-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
discussion: ways to improve Ethereum block proposer duty flow #1829
Comments
Another note, Proposal 2 (pushing the approach from above to its limits) To take a step back to explain why do 2 QBFT consensuses, ideally when proposing Ethereum blocks we want to have these 2 properties:
property 1) is nice to have, but perhaps can be somewhat relaxed if we want to get the most out of MEV; mentioning just for completeness (for further considerations we might have on it), stuff described below doesn't compromise on it property 2) however is a binary thing (either we have it, or we don't) and not having it means operators will miss proposing Ethereum block if they couldn't correctly guess & agree on which of
we don't really need This approach relies on a couple of hypothesis that need to be verified against real-world cluster data (preferably production data that maybe we can gather by implementing a "dry-run" version of this approach on prod cluster(s)) - even though this approach seems risker (compared to approach with |
Side-note, so far (in Proposal 1 and Proposal 2 from above) we've treated Beacon(and Relayer) node as "black box" assuming we can't expect a timely response from it along the lines of "give me the best you can in 2s" - this is reasonable to not rely on assumptions like that ofc, but perhaps we could emulate this functionality by sending multiple sequential requests to Beacon node at Proposal 3 (best overall, complex? cryptography, maybe dead end) I'm no cryptography expert, but I think some form of threshold/conditional cryptography should exist to make the following Proposal 3 viable. Lets say we have a cluster of 4 operators (servicing same validator at time let say for the taget slot QBFT leader ordering will be (2->3->4->1) - if we were to start doing QBFT ... we won't, instead every operator will sign ALL 4 blocks with his thus, at
additional notes:
This proposal will probably work best overall - in terms of treating Beacon(and Relayer) node as "black box" (yet having high Ethereum block proposal availability) as well as predictable/guaranteed latency of overall execution on SSV node(s) side (allows us to delay Ethereum block building/fetching as much as possible - for best MEV) The downsides are:
|
I'll post the findings from recent Discord discussion(s) here - so we can have it documented to revisit later (cause it seems important),
The problem
It seems relays are blocking any proposals past 4s mark of the current slot. Would it be possible to add a bypass mechanism after 4s, so that a non-MEV block is submitted? (instead of a complete miss)
Iurii mentioned our 1 and 2 rounds of proposal duty allocate 4s unevenly / sub-optimally. It might make sense to review this mechanism and timings.
another point that's not 100% clear to me is why we are starting proposer duty exactly at the start of targeted slot, I understand the currently written code works this way - but is there some fundamental limitation (perhaps DVT-related) to do it like that (answering myself: probably not) ?
from this article - https://www.blocknative.com/blog/anatomy-of-a-slot - it seems the start of targeted slot is the time where most blocks already get proposed (so they have enough time to spread through Ethereum network)
4s since slot start (call it "soft limit") also seems to be quite late/risky (otherwise the chart below would look different I think), we might want to limit it to 2.5s instead of example - and that will render round 2 useless/unnecessary btw
Potential solution - Proposal 1
There is trade-off between picking/broadcasting the proposed block sooner/later:
I'll record another round of thoughts I have here on these 1-3 findings from above, I think we can do something like this:
backup
block should be built early enough so we never really have any "delay" issues with it (doesn't matter how we get it, lets say we expect to get it at -4s seconds before target slot start time - call itTb
); we want to achieve SSV qbft consensus onbackup
block as soon as possible, but not sign on it (post-consensus phase) just yet because we don't want to double-sign (and get slashed)profitable
block (doesn't matter how we get it, lets say we expect to get it 1s after target slot start time - call itTp
); we want to achieve SSV qbft consensus onprofitable
block as soon as possible, but unlike forbackup
block there is a high likelihood we won't be able to do it in time (lets call this deadline timeTd
, that could be 2.5s after target slot start time for example); thisprofitable
block either will get decided upon by qbft or not before deadlineTd
Td
time passes and enters post-consensus phase forbackup
block (to sign it, and broadcast to Ethereum) or it reaches qbft consensus onprofitable
block beforeTd
and ditchesbackup
block altogether moving to post-consensus phaseprofitable
block) we want to gather some production data (perhaps we already have it) on how much time round 1, round 2, ... typically take - and from this data we can estimate the best qbft configuration (how many rounds we want to do in that short timespan, and what would the timeout for each round be)Will this work, or am I missing something ? If something like this could work, I guess it's not easy to implement straight away but we can slowly progress towards it. It seems like an important problem to solve.
Regarding additional resource (cpu/mem/...) consumption, sure it will cost some - but I think we won't have to query Beacon node for 2 blocks at the same time much (if at all), and it seems like block proposals are quite rare to matter in that respect anyway ?
regarding external factors (beacon node, relay):
Tb
,Tp
andTd
to fit the most common scenarios (and maybe some Beacon node request-retries, if not already)Tp
andTd
values to get the best resultsare we talking about the slashable Ethereum offense known as double signing ?
I believe for block proposal (for attestations it's similar but somewhat different) it means - Ethereum can punish validator if he has signed 2 different blocks (headers) and both of these blocks were observed by somebody (I think it might be called Watch-tower or fisher maybe), and that somebody created a proof of that and sent it out to Ethereum nodes to verify
so, if that's how Ethereum slashing for block production works - in the approach I outlined above we actually never sign 2 different blocks, only 1 block will ever be signed (ofc we'll probably need to add/adjust some logic that SSV node only ever signs 1 block at post-consesus phase even though it might have 2 blocks at hand after finishing 2 qbft consensuses prior to that - thus, post-consensus quorum needed to reconstruct validator signature can only be reached for at most 1 of the 2 blocks every SSV node prepared for target slot)
and as for who/how signed block is submitted to Ethereum network, I believe there isn't any issues with broadcasting such block from multiple different Beacon nodes at the same time (or different times) - in fact it is probably better if we can do multiple such broadcasts because then this block will reach all Ethereum nodes sooner (for Ethereum validators to be able attest to it).
The text was updated successfully, but these errors were encountered: