builder-specs icon indicating copy to clipboard operation
builder-specs copied to clipboard
verified publisher icon ethereum

[proposal] require proposer signature for `getHeader` request

Open 0xalpharush opened this issue 1 year ago • 1 comments

It has been shown that the getHeader API end point leaks information about unconfirmed blocks via its log bloom. I propose not allowing requests from anyone but the proposer by requiring a signature from the proposer's pubkey. If it’s profitable, searchers and builders have an incentive for block proposal to be as delayed as possible (https://github.com/flashbots/mev-boost/issues/111).

In Flashbot's implementation, the signature would be verified here: https://github.com/flashbots/mev-boost-relay/blob/cf6fd5bdba0df0ef50b3f4afb0bb7162bcf09b8a/services/api/service.go#L1162

0xalpharush avatar Dec 07 '24 16:12 0xalpharush

Relevant historic thread with more context: https://github.com/flashbots/mev-boost/issues/112

Many relays nowadays support a top-bid websocket stream, which would still keep bids public even if the getHeader endpoint requires a signature.

metachris avatar Dec 13 '24 10:12 metachris