-
-
Published
Linked with GitHub
# Research direction: keeping mev-boost relays honest
One risk of the mev-boost model is data-withholding by a relay. The relay promises the block proposer a certain profit without disclosing the block content. Once the proposer signs the header, it is committed and unable to sign a different header due to the slashing conditions. If the relay fails to propagate the block or does it too late, the proposer misses a slot and instead of getting the promised profit - it gets penalized.
Mitigation is based on keeping track of relay reputation, i.e. how many successful or missed slots it is responsible for. A reputation service has been proposed as a possible solution, but this service requires a level of trust. It could disparage a honest relay by blaming it for faults, or help a dishonest relay by failing to report its missed slots.
Proving a successful slot is easy. It becomes part of the chain history. Attributing the blame for a missed slot is a challenge though. The slot could be missed due to data withholding by the relay, but also by the proposer signing the header too late. The reputation service has the freedom to decide which relays to convict and which ones to acquit.
We're researching ways to use smart contracts on EL to keep everyone honest by aligning their interest.
### Availability committee
@lightclient proposed using a decentralized availability committee instead of a centralized reputation service. The committee will receive the messages from both the proposer and the relay, attest for successful blocks by a relay, and in case of a missed slot, attribute fault based on the timing of the messages.
Availability committee goes a long way in making reputation more fair. If we could also hold its members accountable, we could have an even higher confidence.
### Preventing false positives
Caveat: We assume that the CL state will be made available to EVM via [EIP 4788](https://eips.ethereum.org/EIPS/eip-4788) or a similar mechanism. Without that, we would need CL state root oracles on EL.
We can therefore prove false-positives. If an availability committee member attests that a slot was missed, whereas in fact it was succesful, then the relay could prove it wrong by showing that the slot was actually successful.
Committee members could stake in a contract, where such a proof would slash them and reward the reporter and/or the relay. Therefore we'll be able to trust the committee to correctly report successful slots.
However, we can't prove false-negatives because either parties could cause a missed slot.
### Aligning incentives to prevent missed slots
Since we can't prove false-negatives, we can only try to make it unprofitable for either parties to cause missed slots. Unconditional payments have been proposed as a way to achieve that. One way to do that is through relay bonds locked in a contract.
If a slot has been missed and its proposer holds a signed promise from a relay, the proposer is entitled to 50% of the promised amount, to be paid out of the relay's bond.
The relay is incentivized not to withhold blocks because it has to pay 50% of the value. It is therefore unlikely that relays will withhold blocks at scale. Furthermore, it gives relays an incentive not to offer blocks too close to the deadline, to reduce the chance that they'll end up paying for an accidental miss.
In order to collect the 50% reward, the proposer has to prove that the slot was actually missed and it was penalized for it. The proposer could grief the relay by deliberately missing the slot, but it would also grief itself for a larger amount (the other 50% it would have earned, plus the amount it loses for missing a slot). Therefore griefing relays at scale seems unlikely.
Since the contract makes it expensive for either parties to cause missed slots, false-negative attacks on a relay's reputation become too expensive. The availability committee can attribute missed slots to the relay that ended up paying the 50% for them.
### Should the committee members be the relays themselves?
Since the contracts keep everyone honest, the identities of the committee members doesn't matter as long as they're staked. We could use the same contract for both types of proofs and have the relay bond double as a member stake. Relays attest the reputation of other relays and are held accountable for it.
---
Thanks to @lightclient and @ralexstokes for the helpful discussion.
@yoavw