Conversation
Tapanito
changed the title
XLS-0066-lending-protocol/README.md
Outdated
| 9. If `LoanBrokerID` is specified (modifying existing): | ||
| 1. `LoanBrokerID` is empty. (`temINVALID`) | ||
| 2. Submitter is attempting to modify fixed fields (`ManagementFeeRate`, `CoverRateMinimum`, `CoverRateLiquidation`). (`temINVALID`) | ||
| 3. Submitter is attempting to modify `tfLoanBrokerPrivate` flag on an existing `LoanBroker`. (`temINVALID`) |
There was a problem hiding this comment.
Note that because of the nature of the Flags field, and the existence of universal flags, having the tfLoanBrokerPrivate field unset should be ignored - not treated as trying to change the flag.
Conversely, if the flag is set, that should always return as temINVALID regardless of the state of the LoanBroker object. (If it's already set, then the flag is redundant. If it's not set, then that's an attempted change.) At the implementation level, that means this check can be done in preflight - you don't need to know the current state of the LoanBroker object.
So I would suggest rephrasing this as something like
The `tfLoanBrokerPrivate` flag is set in the transaction
| #### 3.3.6 Invariants | ||
|
|
||
| #### 3.3.6 Example JSON | ||
| 1. If `LoanBroker.lsfLoanBrokerPrivate` flag is set, it cannot be unset. |
There was a problem hiding this comment.
Info: Since there are no other ledger flags defined for the loan broker object, this means that the Flags field can not be changed, and so this can be checked in NoModifiedUnmodifiableFields.
XLS-0066-lending-protocol/README.md
Outdated
| 14. `PaymentTotal <= 0`. (`temINVALID`) | ||
| 15. `PaymentInterval` is less than `60` seconds. (`temINVALID`) | ||
| 16. `GracePeriod` is less than `60` seconds or greater than the `PaymentInterval`. (`temINVALID`) | ||
| 17. The `Counterparty` field is not specified and the `CounterpartySignature` is not from the `LoanBroker.Owner`. (`temBAD_SIGNER`) |
There was a problem hiding this comment.
This is a protocol-level check, because it requires loading the LoanBroker.Owner's account root and/or signers list. For example, the owner may have a regular key defined. The transactor can't know that the regular key is allowed to sign for the owner without loading AccountRoot(LoanBroker.Owner) to get the sfRegularKey field.
If the signer(s) in the CounterpartySignature is/are not allowed, the failure code will be a tef, depending on which failure case is hit. e.g. tefMASTER_DISABLED, tefBAD_AUTH, tefNOT_MULTI_SIGNING, tefBAD_SIGNATURE, tefBAD_QUORUM. There may be others.
temBAD_SIGNER is only relevant to LoanSet if
- it's a Batch inner tx and the
Counterpartyis not set, or - if it's a normal tx and there is no
CounterpartySignatureat all, or - if there is no
Counterpartyset and theLoanBroker(LoanBrokerID)doesn't exist on ledger.
There was a problem hiding this comment.
Yep, I captured the other temBAD_SIGNER errors, and moved this particular failure down to protocol checks.
2 participants
High Level Overview of Change
Introduces access control for the Lending Protocol via Permissioned Domains. A LoanBroker can be configured as private at creation time, restricting loan issuance to Borrowers with valid credentials.
Changes:
DomainIDfield andlsfLoanBrokerPrivateflag to theLoanBrokerledger entrytfLoanBrokerPrivatetransaction flag toLoanBrokerSetLoanSetLoanPay, Borrowers can always repayContext of Change
Type of Change