I don"t think we need to do this, but you think there could be an advantage in splitting these errors into two separate types? If the errors are unique to specific function sets, it would make it clearer which errors could be returned from which functions. I think in general this debated to be useful in the Rust ecosystem, so I"m not advocated strongly or anything, just wondering given the comments.

I don"t have a strong opinion on this. I imagine splitting initialization-exclusive errors from everything else could be useful and wouldn"t hurt. For contracts with more than just 1 non-init fn I probably wouldn"t go further with splitting the error groups. We also should consider how hard would it be to consume and decode the contract error when/if we start returning it for the failed txs.

We also should consider how hard would it be to consume and decode the contract error when/if we start returning it for the failed txs.

That"s a good point. Also, the "u32" naemspace of contract errors is shared across all error types in a single contract, so even if they were two separaet enums, it would be a bad idea to reuse integer values between them.

Definitely interested in your thoughts about how to improve the try_ interface that this function unwraps. I wasn"t sure where the right balance was when I wrote the try_ interface, so I just went right to the extreme of every error condition is catchable.

As I"m wrapping all the calls with extract_error, I can say that Result<T, Error> is the return type I"d want to see most of the time. However, I realize there could be scenarios where that"s not the case.

The conversion error on the function output doesn"t seem too useful. It"s hard for me to come up with a scenario where I would want to call another contract and then meaningfully react to the conversion error of the output value; I suspect 99.9% of the time this is just a bug in my contract and it would be ok if it trapped. I guess we need to make some decision on conversion errors in general.

The result for the error is pretty confusing; currently I"m not sure when would it be Err, so it"s hard for me to tell how valuable it is in general.

I guess we need to make some decision on conversion errors in general.

Yes definitely, this is an area we need some more thought on.

I generally with trapping, however, I"m concerned with the possibility that a contract is exploitable by another contract returning the wrong in a certain situation, that causes a trap in a situation where a contract is therefore locked into a specific state. But maybe contracts have to code for this better and ensure they can"t be locked into a state based on another contract.

The result for the error is pretty confusing; currently I"m not sure when would it be Err, so it"s hard for me to tell how valuable it is in general.

So there"s guarantee a contract returns an error defined their spec, and it"s also possible a contract returns a system error, such a trap, or an out of bounds operation on a Vec, etc. If those things happen the Err part of the Result will also be an Err containing a Status, and from a diagnostic point-of-view could be unpacked or viewed to see what that error is.

Maybe the problem is the overreliable on the nested Result, and maybe what we actually need is our own type that gives these things better names than simply Ok and Err.

Our own type could still behave like Err, even supporting htings like ? (I think).

I"m concerned with the possibility that a contract is exploitable by another contract returning the wrong in a certain situation

I think that traps should normally cause everything to be reverted, shouldn"t they?

So there"s guarantee a contract returns an error defined their spec, and it"s also possible a contract returns a system error, such a trap, or an out of bounds operation on a Vec, etc. If those things happen the Err part of the Result will also be an Err containing a Status, and from a diagnostic point-of-view could be unpacked or viewed to see what that error is.

Yeah, that"s what I imagined, however I"m not sure how would that trigger now (maybe that would matter if we make try_call to treat panics as errors?). I agree though that some custom type would be cleaner. Basically we need to emulate Box<dyn Error> in regular Rust in some way.

Ah I see the confusion, yes Rust tests do not currently behave consistently with a WASM deployment. These issues will probably address that and then the behavior you see in tests will make more sense:

• Env::assert_panic_with_status does not catch HostError"s containing Status rs-soroban-sdk#642
• Env::try_call will panic if a natively registered contract panics rs-soroban-env#430
• rollback when contract code panics rs-soroban-env#462