feat(executor): private-RPC transaction submitter#44
Merged
Conversation
Wraps `eth_sendRawTransaction` against a private-RPC endpoint so pending liquidation txs bypass the public mempool. Primary target on BSC is a bloxroute / blocknative private feed; L2 sequencer endpoints fit the same surface. - `Submitter::connect(url, timeout)` async constructor; reuses a single provider + connection pool across submissions - `submit(raw_bytes)` — posts the signed envelope, returns tx hash. Retries once on timeout (6 s default, ≈ 8 BSC blocks). Non-timeout RPC errors (revert, bad nonce, bad signature) fail immediately — no point retrying a deterministic rejection - `ChainConfig.private_rpc_url` — optional per-chain private-RPC endpoint. When unset, callers should fall back to `http_url` - `config/default.toml` now documents `BSC_PRIVATE_RPC_URL` as the expected env var for v0.1 Two unit tests: default timeout invariant, connect rejects invalid URL.
This was referenced Apr 23, 2026
Closed
[executor] charon-executor still missing from workspace members — fourth consecutive PR flagged
#199
Closed
Closed
Closed
Closed
Close #192, #193, #198. - ChainConfig.private_rpc_url becomes Option<SecretString> with a manual Debug impl that redacts both it and the new private_rpc_auth field, so API keys embedded in vendor URLs stop leaking via tracing / panic output. - Add allow_public_mempool bool (default false) as an explicit opt-in for testnet / dev. - Config::validate refuses to start when a chain has a deployed liquidator but no private_rpc_url and has not opted in to public mempool; wired into the CLI before any submitter spins up. - Rename BSC_PRIVATE_RPC_URL to CHARON_BSC_PRIVATE_RPC_URL in default.toml and .env.example; add CHARON_BSC_PRIVATE_RPC_AUTH for header-based vendors.
Close #194, #195, #196, #197, #200, #201, #202. - Submitter::connect now takes &SecretString explicitly; no silent fallback to http_url exists anywhere. - Reject any scheme other than https / wss at connect time (SubmitError::InsecureScheme). Covers http, ws, ftp, missing scheme. - Typed SubmitError (#[non_exhaustive]) replaces anyhow, with Timeout / RpcRejected / ConnectionLost / InsecureScheme / InvalidEndpoint variants; RpcError is classified so 4xx / 429 map to RpcRejected while 5xx and transport-level failures map to ConnectionLost for the caller to reconnect. - Optional bearer-token auth threaded through connect(); attached as a sensitive Authorization header for HTTP and via WsConnect::with_auth for WSS. - Remove internal retry. submit() is single-shot: the pipeline owns the staleness / re-quote decision along with the opportunity queue TTL, not the transport layer. - Debug impl on Submitter prints a scheme+host label only; the raw URL (which may embed an API key) never surfaces. - httpmock-backed tests cover hash parsing, 429 / JSON-RPC error classification, single-shot timeout under tokio::time::pause, and ConnectionLost against a closed TCP port.
obchain
added a commit
that referenced
this pull request
Apr 23, 2026
BNB_TESTNET_WS_URL / BNB_TESTNET_HTTP_URL violate the repo-wide CHARON_* namespace convention enforced on every new env var since PR #42 and PR #44. The existing mainnet BNB_* vars predate the convention and stay unrenamed pending a separate repo-wide pass — only the testnet pair, landed this branch, shifts to the compliant prefix. Renames `config/testnet.toml` substitution references and updates `.env.example` with a short note pointing at #245 so future readers see the scope. The `config_profiles` integration test exports the new names. Closes #245
…ubmit # Conflicts: # .env.example # Cargo.lock # Cargo.toml # crates/charon-core/Cargo.toml # crates/charon-core/src/config.rs # crates/charon-core/src/lib.rs # crates/charon-executor/Cargo.toml # crates/charon-executor/src/lib.rs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #19
Wraps
eth_sendRawTransactionagainst a private-RPC endpoint so pending liquidation txs bypass the public mempool (bloxroute / blocknative on BSC).Submitter::connect(url, timeout)async constructor; reuses a single provider + connection pool across submissionssubmit(raw_bytes)— posts the signed envelope, returns tx hash. Retries once on timeout (6 s default, ≈ 8 BSC blocks). Non-timeout RPC errors (revert, bad nonce, bad signature) fail immediatelyChainConfig.private_rpc_url— optional per-chain endpoint; callers fall back tohttp_urlwhen unsetconfig/default.tomldocumentsBSC_PRIVATE_RPC_URLas the expected env var for v0.1Two unit tests: default timeout invariant, connect rejects invalid URL. Live submission testing deferred until the pipeline can produce a signed tx (blocks on upstream PRs merging).
Depends on
feat/18-gas-and-nonce.