Merge branch 'main' into sigp-audit-fixes

Author: jclapis

.github/workflows/docs.yml

@@ -3,7 +3,7 @@ name: Docs
 on:
   push:
     branches:
-      - main
+      - stable
     # Review gh actions docs if you want to further define triggers, paths, etc
     # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#on
 

config.example.toml

@@ -2,7 +2,7 @@
 # Some fields are optional and can be omitted, in which case the default value, if present, will be used.
 
 # Chain spec ID. Supported values:
-# A network ID. Supported values: Mainnet, Holesky, Sepolia, Helder, Hoodi.
+# A network ID. Supported values: Mainnet, Holesky, Sepolia, Helder, Hoodi. Lower case values e.g. "mainnet" are also accepted
 # A custom object, e.g., chain = { genesis_time_secs = 1695902400, path = "/path/to/spec.json" }, with a path to a chain spec file, either in .json format (e.g., as returned by the beacon endpoint /eth/v1/config/spec), or in .yml format (see examples in tests/data).
 # A custom object, e.g., chain = { genesis_time_secs = 1695902400, slot_time_secs = 12, genesis_fork_version = "0x01017000" }.
 chain = "Holesky"
@@ -212,19 +212,21 @@ jwt_auth_fail_timeout_seconds = 300
 [signer.local.loader]
 # File: path to the keys file
 key_path = "./tests/data/keys.example.json"
-# ValidatorsDir: format of the keystore (lighthouse, prysm, teku or lodestar)
+# ValidatorsDir: format of the keystore (lighthouse, prysm, teku, lodestar, or nimbus)
 # format = "lighthouse"
 # ValidatorsDir: full path to the keys directory
-# For lighthouse, it's de path to the directory where the `<pubkey>/voting-keystore.json` directories are located.
+# For lighthouse, it's the path to the directory where the `<pubkey>` directories are located, under each of which is a `voting-keystore.json` file.
 # For prysm, it's the path to the `all-accounts.keystore.json` file.
 # For teku, it's the path to the directory where all `<pubkey>.json` files are located.
 # For lodestar, it's the path to the directory where all `<pubkey>.json` files are located.
+# For nimbus, it's the path to the directory where the `<pubkey>` directories are located, under each of which is a `keystore.json` file.
 # keys_path = ""
 # ValidatorsDir: full path to the secrets file/directory
-# For lighthouse, it's de path to the directory where the `<pubkey>.json` files are located.
+# For lighthouse, it's the path to the directory where the `<pubkey>` files are located.
 # For prysm, it's the path to the file containing the wallet decryption password.
 # For teku, it's the path to the directory where all `<pubkey>.txt` files are located.
 # For lodestar, it's the path to the file containing the decryption password.
+# For nimbus, it's the path to the directory where the `<pubkey>` files are located.
 # secrets_path = ""
 # Configuration for how the Signer module should store proxy delegations. Supported types of store are:
 #   - File: store keys and delegations from a plain text file (unsafe, use only for testing purposes)

crates/cli/src/docker_init.rs

@@ -256,7 +256,7 @@ pub async fn handle_docker_init(config_path: PathBuf, output_dir: PathBuf) -> Re
 
     if let Some(mux_config) = cb_config.muxes {
         for mux in mux_config.muxes.iter() {
-            if let Some((env_name, actual_path, internal_path)) = mux.loader_env() {
+            if let Some((env_name, actual_path, internal_path)) = mux.loader_env()? {
                 let (key, val) = get_env_val(&env_name, &internal_path);
                 pbs_envs.insert(key, val);
                 pbs_volumes.push(Volumes::Simple(format!("{}:{}:ro", actual_path, internal_path)));

crates/common/src/config/mod.rs

@@ -26,6 +26,7 @@ pub use utils::*;
 #[derive(Debug, Deserialize, Serialize)]
 pub struct CommitBoostConfig {
     pub chain: Chain,
+    #[serde(default)]
     pub relays: Vec<RelayConfig>,
     pub pbs: StaticPbsConfig,
     #[serde(flatten)]

crates/common/src/config/mux.rs

@@ -130,19 +130,29 @@ pub struct MuxConfig {
 
 impl MuxConfig {
     /// Returns the env, actual path, and internal path to use for the file
-    /// loader
-    pub fn loader_env(&self) -> Option<(String, String, String)> {
-        self.loader.as_ref().and_then(|loader| match loader {
+    /// loader. In File mode, validates the mux file prior to returning.   
+    pub fn loader_env(&self) -> eyre::Result<Option<(String, String, String)>> {
+        let Some(loader) = self.loader.as_ref() else {
+            return Ok(None);
+        };
+
+        match loader {
             MuxKeysLoader::File(path_buf) => {
-                let path =
-                    path_buf.to_str().unwrap_or_else(|| panic!("invalid path: {:?}", path_buf));
-                let internal_path = get_mux_path(&self.id);
+                let Some(path) = path_buf.to_str() else {
+                    bail!("invalid path: {:?}", path_buf);
+                };
+
+                let file = load_file(path)?;
+                // make sure we can load the pubkeys correctly
+                let _: Vec<BlsPublicKey> =
+                    serde_json::from_str(&file).wrap_err("failed to parse mux keys file")?;
 
-                Some((get_mux_env(&self.id), path.to_owned(), internal_path))
+                let internal_path = get_mux_path(&self.id);
+                Ok(Some((get_mux_env(&self.id), path.to_owned(), internal_path)))
             }
-            MuxKeysLoader::HTTP { .. } => None,
-            MuxKeysLoader::Registry { .. } => None,
-        })
+            MuxKeysLoader::HTTP { .. } => Ok(None),
+            MuxKeysLoader::Registry { .. } => Ok(None),
+        }
     }
 }
 

crates/common/src/config/pbs.rs

@@ -229,6 +229,14 @@ pub async fn load_pbs_config() -> Result<PbsModuleConfig> {
     let config = CommitBoostConfig::from_env_path()?;
     config.validate().await?;
 
+    // Make sure relays isn't empty - since the config is still technically valid if
+    // there are no relays for things like Docker compose generation, this check
+    // isn't in validate().
+    ensure!(
+        !config.relays.is_empty(),
+        "At least one relay must be configured to run the PBS service"
+    );
+
     // use endpoint from env if set, otherwise use default host and port
     let endpoint = if let Some(endpoint) = load_optional_env_var(PBS_ENDPOINT_ENV) {
         endpoint.parse()?

crates/common/src/pbs/types/beacon_block.rs

@@ -3,11 +3,8 @@ use serde::{Deserialize, Serialize};
 use ssz_derive::{Decode, Encode};
 
 use super::{
-    blinded_block_body::{BlindedBeaconBlockBodyDeneb, BlindedBeaconBlockBodyElectra},
-    blobs_bundle::BlobsBundle,
-    execution_payload::ExecutionPayload,
-    spec::{DenebSpec, ElectraSpec},
-    utils::VersionedResponse,
+    blinded_block_body::BlindedBeaconBlockBodyElectra, blobs_bundle::BlobsBundle,
+    execution_payload::ExecutionPayload, spec::ElectraSpec, utils::VersionedResponse,
 };
 
 #[derive(Debug, Default, Clone, Serialize, Deserialize, Encode, Decode)]
@@ -21,28 +18,24 @@ impl SignedBlindedBeaconBlock {
     pub fn block_hash(&self) -> B256 {
         match &self.message {
             BlindedBeaconBlock::Electra(b) => b.body.execution_payload_header.block_hash,
-            BlindedBeaconBlock::Deneb(b) => b.body.execution_payload_header.block_hash,
         }
     }
 
     pub fn block_number(&self) -> u64 {
         match &self.message {
             BlindedBeaconBlock::Electra(b) => b.body.execution_payload_header.block_number,
-            BlindedBeaconBlock::Deneb(b) => b.body.execution_payload_header.block_number,
         }
     }
 
     pub fn parent_hash(&self) -> B256 {
         match &self.message {
             BlindedBeaconBlock::Electra(b) => b.body.execution_payload_header.parent_hash,
-            BlindedBeaconBlock::Deneb(b) => b.body.execution_payload_header.parent_hash,
         }
     }
 
     pub fn slot(&self) -> u64 {
         match &self.message {
             BlindedBeaconBlock::Electra(b) => b.slot,
-            BlindedBeaconBlock::Deneb(b) => b.slot,
         }
     }
 }
@@ -51,27 +44,15 @@ impl SignedBlindedBeaconBlock {
 #[serde(untagged)]
 #[ssz(enum_behaviour = "transparent")]
 pub enum BlindedBeaconBlock {
-    Deneb(BlindedBeaconBlockDeneb),
     Electra(BlindedBeaconBlockElectra),
 }
 
 impl Default for BlindedBeaconBlock {
     fn default() -> Self {
-        Self::Deneb(BlindedBeaconBlockDeneb::default())
+        Self::Electra(BlindedBeaconBlockElectra::default())
     }
 }
 
-#[derive(Debug, Default, Clone, Serialize, Deserialize, Encode, Decode)]
-pub struct BlindedBeaconBlockDeneb {
-    #[serde(with = "serde_utils::quoted_u64")]
-    pub slot: u64,
-    #[serde(with = "serde_utils::quoted_u64")]
-    pub proposer_index: u64,
-    pub parent_root: B256,
-    pub state_root: B256,
-    pub body: BlindedBeaconBlockBodyDeneb<DenebSpec>,
-}
-
 #[derive(Debug, Default, Clone, Serialize, Deserialize, Encode, Decode)]
 pub struct BlindedBeaconBlockElectra {
     #[serde(with = "serde_utils::quoted_u64")]
@@ -84,30 +65,16 @@ pub struct BlindedBeaconBlockElectra {
 }
 
 /// Returned by relay in submit_block
-pub type SubmitBlindedBlockResponse =
-    VersionedResponse<PayloadAndBlobsDeneb, PayloadAndBlobsElectra>;
+pub type SubmitBlindedBlockResponse = VersionedResponse<PayloadAndBlobsElectra>;
 
 impl SubmitBlindedBlockResponse {
     pub fn block_hash(&self) -> B256 {
         match self {
-            VersionedResponse::Deneb(d) => d.block_hash(),
             VersionedResponse::Electra(d) => d.block_hash(),
         }
     }
 }
 
-#[derive(Debug, Default, Clone, Serialize, Deserialize, Encode, Decode)]
-pub struct PayloadAndBlobsDeneb {
-    pub execution_payload: ExecutionPayload<DenebSpec>,
-    pub blobs_bundle: BlobsBundle<DenebSpec>,
-}
-
-impl PayloadAndBlobsDeneb {
-    pub fn block_hash(&self) -> B256 {
-        self.execution_payload.block_hash
-    }
-}
-
 #[derive(Debug, Default, Clone, Serialize, Deserialize, Encode, Decode)]
 pub struct PayloadAndBlobsElectra {
     pub execution_payload: ExecutionPayload<ElectraSpec>,
@@ -128,23 +95,6 @@ mod tests {
     use super::*;
     use crate::utils::{test_encode_decode, test_encode_decode_ssz};
 
-    #[test]
-    // this is from the builder api spec, but with sync_committee_bits fixed to
-    // deserialize correctly
-    fn test_signed_blinded_block_deneb() {
-        let data = include_str!("testdata/signed-blinded-beacon-block-deneb-2.json");
-        let block = test_encode_decode::<SignedBlindedBeaconBlock>(&data);
-        assert!(matches!(block.message, BlindedBeaconBlock::Deneb(_)));
-    }
-
-    #[test]
-    // this is from mev-boost test data
-    fn test_signed_blinded_block_fb_deneb() {
-        let data = include_str!("testdata/signed-blinded-beacon-block-deneb.json");
-        let block = test_encode_decode::<SignedBlindedBeaconBlock>(&data);
-        assert!(matches!(block.message, BlindedBeaconBlock::Deneb(_)));
-    }
-
     #[test]
     // this is from mev-boost test data
     fn test_signed_blinded_block_fb_electra() {
@@ -156,11 +106,11 @@ mod tests {
     #[test]
     // this is from the builder api spec, but with blobs fixed to deserialize
     // correctly
-    fn test_submit_blinded_block_response_deneb() {
+    fn test_submit_blinded_block_response_electra() {
         let blob = alloy::primitives::hex::encode_prefixed([1; 131072]);
 
         let data = json!({
-          "version": "deneb",
+          "version": "electra",
           "data": {
             "execution_payload": {
               "parent_hash":
@@ -209,7 +159,7 @@ mod tests {
         }).to_string();
 
         let block = test_encode_decode::<SubmitBlindedBlockResponse>(&data);
-        assert!(matches!(block, SubmitBlindedBlockResponse::Deneb(_)));
+        assert!(matches!(block, SubmitBlindedBlockResponse::Electra(_)));
     }
 
     #[test]
@@ -230,21 +180,10 @@ mod tests {
     #[test]
     // this is dummy data generated with https://github.com/attestantio/go-builder-client
     fn test_execution_payload_block_ssz() {
-        let data_json = include_str!("testdata/execution-payload-deneb.json");
-        let block_json = test_encode_decode::<PayloadAndBlobsDeneb>(&data_json);
-
-        let data_ssz = include_bytes!("testdata/execution-payload-deneb.ssz");
-        let data_ssz = alloy::primitives::hex::decode(data_ssz).unwrap();
-        test_encode_decode_ssz::<PayloadAndBlobsDeneb>(&data_ssz);
-
-        assert_eq!(block_json.as_ssz_bytes(), data_ssz);
-
-        // electra and deneb have the same execution payload
-
-        let data_json = include_str!("testdata/execution-payload-deneb.json");
+        let data_json = include_str!("testdata/execution-payload-electra.json");
         let block_json = test_encode_decode::<PayloadAndBlobsElectra>(&data_json);
 
-        let data_ssz = include_bytes!("testdata/execution-payload-deneb.ssz");
+        let data_ssz = include_bytes!("testdata/execution-payload-electra.ssz");
         let data_ssz = alloy::primitives::hex::decode(data_ssz).unwrap();
         test_encode_decode_ssz::<PayloadAndBlobsElectra>(&data_ssz);
 

crates/common/src/pbs/types/blinded_block_body.rs

@@ -11,24 +11,6 @@ use super::{
     kzg::KzgCommitments, spec::EthSpec, utils::*,
 };
 
-#[derive(Debug, Default, Clone, Serialize, Deserialize, Encode, Decode)]
-#[serde(deny_unknown_fields)]
-pub struct BlindedBeaconBlockBodyDeneb<T: EthSpec> {
-    pub randao_reveal: BlsSignature,
-    pub eth1_data: Eth1Data,
-    pub graffiti: B256,
-    pub proposer_slashings: VariableList<ProposerSlashing, T::MaxProposerSlashings>,
-    pub attester_slashings: VariableList<AttesterSlashingDeneb<T>, T::MaxAttesterSlashings>,
-    pub attestations: VariableList<AttestationDeneb<T>, T::MaxAttestations>,
-    pub deposits: VariableList<Deposit, T::MaxDeposits>,
-    pub voluntary_exits: VariableList<SignedVoluntaryExit, T::MaxVoluntaryExits>,
-    pub sync_aggregate: SyncAggregate<T>,
-    pub execution_payload_header: ExecutionPayloadHeader<T>,
-    pub bls_to_execution_changes:
-        VariableList<SignedBlsToExecutionChange, T::MaxBlsToExecutionChanges>,
-    pub blob_kzg_commitments: KzgCommitments<T>,
-}
-
 #[derive(Debug, Default, Clone, Serialize, Deserialize, Encode, Decode)]
 #[serde(deny_unknown_fields)]
 pub struct BlindedBeaconBlockBodyElectra<T: EthSpec> {
@@ -93,28 +75,12 @@ pub struct ProposerSlashing {
     pub signed_header_2: SignedBeaconBlockHeader,
 }
 
-#[derive(Debug, Default, Clone, Serialize, Deserialize, Encode, Decode)]
-pub struct AttesterSlashingDeneb<T: EthSpec> {
-    pub attestation_1: IndexedAttestationDeneb<T>,
-    pub attestation_2: IndexedAttestationDeneb<T>,
-}
-
 #[derive(Debug, Default, Clone, Serialize, Deserialize, Encode, Decode)]
 pub struct AttesterSlashingElectra<T: EthSpec> {
     pub attestation_1: IndexedAttestationElectra<T>,
     pub attestation_2: IndexedAttestationElectra<T>,
 }
 
-#[derive(Debug, Default, Clone, Serialize, Deserialize, Encode, Decode)]
-#[serde(bound = "T: EthSpec")]
-pub struct IndexedAttestationDeneb<T: EthSpec> {
-    /// Lists validator registry indices, not committee indices.
-    #[serde(with = "quoted_variable_list_u64")]
-    pub attesting_indices: VariableList<u64, T::MaxValidatorsPerCommittee>,
-    pub data: AttestationData,
-    pub signature: BlsSignature,
-}
-
 #[derive(Debug, Default, Clone, Serialize, Deserialize, Encode, Decode)]
 #[serde(bound = "T: EthSpec")]
 pub struct IndexedAttestationElectra<T: EthSpec> {
@@ -145,14 +111,6 @@ pub struct Checkpoint {
     pub root: B256,
 }
 
-#[derive(Debug, Clone, Serialize, Deserialize, Encode, Decode)]
-#[serde(bound = "T: EthSpec")]
-pub struct AttestationDeneb<T: EthSpec> {
-    pub aggregation_bits: BitList<T::MaxValidatorsPerCommittee>,
-    pub data: AttestationData,
-    pub signature: BlsSignature,
-}
-
 #[derive(Debug, Clone, Serialize, Deserialize, Encode, Decode)]
 #[serde(bound = "T: EthSpec")]
 pub struct AttestationElectra<T: EthSpec> {

crates/common/src/pbs/types/execution_payload.rs

@@ -95,13 +95,13 @@ mod tests {
 
     use super::*;
     use crate::{
-        pbs::types::{execution_payload::Transactions, spec::DenebSpec},
+        pbs::{types::execution_payload::Transactions, ElectraSpec},
         utils::test_encode_decode,
     };
 
     #[test]
     fn test_empty_tx_root_hash() {
-        let txs: Transactions<DenebSpec> = VariableList::empty();
+        let txs: Transactions<ElectraSpec> = VariableList::empty();
         let txs_root = txs.tree_hash_root();
 
         assert_eq!(txs_root, EMPTY_TX_ROOT_HASH);
@@ -129,7 +129,7 @@ mod tests {
             "excess_blob_gas": "95158272"
         }"#;
 
-        let parsed = test_encode_decode::<ExecutionPayloadHeader<DenebSpec>>(&data);
+        let parsed = test_encode_decode::<ExecutionPayloadHeader<ElectraSpec>>(&data);
 
         assert_eq!(
             parsed.parent_hash,