Add flashtestations builder transaction trait to payload builder

Cargo.toml

@@ -106,7 +106,7 @@ revm = { version = "27.0.2", features = [
     "optional_balance_check",
 ], default-features = false }
 revm-inspectors = { version = "0.26.5", default-features = false }
-op-revm = { version = "8.0.2", default-features = false }
+op-revm = { version = "8.0.2", features = ["serde"], default-features = false }
 
 ethereum_ssz_derive = "0.9.0"
 ethereum_ssz = "0.9.0"

README.md

@@ -44,23 +44,31 @@ cargo run -p op-rbuilder --bin op-rbuilder -- node \
 
 ### Flashtestations 
 
+Flashtestations is a feature that enables Trusted Execution Environment (TEE) attestation for block building. It provides cryptographic proof that blocks were built within a secure enclave, ensuring the integrity and confidentiality of the block building process.
+
+#### Usage
+
 To run op-rbuilder with flashtestations:
 
 ```bash
-cargo run -p op-rbuilder --bin op-rbuilder --features=flashtestations -- node \
+cargo run -p op-rbuilder --bin op-rbuilder -- node \
     --chain /path/to/chain-config.json \
     --http \
     --authrpc.port 9551 \
     --authrpc.jwtsecret /path/to/jwt.hex \
     --flashtestations.enabled \
-    --flashtestations.rpc-url your-rpc-url \ # rpc to submit the attestation transaction to
     --flashtestations.funding-amount 0.01 \ # amount in ETH to fund the TEE generated key
     --flashtestations.funding-key secret-key \ # funding key for the TEE key
     --flashtestations.registry-address 0xFlashtestationsRegistryAddress \
-    flashtestations.builder-policy-address 0xBuilderPolicyAddress
+    --flashtestations.builder-policy-address 0xBuilderPolicyAddress
 ```
 
-Note that `--rollup.builder-secret-key` must be set and funded in order for the flashtestations key to be funded and submit the attestation on-chain.
+#### Additional CLI Config
+
+- `--flashtestations.enable-block-proofs`: Enable end-of-block transaction proofs that verify the block was built within a TEE
+- `--flashtestations.debug`: Enable debug mode with a deterministic TEE key and debug attestation server for testing and development
+- `--flashtestations.quote-provider <URL>`: Specify a remote URL to provide an attestation instead of generating a quote in process
+- `--flashtestations.rpc-url <URL>`: Use a remote rpc provider to submit attestations to
 
 ## Observability
 
@@ -189,4 +197,4 @@ More instructions on installing and configuring `act` can be found on [their web
 ### Known issues
 
 -   Running actions locally require a Github Token. You can generate one by following instructions on [Github Docs](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens). After generating a token you will need to pass it to `act` either through the command line using `-s GITHUB_TOKEN=<your token>` or by adding it to the `~/.config/act/actrc` file.
--   You might get an error about missing or incompatible `warp-ubuntu-latest-x64-32x` platform. This can be mitigated by adding `-P warp-ubuntu-latest-x64-32x=ghcr.io/catthehacker/ubuntu:act-latest` on the command line when calling `act` or appending this flag to `~/.config/act/actrc`
+-   You might get an error about missing or incompatible `warp-ubuntu-latest-x64-32x` platform. This can be mitigated by adding `-P warp-ubuntu-latest-x64-32x=ghcr.io/catthehacker/ubuntu:act-latest` on the command line when calling `act` or appending this flag to `~/.config/act/actrc`

crates/op-rbuilder/Cargo.toml

@@ -59,6 +59,7 @@ alloy-primitives.workspace = true
 alloy-consensus.workspace = true
 alloy-contract.workspace = true
 alloy-eips.workspace = true
+alloy-evm.workspace = true
 alloy-rpc-types-beacon.workspace = true
 alloy-rpc-types-engine.workspace = true
 alloy-transport-http.workspace = true
@@ -121,6 +122,7 @@ http = "1.0"
 sha3 = "0.10"
 hex = "0.4"
 ureq = "2.10"
+k256 = "0.13.4"
 
 rollup-boost = { git = "http://github.com/flashbots/rollup-boost", branch = "main" }
 

crates/op-rbuilder/src/builders/builder_tx.rs

@@ -1,32 +1,246 @@
+use alloy_consensus::TxEip1559;
+use alloy_eips::{eip7623::TOTAL_COST_FLOOR_PER_TOKEN, Encodable2718};
+use alloy_evm::Database;
+use alloy_primitives::{
+    map::foldhash::{HashSet, HashSetExt},
+    Address, TxKind,
+};
+use core::fmt::Debug;
+use op_alloy_consensus::OpTypedTransaction;
+use op_revm::OpTransactionError;
+use reth_evm::{eth::receipt_builder::ReceiptBuilderCtx, ConfigureEvm, Evm};
+use reth_node_api::PayloadBuilderError;
 use reth_optimism_primitives::OpTransactionSigned;
 use reth_primitives::Recovered;
+use reth_provider::{ProviderError, StateProvider};
+use reth_revm::State;
+use revm::{
+    context::result::{EVMError, ResultAndState},
+    DatabaseCommit,
+};
+use tracing::{debug, warn};
 
-use crate::tx_signer::Signer;
+use crate::{
+    builders::context::OpPayloadBuilderCtx, primitives::reth::ExecutionInfo, tx_signer::Signer,
+};
 
-pub trait BuilderTx {
-    fn estimated_builder_tx_gas(&self) -> u64;
-    fn estimated_builder_tx_da_size(&self) -> Option<u64>;
-    fn signed_builder_tx(&self) -> Result<Recovered<OpTransactionSigned>, secp256k1::Error>;
+pub struct BuilderTransactionCtx {
+    pub gas_used: u64,
+    pub da_size: u64,
+    pub signed_tx: Recovered<OpTransactionSigned>,
+}
+
+/// Possible error variants during construction of builder txs.
+#[derive(Debug, thiserror::Error)]
+pub enum BuilderTransactionError {
+    /// Thrown when builder account load fails to get builder nonce
+    #[error("failed to load account {0}")]
+    AccountLoadFailed(Address),
+    /// Thrown when signature signing fails
+    #[error("failed to sign transaction: {0}")]
+    SigningError(secp256k1::Error),
+    /// Unrecoverable error during evm execution.
+    #[error("evm execution error {0}")]
+    EvmExecutionError(Box<dyn core::error::Error + Send + Sync>),
+    /// Any other builder transaction errors.
+    #[error(transparent)]
+    Other(Box<dyn core::error::Error + Send + Sync>),
+}
+
+impl From<secp256k1::Error> for BuilderTransactionError {
+    fn from(error: secp256k1::Error) -> Self {
+        BuilderTransactionError::SigningError(error)
+    }
+}
+
+impl From<EVMError<ProviderError, OpTransactionError>> for BuilderTransactionError {
+    fn from(error: EVMError<ProviderError, OpTransactionError>) -> Self {
+        BuilderTransactionError::EvmExecutionError(Box::new(error))
+    }
+}
+
+impl From<BuilderTransactionError> for PayloadBuilderError {
+    fn from(error: BuilderTransactionError) -> Self {
+        match error {
+            BuilderTransactionError::EvmExecutionError(e) => {
+                PayloadBuilderError::EvmExecutionError(e)
+            }
+            _ => PayloadBuilderError::Other(Box::new(error)),
+        }
+    }
+}
+
+pub trait BuilderTransactions: Debug {
+    fn simulate_builder_txs<Extra: Debug + Default>(
+        &self,
+        state_provider: impl StateProvider + Clone,
+        info: &mut ExecutionInfo<Extra>,
+        ctx: &OpPayloadBuilderCtx,
+        db: &mut State<impl Database>,
+    ) -> Result<Vec<BuilderTransactionCtx>, BuilderTransactionError>;
+
+    fn add_builder_txs<Extra: Debug + Default>(
+        &self,
+        state_provider: impl StateProvider + Clone,
+        info: &mut ExecutionInfo<Extra>,
+        builder_ctx: &OpPayloadBuilderCtx,
+        db: &mut State<impl Database>,
+    ) -> Result<(), BuilderTransactionError> {
+        {
+            let mut evm = builder_ctx
+                .evm_config
+                .evm_with_env(&mut *db, builder_ctx.evm_env.clone());
+
+            let mut invalid: HashSet<Address> = HashSet::new();
+            // simulate builder txs on the top of block state
+            let builder_txs =
+                self.simulate_builder_txs(state_provider, info, builder_ctx, evm.db_mut())?;
+            for builder_tx in builder_txs {
+                if invalid.contains(&builder_tx.signed_tx.signer()) {
+                    debug!(target: "payload_builder", tx_hash = ?builder_tx.signed_tx.tx_hash(), "builder signer invalid as previous builder tx reverted");
+                    continue;
+                }
+
+                let ResultAndState { result, state } = evm
+                    .transact(&builder_tx.signed_tx)
+                    .map_err(|err| BuilderTransactionError::EvmExecutionError(Box::new(err)))?;
+
+                if !result.is_success() {
+                    warn!(target: "payload_builder", tx_hash = ?builder_tx.signed_tx.tx_hash(), "builder tx reverted");
+                    invalid.insert(builder_tx.signed_tx.signer());
+                    continue;
+                }
+
+                // Add gas used by the transaction to cumulative gas used, before creating the receipt
+                let gas_used = result.gas_used();
+                info.cumulative_gas_used += gas_used;
+
+                let ctx = ReceiptBuilderCtx {
+                    tx: builder_tx.signed_tx.inner(),
+                    evm: &evm,
+                    result,
+                    state: &state,
+                    cumulative_gas_used: info.cumulative_gas_used,
+                };
+                info.receipts.push(builder_ctx.build_receipt(ctx, None));
+
+                // Commit changes
+                evm.db_mut().commit(state);
+
+                // Append sender and transaction to the respective lists
+                info.executed_senders.push(builder_tx.signed_tx.signer());
+                info.executed_transactions
+                    .push(builder_tx.signed_tx.into_inner());
+            }
+
+            // Release the db reference by dropping evm
+            drop(evm);
+
+            Ok(())
+        }
+    }
 }
 
 // Scaffolding for how to construct the end of block builder transaction
 // This will be the regular end of block transaction without the TEE key
-#[derive(Clone)]
+#[derive(Debug, Clone)]
 pub struct StandardBuilderTx {
     #[allow(dead_code)]
     pub signer: Option<Signer>,
 }
 
-impl BuilderTx for StandardBuilderTx {
-    fn estimated_builder_tx_gas(&self) -> u64 {
-        todo!()
+impl StandardBuilderTx {
+    pub fn new(signer: Option<Signer>) -> Self {
+        Self { signer }
     }
 
-    fn estimated_builder_tx_da_size(&self) -> Option<u64> {
-        todo!()
+    pub fn simulate_builder_tx(
+        &self,
+        ctx: &OpPayloadBuilderCtx,
+        db: &mut State<impl Database>,
+    ) -> Result<Option<BuilderTransactionCtx>, BuilderTransactionError> {
+        match self.signer {
+            Some(signer) => {
+                let message: Vec<u8> = format!("Block Number: {}", ctx.block_number()).into_bytes();
+                let gas_used = self.estimate_builder_tx_gas(&message);
+                let signed_tx = self.signed_builder_tx(ctx, db, signer, gas_used, message)?;
+                let da_size = op_alloy_flz::tx_estimated_size_fjord_bytes(
+                    signed_tx.encoded_2718().as_slice(),
+                );
+                Ok(Some(BuilderTransactionCtx {
+                    gas_used,
+                    da_size,
+                    signed_tx,
+                }))
+            }
+            None => Ok(None),
+        }
     }
 
-    fn signed_builder_tx(&self) -> Result<Recovered<OpTransactionSigned>, secp256k1::Error> {
-        todo!()
+    fn estimate_builder_tx_gas(&self, input: &[u8]) -> u64 {
+        // Count zero and non-zero bytes
+        let (zero_bytes, nonzero_bytes) = input.iter().fold((0, 0), |(zeros, nonzeros), &byte| {
+            if byte == 0 {
+                (zeros + 1, nonzeros)
+            } else {
+                (zeros, nonzeros + 1)
+            }
+        });
+
+        // Calculate gas cost (4 gas per zero byte, 16 gas per non-zero byte)
+        let zero_cost = zero_bytes * 4;
+        let nonzero_cost = nonzero_bytes * 16;
+
+        // Tx gas should be not less than floor gas https://eips.ethereum.org/EIPS/eip-7623
+        let tokens_in_calldata = zero_bytes + nonzero_bytes * 4;
+        let floor_gas = 21_000 + tokens_in_calldata * TOTAL_COST_FLOOR_PER_TOKEN;
+
+        std::cmp::max(zero_cost + nonzero_cost + 21_000, floor_gas)
+    }
+
+    fn signed_builder_tx(
+        &self,
+        ctx: &OpPayloadBuilderCtx,
+        db: &mut State<impl Database>,
+        signer: Signer,
+        gas_used: u64,
+        message: Vec<u8>,
+    ) -> Result<Recovered<OpTransactionSigned>, BuilderTransactionError> {
+        let nonce = db
+            .load_cache_account(signer.address)
+            .map(|acc| acc.account_info().unwrap_or_default().nonce)
+            .map_err(|_| BuilderTransactionError::AccountLoadFailed(signer.address))?;
+
+        // Create the EIP-1559 transaction
+        let tx = OpTypedTransaction::Eip1559(TxEip1559 {
+            chain_id: ctx.chain_id(),
+            nonce,
+            gas_limit: gas_used,
+            max_fee_per_gas: ctx.base_fee().into(),
+            max_priority_fee_per_gas: 0,
+            to: TxKind::Call(Address::ZERO),
+            // Include the message as part of the transaction data
+            input: message.into(),
+            ..Default::default()
+        });
+        // Sign the transaction
+        let builder_tx = signer
+            .sign_tx(tx)
+            .map_err(BuilderTransactionError::SigningError)?;
+
+        Ok(builder_tx)
+    }
+}
+
+impl BuilderTransactions for StandardBuilderTx {
+    fn simulate_builder_txs<Extra: Debug + Default>(
+        &self,
+        _state_provider: impl StateProvider + Clone,
+        _info: &mut ExecutionInfo<Extra>,
+        ctx: &OpPayloadBuilderCtx,
+        db: &mut State<impl Database>,
+    ) -> Result<Vec<BuilderTransactionCtx>, BuilderTransactionError> {
+        let builder_tx = self.simulate_builder_tx(ctx, db)?;
+        Ok(builder_tx.into_iter().collect())
     }
 }