Smart Contracts
Vendia Share makes it easy to share data and files among participants in a Uni. But sometimes sharing data alone isn’t enough. Smart Contracts allow users to take action on data in a prescribed way, as data changes across a Uni, without having to build or maintain a complex eventing infrastructure.
Smart contracts can be used for various purposes. Examples of smart contract usage include:
-
Integrity Constraints: Smart contracts can be used to enforce restrictions or limitations, such as ensuring that the balance across several related accounts never drops below a minimum threshold or ensuring that two flight segments aren’t booked closer together than 45 minutes between the arrival of the first and the departure of the second. Making this calculation a smart contract ensures that the data in the Uni can adhere to policy constraints, regardless of its provenance. Participants don’t have to just trust that other participants “got it right” when they updated one or more values over time.
-
Derived (Computed) Values: Smart contracts can also be used to create data values that are derived from other information. For example, a Uni may be used to store sales information, in which case a smart contract can be used to accurately calculate sales tax and the total amount, rather than requiring every node to maintain a redundant implementation of the tax calculation.
-
Third-party System Integration: Because a smart contract can be any code that the parties in the Uni agree is legitimate to use for their shared purposes, it can do things like contact third party systems, retrieve information stored outside the Uni, etc. Smart contracts can also be used to update third-party systems based on the data in the Uni.
When to Use Smart Contracts
Not all data actions need to be captured in a smart contract. The following questions can help determine if a smart contract is indicated:
-
Does the action affect the data in the Uni?: If the goal is to add computed values, enforce Uni-wide constraints, or act on behalf of all participants, then a smart contract is likely to be required.
-
Is the result of the action stored in the Uni?: If a computation’s output is used to update or add to the Uni’s data, then a smart contract may be appropriate.
Comparison to Ethereum Smart Contracts
If you are more familiar with Ethereum Smart Contracts there are some key differences and similarities between the two that are important to understand.
Feature | Ethereum | Vendia |
---|---|---|
Naming | Smart contracts reside at a specific address on the Ethereum blockchain and are read and executed using its address | Smart contracts are named following Vendia’s vrn format |
Immutability | Smart contracts have their complete bytecode included on the Ethereum blockchain | Vendia only invokes smart contract resources that are guaranteed by the cloud provider to be immutable. Further, Vendia guarantees the smart contract data is immutable for a given revisionId |
Updating/Deprecating | Smart contracts on the Ethereum block chain are forever on the blockchain to be executed. It is common to create smart contracts that route to other smart contracts as a way to update a smart contract while preserving its wallet address and balance. | Smart contracts can be updated using the updateVendia_Contract API. For removing access to older revisionId s, see Invoking specific revisionIds. |
Programming language | Solidity and Vyper are the most common language choices for Ethereum smart contracts, with other Ethereum specific languages additionally available. | Vendia Smart Contracts can be written in any language that is supported by AWS Lambda. For a full list of supported languages go to the AWS Lambda documentation here. |
Accessing external data | Possible through oracles | The backing resource (AWS Lambda function) has access to anything your function has access to (e.g. private Amazon Relational Database Service instance, public API endpoint, etc) |
What is in a Vendia Smart Contract?
A Vendia Smart Contract contains the following fields:
field name | description | source | required |
---|---|---|---|
name | The name of the smart contract. Must pass the regex: [a-zA-Z0-9-_]{1,40} | You | Yes |
description | A description of what the smart contract does | You | No |
revisionId | The revisionId tracks the tuple of the (name, resource.uri, inputQuery, outputMutation) fields. The value is only changed when one of those fields have been updated | Vendia | N/A |
resource.uri | The backing resource for the smart contract. Currently only AWS Lambda functions are supported | You | Yes |
resource.csp | The cloud service provider for the backing resource | Vendia | N/A |
resource.metadata | A list of metadata fields from the backing resource | Vendia | N/A |
inputQuery | A stringified graphql query run prior to invoking the backing function that retrieves data from the uni | You | No |
outputMutation | A stringified graphql mutation run after the backing function completes that updates the world state based on the results of the backing resource | You | Yes |
How Vendia Smart Contracts Work
On many blockchain platforms, smart contracts have to be executed by all nodes in parallel - a costly and redundant approach. Vendia only requires executing a smart contract once, which also frees developers from having to ensure that the code in the contract is idempotent and replayable. This allows for freedom of language choice: On Vendia, smart contracts can be written in literally any language (though sticking to one of the built-in ones does make things a little simpler). Vendia permits flexible use of non-idempotent calculations, including random number generators, time of date, arbitrary API calls, and more. Not all Unis and participants may elect to support those features in the smart contracts they use, but they’re available if desired.
Vendia Share expresses smart contracts as AWS Lambda functions. Importantly, these functions must be versioned. Versioning a Lambda function makes it immutable - not even the owner of the function can change its code or configuration. This immutability allows the function to be executed with cross-participant trust, because the function has the same “meaning” regardless of who its owner might be.
Vendia Share executes a smart contract in several steps:
-
Create the input payload from world state. When a smart contract is invoked, an invoke payload is generated by combining the results of static invoke arguments with the results from running the
inputQuery
defined on the Vendia Smart Contract. See The Invoke Payload for more details. A ContractTask record is generated at the time of invocation. This ContractTask record can be referenced by an ID generated as the output of the invocation. -
The Lambda function representing the contract is invoked, using the values generated in step one as the arguments.
-
The result of the function is captured. The ContractTask record created during the invocation of the contract is updated to reflect the result of the contract execution.
The values passed to a function are computed in the same block in which the smart contract invocation is processed. However, since functions can run for up to 14 minutes, transaction processing does not wait for contracts to complete. The results of a contract will be applied asynchronously, once they become available.
What is a Vendia ContractTask?
When a Vendia Smart Contract is executed, a ContractTask record is created. This record is updated during the execution of the Vendia Smart Contract to reflect the status of the contract execution. The record can be queried to keep track of the status of the contract being invoked by using the ID({transaction{_id}}
) provided at the time of the contract invocation.
Result of a Contract invocation:
What is in a Vendia ContractTask?
A Vendia Smart Contract Task contains the following fields:
field name | description |
---|---|
startTime | The timestamp when the smart contract was invoked |
completionTime | The timestamp when the smart contract invocation was completed |
status | The current status of the smart contract invocation |
invokedBy | The node that invoked the smart contract |
contractId | The smart contract that was invoked |
revisionId | The revisionId for the smart contract that was invoked |
rawInput | The raw input that was passed by the customer during the invocation. This includes the invokeArgs , queryArgs , and the invocationId field values. |
transactionIds | A list of transaction IDs generated by the output mutation of a successful smart contract execution |
error.errorType | The type of error that has occurred |
error.errorDetails | The details of the error that has occurred |
The following fields in the Smart Contract Task record are erasable:
- rawInput
- error.errorDetails
ContractTask Execution Details
When the ContractTask record is created, the status field is set to INVOKING
and the following fields are set to null
.
- startTime
- completionTime
- error
- transactionIds
- revisionId
Once the contract execution has completed, the ContractTask
record is updated according to the following possibilities:
-
Rejected: If the smart contract makes the decision not to execute the output mutation, it can include the field
x-vendia-status
in the return of the smart contract. The value of this field should be set toREJECTED
(the only currently supported value). If this key-value pair is set, thestatus
field of theContractTask
record will be updated toREJECTED
.- If the above JSON is returned by contract executing function, the ContractTask will be updated to resemble the following:
-
If in addition, a field containing the string
x-vendia-status-details
is present in the return of the smart contract, the error structure will be updated as follows:-
errorType
will be set toREJECTED
-
errorDetails
will be set to the value of thex-vendia-status-details
field -
If the above JSON is returned by contract executing function, the ContractTask will be updated to resemble the following:
-
-
Error: A number of different error types are supported by the
ContractTask
type.- Permissions: In the event that a smart contract cannot be accessed due to a lack of permissions, the
errorType
will be set toPERMISSIONS
, and any corresponding details will be accessible viaerrorDetails
.
- Internal Error: In the event that Vendia encounters an unexpected error while executing the smart contract or output mutation, the
errorType
will be set toINTERNAL_ERROR
.
- Contract: In the event that a smart contract returns a FunctionError(an error is raised in the function code), the
errorType
will be set toCONTRACT
, and any corresponding details will be accessible viaerrorDetails
. A stacktrace will be included in theerrorDetails
field if applicable.
- Throttle: In the event that the smart contract invocation is throttled, the
errorType
will be set toTHROTTLE
, and any corresponding details will be accessible viaerrorDetails
.
- Result Mutation: If the output mutation fails due to a GraphQL error, the
errorType
will be set toRESULT_MUTATION
, and any corresponding details will be accessible viaerrorDetails
.
- Success: The smart contract execution has been completed successfully. The
startTime
,completionTime
,revisionId
, andtransactionIds
fields should now be populated.
- Permissions: In the event that a smart contract cannot be accessed due to a lack of permissions, the
ContractTask Visibility Permissions
The following permissions will be followed by the ContractTask record:
-
All nodes will have access to the following fields:
- status
- contractId
- revisionId
- transactionIds
-
The node that invokes the smart contract will have access to the following fields:
- status
- contractId
- revisionId
- transactionIds
- error.errorType
-
The node that owns the smart contract resource will have access all of the fields in the ContractTask record
Linking ContractTask Records to Blocks
The mutations generated by a successful smart contract invocation can be found by calling the listVendia_BlockItems
API and filtering on the transaction ids stored in the ContractTask record.
Tracking smart contract latency
The latency from the time a smart contract is invoked to the time the output mutation begins to be applied can be tracked using the following query.
The above query produces the following output:
- getVendia_ContractTask
- startTime: When Vendia started to invoke the smart contract
- completionTime: When Vendia completed invoking the smart contract and submitting the output mutation
- listVendia_BlockItems
- transactions → submissionTime: When this transaction was submitted to be applied
- commitTime: When the transactions in this block started to be applied
Versioning
Smart contracts have two modes of versioning. The first type uses Vendia’s standard object versioning. Whenever any field of a smart contract is updated, the version number will increment by one, and a version update is recorded. Retrieving specific versions of a function can be done buy using the getVendia_Contract
API and passing in the version you want.
The second versioning schema happens less frequently, updating of the revisionId
. The revisionId
tracks any changes to three properties of a smart contract object that change the underlying behavior of what a smart contract does. These fields are inputQuery
, outputMutation
, and resource.uri
. When calling the invokeVendia_Contract API with a specific revisionId
parameter, you are guaranteed to be running an immutable grouping of (inputQuery
, outputMutation
, resource.uri
) is the exact properties of the Smart Contract.
Vendia Smart Contract Function Deployment and Permissions
The Lambda function supporting a smart contract is a customer-owned resource. As such it is deployed to an AWS Account outside of Vendia. This allows you to retain complete control over the function configuration, code, versioning, and permissions.
So that Vendia can securely invoke your lambda function you will need to set up a resource policy on your Lambda function.
The specific permissions you will need to grant are lambda:GetFunctionConfiguration
and lambda:InvokeFunction
. The former permissions are used to get the Lambda function’s metadata for validating it passes Share’s requirements, while the latter is required to invoke the Lambda function itself.
To ensure that Lambda function has not changed between smart contract invocations we do not support
$LATEST
. This means you will need need to utilize lambda versioning. For each new Lambda version that is created, you need to explicitly re-attach the resource policies that are defined below. AWS does not carry over the the resource policies from $LATEST to your new version. As such, you will also need to ensure that:<version>
is appended onto the end of each lambda arn. e.g.arn:aws:lambda:us-east-2:123456789012:function:my-function:1
Determining the Vendia Smart Contract Role
To ensure only your node can invoke your Vendia Smart Contract, a special AWS role is created per-node that is used to retrieve metadata and invoke your Vendia Smart Contract’s resource. To find this role, you can use either the UI or the share
CLI.
Share CLI
Example
or more succinctly if you have jq
installed:
Share UI
Select the node where you are going to create the Vendia Smart Contract, and the Smart Contract Role
should be visible under the resources section.
Adding the Permissions
The fastest way to add the required permissions for your AWS Lambda function is via the AWS CLI. The following code block provides an example of the CLI commands necessary.
For example, if your AWS Lambda function arn is arn:aws:lambda:us-west-2:123456789012:function:my-lambda-function:1
and the Vendia Smart Contract role arn is arn:aws:iam::102930495678:role/loonies-twonie_NodeOne_6f87c1fc2943bf_SmartContractRole
, your commands would be:
Invoking the Vendia Smart Contract
To invoke a Vendia Smart Contract, you use the invokeVendia_Contract
API.
field name | description | required |
---|---|---|
id | The id for the Vendia Smart Contract you want to invoke | Yes |
revisionId | The version identifier tracking the current state of the tuple (inputQuery, outputMutation, resource.uri). Can be used to guarantee the specific revision of a Vendia Smart Contract to be invoked. | No |
input.invocationId | If invocationId is not supplied, Vendia generates one. This invocationId is passed to the Vendia Smart Contract as part of the input payload. This can be used by to pass through request ids or trace ids through your system. | No |
input.queryArgs | A stringified json that contains the variable map is passed to the inputQuery defined on your Vendia Smart Contract | If the smart contract has an inputQuery defined, the query args passed in the invoke request must be included and must match the query args defined by customers in the inputQuery. If inputQuery is not defined, this field is unused. |
input.invokeArgs | A stringified json that is passed directly to your AWS Lambda function resource | No |
Invoking specific revisionId
s
For Vendia Smart Contracts, the node that created the Smart Contract can invoke any revisionId
. All other nodes in the Uni are only able to invoke the latest revisionId
on the Smart Contract.
A Vendia Smart Contract Example
Building on the inventory track and
trace quickstart, smart contracts
can be used to check external systems before marking a shipment as delivered.
The “Orders” and “Shipments” data models both have a delivered(boolean)
property but instead of directly mutating that state, the delivering party
can use a smart contract to create a confirmation step for the recipient
before a delivered=True
state is written to the world state.
A smart contract can be used to check with off-chain systems before putting the data into the ledger permanently. Before introducing our contract we can take a look at the state of the world:
First, we create the smart contract with the below mutation that retrieves the order information for a specific shipment and then updates the status of the delivery using the result of the backing resource. Let’s break down how that works!
inputQuery
defines a query where we retrieve the up-to-date data about a specific shipment.resource.uri
points at the lambda function version, in this example arn:aws:lambda:us-west-2:123456789012:function:ContractEnforcement:9, will be passed the result of theinputQuery
. The function could be querying a separate backend API to retrieve the order status of the shipment.outputMutation
defines a mutation that should be run where the inputs come from the result of theresource
function. This mutation updates the world state to mark the shipment’s delivery status
Once the function is created, we will want to invoke it! We can do this for a specific shipment by using the invokeVendia_Contract
api. In the following example, we are invoking the Vendia Smart Contract we create above in a node named “MyTestNode”, and running it on the shipment id a-very-real-shipment-id
.
When invoked, the backing Lambda function will receive a JSON payload containing the result of running your inputQuery, any static arguments passed in the invokeArgs
field, and an invocationId
. For our example, the inputQuery returns the details of a specific shipment.
Example JSON that is sent to the backing Lambda function
This is passed to the backing Lambda function, where the business logic begins to run. Below, we are taking the incoming shipment details stored in the Uni, reaching out to an external API, and returning the status of the delivery.
Example AWS Lambda function logic
Once the function returns, the response of the Lambda function is passed in as is to the outputMutation
mutation as variables (see Graphql Variable definitions for more on how variables work with GraphQL mutations).
The call to the smart contract and the mutation result will be saved to the ledger, making it easy to resolve any future disputes and audit the usage of the smart contract. Supporting Lambda execution makes it easy to integrate any external system into your Uni’s consensus process and leave a trail of decisions auditable by any node.
Smart Contract Reference
Schema
For reference, here is the full JSON schema for a contract expression. This can also be reviewed in GraphQL format from your node’s GraphQL Explorer.
Vendia Smart Contract APIs
Mutations
Add
Update
Remove
Invoke
Queries
Get
List Contracts
List Contract Versions
Limits
field | limit |
---|---|
Smart Contract name | 40 characters |
Resource timeout | 14 minutes |
Number of queries in the inputQuery field | 10 |
Number of mutation in the outputMutation field | 10 |