From b1841f2970d4f205774a0f0b667bd04770ca6c07 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Wed, 6 Jan 2021 20:00:07 +0100 Subject: discuss how to deal with UPDATED (mutable) tables during auditor replication --- design-documents/011-auditor-db-sync.rst | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'design-documents/011-auditor-db-sync.rst') diff --git a/design-documents/011-auditor-db-sync.rst b/design-documents/011-auditor-db-sync.rst index bf8f9a52..aba7b503 100644 --- a/design-documents/011-auditor-db-sync.rst +++ b/design-documents/011-auditor-db-sync.rst @@ -94,6 +94,34 @@ Proposed Solution * The canonical Postgres synchronization between exchange and the auditor's "ingress" database must use transport security. +The above solution does not gracefully handle mutable tables on which +the exchange performs UPDATE statements, as such updates will not bump +the BIGSERIAL and thus would not be replicated by the helper. Thus, we +need to consider all tables that the exchange ever performs UPDATE on. +Those are: + +* /reserves/ --- the exchange updates the remaining reserve balance; + here the auditor currently performs a sanity check against + its own reserve balance calculation. The proposed way to address + this is to make this sanity check optional and to be only used if + the auditor auditor runs against the "primary" exchange database + (like an internal audit). This is acceptable, as an inaccurate + reserve balance is mostly used to raise an early warning and not + indicative of any actualized financial gains or losses from the + exchange. +* /deposits/ --- the exchange updates the /tiny/ and /done/ bit + fields. /tiny/ can be trivially established by the auditor, and + we can simply avoid the auditor considering that bit. /done/ + was so far only used to enrich the reporting. The proposed way + to address the uses of both fields is thus to only use them in + internal audits (against the primary exchange database). Both + can be safely ignored by the external audit. +* /prewire/ --- the exchange updates the /finished/ and /failed/ + bits. The entire table is not used by the auditor and its + main values cannot be validated by the auditor anyway. +* /auditors/ --- the exchange updates the /is_active/ and /last_change/ + fields. The entire table is of no concern to the auditor. + Alternatives ============ -- cgit v1.2.3