Open michaelsproul opened 5 days ago
dapplion
commented
5 days ago Any security considerations on triggering this logic before validating the block? The most damage a proposer can do is waste bandwidth on a bad proposal. This does not seem like a big issue and can be done anyway regardless of fetch_blobs.
Else the experimental results look great
michaelsproul
commented
5 days ago We're doing this after gossip validation of the block, so we know that the proposer's signature is valid and they are a legitimate proposer for the slot.
Unless the proposer slashes themselves, the blob versioned hashes in the block header are the "true" (valid) versioned hashes for this slot. Alternatively the block could be completely invalid (but not slashable), in which case we will reject it upon completion of block processing.
As part of fetch_blobs we run gossip blob validation:
So if they are malformed (e.g. bad KZG proof), they will be rejected at this point.
TL;DR on the whole I think it's security-equivalent to processing blobs on gossip:
Proposed Changes
Optimise
fetch_blobssignificantly, by fetching blobs from the EL prior to consensus and execution verification of the block.We had noticed that we weren't getting many hits with fetch blobs, and this was because blobs were almost always arriving on gossip prior to us requesting them. Only a few times an hour would the
fetch_blobslogic actually fire.With this change I'm seeing much more frequent hits, without a substantial increase in publication bandwidth. In the last 30 mins running on mainnet there have been 116 hits, and 156 individual blobs published (out of 395 fetched).
Data here: https://docs.google.com/spreadsheets/d/1ZJIYbOPwNGa_veqUC0ywsOdzFYvh4aqJLMYqFoisA_E/edit?usp=sharing
This does imply that we're publishing around 35% of all blobs! But this will likely come down as more nodes chip in to publishing.