Implement Express Lane Timeboost #2561
Conversation
Updated auctioneer with research spec
…o into express-lane-timeboost
Put round check first. This fixes a test and it makes sense to let the caller know they were sending submissions for the wrong round, before telling them there was no controller for the current round.
Co-authored-by: Ganesh Vanahalli <[email protected]>
…ress-lane-timeboost-remove-express-lane-calling-sequencer
…ove-express-lane-calling-sequencer Express lane timeboost remove express lane calling sequencer
…-auction-resolution-queue-handling
…-auction-resolution-queue-handling Fix timeboost auction resolution queue handling
…ut-validation Allow wider range of RoundTimingInfo parameters, add validation, fix tests
…res-lane-timeboost-fix-pr-comments
…ments' into expres-lane-timeboost-fix-pr-comments
…pr-comments Fix minor comments from Timeboost PR
| @@ -653,6 +653,16 @@ func mainImpl() int { | |||
| } | |||
| } | |||
|
|
|||
| execNodeConfig := execNode.ConfigFetcher() | |||
| if execNodeConfig.Sequencer.Enable && execNodeConfig.Sequencer.Timeboost.Enable { | |||
| execNode.Sequencer.StartExpressLane( | |||
There was a problem hiding this comment.
this seems like it belongs inside the sequencer's Start function?
| messagesBySequenceNumber map[uint64]*timeboost.ExpressLaneSubmission | ||
| } | ||
|
|
||
| type contractAdapter struct { |
There was a problem hiding this comment.
this is great!
It deserves to be in a separate file, and should have a few lines documenting why it exists and which contract funs are supported.
| } | ||
|
|
||
| func (a *contractAdapter) SubscribeFilterLogs(ctx context.Context, q ethereum.FilterQuery, ch chan<- types.Log) (ethereum.Subscription, error) { | ||
| panic("contractAdapter doesn't implement SubscribeFilterLogs - shouldn't be needed") |
There was a problem hiding this comment.
don't panic. return an error (same for CodeAt)
| roundControl: lru.NewCache[uint64, *expressLaneControl](8), // Keep 8 rounds cached. | ||
| auctionContractAddr: auctionContractAddr, | ||
| roundDuration: roundDuration, | ||
| logs: make(chan []*types.Log, 10_000), |
There was a problem hiding this comment.
buffer seems excessive. If we've filled thousands of logs something is wrong and the queue's capacity will only make it worse.
| Start: fromBlock, | ||
| End: &toBlock, | ||
| } | ||
| it, err := es.auctionContract.FilterAuctionResolved(filterOpts, nil, nil, nil) |
There was a problem hiding this comment.
Why do we filter for auction resolved? seems like all we really need is SetExpressLaneController. If there's anything to be understood from AuctionResolved it can be done by looking at events outside nitro
| if msg.AuctionContractAddress != es.auctionContractAddr { | ||
| return errors.Wrapf(timeboost.ErrWrongAuctionContract, "msg auction contract address %s does not match sequencer auction contract address %s", msg.AuctionContractAddress, es.auctionContractAddr) | ||
| } | ||
| currentRound := timeboost.CurrentRound(es.initialTimestamp, es.roundDuration) |
There was a problem hiding this comment.
I've made comments about it elsewhere:
- laways passing around initialTimestamp and roundDuration is really cumbersome
- I think you must take a timestamp when starting to process an incoming message and treat everything from that point as if that's the timestamp
| // If the tx failed, clear it from the sequence map. | ||
| delete(es.messagesBySequenceNumber, msg.SequenceNumber) | ||
| return err | ||
| } |
There was a problem hiding this comment.
Are we doing anything with messagesBySequenceNumber? any reason to keep messages in the map if err == nil?
| // TODO: Should not be a crit. | ||
| log.Crit("Could not get latest header", "err", err) | ||
| } | ||
| fromBlock := latestBlock.Number.Uint64() |
There was a problem hiding this comment.
first scan should probably start before current block because an older block might have info for the next round.
A static number of blocks that relates to 1-2 rounds is probably good enough.
| } | ||
| fromBlock := latestBlock.Number.Uint64() | ||
| for { | ||
| select { |
There was a problem hiding this comment.
instead of putting logic under the timer we usually do
for {
..logic..
select {
case <-ctx.Done()
case <-time.After()
}
}
select could come either before or after loic
| } | ||
| sender := crypto.PubkeyToAddress(*pubkey) | ||
| control, ok := es.roundControl.Get(msg.Round) | ||
| if !ok { |
There was a problem hiding this comment.
this can be checked earlier, before we extract signature
|
|
Background
At the time of writing, the Arbitrum sequencer is centralized and offers a first-come, first-serve transaction ordering policy. Txs have a current delay of approximately 250ms, which is the time the sequencer takes to produce an ordered list of txs to emit in the form of an L2 block. The current policy does not handle MEV that occurs naturally on L2, and leads to latency races offline to get faster access to the sequencer ingress server.
A new policy has been proposed, known as Express Lane Timeboost, which allows participants to bid for the rights of priority sequencing using their funds instead of hardware. In “rounds” that start at each minute mark, participants can submits bids to participate in a sealed, second-price auction for control of the next round’s “express lane”. During a round, all non-express lane txs get their first arrival timestamp delayed by some amount of time (250ms), while the express lane controller does not. The express lane controller can also choose to transfer their rights in a round.
The sequencer itself does not need to manage auctions, but simply needs to know the current round number and the address of the express lane controller for that round. From there, it can delay non-express lane txs by a nominal amount required by the protocol and validate that a tx should go through the express lane.
This PR contains the complete implementation of the system with all its components. The smart contract changes are contained within OffchainLabs/nitro-contracts/tree/express-lane-auction-all-merged.
Basic Readings
To read more about timeboost, see the AIP, the research specification, and design doc although the design doc is not fully updated yet.
Reviewing
Recommend to look at the basic readings, then look at
system_tests/timeboost_test.goto understand how it all fits together. Then, look at bid validator and auctioneer. Finally, the sequencer changes.Features
Sequencer Changes
The changes to the sequencer hot path are quite simple. In a nutshell, if a transaction is received, it checks the following:
If timeboost is enabled AND there is an express lane controller set AND it is not coming from the express lane, it delays the tx's first arrival timestamp by some amount (250ms).
To determine if a transaction is a valid express lane tx, the sequencer runs a background thread called the
expressLaneService, which is scraping events from the ExpressLaneAuction.sol smart contract. Express lane transactions arrive via a different sequencer endpoint than the normal one, calledtimeboost_sendExpressLaneTransaction. The message looks as follows:{ "type": "object", "properties": { "chainId": { "type": "bigInt", "description": "chain id of the target chain" }, "round": { "type": "uint64", "description": "round number (0-indexed) for the round the bidder wants to become the controller of" }, "auctionContractAddress": { "type": "address", "description": "hex string of the auction contract address that the bid corresponds to" }, "sequenceNumber": { "type": "uint64", "description": "the per-round nonce of express lane submissions. Each submission to the express lane during a round increases this sequence number by one, and if submissions are received out of order, the sequencer will queue them for processing in order. This is reset to 0 at each round" }, "transaction": { "type": "bytes", "description": "hex string of the RLP encoded transaction payload that submitter wishes to be sequenced through the express lane" }, "options": { "type": "ArbitrumConditionalOptions", "description": "conditional options for Arbitrum transactions, supported by normal sequencer endpoint https://github.com/OffchainLabs/go-ethereum/blob/48de2030c7a6fa8689bc0a0212ebca2a0c73e3ad/arbitrum_types/txoptions.go#L71" }, "signature": { "type": "bytes", "description": "Ethereum signature over the bytes encoding of (keccak256(TIMEBOOST_BID), padTo32Bytes(chainId), auctionContractAddress, uint64ToBytes(round), uint64ToBytes(sequenceNumber), transaction)" } }, }The submission itself contains a tx payload, which MAY not be from the express lane controller. As long as the submission is signed by the controller, that is sufficient. Submissions have a specific nonce, called a sequence, to ensure that submissions are processed in order. This is different from the inner nonce of the payload tx. The sequencer keeps a queue of submissions and ensures it processes them in order. That is, if a submission N is received before N-1, it will get queued for submission once N arrives.
Bid Validator Architecture
Bids are limited to 5 bids per sender, but there are no limits to the number of bidders in a single round. To alleviate potential scaling concerns, we adopt a simple architecture of separating the bid validators from the auctioneer. The bid validators filter out invalid items and publish validated results to a Redis stream. In a simplified diagram, here's what it will look like:
Dependencies Added
Notes
There are several parts of this implementation that are likely not ideal:
Chicken and the egg problem in sequencer
Cannot start sequencer without express lane, but cannot deploy auction for express lane without starting sequencer. To solve this in tests, we have a separate func called
StartExpressLaneServicein the sequencer. In prod, we don’t have this issue because we can deploy the contracts before we upgrade the sequencer to timeboost, but what to do about tests?Janky prioritizing of auction resolution txs
The sequencer exposes an authenticated endpoint
auctioneer_submitAuctionResolutionTransactionover the JWT Auth RPC for the auctioneer to use. When the auctioneer is ready to resolve an auction, it submits a tx to this endpoint, which the sequencer verifies for integrity. Then, the sequencer does the following:it immediately tries to put the item in the queue and create block. It also sets the tx as a property of the sequencer struct, and in the
createBlockfunc, if this field is not nil, it gets put at the top of the queue. This is a bit janky in how it works and perhaps inefficient. Is there another way to prioritize a tx in the sequencer?Sequencer opens an http connection to itself
The sequencer has a thread called
expressLaneServicewhich reads events from the auction smart contracts on L2 to determine express lane controllers. Because the sequencer does not havefiltersystemAPI access, we instead open an RPC client against itself so we can create anethclientto read logs and data from onchain. This doesn't seem idealReferences