Consider DOS protection measures #7
Comments
|
Closing this issue as it seems to be creating confusion. For the Flashbots alpha, DOS protections were added at the relay level https://github.com/flashbots/mev-relay-js and extensive load testing was performed to mev-geth to determine DOS vector. We found that the relay is effective at eliminating all spam bundles and that in the unlikely event of a relay failure that would cause heavy bundle load, the built in mev-geth profit switcher continues to work as expected with no loss of revenue - the node effectively falls back to operating as a normal mining node. We recommend miners confused about this issue to reach out to us for technical discussions so we can help you better understand the Flashbots network architecture. Discord: https://discord.gg/WexBmA5mEh |
…er (#7) (ethereum#22989) Co-authored-by: Gary Rong <garyrong0905@gmail.com> Co-authored-by: Mikhail Kalinin <noblesse.knight@gmail.com>
* Implement geth-embedded builder API * Adjust transactions root computation (flashbots#3) * Adjust logsBloom encoding (flashbots#4) * Adjust base fee encoding (flashbots#5) * Allow resending of the same validator registration (flashbots#7) * Adjust value encoding (flashbots#9) * Adjust gas limit calculation (flashbots#8) * Show builder pubkey on index page (flashbots#10) Co-authored-by: Mateusz Morusiewicz <11313015+Ruteri@users.noreply.github.com>
Discussing with @gakonst and I wanted a place to record the conversation. One concern for the eth_sendBundle is that, while failures are not intended to land on chain, it also means that failures could be exploited by an attacker. An attacker could submit a large number of high-gas-consumption transactions that never land on chain, but still burden the miner with evaluating them.
With EIP-1559, the nature of this issue changes slightly: the transaction will still need to pay at least BASEFEE. However, the attacker could just re-sign their transaction over and over at the BASEFEE amount, and not increase their gas price to perform this replacement. Normally, 12.5% gas price is required to be accepted, but that is not the case here. Since the fee likely comes from
block.coinbase.transfer, you have to evaluate the transaction to determine the effective fee. At that point, it is already too late to protect against an attackAdditional considerations: could an attacker simply take a large quantity of existing pending transactions and throw them into a bundle? And taking that list of transactions and varying them in thousands of different ways. there's no benefit to the attacker, but it's very cheap.
We might need to consider ways the relay itself could help with these issues. We have previously discussed this.
The text was updated successfully, but these errors were encountered: