randomness doc inital #366
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
✅ Deploy Preview for aptos-developer-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
| ``` | ||
|
|
||
| The above example uses function `u64_range()` but many other basic types are also supported. | ||
| Here's a quick overview of all the API, where `T` can be one of `u8, u16, u32, u64, u128, u256`. |
There was a problem hiding this comment.
Let's link to the Move module too?
|
|
||
| ### How randomness may have been obtained insecurely/overcomplicated | ||
|
|
||
| Building a lottery system and pick a random winner from n participants is trivial, at least in the centralized world with a trusted server: the backend simply calls a `random.randint(0, n-1)` (this is a python example). |
There was a problem hiding this comment.
better n? no other latex here yet...
| 2. Once the randomness seed is revealed, the clients fetch the it and derive the winner locally. | ||
| 3. One of the participants submits the seed and the winner on chain. | ||
|
|
||
| ```rust |
There was a problem hiding this comment.
I would link to the drand example in aptos-move/move-examples here, and copy & paste some of the code from it.
There was a problem hiding this comment.
In Nextra, you can do code snippets directly imported, without copy pasting. Let's try moving there
|
|
||
| ### Achieve both simplicity and security with Aptos randomness API | ||
|
|
||
| Using Aptos randomness API, the implementation will look like this: |
There was a problem hiding this comment.
Same as above: link to (and copy-paste) the code in aptos-move/examples
|
|
||
| ### Build aptos-cli from latest source | ||
|
|
||
| Some changes have been made to aptos-cli to support compiling a randomness consuming contract. |
| Here are some ideas of how to prevent undergasing attack generally. | ||
|
|
||
| - Make your entry function gas independent from the randomness outcome. | ||
| Simplest example is to not “act” on the randomness outcome, i.e. read it and store it for later. |
There was a problem hiding this comment.
You can link to the example in AIP-41 (my AIP-41 changes did not merge yet though)
There was a problem hiding this comment.
Let's move this to the Nextra pages. @hariria can help you if you have questions and the documentation for docs is here https://preview.aptos.dev/en/developer-platforms/contribute
| --- | ||
| title: "Aptos Roll: on-chain public instant randomness API" | ||
| --- |
There was a problem hiding this comment.
Please update nextra as well for randomness.
These are the old docs, which will be replaced.
There was a problem hiding this comment.
moved.
(or should be copied?)
| 2. Once the randomness seed is revealed, the clients fetch the it and derive the winner locally. | ||
| 3. One of the participants submits the seed and the winner on chain. | ||
|
|
||
| ```rust |
There was a problem hiding this comment.
In Nextra, you can do code snippets directly imported, without copy pasting. Let's try moving there
|
|
||
| It's now a good time to think about what user actions need randomness API, write them down, and make sure they are private and have the right attribute, as shown in the example below. | ||
|
|
||
| ```rust |
There was a problem hiding this comment.
you can use move instead of rust
| fun permutation(n: u64): vector<u64>; | ||
| ``` | ||
|
|
||
| ### Security warning: randomness API calls in non-entry functions |
There was a problem hiding this comment.
can we keep a single Security as ### and the specific paragraphs as #### ?
can you share a url/screenshot? |
https://developer-docs-nextra-hklfyxvke-aptoslabs.vercel.app/en |
|
Also take a look at the preview of the doc. The title is incorrect right now. |
fixed |
Co-authored-by: Gerardo Di Giacomo <gedigi@live.com>
|
|
||
| Not recommended, but if you intend to expose such a randomness-dependent function to the public, you can bypass the compiler check by annotating your function with `#[lint_allow_unsafe_randomness]`. | ||
|
|
||
| ```rust |
Description
Checklist
pnpm spellcheck?pnpm fmt?pnpm lint?