Optimistic Relay #285
Optimistic Relay #285
Conversation
|
Copying the FAQ from Justin in #279 (comment) Optimistic relay FAQ by Justin DrakeDoes an optimistic relay simulate blocks? Yes, an optimistic relay simulates all blocks that could have been forwarded to a proposer. Simulation just happens away from the latency-critical path. Can optimistic relaying lead to mass missed slots? Assuming no relay bug, the worst case is one missed slot per collateralised builder (prior to reactivation). The beacon chain is designed to handle missed slots. Are builders incentivised to produce invalid blocks? The builder of an invalid winning block suffers a financial loss. Moreover, a single invalid block will disable optimistic relaying for the builder, yielding a latency disadvantage pending reactivation. What recommendations do you have for optimistic relay operators? We have several recommendations for optimistic relay operators:
|
|
In the step 1 of submitting optimistic blocks, how is the value of the block determined for checking that the builder collateral is greater than the value of the block? Is it just the bid from the builder? |
|
For the record -- this change is going to be discussed at the mev-boost community call on Thursday: https://collective.flashbots.net/t/toward-an-open-research-and-development-process-for-mev-boost/464/19?u=ralexstokes |
hey! thanks for the q. yes, it is just the builder bid size. we store the builder collateral in our database and at the beginning of each slot, we update an in-memory cache with the amount of collateral that the builder has (by reading from the db). for each block they submit in that slot, we parse their submission and check the relative size of that bid versus the collateral. if the collateral exceeds the value of the bid, then we simulate optimistically. |
|
This proposal would make it hard, if not impossible, to eventually implement inclusion lists on Mev-Boost, am I right? |
i don't believe so. the full execution body is downloaded by the relay before the bid is made eligible, thus the relay could check the transactions of the body to ensure that the inclusion list transactions are present. |
This doesn't work because the relayer has no way of knowing if the transactions are valid without executing them. So a block builder that just wants to censor those transactions, can simply bid higher and claim that it included those transactions, to make the proposer lose his chance of including them. Thus inclusion lists become useless with this approach. |
just to make sure we are on the same page, let me describe the issue i think you are raising. i am using flashbots/mev-boost#215 as my reference point for what the proposed crlists in mev-boost would look like. in the current implementation (no optimistic relaying) the flow would be:
with optimistic relaying:
in that case, yes. it does seem possible for the builder to submit invalid transactions to trick the relay into thinking that it conforms to the inclusion list without actually doing so. however, the relay would still simulate the block and determine that the transactions were invalid, which results in the builder being demoted (no longer eligible to be processed optimistically). this would also result in the builder collateral being used to refund the proposer who missed their slot, thus the builder is financially punished for this behavior. overall, we acknowledge that a misbehaving builder can force a missed slot (see https://github.com/michaelneuder/opt-relay-docs/blob/main/proposal.md), but since manual intervention is required for them to return to good-standing and they are damaged reputationally and financially as a result, we expect this to be a rare event. especially in this case where the builder is essentially admitting (cryptographically) to the world that they are trying to censor, this will strongly damage the builder reputation and only delay transaction inclusion by a single slot. does that answer your question? thanks for bringing this up! it was very useful to consider it and we are keen to make sure we are building towards a future-compatible relay (the goal of the optimistic relay is to fore-run enshrined PBS, so this type of question is exactly what we hope to be answering). |
|
How about exposing through the data API whether a bid/payload was optimistic? |
This would help, we can default to not accept those bids. |
ya! i think this is a nice idea. we are also thinking about adding a public API so that a builder can check their own pubkey status.
can you expand on this? accept in what context? as a validator? |
As I mentioned above, the ability for a builder to prevent inclusion of an inclusion list, even for a single block, I believe is a deal breaker as it shifts trust assumptions from validators (or relayers in the case of not full PBS) to builders, thus invalidating any statistical analysis on censored transactions on chain. We can't prevent relayers from not checking the validity of the full execution block, but if the relayer provides the header with the info that it was optimistic we can default to local execution in that case unless the user explicitly passes a flag with a big warning |
|
There's another MEV-Boost community call later this week (Thursday, 4pm UTC): https://collective.flashbots.net/t/mev-boost-community-call-1-9-mar-2023/1367 @potuz I hope you'll come, can discuss more there too. |
would you be willing to hop on a call to discuss this further? i sent you a friend request on discord :-) |
yes, this is a great idea! we are already recording whether or not a submission is processed optimistically so this is super easy to expose via the data API: michaelneuder@61a4b28. this also allows for checking if a payload is optimistic, it just requires two steps: (1) calling get payload to get the block hash, (2) using the block has to get the specific submission and checking if it was optimistic. IMO adding the plumbing to get bool through to the payload data API is not worth it because (1) the optimistic property is semantically part of the submission, not really the getPayload call, (2) it would require an extra db read either when we call getPayload or when the data API is called. but happy to get push back on this if there is strong demand for getting the simulation status directly in the payload data API. :-) |
michaelneuder
force-pushed
the
mikeneuder-20230219-1
branch
from
374f2ec to
4e3ca5e
Compare
…#300) Bumps [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum) from 1.11.2 to 1.11.3. - [Release notes](https://github.com/ethereum/go-ethereum/releases) - [Commits](ethereum/go-ethereum@v1.11.2...v1.11.3) --- updated-dependencies: - dependency-name: github.com/ethereum/go-ethereum dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
collecting two extra timestamps in the block lifecycle
|
Codecov ReportAttention: Patch coverage is
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #285 +/- ##
===========================================
+ Coverage 18.34% 28.75% +10.40%
===========================================
Files 20 22 +2
Lines 3559 3944 +385
===========================================
+ Hits 653 1134 +481
+ Misses 2826 2666 -160
- Partials 80 144 +64
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
We'll likely merge this PR soon. |
|
hi, do we have any update on this? |
|
Closing this in favor of #380 |
NOTE: This is the amended version of the optimistic relay from #279. We made minor changes to the database schema and how we determine if a winning block was invalid in
getPayload. These changes are reflected in the description below.NOTE 2: We also wrote https://github.com/michaelneuder/opt-relay-docs/blob/main/proposal.md, which aims to motivate the utility of the optimistic relay. That document accompanies this PR and answers the
What? & Why?of the project, while this PR answersHow?📝 Summary
tl;dr; This PR implements an "optimistic" version of Flashbots' mev-boost-relay. The core idea is that we can improve the throughput and latency of block submissions by using asynchronous processing. Instead of validating each block that comes in immediately, we return early and mark the block as eligible to win the auction before checking its validity. This allows builders to submit more blocks and critically, submit blocks later in the time period of the slot. Later blocks will have more MEV and thus a higher probability of winning the block auction. All blocks sent to the relay are still validated, and only a single slot at a time is being processed optimistically. In practice we expect that the first few milliseconds of
Slot nwill handle the remainingSlot n-1optimistic blocks, which may have been received very close to the slot boundary. Proposers still use the Proposer API to select the highest bid, but there is no longer a guarantee that this block is valid (because we may not have had time to asynchronously validate it). To submit blocks in the optimistic mode, a builder must put up a collateral that is greater than the value of the blocks they are proposing. If a proposer ends up signing an invalid block, collateral from the builder of that block will be used to refund the proposer for the missed slot.📚 References
This joint work from Justin Drake, AlphaMonad, and I is a revision of michaelneuder#2. Many thanks to Chris Hager, Alex Stokes, Mateusz Morusiewicz, and Builder0x69 for feedback and support thus far!!
⛱ Motivation and Context
The changes can be described through 3 sequences:
1. Submitting optimistic blocks.
Builder APIendpoint of the relay.a. if the builder collateral is greater than the value of the block and the builder is
optimistic, run the block simulation optimistically in a different goroutine.b. the
optimistic block processoradds 1 to theoptBlock waitgroup, which is a used to synchronize all the optimistic block validations happening concurrently during the slot.c. otherwise if the builder is
highPriosend the block to thehighPrioqueue of theprio-load-balancer.d. else send the block to the
lowPrioqueue of theprio-load-balancer.2. Validating optimistic blocks.
optimistic block processorsends the block aslow-prioto theprio-load-balancerfor simulation.optimistic block processor.optBlock waitgroupis decremented by one, indicating that this goroutine has completed its tasks.3. Proposing optimistic blocks
mev-boostcallsgetHeaderon theProposer APIof the relay. This is part of theMEV-Block Block Proposalas documented in https://docs.flashbots.net/flashbots-mev-boost/architecture-overview/block-proposal.mev-boostcallsgetPayloadon theProposer APIof the relay. This triggers the publication of aSignedBeaconBlock.optBlock waitgroupis waited on. This ensures that there are no more optimistic blocks to be simulated for that slot.proposer APIchecks the database for a demotion that matches the header of the winning block. If it is present, then the simulation of the winning block must have failed, and thus a refund in necessary.proposer APIupdates the demotion table with the refund justification, which is theSignedBeaconBlockandSignedValidatorRegistration.Misc notes
✅ I have run these commands
make lintmake test-race(this gave a few errors, but i think it is likely because we are doing a lot of asynchronous processing now, not quite sure how to deal with this)go mod tidyCONTRIBUTING.md