducer.mdx): add reducer caveat description to warning
ymekuria c0ce98b
Merge branch 'main' into feature/actions-reducers-warning
ymekuria c7ec943
adding a space
mitschabaude File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer if this caveat refered to the
ReducerAPI from o1js in particular, and not to the general concept of actions and reducers.At the protocol level, safe use of actions is very possible, if you implement a better reducer (the upcoming
BatchReducerbeing an example).Also, we should say why
Reduceris not safe to use: Because thereduce()method breaks (completely) if more than a hard-coded number of actions are pending (default: 32).There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good idea. Do you think this location is still an appropriate place to add the caveat?
This was the plan. I was deciding if it made sense to either have a short description in this location with the caveat or to link to a longer description somewhere else, and where a long description would live in the docs if we went that direction.
@mitschabaude I was also working on adding similar warnings to some of the examples in the o1js repo. Maybe it makes sense to add the caveat(temporary until we completely update the reducer) to the o1js reducer doc comments.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes definitely, it's the right place!
Gotcha, both works. A longer description could live as a new "security best practice" (subsection on the zkapp security docs) here: https://docs.minaprotocol.com/zkapps/writing-a-zkapp/introduction-to-zkapps/secure-zkapps#best-practices-for-zkapp-security