Fix/Allow Native Contracts to be updated or receive new functions #2932
Description
Currently, as described in #2910, updates on Native Contracts can be subjected to attacks if not precisely controlled with fork tags (maybe neo-vm modifications and updates may also led to such type of attacks).
For example:
- Add new functions to
CryptoLiborStdLibNative Contracts;
The attacker could use the future function and perform attacks such as turning a previous failed transaction into success (in case that node is re-synced), or even transforming success into failure.
A core problem of this issue are the re-syncs, which are currently part of a chosen design of Neo since Neo 2.
This first idea here is not to forbid re-syncs, but to create some HARD rules that should be respected in case they occurs, for example:
- TX's can not change its state as well as the events it produces;
There are surely other rules that can be added.
In addition to that (or as an isolated option), there could be mechanisms for guiding Native Contracts to be upgraded with new features (as well as possible fixes), for example:
1- When new features are added to a Native Contracts, Consensus Nodes will need to agree and call an Upgrade Function that will add the new functions or update previous ones. The version of the Native Contract can be published along with the tx's in a compact manner. Native Contract versions would be kept and only called during resync.
There are possibilities for improving contracts but also to make resync to respect some key aspects of the Blockchain. In general, I am in favor that we never change State and do not even to check Witness again, what we need from the past is the result and its consequences. The latter should be respected.
But due to the design of NEO 2 and 3, maybe we can go in the direction of trying to handle that with more features.