hyperlane-xyz / hyperlane-monorepo

The home for Hyperlane core contracts, sdk packages, and other infrastructure
https://hyperlane.xyz
Other
334 stars 363 forks source link

RPC-Validator ISM #3660

Open nambrot opened 6 months ago

nambrot commented 6 months ago

Currently, whenever a new chain is being added, a dedicated validator instance has to be spun up to support the new chain, which puts a lower-bound on friction and latency to get a Hyperlane deployment. This ticket describes a new kind of validator and ISM architecture which allows the validator operator to automatically support arbitrary chains (via commitments to the RPC URL in the signature), and outsources the specification of the trust assumption in the form of the RPC URL to the ISM deployer.

Benefits

Considerations

Spec

RPC-Validator

The rpc-validator would expose a simple HTTP-based API with a single method: POST /attest_to_message with the following body:

{
  "messageId": "0x123",
  "dispatchTxId": "0x456",
  "rpcUrl": "https://rpc-url.chain.com",
  "mailboxAddress": "0x789"
  "originDomain": 42
}

The rpc-validator makes a request to the given rpc url, ensures that the message was indeed dispatched on the mailbox, and then provides an attestation to the message while also committing to the RPC URL in question.

RPC-Validator-ISM

This will have to be a new ISM type.

The rpc-validator-ISM is configured with five configuration values:

  1. address rpcValidatorAddress
  2. string validatorUrl
  3. address originMailboxAddress
  4. uint32 originDomain
  5. string rpcUrl

On verify, the ISM will take the passed in signature, and verify if the signatures commits to the configured values + messageId.

Relayer changes

The relayer will need to persist the origin TX hash of an indexed message (to bring down the RPC load on the validator). When building metadata for the message and encountering the rpc-validator-ISM, will will construct the HTTP call and make it against the configured validatorUrl and then construct the metadata with the response body.

Future Work

You can think of RPC-validators as pre-confirmations for TLS attestations from RPC providers. Like other pre-confirmation ISMs, they can be economically secured as long as there is a way to verify TLS signatures on-chain at some point. (Link to some projects)

daniel-savu commented 4 months ago

Another benefit is removing the need to set up S3, which is non-trivial.

What I'd add to this design:

nambrot commented 4 months ago