feat: eots-manager add eots verifier #360
Conversation
|
|
I see. Correct me if I'm wrong, this verifier will be a part of the EOTS aggregator?
Yep let's move the functionality to another daemon program. In fact, I feel it might not be a part of the finality-provider repository as this targets different groups of users. If it's used in EOTS aggregator, how about we put it in the repository for EOTS aggregator? |
In our design, it doesn't do the verification in the EOTS aggregator.
The EOTS aggregator doesn't use it, but I think we can put this gRPC in the EOTS aggregator repo. @bap2pecs Wdyt? |
@SebastianElvis I think this part makes sense. so it will be confusing if the user of the chain has to run a program in the FP repo. I am in for the move as long as we don't need to share lots of code from this FP repo. I am fine to create a new repo I think a daemon should work b/c it's technically still “finality" related. and the benefit is we can reuse the CI / test frameworks here |
Correct it. Their target user is different, especially if the aggregator functions as a P2P network.
It makes sense. |
|
Yep having a new daemon for EOTS verifier sounds good to me. @gitferry wdyt? |
|
rollup users will be running EOTS verifier EOTS aggregator is run by a diff group of people but for you q offline, EOTS aggregator will still verify the EOTS before storing in its database |
|
Had an offline discussion with @SebastianElvis. A separate daemon for |
|
|
||
| const ( | ||
| homeFlag = "home" | ||
| forceFlag = "force" |
eots-verifier/config/config.go
Outdated
| defaultRollupRPC = "http://127.0.0.1:8545" | ||
| defaultRollupChainId = "42069" |
There was a problem hiding this comment.
called rollup is too specific. we should call it defaultConsumerChainRPC
There was a problem hiding this comment.
also default values should be sth that can work most of the time
but it's almost certain that the last 4 values should be changed when we run the daemon. so we should just remove those and only rely on the config file
eots-verifier/config/config.go
Outdated
| RpcListener string `long:"rpclistener" description:"the listener for RPC connections, e.g., 127.0.0.1:1234"` | ||
| BabylonRPC string `long:"babylon_rpc" description:"connect to the Babylon RPC service"` | ||
| EotsAggRPC string `long:"eots_agg_rpc" description:"connect to the EOTS Aggregator RPC service"` | ||
| RollupRPC string `long:"rollup_rpc" description:"connect to the Rollup RPC service"` |
|
|
||
| message VerifyFinalitySigRequest { | ||
| // block_number is the block which need to be verified | ||
| uint64 block_number = 1; |
There was a problem hiding this comment.
per my comments below, we need to also pass in the tx hash to be verified
also per design 3 in https://www.notion.so/snapchain/Security-Requirements-1076b96c44144e82a61b4ed393364399, we might ask FP to sign a range of blocks. so instead of verify
eots-verifier/service/server.go
Outdated
| func (s *Server) VerifyFinalitySig(ctx context.Context, req *proto.VerifyFinalitySigRequest) ( | ||
| *proto.VerifyFinalitySigResponse, error) { | ||
| height := req.BlockNumber | ||
| l2Block, err := s.rollupClient.BlockByNumber(ctx, new(big.Int).SetUint64(height)) |
There was a problem hiding this comment.
i think we shouldn't trust getting the data from the RPC. because we can't guarantee the RPC returns the same block that contains the same tx as the block the user accepts
let's think of the goal of the verifier program: to help a user to build up confidence that a tx he observes is in a block that has enough valid EOTS sigs
so the minimum input should be the tx hash. it has to be something that doesn't allow you to change this tx. block number itself doesn't provide the guarantee.
the flow should be:
- user obtains the tx hash
- user queries the RPC to get the block that contains the tx
- user gets all data (e.g. tx list) from the RPC
- user gets the signatures from the aggregator
- user gets the FP VP ...
- ...
- user verifies the EOTS signatures
add block number can ensure more security: to help a user to build up confidence that a tx he observes is in a specific block that has enough valid EOTS sigs
the flow should be:
- user obtains the tx hash
- user queries the RPC to get the block that contains the tx
- user check if the block number matches
- user gets all data (e.g. tx list) from the RPC
- user gets the signatures from the aggregator
- user gets the FP VP ...
- ...
- user verifies the EOTS signatures
eots-verifier/service/server.go
Outdated
| return bbnRes.FinalityProviders, totalPower, nil | ||
| } | ||
|
|
||
| func (s *Server) calculateValidPower(ctx context.Context, msg []byte, fpList []*bsctypes.FinalityProviderResponse, eotsInfos []*eotsservice.EOTSInfoResponse) (uint64, error) { |
There was a problem hiding this comment.
calculateTotalPowerFromEotsVerifiedFps
eots-verifier/service/server.go
Outdated
| for _, fp := range fpList { | ||
| for _, info := range eotsInfos { |
There was a problem hiding this comment.
why are there two levels of for loops?
SebastianElvis
force-pushed
the
base/consumer-chain-support
branch
from
623964e
to
2cc4a79
Compare
per my conversation w @SebastianElvis recently, it's probably better to put this in the https://github.com/babylonchain/babylon-da-sdk repo, making it kind of like a demo case for using the SDK as well If there is some code sharing needed, we can always import from this FP repo |
|
Yes, putting the EOTS verifier under a new folder of the |
Summary
Add a new daemon
eots-verifierthat provides one gRPC APIVerifyFinalitySig, the user can use it to do EOTS verification for one tx hash.Test Plan
go build -o build/eots-verifier eots-verifier/cmd/main.goeots-verifier init --home <home_dir><home_dir>/eots-verifier.confeots-verifier start --home <home_dir>TODO: