FIP-0077: cleanup and match to current implementation (#1140)

rvagg · ipfsforcezuofu · web-flow · commit 57f03641ab74 · 2025-04-22T10:11:48.000-07:00
* Update fip-0077.md specification

* Update fip-0077.md

* FIP-0077: cleanup and match to current implementation

---------

Co-authored-by: Jimmy Zhang &lt;154856638+ipfsforcezuofu@users.noreply.github.com&gt;
diff --git a/FIPS/fip-0077.md b/FIPS/fip-0077.md
@@ -13,75 +13,108 @@ created: 2023-08-21
 
 ## Simple Summary
 
-- Add opportunity cost (in FIL) to each miner actor creation to prevent the miner ID creation spam.
+This proposal implements a deposit requirement for creating new miner actors to prevent unnecessary miner ID creation and potential network spam attacks.
 
 ## Abstract
 
-By imposing a cost, this proposal helps prevent the spamming of creating miner IDs in order to:
+By requiring a deposit when creating a new miner actor, this proposal addresses three key issues:
 
-1) lighten the network chain storage burden
+1. Reduces the network chain storage burden caused by inactive miner actors
+2. Decreases resource waste and potential gas cost increases resulting from unused miner actors
+3. Mitigates the risk of network congestion attacks where an attacker creates numerous low-cost miner actors
 
-2) Prevent wasted resources and incremental increases in gas cost caused by wasted storage, and;
+The deposit is calculated based on the initial pledge required for 10 TiB of storage capacity, and is vested over 180 days. This introduces an opportunity cost that discourages frivolous miner creation while allowing legitimate storage providers to recover their deposit over time.
 
-3) Avoid an attack vector whereby an attacker sends a large amount of low cost `CreateMiner` messages, thus causing network congestion and destabilizing gas fees. 
+## Change Motivation
 
-## Problem Motivation
+In March 2021, the Filecoin network a [experienced spam attack](https://github.com/filecoin-project/FIPs/discussions/780#discussioncomment-6787043) where thousands of `CreateMiner` messages were sent at minimal cost. This resulted in increased base fees, congestion in the message pool, and reduced chain performance.
 
-It [was documented](https://github.com/filecoin-project/FIPs/discussions/780#discussioncomment-6787043) that in March 2021, someone had spammed the network by sending thousands of CreateMiner messages.  This caused several issues: 
-1) Base fee increases associated with mpool congestion
-2) Redirect nodes away from producing blocks
-3) Lower overall chain performance, specifically related to cron jobs overload
+As of August 2023, statistics from FilScan showed that out of 601,131 total miner IDs, only 4,862 (0.8%) were actively being used. The trend of creating but not using miner IDs has continued, with only 3.7% of newly created miner IDs being activated in the two months prior to that analysis.
 
-As of August 2023, according to FilScan statistics, there were 601,131 Miner IDs and only 4,862 actively in use. The actual ID usage counts for merely 0.8% of all existing Miner IDs, and the abuse of ID creation trend continues. In the previous two months, only 3.7% of all newly created Miner IDs (125 Miner IDs are active out of 3,254 newly created) were active. 
+<img width="865" alt="total_in_use" src="../resources/fip-0077/total_in_use.png">
+<img width="913" alt="recent_two_months" src="../resources/fip-0077/recent_two_months.png">
 
-<img width="865" alt="total_in_use" src="https://github.com/remakeZK/FIPs/assets/92775781/fc8266ab-4224-49ab-a4a7-6450377d4638">
-<img width="913" alt="recent_two_months" src="https://github.com/remakeZK/FIPs/assets/92775781/2b41e3a8-ad5f-481a-bbbb-569fc4533e0b">
+Many users create multiple miner IDs to secure preferred IDs or favorable deadline schedules, consuming network resources without contributing value. Moreover, the absence of creation costs exposes the network to potential spam attacks that could cause congestion and disrupt important messages like WindowPoSt submissions from landing on-chain.
 
-  
-Users create multiple Minder IDs in order to get preferred IDs, wasting resources and unnecessarily burdening the network. Unused Miner IDs continue to occupy storage on the network.  As time goes on, it is expected that the rate of wasted resources will increase, as will future gas prices.  
-
-Furthermore, allowing network participants to cheaply and easily create numerous accounts introduces a potential attack vector.  Were participants to spam the network with CreateMiner messages, mpool congestion and unstable network fees could potentially affect more useful, critical, and/or time sensitive messages (i.e: SubmitWindowedPoSt, ReportConsensusFault, sector/data onboarding messages) from landing on chain.
+## Specification
 
+The proposal requires a deposit when creating a new miner actor:
 
-## Specification
+1. **Deposit Amount Calculation:**
+   - The deposit is based on the initial pledge required for storing 10 TiB (defined by `MINIMUM_CONSENSUS_POWER` constant)
+   - This amount is calculated using `StateMinerInitialPledgeCollateral`, which considers the current network economics
+   - As of March 2024, this amounts to approximately 62 FIL (10 TiB * 0.1958 FIL/32 GiB)
 
-In creating a new Miner actor,
+2. **Vesting Schedule:**
+   - The deposited funds are locked in the miner actor's vesting table
+   - The funds vest linearly over 180 days, similar to block rewards
+   - This creates an opportunity cost while ensuring the funds are eventually returned to the storage provider
 
-- Currently: there is no cost associated with creating new miner actors other than the gas cost for the CreateMiner message, so users spam many new miner actors without limit
-- Proposed:   
-Require transfer a certain amount of money to the miner's account as locked reward, and the amount of this money depends on the pledge required to reach the network's block production threshold.
+3. **Implementation Behavior:**
+   - If insufficient funds are provided, the CreateMiner operation fails with an "insufficient funds" error
+   - If excess funds are provided, the required amount is locked and the remainder is available in the miner's balance
+   - The deposit is processed using the existing vesting mechanism rather than creating a new mechanism
 
 ## Design Rationale
 
-Adding an opportunity cost will prevent such spammy behavior; moreover, depositing fees as locked rewards does not incur actual costs but will occupy funds and bring opportunity costs. Users need to weigh the opportunity cost of locking funds for 180 days per new miner actor. Also, the more miner actors created, the more funds need to be locked. This can prevent users from abusing miner actor creation. Additionally, this mechanism helps determine whether each new miner actor will be fully utilized since idle miners will waste locked funds in vain. 
+The design leverages the existing vesting mechanisms to minimize implementation complexity while creating sufficient economic friction to prevent abuse. By requiring a deposit that vests over time:
+
+1. Users must evaluate whether a new miner ID justifies the opportunity cost of having funds locked for 180 days
+2. The more miner actors a user creates, the more funds they need to lock, increasing the opportunity cost
+3. The deposit is high enough to prevent spam attacks but low enough not to be prohibitive for legitimate storage providers
+4. Using the vesting mechanism rather than burning funds ensures that legitimate providers eventually recover their deposit
 
-## Backward Compatibility
+This approach aligns incentives by encouraging the creation of miner actors only when they will be actively used, while not permanently removing capital from storage providers.
 
-N/A
+## Backwards Compatibility
+
+This change is not backwards compatible as it introduces a new requirement for creating miner actors. However, it does not affect existing miner actors or their operations.
+
+The deposit requirement applies to all new miner creations, including those for committed capacity (CC) sectors. While this creates an additional barrier to entry, the cost is relatively moderate compared to the hardware and operational investments needed to run a storage provider. Since the funds eventually vest back to the provider, this represents an opportunity cost rather than a capital cost.
 
 ## Test Cases
 
-N/A
+Test cases have been implemented to verify:
+- Miner creation succeeds when sufficient balance is provided
+- Miner creation fails with insufficient balance
+- The deposit is correctly added to the vesting table
+- The deposit vests over the correct period
+- Tests have been updated to accommodate the new parameter in MinerConstructorParams
 
 ## Implementation
 
-These changes have been implemented in this PR.
+This proposal has been implemented in the following pull request to builtin-actors: https://github.com/filecoin-project/builtin-actors/pull/1398
 
-https://github.com/filecoin-project/builtin-actors/pull/1398
+The implementation:
+1. Adds a `network_qap` parameter to MinerConstructorParams to calculate the deposit
+2. Creates a new `calculate_create_miner_deposit` function that determines the required deposit
+3. Locks the deposit in the miner's vesting table during construction
+4. Updates tests to accommodate the new behavior
 
 ## Security Considerations
 
-There is no security consideration for this proposal; instead, it helps to prevent potential attacks by using a large number of newly created IDs, and the scenarios of network congestion and instability of gas fees that are caused by unnecessary numerous ID creations. 
+This proposal improves network security by preventing spam attacks that could congest the network through mass miner creation. The implementation uses existing, well-tested mechanisms for handling vesting funds, minimizing the risk of introducing new vulnerabilities.
 
 ## Incentive Considerations
 
-Charging for creating new accounts can help prevent abuse, reduce unnecessary storage, and avoid increased gas fees over time caused by such wasteful activities that burden the network with unnecessary storage; moreover, this change will be a moat against new SPs entering the Filecoin ecosystem, or existing SPs who want to scale their deployments horizontally instead of vertically (within the same miner_id). 
+The proposal creates incentive alignment by:
+1. Discouraging the creation of miner actors that won't be used
+2. Creating an economic cost for potential attackers
+3. Encouraging storage providers to reuse existing miner IDs rather than creating new ones
+4. Not permanently removing capital from legitimate providers, as the deposit eventually vests
+
+The deposit amount is calibrated to be significant enough to deter spam but modest enough that it won't prevent legitimate storage providers from joining the network.
 
 ## Product Considerations
 
-Currently, setting no cost for miner actor creation has no benefits but potential risks and drawbacks to the network, occupying the unnecessary storage will increase the network burden and future gas fees, also expanding the potential attack exposure. Therefore, By charging the creation miner actor fees and later either burning the creation fee or converting the fees to lock rewards will stop the abuse of ID creation since they would consider the worthiness of the opportunity cost if they do so. Moreover, this proposal guides or returns to the normal phenomenon that should supposed to exist - truly implement on-demand account creation, where new accounts are only created when they are actually needed for use, or newly created accounts are put into practical use.
+From a product perspective, this change:
+1. Reduces the creation of unused miner IDs, leading to a cleaner and more efficient network
+2. Makes the network more resistant to spam attacks
+3. Encourages on-demand account creation, where new miner actors are created only when needed
+4. Discourages practices like creating multiple miners to get preferred IDs or deadline schedules
+
+While this creates an additional step for new storage providers, the deposit eventually returns to them through the vesting mechanism, making it an opportunity cost rather than a permanent expense.
 
-Since currently miners need to seal sectors exceeding the block production threshold in order to mine blocks, it is reasonable for miners to prepare and lock up at least the pledge required for these sectors. Moreover, the proposed first solution of converting fees to 180-day locked rewards adds no real capital cost, only opportunity cost. This encourages on-demand account creation, as users will create accounts based on actual needs, ensuring practical use of each new account.
 ## Copyright
 
 Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/).
