Multisig approve call should return error data back to the user

[aarshkshah1992]

Closes #1251 .

[aarshkshah1992]

@arajasek One question:

Why does this function "succeed" i.e. we return an Ok value from this function even though the transaction fails ?

[Stebalien]

Because we successfully fail. If we returned an error, we'd revert the multisig's state leaving the pending message in the state. The user would then have to send a second message to "abort" it.

This is one of the many reasons we want to let users deploy their own smart contracts/actors. Because there's no "one size fits all" answer here.

[arajasek]

Expanding just a bit, I think "philosophically" it makes sense to succeed here. When this method is called (or a top-level "approve and execute" method is called), you're asked to execute the transaction, if possible. If for some reason the transaction isn't executable, that's a failure.

But if the transaction executes-and-fails, that's not really a failure for the top-level viewer. We were asked to execute the tx, we were able to do so, and the result of that execution happened to be a failure.

But @Stebalien is right, there are definitely users who won't want this behaviour, so getting this out of built-in actors would be great.

[codecov-commenter]

Codecov Report

Merging #1422 (d31a116) into master (582b0be) will increase coverage by 0.06%.
The diff coverage is 100.00%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1422      +/-   ##
==========================================
+ Coverage   91.03%   91.10%   +0.06%     
==========================================
  Files         145      145              
  Lines       27848    27850       +2     
==========================================
+ Hits        25352    25373      +21     
+ Misses       2496     2477      -19     

Files	Coverage Δ
actors/multisig/src/lib.rs	95.50% <100.00%> (+0.77%)	⬆️

... and 6 files with indirect coverage changes

[Stebalien]

LGTM although, if we follow the process, this should wait until nv22. On the other hand, I'd kind of like to just merge it... (it doesn't change any APIs and may make debugging smart contracts controlled by multisigs easier).

[Stebalien]

Because we successfully fail. If we returned an error, we'd revert the multisig's state leaving the pending message in the state. The user would then have to send a second message to "abort" it.

This is one of the many reasons we want to let users deploy their own smart contracts/actors. Because there's no "one size fits all" answer here.

[Stebalien]

@arajasek thoughts on merging/punting?

[arajasek]

LGTM, but I do think it should wait till nv22 -- so merge now (into master), and it'll get carried into the next network upgrade.

[arajasek]

Expanding just a bit, I think "philosophically" it makes sense to succeed here. When this method is called (or a top-level "approve and execute" method is called), you're asked to execute the transaction, if possible. If for some reason the transaction isn't executable, that's a failure.

But if the transaction executes-and-fails, that's not really a failure for the top-level viewer. We were asked to execute the tx, we were able to do so, and the result of that execution happened to be a failure.

But @Stebalien is right, there are definitely users who won't want this behaviour, so getting this out of built-in actors would be great.