Ethereum Protocol Fellowship (EPF) Cohort 7 — Applications open until May 13

ePBS Breakout #028

2025-12-05 Agenda: #1801 canonical JSON

Transcript

00:00:29
Justin Traglia:Hello, everyone. Welcome to EPBS Breakout Call 28.
00:00:37
Justin Traglia:There's a lot to go over today, so I'll probably jump right in. I'd like to quickly state that since the previous breakout room call, there has been a new consensus specs release.
00:00:51
Justin Traglia:We can and will publish a new release soon, if plants want it.
00:00:56
Justin Traglia:I've shared the list of PRs.
00:00:58
Justin Traglia:Since the last breakout call.
00:01:02
Justin Traglia:The ones that have been merged have been checked.
00:01:05
Justin Traglia:So, for the unmerged ones, please take a moment to review them.
00:01:09
Justin Traglia:If you haven't already.
00:01:14
Justin Traglia:And, one final note,
00:01:18
Justin Traglia:The… sorry, the final breakout call will be on December 19th, 2025.
00:01:24
Justin Traglia:After that, all of the,
00:01:27
Justin Traglia:The last discussions will move to ACDT.
00:01:30
Justin Traglia:Which will be dedicated to Glamsterdam.
00:01:34
Justin Traglia:Let's start with… or sorry, let's… let's do, updates from client teams. Is there anyone here from Prism that can give us an update on their implementation?
00:01:44
terence:We haven't made much progress last week because of Fusaka. Yeah.
00:01:50
Justin Traglia:That makes sense.
00:02:04
Justin Traglia:Okay, no one here from my house. Taku, please?
00:02:10
Enrico Del Fante (tbenr):Yeah, not as much progress, as well. We are… we are currently working on…
00:02:19
Enrico Del Fante (tbenr):Gossip validation rules, mostly.
00:02:25
Enrico Del Fante (tbenr):Yeah, not yet fully ready.
00:02:35
Justin Traglia:Oh, hey Dustin. I just asked for an update on… from Nimbus on, glass implementations.
00:02:46
Dustin:And was one provided? I obviously don't have context.
00:02:50
Justin Traglia:Asked right as he joined.
00:02:56
Dustin:So, this is something that both of, I guess, Caleb, my understanding, has been showing up here? I don't know, he tells me. And yeah, we've merged, more EPBS support into
00:03:13
Dustin:In an ongoing way. I don't know if there's a specific, set of specs or aspect of EPBS that you're…
00:03:21
Dustin:Asking about in this context?
00:03:23
Dustin:But yeah, we're continuing.
00:03:27
Justin Traglia:Okay. That's good enough.
00:03:30
Justin Traglia:Lodestar? How is your work going?
00:03:35
nflaig:So yesterday, we merged a pretty big PR for the state transition, and we passed all the spec tests from 161. And there's work in progress for P2P and block building.
00:03:50
Justin Traglia:Nice. And last but not least, Grandine.
00:03:56
Subhasish:Yeah, I can take this one.
00:03:59
Subhasish:So, from last meet, we have the… we have, closed the PRs on, Sync Manager, and,
00:04:06
Subhasish:Sync Manager changes for envelopes, plus, request response, changes for envelopes, and, the support for payload, timeless committee assignment, and, its integration into Blog Producer. We have some, open PRs on,
00:04:26
Subhasish:On the gossips of handling for,
00:04:31
Subhasish:envelopes and bits. I think for, attestation, it was, recently merged. There's an open PR for, local blog building.
00:04:40
Subhasish:And on the fork choice, side, we have, initial implementation that's, passing, the initial, gloss tests, which are added, and, yeah, we're, looking into that, that aspect mostly.
00:05:12
Dustin:So, I'm… I'm told, I don't know, is Caleb on this call yet? Like, is he, is he… I hadn't see if he… Yeah, he is, hi. Okay, so…
00:05:24
Dustin:So, so I would like to actually hand this over to him, who has a lot more context on this than I do. Alright.
00:05:38
Dustin:As far as the EPPS and Nimbus?
00:05:44
Justin Traglia:Caleb, do you have any updates other than what Dustin said?
00:05:56
Justin Traglia:Let's move on to the agenda items, I suppose. Thanks for the updates from clients.
00:06:03
Justin Traglia:I don't know what your first name is, but JCS Legal?
00:06:07
Justin Traglia:Could you, talk about the dynamic penalty proposal that you brought up?
00:06:13
christophschlegel:Right, yeah, I'm Christoph. J is for Jan.
00:06:18
christophschlegel:But you can call me Christopher. Okay, I can have some slides.
00:06:26
christophschlegel:Which I'm not able to share.
00:06:33
christophschlegel:You can also do it without slides,
00:06:35
christophschlegel:Or if somebody gives me the rights to…
00:06:40
Potuz:You might have the rights to make you a co-host, or something like that?
00:06:45
Justin Traglia:I could also stop sharing, I don't know if that's the reason.
00:06:48
Enrico Del Fante (tbenr):Yeah, maybe you have to start stop sharing, and then try again.
00:06:52
Justin Traglia:Alright, please try again.
00:06:54
christophschlegel:Oh, that's Wix.
00:07:00
christophschlegel:Okay, does this work?
00:07:09
christophschlegel:Okay, so this is how Nana Banana…
00:07:14
christophschlegel:Imagines EPPS to look like, and this is a free option problem on the right-hand side.
00:07:18
christophschlegel:That's what I wanted to talk about. So, Bruno and I have been, investigating this free auction problem.
00:07:25
christophschlegel:To remind you, so that the problem is that…
00:07:29
christophschlegel:you have commitment to a payload, but you don't reveal it when you make your bid.
00:07:36
christophschlegel:And then you have time to reel payload and blobs, and there's a time window between
00:07:44
christophschlegel:Commitment and revelation, and people might change their mind in between whether the block that they want to publish is actually a reasonable block, and the way to exploit it is to…
00:07:55
christophschlegel:Put usually a bunch of trades in your blog, and if they go against you, the market goes against you, you basically don't publish.
00:08:07
christophschlegel:publish a block. And the gadget that you would use for that would be, you fail to… usually you fail to deliver a block, so that's a free option problem.
00:08:16
christophschlegel:We were looking into different mitigations, and,
00:08:23
christophschlegel:Have looked in particular into penalties and reward schemes, so we penalize, if you miss a payload or a blob.
00:08:32
christophschlegel:And… or we… we reward you for doing that, if you deliver it.
00:08:37
christophschlegel:And, we've gone through a bunch of things, and the most promising to us is dynamic penalties, where we, put the… where we use,
00:08:50
christophschlegel:basically the… we introduce correlation, in… so we punish correlated failures, more severely than isolated failures. So the idea is if you…
00:09:02
christophschlegel:fail from time to time to deliver a payload. That's basically a very small penalty, but if we observe a lot of those,
00:09:11
christophschlegel:Fair payloads, then we increase penalties, to…
00:09:17
christophschlegel:basically punish people for which something that looks like a free option exploitation.
00:09:24
christophschlegel:And the rationale behind that is that, first of all, it's a robust metric, a robust statistic to base
00:09:32
christophschlegel:penalties on, and the other idea behind it is that you usually observe this clustering, volatility clustering. So you observe that exercising,
00:09:43
christophschlegel:The pre-option, is… lucrative…
00:09:48
christophschlegel:in time intervals where you, basically have a correlation of, where you have clustering of opportunities. So you want to punish there.
00:10:00
christophschlegel:That is irrational. You could also do it with, rewards, so you reward people, but the problem is if you do dynamic rewards, people can basically,
00:10:11
christophschlegel:Can, can game them by basically increasing rewards for themselves, so penalties are less gameable.
00:10:20
christophschlegel:So proposals that we have, and we have an implementation that we put on EASH Research, or a SPAC, a spec on EASH Research, is that we,
00:10:30
christophschlegel:Have a concrete rule of setting the size of those penalties.
00:10:34
christophschlegel:Which, is dynamically adjusted, so you would need to introduce another state variable, to the protocol that keeps track of the penalty, and that takes in this information how many failed,
00:10:49
christophschlegel:payload failures, as I have been, recently.
00:10:52
christophschlegel:And then we use those, penalties, we keep track of them, and we use… we propose to use the payments
00:11:01
christophschlegel:that are pending payments that are already part of the spec, to also keep track of penalties. So, effectively, what we propose is that you, you would add, another, field to this pending, pending, builder payments, container that would also keep track of penalties.
00:11:20
christophschlegel:So let me tell you briefly what is this rule.
00:11:25
christophschlegel:So, the idea is very simple, so you,
00:11:28
christophschlegel:have a penalty, which is this another, new state variable that we introduced, missed payload penalty.
00:11:35
christophschlegel:We would propose to introduce.
00:11:37
christophschlegel:We go up with a penalty if the block on top of which you build has no payload, and we go down with a penalty if it has one.
00:11:53
christophschlegel:So that's the dynamic aspect of it.
00:11:56
christophschlegel:We have written also some theoretical paper on this, which gives you a bunch of guarantees. So the object of interest for the theoretical guarantees is a failure rate, so you have a
00:12:07
christophschlegel:failure rate that you target, so you say, I don't know, 1% failed payloads is acceptable, or 0.5% is an acceptable failure rate.
00:12:19
christophschlegel:And then you, look, and then you can design those, or you can set those, parameters in such a way that you achieve those, rates on average. So those are theoretical guarantees that you can get, in terms of, yeah, in terms of…
00:12:39
christophschlegel:Online learning, kind of, standard results.
00:12:43
christophschlegel:And so, the other interesting parameter is how long of a time window you want to sustain this failure rates over. That gives you, basically.
00:12:51
christophschlegel:how aggressively you move it up and down, okay? So those are the two, two…
00:13:00
christophschlegel:Parameters that we introduced.
00:13:02
christophschlegel:Going up was a penalty, going down was a penalty. Then we did a bunch of backtesting,
00:13:09
christophschlegel:of this policy, so we've looked at realized… we have a data set of realized blocks, so of course, I mean, if forward-looking, people might build different kind of blocks if they have a…
00:13:21
christophschlegel:Free option, available, but at historical blocks, we looked into how that, changes, the effect, how effective it is to…
00:13:31
christophschlegel:To exercise this free option, and how much does it mitigate, and basically theoretical guarantees that you have from this online learning results are…
00:13:42
christophschlegel:replicated, quite well in the data. So you can set a target acceptable rate of failures, so failures would be, things where the option would be
00:13:53
christophschlegel:Mmm… Profitable to exercise, even with a penalty.
00:13:59
christophschlegel:For example, you set it to 0.5%, and then you observed that actually in our dataset, this very closely matches, the realized profitable exercise rates.
00:14:12
christophschlegel:Are very much close to that theoretical.
00:14:16
christophschlegel:Guarantees that you want to achieve.
00:14:19
christophschlegel:You can also see, so those numbers are in east, the, sort of size of those,
00:14:27
christophschlegel:Those penalties that he would need to…
00:14:30
christophschlegel:levy in order to, to, to, to achieve these, rates, so it would be…
00:14:36
christophschlegel:ballpark 0.02 to 0.04 ETH, to achieve this, half a percent of acceptable failure rate, in the worst case, and, well, they escalate in… in times of high volatility, so they can go up to… to 1 ETH in,
00:14:55
christophschlegel:In very volatile times. But on average, they stay sort of low, so that's… that's the point.
00:15:01
christophschlegel:So that's, the idea behind it.
00:15:04
christophschlegel:There are also graphs where you see, sort of, the fluctuation of Profitability, over time.
00:15:11
christophschlegel:With different, different parameterizations, and then you see, how, how large,
00:15:17
christophschlegel:penalties would be, if you would set them accordingly. And you see that, I mean, in these where volatility spikes, you would have
00:15:25
christophschlegel:Also, spike of, the… Penalties.
00:15:30
christophschlegel:Okay, I think that's… Big picture… the… the…
00:15:37
christophschlegel:the idea behind it. Yeah, you can set them in many different ways. We've given, as I said, an example spec where we set it, these, these, parameters,
00:15:52
christophschlegel:According to…
00:15:54
christophschlegel:These values here, so as you say, it goes more aggressively up as it goes down, because you, yes, you need to escalate very rapidly if you want to.
00:16:04
christophschlegel:to the policy to be effective, but this targets, basically, for example, a failure rate of half percent. And then it's a question of what do you find acceptable, right? So what do you find acceptable in average penalties, and what you find acceptable in
00:16:21
christophschlegel:Missed, missed, payloads rates.
00:16:26
christophschlegel:So, yeah, one can debate about it. What we can say is you can…
00:16:32
christophschlegel:Achieve, because there's also a sort of theoretical worst-case guarantees, you can achieve very robust, guarantees on these.
00:16:40
christophschlegel:I probably shouldn't go too much… I rather wanted to hear opinion on, or elicit feedback on the general idea, but we have a spec, so you have this new, new, new parameter where you…
00:16:53
christophschlegel:Sets the penalties, and then you have to…
00:16:56
christophschlegel:account for the penalties, and so what we propose to do there is we track them together with pending payments, right? So we have this object of a pending payment in ERP7732,
00:17:09
christophschlegel:You, have, payment… pending payment, so a pending payment, is in the queue if it's, is basically for an unconditional payment where a payload was not, delivered, so you can use it as a gadget to also keep track
00:17:28
christophschlegel:Of penalties at the same time, so you keep track of them together.
00:17:32
christophschlegel:And then you would, basically, deduct those penalties at the end of the subsequent epoch.
00:17:40
christophschlegel:From the, the builder, balances.
00:17:46
christophschlegel:And then you also have to make sure that the builders are able to pay those balances and the pending payments, so what you would also need to add is basically a condition on the bids that says, if you bid, we have to make sure that you are able to pay those penalties as well as all pending payments and all pending penalties.
00:18:04
christophschlegel:What I think is important as Twilight is that you should also,
00:18:08
christophschlegel:Put penalties on self-builders, and so you basically also need to keep track of those,
00:18:14
christophschlegel:So, self-building penalties, so… but you can use the same kind of gadget in principle. Why is it important? Because otherwise people would circumvent, maybe, penalties by…
00:18:26
christophschlegel:going, through, I don't know, a relay or something like this, to, to, to, exercise the free option without…
00:18:35
christophschlegel:getting a penalty. So that's the idea. We've looked in possible issues that we thought about, probably other ones.
00:18:44
christophschlegel:So, it could be a problem that you penalize not only people who want to exercise a free option, but also honest builders that have a bad day. So they don't do it on purpose.
00:18:58
christophschlegel:What we think is, sort of.
00:19:02
christophschlegel:It might be a problem, but what would you think is… is,
00:19:07
christophschlegel:still argue… we would argue for the penalties. For example, self-builders, they can always release a payload together with a commitment, so at the point in time where they commit, they can also release a payload into blobs. So, I mean, they have to be highly unlucky to miss,
00:19:26
christophschlegel:miss, basically, the deadline for the payload timeliness Committee, if they do that.
00:19:34
christophschlegel:So, the risk is very limited. External builders, there's risk for them.
00:19:39
christophschlegel:Right? But then we…
00:19:43
christophschlegel:as we have shown in the graph, so on average, those penalties are low. So even if somebody is unlucky and gets a penalty, then, well, it's not…
00:19:54
christophschlegel:the end of the world. It's a small amount, on average.
00:19:58
christophschlegel:And if they're unlucky to miss a… get a penalty in times of high volatility and high penalties, of course, that could be substantial, up to one ease, or above that. I don't know, what is the most extreme scenario?
00:20:10
christophschlegel:might have a bearing on how people behave, then, in these times of high penalties. So, one thing that we imagine could be that they are more conservative in what they're doing. For example, they
00:20:24
christophschlegel:Omit maybe sending blobs, if that is… introduces more errors in… to the, more failures in expectation for margin of safety.
00:20:36
christophschlegel:That might be downsides. It could be that, if there is…
00:20:41
christophschlegel:Right? We do penalties that are based very much on the idea that correlated failures are much more… punished much more than isolated failures, so if there's a bug in a builder software, or, like, in the default builder.
00:20:55
christophschlegel:In a client, that could cause correlated penalties without us actually, you know.
00:21:02
christophschlegel:wanting to do them, so it has nothing to do with malicious behavior, but it's sort of… that could be an problem. And in principle, people could maliciously try to, you know, make you not sending your payload, because they want you to be punished. A malicious actor could do that.
00:21:21
christophschlegel:But of course, that is true in general. I mean, also in… if you…
00:21:27
christophschlegel:missed, to send… if you missed to send a payload in time, then you also forego profits. I think this problem is already there to some degree.
00:21:36
christophschlegel:So, that's the high-level idea, and…
00:21:39
christophschlegel:What else are rewards? If you don't like that penalties are there.
00:21:45
christophschlegel:And then you can make that on expectation. Basically, you can…
00:21:49
christophschlegel:make it zero by introducing rewards, right? So we cannot do dynamic rewards, so in extreme cases, we have to punish.
00:21:56
christophschlegel:But on average, we can make you break even if you wanted to do that. That comes
00:22:02
christophschlegel:at the cost of additional issuance, potentially. Or we have to reduce…
00:22:07
christophschlegel:you know, rewards for other, duties. But in principle, that's one way of achieving, basically, a zero on average, for, on, for… because you combine rewards, with penalties.
00:22:23
christophschlegel:We have written, it's research post, we would be very happy about feedback on it. We've tried to come up with a spec, probably
00:22:32
christophschlegel:you will… I mean, it would be highly appreciated if people could look into the spec, see whether there are any… any problems in the spec, and give us feedback on, whether that is something that we could introduce to
00:22:49
christophschlegel:help us with the free option problem. Final thing that I wanted to say is, so, there will be, I guess, some discussion later on about these,
00:22:58
christophschlegel:About the builder payments in protocol, so I think, with or without these trustless payments.
00:23:06
christophschlegel:it's reasonable to mitigate the free option problem. The solution should work in either case. SPAC would be slightly simpler if we would have,
00:23:18
christophschlegel:No in-protocol payments, but that's the only difference.
00:23:23
Justin Traglia:Thank you so much for the presentation, that was really good.
00:23:26
Justin Traglia:Does anyone here have feedback and or questions?
00:23:36
Potuz:I mean, the proposal to remove Trustless payments.
00:23:41
Potuz:also removes staked builders. I mean, the easiest way of doing this would be to remove also staked builders. How do you implement this penalty mechanism in that case?
00:23:52
christophschlegel:Well, then you have just, normal proposers, proposing, and then you keep track
00:24:00
christophschlegel:of, whether they… Deliver the payload, and you… can process them as…
00:24:10
christophschlegel:penalties together with other penalties. With the penalty to the… so you mean…
00:24:15
Potuz:The proposal is to… but the proposal would be to have the payload signed by an off-protocol builder that is not state.
00:24:24
Potuz:So, you could keep track of these payloads not being delivered, but the only state object that you can actually penalize is the proposer, not the builder.
00:24:34
Potuz:So it doesn't seem to me…
00:24:35
christophschlegel:Also, of course, you would penalize a proposal, yes.
00:24:38
Potuz:Yeah, so you only penalize the prop… so you would penalize the proposer for payloads that are not delivered by builders.
00:24:46
christophschlegel:I mean… he can always build his own payloads, I mean, if he outsources it to shady actors, then…
00:24:54
christophschlegel:his problem. But, yeah.
00:24:57
Enrico Del Fante (tbenr):We're moving the risk from the builder to the proposer, essentially.
00:25:03
christophschlegel:Right, and then out of protocol, people have to find ways of, you know, doing this risk sharing among themselves.
00:25:09
christophschlegel:I guess if I propose blocks,
00:25:14
christophschlegel:if I'm a proposer and I elicit blocks through an external service, then I would want that service to make sure that payloads are delivered, and otherwise there's some
00:25:28
christophschlegel:I don't know, some stake, right, outside of protocol, right, on the relay level, or so on. Otherwise, it would self-build.
00:25:38
Justin Traglia:Alex, I saw that your hand was up. Do you want to say anything?
00:25:41
alex:No, I think Christopher covered it well, and I hesitate to, like, draw in the next discussion already. I think Christoph covered it well.
00:25:50
Justin Traglia:Okay, anything else from anyone before moving on?
00:25:55
Potuz:Yeah, I had a comment. The proposal is actually sound. I've checked the spec, it seems complete.
00:26:02
Potuz:It is complicated, and it's… it's an issue of whether or not it's enough of a problem that we want or not implement this, but that's a different discussion. The only, like, new philosophical change that I see
00:26:17
Potuz:the spec doesn't have this… this issue of a common bug in a client. The spec is designed in such a way that if you have downtime… downtime, which is the kind of things that common bugs cause, like what Prism cost yesterday.
00:26:32
Potuz:Validators are not heavily penalized.
00:26:36
Potuz:And that's… you can't really be someone lucky to be heavily penalized. Being very unlucky on a bug is… you hit a bug that just…
00:26:43
Potuz:doesn't prevent your slash in DB, for example, and then you get slashed. That would be a bad bug. But the common bugs of, like, liveness that we have on clients don't cause capital loss to… to…
00:26:57
Potuz:this thing might actually cause it, because if you do have a bargain on the EL,
00:27:04
Potuz:that causes some blocks to be missed, then builders will not start, will not start providing bids. And if you have… if you are in a situation where you don't provide bids, then you self-build.
00:27:15
Potuz:And if you self-build it with that client, then suddenly you're heavily penalized in that situation. So I think this is new. I think this is the first time that we see a liveness bug creating, a liveness bug in a minority, not in a majority client creating these things.
00:27:31
Potuz:I'm not sure how to weight that.
00:27:37
christophschlegel:It's true. I guess. Yes.
00:27:41
christophschlegel:Only thing that I can say.
00:27:44
christophschlegel:Don't introduce bugs.
00:27:46
christophschlegel:and your clients.
00:27:48
Justin Traglia:Okay, let's move on to the next topic. We don't have all that much time.
00:27:53
Justin Traglia:Barath would like to speak about the Builder API with ePBS. Barath, would you like to share your screen?
00:28:00
Bharath:Yeah, I'll just share my screen.
00:28:02
Bharath:Let me know if you guys can see.
00:28:12
Bharath:Oh, yeah, sounds good. Yeah, so hey guys, thank you for letting me speak. The, the agenda for this talk, like, my intent is to kickstart, like, discussions on how the Builder API could look with EPBS.
00:28:24
Bharath:again, everything, like, assumes we have, like, trustless payments and all that. So, just, like, I'm just gonna, like, run over, like, some background, like, which I don't have to do in this call, but PBS has, like, stake builders and trustless payments. The main thing is we restructure the beacon block by removing the full execution payload out of it, and only embedding, like, the bid to it.
00:28:44
Bharath:Right, so these are, like, the major data structures. You have the execution payload bid, the execution payload bid, which just contains a commitment to the full, like, payload. And you have the actual envelope, which has the
00:28:57
Bharath:Actual, like, payload and the commitments to the blobs and execution requests.
00:29:02
Bharath:So, and then, you know, we see that in the beacon block body, like, at this point, like, we remove, like, the blob commitments, execution requests, and the entire payload, and we just replace it with a bit.
00:29:16
Bharath:So, having that, just, like, establishing some ground, right, so how do builders communicate their bids with proposers, right? Like, and that's what the builder API, like, essentially does today, is, like, it's basically an interface between the proposer and builder to, like, exchange, like, block bids and commit to a block.
00:29:36
Bharath:So today, EPBS has… one of the things, we have a P2P gossip topic, which allows, like, stakeholders to, like, propagate their execution payload bits. It'd also be nice if proposals were able to directly connect to the builders, and to gain, like, a much lower latency connection.
00:29:50
Bharath:So, so the… so I'm, like… so the work that I'm trying to do is, like, try to think about how the builder API could look like when the proposal talks to, like, stake builders from the proposal… and also when the proposer talks to, like, unstake builders, or off-protocol builders. At this point, like, I want to stop, like, I think that is…
00:30:08
Bharath:I know there is, like, contention, Portis, I've been discussing with you, you… you know, you mentioned that, you know, we… we don't want, like, we won't support, like.
00:30:16
Bharath:talking to builders out of the protocol, but then I've also heard, like, people saying opt-protocol builders will still exist. I understand, like, there's some contention there. I'll leave that to, like, the end of this discussion, to end of this… end of my topic. I have that as an open question.
00:30:31
Bharath:Now I just want to, like, quickly discuss on…
00:30:34
Bharath:on the high-level, like, flow of the Builder API, how it could look like with EPBS. Again, this is, like, early work, and I'm sure there's a lot of, like, refinement we can do.
00:30:43
Bharath:With stake builders, the builder API will kind of look very similar to how we have it today. So these are builders in protocol, they're staked.
00:30:52
Bharath:With them, the builder API will probably look, like, pretty similar, like, if you… the flow would be, like, the proposal queries the builder, like, hey, I want a bid, give me your best bid. The builder sends back the best bid, and if the proposal, like, likes it, the proposal will commit that bid in its beacon block.
00:31:10
Bharath:once it commits the bid in the beacon block, it returns it back to the builder. So these are two, like, API calls. We can talk about names later. But, like, you get the execution payload bid, then you build the beacon block, and you send it to the builder.
00:31:26
Bharath:Right? And both the proposer and the builder can, like, broadcast the beacon block to the beacon committees.
00:31:32
Bharath:The builder at this point, now that we have the beacon block, you can actually construct the execution payload envelope.
00:31:39
Bharath:And once the builder has the execution payload envelope, the builder is, like, responsible, solely responsible for,
00:31:46
Bharath:broadcasting the envelope to the PTC committee.
00:31:49
Bharath:So, it's pretty simple, it doesn't involve… it's kind of similar to the get header and get payload, interface we have, like, today.
00:31:57
Bharath:So this is, like, how I think it would look like with stake builders.
00:32:01
Bharath:Things get a little trickier with off-protocol builders, so…
00:32:05
Bharath:Technically, like, in this case, proposals will have to act as of the self-build, because the protocol has no idea about the builders.
00:32:11
Bharath:The proposers, like, and the proposer have to… has to sign the payload envelope.
00:32:16
Bharath:Right? The bid, it doesn't have to sign the bid, because I forgot, like, it's because the spec doesn't enforce that the proposer signs the bid.
00:32:24
Bharath:But it has to sign the envelope, which is usually with the relay, which is, like, since it has the entire payload, right? But to sign the envelope, they require, like, a full payload, the execution request, and the commitments from the relay to sign it.
00:32:39
Bharath:So, we can introduce… so, I'm just introducing this notion of a blinded execution payload envelope. I'll get to the flow of how the builder APEC would look like, and maybe that… it makes sense.
00:32:51
Bharath:So I'll just introduce a blinded execution payload envelope. This is basically the execution payload envelope, but then we just have the roots of the payload execution request and the blob KCG commitments. Everything else, like, is the same.
00:33:04
Bharath:The interface, the flow would look like this. The proposer asks for the execution payload bid. It receives the execution payload bid back from the relay. The relay also sends the payload route and execution request route, because that data is not included in the execution payload bid.
00:33:23
Bharath:The proposer constructs a blinded execution payload envelope with the payload route and execution request root.
00:33:29
Bharath:If it likes the bid, it also embeds it in its beacon block, sends the beacon block and the blinded execution payload envelope to the relay.
00:33:39
Bharath:Both the relay and the proposal broadcast the beacon block.
00:33:43
Bharath:And then, and then once the beacon block is broadcasted, the relay can construct the full execution payload envelope from the blinded execution payload envelope, because it's essentially the same, it's just the hash tree roots of the data.
00:33:57
Bharath:And then once the relay has that, it's able to, like, broadcast the execution payload envelope, the signed one, to the PTC committee. Again, these are, like, off-protocol builders who are not staked in protocol.
00:34:08
Bharath:Right? You just, like, by sending the payload route and execution request route here, which, in my, in my opinion, like, just helps, helps in, like, not having, like, a third API call, where now the beacon block has been sent. Since you can only construct the envelope with the beacon block.
00:34:25
Bharath:when the beacon block is, like, set, like, it doesn't involve another API call where the proposer asks the relay, hey, now that the beacon block is set,
00:34:34
Bharath:I need to sign the envelope, like, can you get me the envelope that requires another set of, like, API calls? I believe, like, sending the payload route and execution request route, like, like, lets us, like, avoid that.
00:34:46
Bharath:So, yeah, so this is, in my opinion, like, how it could look like.
00:34:52
Bharath:And that's pretty much it. Like, I just wanted to, like, take the time to, like, just kickstart, like.
00:34:57
Bharath:discussions on how the builder API could look like. There are some open questions. One is, like, how will the builders get the free recipient of the proposal? Today, we have the off protocol, like, validator registrations. Like, clients send validator registrations to the relays every epoch.
00:35:13
Bharath:In some discussions, like, I think Porto suggested that, we could send the fee recipient along with the request for the execution payload bit, then the relay or the builder just, like, at that point, they have to, like, seal the block with the payment transaction if they're doing, like, off-protocol payments.
00:35:34
Bharath:Or if they're just doing a trustless payments, then that's fine. Today, like, Justin suggested, like, adding a gossip topic to communicate all this. So I think this is kind of, like, open to discussion. Of course, like, the other question that I raised, will we support, like, off-protocol relays, or will clients only support talking with stake builders?
00:35:53
Bharath:One thing I want to get out of the way is, like, I feel like, irrespective of whether we support off-protocol delays or not, it's generally useful to have a specification for how the builder API could look like.
00:36:05
Bharath:And of course, like, we can always make the design better and stuff.
00:36:09
Bharath:So, yeah, that's just more information. I have a couple of design docs, and I've started just writing the builder specs for this. So, yeah, I think that's… that's… that's all I have for now. Any questions?
00:36:24
Justin Traglia:Thank you for the presentation, Brah. There are some questions in the chat, but I think we're a bit limited on time for this call.
00:36:31
Justin Traglia:So, I suggest we take these offline.
00:36:34
Justin Traglia:Would that be okay?
00:36:39
Justin Traglia:Thank you. Let's get into trustless payments. We only have 23 minutes to discuss this. Alex?
00:36:52
alex:Yeah, so I think the question is, for most of the people on the call, probably already pretty clear, but maybe for some of the listeners not, so…
00:37:02
alex:really, yeah, speaking personally, during DevConnect, perspectives came up of people feeling that it would make a lot of sense to split trustless payments and consider it apart, people saying that they weren't convinced that Trustless Payment was the change that should go into Ethereum.
00:37:18
alex:And I guess ever since, I've been trying to, like, understand that myself, bring together perspectives, and see if we can resolve contention, because I will say that in my exploring, it's very clear that there's people that feel strongly it should not be in Glamsterdam, and there's people who strongly feel that it should.
00:37:35
alex:So to keep things, like, realistic, I think the question that I'm posing here is, should trustless payments be removed from the Glamsterdam update? I also think, for purposes of a smooth discussion, it's good to keep staked builders in.
00:37:49
alex:there is actually perspectives that I've heard of people saying, no, no, like, Trustless could go out, but I think Stake Builders should stay in, so that is a branch. I want to note that, but yeah, I would just keep them together for now. I also really want to add still that,
00:38:04
alex:both sides seem to want a better Ethereum, right? Like, whatever your view is, even. It's like keeping sides out of it. Whatever your view is for what should go into Ethereum, everyone involved.
00:38:13
alex:thinks that whatever their perspective is of what should happen is gonna make Ethereum better. I think Ethereum will be fine either way. I'm definitely not assuming, like, the hostile intentions for anyone or anything like that. Also good, I think, to say that, as Alex, I'm one of the people running the ultrasound relay, and so we're for sure biased, right? Like, whether we're right, that we think
00:38:37
alex:not putting trustless payments into the protocol is good for us, yes, but also good for Ethereum is, I think, exactly the topic that people differ on, of opinion. So I'll, like, pause there. Yeah, I just want to make sure, like, is the question clear that I'm trying to ask?
00:39:08
Justin Traglia:The question is clear. I mean, should we, remove… should we keep trustless payments or not, is essentially it. How are people feeling?
00:39:22
Enrico Del Fante (tbenr):I can have a little comment, just to start up, so…
00:39:27
Enrico Del Fante (tbenr):as… as… from the core dev perspective, seems like trustless payment is… is… is…
00:39:35
Enrico Del Fante (tbenr):is a complete solution, gives everything in protocol, which makes sense end-to-end. What is probably unclear from our perspective, what are the downs… downsides, what are the…
00:39:50
Enrico Del Fante (tbenr):effects on the… on the… on the builder side, where… where actually are the pain points for you guys, to us to understand better your point of view?
00:40:04
alex:Yeah, okay, like, I'm happy to get into those. I think also even we may have some builders on the call, which could be interesting.
00:40:12
alex:Okay, so that's, like, I do want to highlight, like, from a lot of people, I heard that actually their major gripe was, the benefit is too small, so we shouldn't do it, and I know that that's… it's not that simple, that's actually a very complex position to take also. But then the next thing I often heard is, like, yeah, even if I agree with you, or agree with the perspective that
00:40:30
alex:the benefit is small. I'm not sure what the downsides are. I wrote recently this ETH research post where I tried to get into it.
00:40:38
alex:I feel like the biggest downside that is seen, but again, talk to people, you hear it's one of many, is that
00:40:53
alex:may mean that the out-of-protocol block-building market starts looking very different, and starts centralizing more. Like, in a way, what people are saying is, we're not expecting this
00:41:03
alex:to help much in block building. We think it will be the same people building blocks, we think there will maybe be less people building blocks, you're actually reducing how many different people will be building blocks. And also, like, the barriers to doing it, the costs to doing it.
00:41:17
alex:may become higher. So what people will often say is, like, there doesn't seem to be a clear benefit, there does seem to be a clear cost.
00:41:24
alex:I'm trying to be mindful of the time. Like, in very, very short form, like, people feel that there's a kind of prisoner's dilemma, where if we introduce a trustless path, what will happen is people will use the trustless path. I will highlight there also that
00:41:39
alex:proposers that refuse to use relays, I think, are gonna be better for trustless payments. I think they would get paid more in the future with this change. The only problem that many see is that
00:41:51
alex:This may also mean that all builders become direct-to-proposer builders, and if all builders, or at least the dominant builders, become direct-to-proposer builders, there's really very little reason left for a relay to exist. So, if you felt like relays were doing anything of use, like, previously, then whatever you thought that the benefit was may go away, and like, you know, one of these obviously is to
00:42:13
alex:Make sure that all proposers have, like, access to the same payment through, like, making builder competition very easy on a very wide set of proposers.
00:42:21
alex:Yeah, I'll leave it there. Maybe there's still a builder that could, add in.
00:42:25
alex:But, yeah, I'm curious to hear if that covers it, or if somebody wants to add something there.
00:42:32
george:Yeah, sure, I can speak. So, from Titan Builder. So, there's,
00:42:38
george:A few angles here as to why we think there's a cost to the outer protocol blog building market.
00:42:43
george:So, like, to continue on Alex's point on centralization, we think…
00:42:48
george:That, having direct connections is potentially quite…
00:42:52
george:centralizing for the general builder market. If there's an advantage to connecting directly to validators.
00:42:58
george:You then need to speak to validators to get connected, and I know there's been some discussion on that validators could connect to any builder they want. You get trustless payments, there's no issue.
00:43:07
george:Our concern there is that…
00:43:10
george:Payment is not the only thing that validators need. Validators have other preferences, for example, OFAC.
00:43:15
george:And that requires something else other than a trustless bit. That requires, like, a personal relationship, some kind of…
00:43:20
george:agreements, SLAs, etc. And so then that requires new builders to go in BD with all the big staking pools, which is just impossible.
00:43:28
george:And then, would add the other part to…
00:43:31
george:I think on to also your point, Alex, you said that relatives using trusted payments will get higher bids. I think it's actually the opposite.
00:43:38
george:And I think the reason is that if we have an unconditional payment, there's now a risk to our bid. So, as a block builder, there's quite a significant amount of blocks where we as a builder take zero profit. We bid 100%, a lot of builders actually bid plus 100% on some blocks.
00:43:53
george:Currently, if there's some bug in our block, you know, things happen.
00:43:59
george:the, like, this gets validated early on in Optimistic Relaying, it gets pulled very quickly, and that normally is the bid that is not delivered. There's no… but, you know, if with direct connections and trustless payments, there's no verification, any bug we have in our code as a builder could potentially cause us to miss a slot, and if there's a, you know, 100 ETH block, we're gonna make zero profit on that.
00:44:18
george:There's a non-zero risk that we miss out, and we make zero profit, that's negative EV, and we're not going to bid that value. I think they're the two big ones.
00:44:27
alex:Yeah, maybe to clarify a little bit, so the… the… when I said…
00:44:32
alex:a higher bid, that's from the perspective of the, I would estimate, maybe 7% of proposers, but maybe even less, that refuse to use release today and local block build. I think if you're local block building, this might result in a slightly better bid for you, but that's already a very small group, and this pushes the Overton window a little bit on this discussion.
00:44:50
alex:A lot of people I've spoken to will say that
00:44:53
alex:if that small group is the only one that moves, then does this make sense at all as a change to put in? Isn't there other stuff that is higher priority?
00:45:08
DA | Flashbots:So, there's kind of two parts to this argument that I don't understand. The first is that, like, if relays are adding a service, and that, like, if they're actually improving the experience, then it makes no sense to me that they would disappear. So, like, any relay who's actually a positive force in the space?
00:45:23
DA | Flashbots:Should continue to be here.
00:45:25
DA | Flashbots:And… I'm trying to remember the second point, I don't remember.
00:45:40
alex:Yeah, just maybe on the point of, like, why would a relay disappear? Because I think the intuition there is quite sensible, it is that
00:45:49
alex:If you have public bids in relay auctions as you have them today, and I'm a builder, it becomes very natural for me to say, hey, what is the top bid in the network right now? I look at all the relays, and then I make a private bid directly to the proposer that, is, like, trustless.
00:46:02
alex:Right, and if I do so, I can have a lower value block than the builder, but still get it on-chain. Because if I were to submit this same bid to the relay in the open auctions, a builder with a higher value block could see this new bid and say, oh, but my block is more valuable, and immediately outbid this bid.
00:46:15
alex:But since it's, like, a trustless payment, this becomes, like, a lot harder to see. It's direct to proposer.
00:46:21
alex:And it makes a lot of sense then that builders would say, well, you know, if you're not gonna bid with me in the same auction, but you'll use my public information to privately outbid me, I'm gonna go private as well. It makes a lot of sense. I think there's also, like, this is possible today. I also think if you ask me, on a very long-term timeframe, I think it's very possible that Ethereum goes there anyway, but at least it's not where we are today, and the out-of-protocol actors will say that we're quite happy with the equilibrium we have today.
00:46:46
alex:But we think this undermines it, because the moment I, as a dominant builder, decide, shit, they're using my public information to privately outbid me directly to the proposer, like, I would do the same. I start no longer showing my bids, I start bidding directly to the proposer, and from there, like, there's small steps to where you would only be left with, at least the dominant builders bidding directly to the proposer, and then I can say just very concretely, us as a relay, our revenue comes from those dominant builders. If they bypass our
00:47:12
alex:I'm not sure how I could pay for the server costs that we have today to run the ultrasound relays, so that seems kind of straightforward, at least that part to me.
00:47:21
DA | Flashbots:I mean, we've already been approached by Relays who want to offer us sealed bidding, so if this is actually, like, the equilibrium collapse, then, like, it'll happen whether trustless payments exist or not.
00:47:34
Barnabas:I don't think we should…
00:47:37
Barnabas:I don't think we should pay for a middleware that Ethereum doesn't actually need, unless we essentially need them.
00:47:44
Barnabas:So, like, why do we even need relays at all if every block, every bit, would just end up publicly?
00:47:52
alex:you know, like, I really like the sentiment, but I would also immediately say, like, I'm a little bit alarmed, because I feel like if you go to talk to a blog builder, they will explain to you very clearly why
00:48:03
alex:there is no expectation of the bids becoming higher towards the proposer. Like, I think the expectation is there would be fewer builders, those builders would have higher costs to do what they're doing, but it would be harder to compete with them.
00:48:15
alex:Like, I like the sentiment of, like, why would we pay the relay if we don't have to? But at least from myself talking to builders, it really doesn't sound like you're gonna get higher bids, by the end of this.
00:48:29
alex:So, and that's kind of my call to say, maybe we should explore this a little bit more, maybe, like, this part of the EIP hasn't been considered enough yet.
00:48:38
alex:But I want to be careful there. It is also, to me, a difficult trade-off, and I can't predict the future, of course.
00:48:49
george:Would that relays offer builders access to all of the stake?
00:48:54
george:From the builder perspectives, that means any builder can access every single validator.
00:48:59
george:And that, I don't think is true if you have, like, no relays. If you're having direct connections because of OFAC and other preferences, you are not going to have intermediate access to all the validator stake for any new builder that spins up.
00:49:13
george:That, I think, is very centralizing for the building market.
00:49:18
Enrico Del Fante (tbenr):I don't get that much the, oh fuck, Argument, because if… if…
00:49:26
Enrico Del Fante (tbenr):I am a proposer, I want to go only with… directly with builder, and there will be a public knowledge that a builder starts censoring somehow, and I'm immediately excluded in my selected builder.
00:49:44
Potuz:You're not understanding, Enrico. It's the other way around. The point is that the relay actually offers the fact that they are filtering OFAC transactions, and apparently proposers want this.
00:49:55
Potuz:If you are in certain jurisdictions, and this is.
00:49:58
Enrico Del Fante (tbenr):The surveys that I'm.
00:49:59
Potuz:Currently, we want to actually… this is an argument pro.
00:50:03
Potuz:Removing trustless payments. Oh, the other way around. It's surprising to see this on the record on a public call.
00:50:11
george:So, validators want this. This is, like, they are going to connect directly to builders. So, they're going to choose to… these validators that want this, and there are validators that want this, because we saw, historically, ultrasounds, which is the most performant relay, and historically was head and shoulders above other relays, delivering the best bids.
00:50:31
george:before they had OFAC centering for some validators, some validators were not connected to them, so some validators will not connect to the best bits. And so validators will want this. And so, to get this, validators are going to then connect directly to builders, and they're going to have an agreement with the top-end builders, and any new builder that wants to connect is not going to be able to connect to them.
00:50:49
george:This is, like, this is not a good thing for the network, of course, but this is just, like, a fact of reality, and it's gonna enshrine some builders.
00:50:59
Enrico Del Fante (tbenr):So it's a plus 1 for me.
00:51:04
george:Is there a plus one to enshrined builders?
00:51:06
Enrico Del Fante (tbenr):No, I mean, to not have this guarantee.
00:51:10
george:No, but it's gonna happen regardless, right? Like, whether we have trusted payments or not. What's the argument that validators won't do this?
00:51:18
Barnabas:But they can still use the relay, right? Like, we're not…
00:51:22
Potuz:I know that they're not going to use this. I mean, validators are going to go with… they do this now with a trusted player, which is the relay. And they were going to continue doing this with a trusted player, which are the builders.
00:51:34
Potuz:I mean, you might have been…
00:51:35
george:There's a key definition.
00:51:37
Potuz:we don't want to help them do this. We definitely do not want the problem to actually help them.
00:51:43
george:There's a… there's a key difference here between connecting to a relay that allows all builders, and connecting to specific builders. Like, it's economically rational for relays to have as many builders connected as possible, and to get the best bids. For a builder's perspective, it's not… I'm not gonna, like, send my bids to anyone else, right?
00:52:02
george:And so, there's… you are… if you connect to one relay or two relays, you then get access to all builders and any builder that wants to connect. But for… if you connect right to builders, you don't. I think there's, like, a clear distinction there of why one is worse than the other.
00:52:15
Potuz:I think you're making a point about, like, builders being… not… not having access to proposers, which is true today in the system in which you need to make a BD investment to access proposers, which is something that relays constantly are posing about.
00:52:31
Potuz:On APBS, this no longer exists. Validators are going to connect to whomever they… someone posts an address on-chain, they can connect to. And I agree with you.
00:52:44
Potuz:This means that they need to trust people that they may not know.
00:52:48
Potuz:And the relays are offering this service of saying, we will actually do the filtering of OFAC transactions. Now, if this is put forward as an argument to why we… the protocol needs to support this system, I think we would be absolutely crazy to use that argument and actually support that system.
00:53:09
alex:Right, like, and this part, I think I can see. What I guess I find more concerning is, like, if it's…
00:53:16
alex:does, there's a lot to explore there, but does reduce the number of builders that you will have available in the set, then wouldn't that be bad for the full proposer set? Right, there's a small group for which I think things improve, like, I can now get better bids, and it's good for this small group, but I imagine for the big group.
00:53:33
alex:that is already trusting relays, and therefore getting access to the full set of builders that want to send bids to them, their optionality reduces in a way. Like, they get fewer builders now that they can source these higher bids from, and again, maybe that's fine, this is a pretty nuanced future to imagine or explore or weigh.
00:53:53
alex:But it is something that I expect could very well happen. My second most likely scenario is that relays and builders will work very hard to make sure that most of the proposers don't use trustless payments, because then again, you can go back to having all builders compete through relays for all proposers. But again, that feels so, to me, like, counterproductive. We'd be investing to make sure that people don't use trustless, that
00:54:16
alex:Feels like we're working against each other.
00:54:20
Max:Oh, hi everyone, Max from the Asus Relay.
00:54:24
Max:I've recently joined the Sigma Prime team, to help them work with their builder.
00:54:29
Max:I wanted to just chip in and summarize the argument here. From our perspective, ASIS is a quietly running small public goods-funded project, and we agree with the sentiment from
00:54:40
Max:Titan and some ultrasound. We think the effect of EPBS in the long run is to… is to attract the builder market, and we think what you're going to find is that you'll have… Today, we have, you know, two dominant builders and a few others
00:54:53
Max:And a lot of experimental people, you know, trying their best to get into this market. What we worry about is that if the relay disappears, you remove open access to that market environment.
00:55:05
Max:It will not be profitable to run a relay. Public goods-funded relays will disappear.
00:55:10
Max:We certainly don't intend to put our capital on the line to, to keep the market
00:55:15
Max:open. I'm also kind of interested in the point which has been covered in the chat here, which is that, as far as I understand EPBS, it doesn't actually enforce any of this. You could build MevBoost again if the proposer is the builder. So, we're kind of having an argument about what the protocol should do, but it is not quite
00:55:33
Max:the protocol. And until we clear up the design of the builder APIs, it's really difficult to give you a complete view of how we think the market's going to evolve. But there is a lot of… there's a lot of complexity here, there's a lot of complexity in scaling. What we would urge is a bit of caution, a bit more time to analyze it. Ideally, we'd see the EIP
00:55:52
Max:split up, and so we can analyze this a bit more in the future. I'm not saying this isn't the direction we want to head in, I just think there needs to be a bit more time and thought put into it.
00:56:07
Matthew Keil:And this is the sentiment that we've gathered from a number of people after talking at, at DevConnect, is, you know, from an ethos perspective, and from a sentiment perspective, we really appreciate
00:56:21
Matthew Keil:The protocolization of removing some of the external actors and their influence over the process.
00:56:28
Matthew Keil:But the complexity of the idea is gonna build a lot of tech debt in that is gonna be incredibly difficult to remove if we do decide to come up with, better solutions.
00:56:41
Matthew Keil:And really, this is the crux of the situation, is that while we agree in premise, and we really do want to see some action.
00:56:51
Matthew Keil:We don't necessarily think that, doing anything is better than doing the right thing, and that there just needs to be some more research on some of these, more nuanced perspectives, because it's going to be very difficult in order to actually indo the enforcement
00:57:09
Matthew Keil:of, this in-protocol flow, and we just have a feeling there's gonna be a ton of activity, in order to circumvent it, and we're gonna end up building a Ribs-Goldberg machine that is incredibly difficult to back back out.
00:57:26
Matthew Keil:And while we are extremely bullish and extremely, excited to see a lot of the slot restructuring and some of the timing, restructuring and the scaling, benefits, because there are a lot, like, POTUS has done an amazing job
00:57:43
Matthew Keil:really looking at a very big picture, splitting the EIP into the two fundamental pieces, is the slot restructuring.
00:57:53
Matthew Keil:And then a lot of the builder flow stuff.
00:57:56
Matthew Keil:I think is just at least worth looking at from a…
00:58:01
Matthew Keil:from a delivery perspective, and being able to do the DevNets, with a lot of the slot restructuring, which would give us time, or at least the first DevNets, which would give us time for some of the subsequent DevNets, to really hammer out the details of the trustless payment spec.
00:58:21
Matthew Keil:In order to make sure it really is gonna be not only effective, but efficient.
00:58:31
Enrico Del Fante (tbenr):I can bring the perspective of Stefan, who's working on it. I mean, his feeling is that it's the actual complexity implementing those things related to trust payment are not…
00:58:42
Enrico Del Fante (tbenr):that… big.
00:58:45
Enrico Del Fante (tbenr):So, that's why we are actually okay to have it in, because they are already in.
00:58:52
Enrico Del Fante (tbenr):And I think we did a lot of things in the past that…
00:58:57
Enrico Del Fante (tbenr):We can adjust and remove additional forks, there's no that much complexity.
00:59:04
Enrico Del Fante (tbenr):That we have to deal with if we want to…
00:59:08
Enrico Del Fante (tbenr):go in a different path, and I also think that
00:59:12
Enrico Del Fante (tbenr):From another perspective, if the number of relays goes down, I think it's a sign of
00:59:17
Enrico Del Fante (tbenr):It's a good thing.
00:59:18
Enrico Del Fante (tbenr):If some release goes out of business.
00:59:22
Matthew Keil:No, and I totally agree. I mean, we've actually already got the code built in order to do some of this trustless payment stuff.
00:59:29
Matthew Keil:As far as the state transitions, etc. But, and I will also say it does feel weird to be advocating on this side of the discussion. But I just want to take a pragmatic view of it.
00:59:45
Matthew Keil:So, yeah, I think we're, you know, as a team, and I think a lot of the other people from other teams also agree that if, you know, we're going with the consensus, and we do feel like that, but we'd like to at least just
00:59:59
Matthew Keil:Get it out in the world, to talk about it.
01:00:20
Potuz:I want to be a little bit pragmatic and to the point. I would just want to collect arguments to removing something that is SFI.
01:00:31
Potuz:feelings about it. We want to have an actual argument to why we should remove this feature.
01:00:39
Potuz:And yes, I hear… I heard a couple of them that are… that seem to be valid to me. It adds protocol complexity, true. It adds implementation complexity, true.
01:00:51
Potuz:It removes this, property of,
01:00:56
Potuz:validators that want to trust builders, to honor OFAC transactions, Yeah, that's…
01:01:05
Potuz:Perhaps. I mean, that's certainly true. Do we want to use this in the protocol? Certainly not.
01:01:11
Potuz:And there's also this ill-founded statement about
01:01:17
Potuz:Doing this will enshrine builders. Yeah, we are definitely enshrining builders, but doing this will centralize the builder market, which is not only is…
01:01:29
Potuz:it's not really a founded statement, it's just a statement, but it's not… it's not explained how this is going to be the case. And it's also counterintuitive, given the fact that EPBS actually gives access to anyone to be a builder.
01:01:43
Potuz:Removing trustless payment is not about, like, removing the option for a proposer to get a payment and be paid. This is more about builders and actual proposers.
01:01:53
Potuz:Removing trustless payment also removes the option for someone to bill, to bid bids for someone else.
01:02:00
Potuz:So, this proposal of removing trusted payment is mostly about removing the access to the builder market to people. And at the same time, we're arguing that keeping them will remove
01:02:12
Potuz:access to the builder market to people. So I think this is very counterintuitive statement, and even if you don't agree with me, at least you should realize that this is not really proving the fact that we will centralize the builder market by allowing anyone to actually provide bids.
01:02:30
Max:It's certainly difficult to prove it, but there are a large number of variables changing here all at once, and anyone who says that they can understand
01:02:37
Max:how the equilibria are going to settle after this is, you know, it could not be telling the truth. So, you know, what I would propose is that we do things… we make changes in small chunks.
01:02:48
Max:And we keep analyzing the situation, because I don't know any proposers who are desperate for trustless payment features at the moment. I think that this is coming well-intentioned from the protocol side, because we want to get rid of the relays and we want to minimize sources of trust. But there just doesn't seem to be a need to rush this right now.
01:03:08
Potuz:it's not only about this, it provides… I mean, the number of benefits of trustless payments are large, and we've documented many of them. It's not only about even trust assumption, it's about, like, resilience, it's about liveness, it's about getting access, it's about being able to remove
01:03:24
Potuz:self-building as a requirement, it's about scaling itself. So the number of good four proposals are good, and I'm not even mentioning here, because this discussion today shouldn't be about why to include them, it should be about why to remove them.
01:03:38
Potuz:And that's why I want to point out that I want to hear arguments, strong arguments, as to why to remove something that we're all coding, and it's already specified, and it's already in spec tests.
01:03:49
Potuz:So, I mean, if we are going to go into a discussion as to why to include them, I can just provide a huge list of arguments. This discussion today should be scoped as to why to remove them, and we haven't seen many arguments. We've seen even this OFAC angle as an argument.
01:04:05
Justin Traglia:Agreed. Alex, and then Bruno?
01:04:08
alex:Sure. Yeah, I just wanted to quickly say that,
01:04:11
alex:I appreciate the point that you were making about, like, how can we somehow formalize these arguments more, and then you said something about having them included in the SFI? Like, if you could say more about that, I'd be, like, very interested, because I think, yeah, having some of these written down and somehow clearly noted, at least, if we aren't, removing trust, this makes…
01:04:32
alex:But then, of course, yeah, I still, like, to my best estimation, I think it would make sense to not have trustless, and I…
01:04:39
alex:the way I would phrase it is, for example, something we can say is, if there's a bunch of protocol actors now that say, trustless will not be used, it is not worth it to put these changes into Ethereum, then at least, to me, that sounds like a pretty strong argument, and I think also one where it's going to be very clear after the fact, once the new equilibriums are very clear.
01:04:59
alex:clearer than today, whether people ended up using it and it was, like, a good use of our time, or whether, like, some of these things stay more speculative, and then you did give a list of, like, other benefits that you think there are.
01:05:10
alex:Yeah, on that, I can only say that some of these that you named, I think, are also, like, contentious. There are other perspectives of people who feel like liveliness will not improve through doing this, or, like, censorship resistance will not improve, or maybe, like, there won't be more builders. But, yeah, I'm looking at the time, and I'm like, yeah, how can we ever go through all of it?
01:05:34
brunoflashbots:Yeah, I wanted to make a short comment. Like, trustless payments will happen, either off-chain or on-chain due to a free option. That's no ways to surround that. Even for optimistic relays, they will implement trustless payments. If they don't trust the builder, they will have to make their mistake.
01:05:51
brunoflashbots:Otherwise, they can exercise the free option for free. So that, either way, will happen.
01:05:56
brunoflashbots:So if it happens, why just not happen on chain?
01:06:01
brunoflashbots:So it's not a good… for me, it's not a very good argument against…
01:06:06
brunoflashbots:Build decentralization, because, again, this will happen off-chain.
01:06:15
Lorenzo:I just wanted… Oh, one second.
01:06:23
george:Hey, sorry, I'm just gonna speak from George's mic. I think my point was to POTUS, where he was asking, like, for good reasons why the builder markets would be centralized, and I think there were a few that were discussed
01:06:37
george:One would be that, because builders are now staked, they have to stake in advance the balance to bid, and then if they don't have the capital to bid, they wouldn't be able to bid. If there is a big volatility event, they would decide whether to bid lower, because otherwise there are no capital.
01:06:55
Potuz:they need to stake only to be a validator. To bid, you don't need the stake. You can bid off protocol… we are… we agreed that we are going to implement.
01:07:03
george:I was about to make that point. I was about to get to that.
01:07:11
george:Sorry, I lost my train of thought. So yeah, so if they do want to bid on-chain, they do need balance, and I think we all agree that to stay capital, and with the deposit queue, you maybe need, you know, one week or two weeks of bids, which can be, like, quite substantial, and also you need to be in advance
01:07:26
george:Deciding that you are gonna be a builder, and potentially a lot of builders bid for just a few number of slots.
01:07:32
george:Now, if you do want to bid off-chain.
01:07:35
george:You basically either bid directly with the proposer or bid through a relay. Now, we… I think we agree on this call that they will be more expensive to be a relay, and potentially relays will cease to operate. I think there were a few good points on that as well on this call already.
01:07:53
george:And then the point is, okay, you can still bid with an off-chain bid to a direct connection with the proposer, and the point is that only a handful of builders would be able to do that, potentially, you know, 3 or 4 or 5 of the largest ones, but definitely not a random builder who can just decide to start up
01:08:12
george:Because you need to get adoption from proposers, and it doesn't make sense if you can build just for one proposer, and then if you cannot build for many, then it just doesn't make sense to…
01:08:22
george:To be an off-chain builder, so to speak.
01:08:27
george:I see Paulo shaking his head, so maybe there's a counter-argument.
01:08:35
Justin Traglia:Otis, do you want to respond really quick, and then Bruno? No, no, no, no, Bruno's… there's people we can't read. Yep. Bruno?
01:08:45
brunoflashbots:Sorry, sorry, it was, I did not want to raise a hand.
01:08:50
Justin Traglia:No worries. Lorenzo? Or I guess he didn't have his hands up, he was just talking.
01:09:06
Justin Traglia:Bruno, could you clarify the trustless payments?
01:09:10
Justin Traglia:Thank Alex asked about it in the chat.
01:09:14
brunoflashbots:Yeah, I think my point is mostly either the relay has trusted relationships with the builders, or they make them accountable by staking.
01:09:24
brunoflashbots:I would rather say I would prefer to have a permissionless set than a trust-me-bro relationship, so…
01:09:32
alex:Maybe, like, so this, again, it feels to me quite, like, maybe relays will be able to maintain the equilibrium of today, and they keep builders coordinated around doing what we do today, but it seems to me, like, if you do trustless payments and builders start doing direct payments to proposers, then there will only be a very small set of builders that is really good at this, the builders that pay the highest bids. So I think what you will see is that really only those small set of builders will be landing all of the slots.
01:09:57
alex:And then from there, it just becomes very natural for this builder to say, hey, proposer, right now it's a trustless payment I'm making, but if you trust me, then I can give you a higher bid, because there's all kinds of, like, cost involved with doing these, like.
01:10:09
alex:staked single bids that I can send per pub key over the P2P with, like, timing games that get more complex. Like, it makes a lot of sense to them become trusted. So what I predict will happen is that, yeah, for a small set of local block builders, they will go to Trustless and get those extra blocks, but for the massive set of proposers that we have.
01:10:26
alex:They will build trusted relationships with a smaller group of builders than we have today, which to me, that sounds like more trust me, bro, not less trust me, bro.
01:10:43
Justin Traglia:Bruno, would you like to respond before moving on?
01:10:47
brunoflashbots:I mean, my point is that we'll… for small builders, I mean, again, relays will have to either
01:10:52
brunoflashbots:so for, like, for small builders, you have to make them accountable, right? If they don't have reputation, you either make the mistake.
01:11:00
brunoflashbots:or… Or you trust them, but to trust them, they must be sufficiently big.
01:11:05
brunoflashbots:To statistically infer if they are exercising the free option or not.
01:11:09
brunoflashbots:Therefore, they will stake. My point is, small builders, they will have to stake the release, either way.
01:11:19
brunoflashbots:In either… if we implement it or if we don't, unless you will allow small builders to exercise the free option, which… that…
01:11:27
alex:simulate your bid. It's not 100% necessary, and again, gets a little bit into, like, how much is this used on the protocol today, but today you can just send a block to ultrasound. If you don't have any stake, we'll simulate it for you, and then any block of any size you can offer to the proposer, because we'll take responsibility for it. And also, like, this, again, will change tomorrow, because then if we need to be staked for this as a relay onto the protocol.
01:11:48
alex:then we have to do a risk calculation, right, and say, I don't know, I…
01:11:53
brunoflashbots:The point is, I don't know if you can do that with the blobs. You can do this with the payload, but I don't know, I'm not sure you can do this with the blobs.
01:12:03
alex:Yeah, we'd have to dem… well, we have to demand they send everything, right? And… I'm not sure.
01:12:09
alex:Yeah, I guess I'm not well-read on this topic, I don't know exactly how you could withhold something of a blob when you send it to release, but normally you're expected to send all the blobs as well.
01:12:20
george:If the argument on this is that…
01:12:23
george:Yeah, sorry, the argument on, like, you can't send blobs is that the data is too high. There's some work implementations to fix this. So, one of the co-examples that's live now, actually, and a lot of relays, is that you can send deltas of blobs, so you only send a blob once. Blobs usually don't change, and so…
01:12:41
george:You can stream the blobs in as the builder receives it to the relay, and then you don't have a networking latency cost as a builder.
01:12:54
Justin Traglia:Okay, let's try to wrap this up pretty soon. Otis suggested that we do a temp check. I'm not exactly how that should be done. Stokes, do you have any recommendations here?
01:13:10
Potuz:I'm not sure Alex is even listening.
01:13:13
Justin Traglia:I think he's listening.
01:13:18
Justin Traglia:Okay. Obviously, no decision will be made at this call, but yeah, temp check. Enrico?
01:13:25
Enrico Del Fante (tbenr):Yeah, just one final thing, so… Very, very simple.
01:13:31
Enrico Del Fante (tbenr):Trust-trust payment does not prevent the status quo to continue.
01:13:37
Enrico Del Fante (tbenr):And I think we all agree about this.
01:13:40
Enrico Del Fante (tbenr):So, we are all talking about, we don't know where the equilibrium will be, After…
01:13:49
Enrico Del Fante (tbenr):Which means, you don't know, you want to find the equilibrium, which means, let's provide all the options, and the equilibrium will be found. If we don't provide the whole spectrum, we are faking, because we are not providing the options.
01:14:06
Enrico Del Fante (tbenr):So, let's provide the options. Everything really remains on the table.
01:14:11
Enrico Del Fante (tbenr):Options are more options, just more opportunity to find a new equilibrium, and let's… C.
01:14:23
alex:Yeah, maybe what I… I might sound a little harsh here, like, forgive me, but this is definitely, like, from the many people I've spoken to, this argument, I feel like I get a very harsh reaction from people that says, like, that is just not good enough for Ethereum.
01:14:37
alex:If you want to make a change to Ethereum, it can't be enough that you're saying, hey, this is a new option that wasn't there before, and we don't really know what it will do in the future, so therefore let's try it. I will acknowledge that there's always unknown unknowns and things that we can't know, but Ethereum as a protocol a lot of people that I talk to will say needs to make changes that very clearly, lots of people want, like, basically yesterday, right? And we cannot be spending time on anything that is of the sort.
01:15:02
alex:we don't really know what will happen. I guess we can't make a strong argument for why this would be used a lot of the time, so then we'll do it anyway. And I guess one more caveat is, but today this process is already really far. I've also heard that from a lot of people, and I think that's, like, a fair thing to bring up. But in general, for the process that we have for EIPs, I think a lot of people will have this strong visceral reaction of saying, like, there has to be a much stronger justification for doing something.
01:15:38
Justin Traglia:Alex Tobes, We are going to talk about this at ACDC.
01:15:44
Justin Traglia:Next week, correct?
01:15:51
Justin Traglia:Okay, I guess no, Mike, he said yes. And a decision will be made then and there, and I guess clients
01:15:57
Justin Traglia:clients in the community should, I guess, review this call.
01:16:01
Justin Traglia:try to, like, listen to all the arguments, and maybe try to come to a decision themselves, and then speak up at ACDC.
01:16:12
alex:Yeah, I guess on that note, also, like, thank you. A lot of people have been listening, I think also a lot of these perspectives are coming in very late to the process, and I can respect that that is frustrating, especially if you've been working on this for a very long time. So, like, yeah, I really appreciate that people are even having this conversation, like, this late in the process, and listening to what,
01:16:32
alex:What people are bringing in, even if maybe some of these perspectives they find unconvincing.
01:16:37
alex:And again, like, yeah, maybe, that's also immediately a call for, like, please keep doing that, that Ethereum is a very large protocol now with many, many users. I'm sure all of us wanted to have many, many, many more still. And then, really, we should be listening to what, all of those users, like, including proposers, but also end users, I think, want.
01:17:03
Justin Traglia:Yep, thank you too.
01:17:08
Justin Traglia:Does anyone have any last thoughts before, ending the call?
01:17:17
Justin Traglia:Okay, thank everyone for attending. I will…
01:17:20
Justin Traglia:Talk to you in two weeks, and at ECDC. Alright, bye everyone.

Chat Logs

00:00:51
Barnabas:haven’t been to this many meetings with potuz as this week.
00:01:35
terence:Replying to "haven’t been to this..." welcome to my life
00:02:00
Potuz:we haven't slept last week because of Fusaka
00:02:20
Barnabas:Replying to "we haven't slept las..." excuses
00:03:29
stokes:there was some link confusion
00:03:35
stokes:i’ll try to ferry ppl over
00:03:48
Potuz:yeah that will delay people coming in for a while
00:06:55
alex:smart to put trustless last on the agenda 😅
00:09:49
stokes:correlation across slots?
00:10:20
stokes:Replying to "yes" hmm my mental model is that the time window is more per-slot
00:10:42
Barnabas:This feels super complex to test.
00:10:45
stokes:Replying to "yes" i think the jargon is that it is an ergodic process
00:11:03
terence:Replying to "This feels super com..." why?
00:11:15
Potuz:https://ethresear.ch/t/dynamic-penalties-for-epbs/23472
00:11:16
alex:is it correlation per builder or across all?
00:11:26
Potuz:Replying to "is it per builder or..." across all
00:11:30
stokes:Replying to "This feels super com…" yeah i don’t think it’s that bad in isolation the concern is more just putting more stuff into a single eip
00:11:33
Potuz:Replying to "is it correlation pe..." otherwise you just shift addresses
00:11:48
Potuz:I checked the spec and it seems fully specified to me. It is a complex change though
00:11:51
alex:Replying to "is it correlation pe..." makes sense. the stake would be a bit of a barrier i guess, but perhaps not enough 👍.
00:11:59
Dustin:Replying to "This feels super c..." I guess the claim is that it'd be an integral part of 7732?
00:12:08
Potuz:but it is kudos to see a proposal that is fully specified and justified from research to full python code
00:12:21
Barnabas:Replying to "This feels super com..." How would orphaned blocks be handled for penalties?
00:12:21
Potuz:liffe would be easier if all proposals are like this one :)
00:12:46
stokes:Replying to "This feels super com…" i would imagine you ignore them
00:12:55
stokes:Replying to "This feels super com…" but then a builder could try to influence fork choice
00:13:06
stokes:Replying to "This feels super com…" to get around the penalty
00:13:17
Barnabas:Replying to "This feels super com..." Penalty calculation would be part of forkchoice?
00:13:18
terence:Replying to "This feels super com..." state transition function can tell if its an orphaned block vs a block with missing committed payload
00:13:24
Potuz:Replying to "This feels super com..." how does the builder influence forkchoice?
00:14:14
Potuz:Replying to "This feels super com..." and @Barnabas no, penalty is STF, not forkchoice
00:16:36
Barnabas:Would non finalization effect the penalty value at all?
00:24:17
terence:wouldnt builder grief proposer then?
00:25:04
brunoflashbots:I think in that case the builder/relay should refund the block proposer.
00:27:45
Barnabas:I think we should aim to have liveness, and accept that fact that it might cost people money.
00:31:10
alex:interesting point actually. for us we have options to stake. but what about relays that proposers want to use that are not able or willing to stake the 32ETH?
00:31:19
terence:why do you need to send the block with bid back to builder vs just boradcast it over p2p?
00:31:36
Barnabas:Replying to "interesting point ac..." they shouldn’t be a relay, if they not willing to put up 32ETH
00:31:51
Potuz:yeah it does not make sense
00:32:29
alex:Replying to "interesting point ac..." based on? if that’s what the proposer wants, i’m not sure i follow why we’d block them from doing so. happy to just take a link to prior writing by someone.
00:32:56
Dustin:why have to sign the payload envelope? the builder should be signing
00:32:57
alex:Replying to "interesting point ac..." this is less my argument for what we “should” do, more what may create an incentive to fork clients 😅
00:33:11
nflaig:Replying to "why do you need to s..." we shouldn't, I don't think there are any major changes required to builder api `getHeader` is still fine as is, just need to change the type and we can get rid of `submitBlindedBlock` as it's not strictly necessary
00:33:16
Dustin:I mean, sign something. but this is the proposer allowing its sig to be used
00:33:17
Potuz:It seems to me that the agenda should have been changed...
00:33:21
terence:thats for off protocol builder, i think he meant to sign the bid
00:33:25
Justin Traglia:Replying to "It seems to me that ..." How so?
00:33:39
Dustin:Replying to "why have to sign t..." I thought he specifically said the envelope, but ok, can be clarified
00:33:45
Justin Traglia:Replying to "It seems to me that ..." Doing trustless payments talk first?
00:33:48
Potuz:Replying to "It seems to me that ..." dealing with blinded objects does not make sense in the current spec, so this only makes sense to discuss if we move to unstaked builders
00:33:56
ethDreamer (Mark):Replying to "It seems to me that ..." There are no need for blinded objects
00:34:11
ethDreamer (Mark):Replying to "It seems to me that ..." That was a consequence of not having block payload separation
00:34:11
Lorenzo:Replying to "why do you need to..." could be both? builder has an incentive to invest in p2p distribution similar reasoning as https://github.com/ethereum/builder-specs/issues/119#issuecomment-3199858239
00:34:18
Dustin:Replying to "It seems to me tha..." yeah the unblinded one already goes out
00:34:24
ethDreamer (Mark):Replying to "It seems to me that ..." Now that we have this, we can do relays without blinded objects
00:34:42
Potuz:Replying to "why do you need to s..." yes it will be naturally both, but anyway the builder would want to wait for distribution
00:34:49
Potuz:Replying to "why do you need to s..." before submitting the payload to p2p
00:35:12
Lorenzo:yep meant the builder could help with the inital gossip of the signed header as well
00:35:56
terence:Replying to "why do you need to s..." keep in mind consensus block is very small comparing to execution payload so p2p distribution optimization may not be necessary, we can do more testing here though
00:36:31
nflaig:Replying to "why do you need to s..." yes, could keep submitting beacon block api as well to allow builder to help propagation
00:38:35
Bharath:For off-protocol builder, the proposer acts as if they self-build. So the proposer is technically the builder. So the proposer needs to sign the payload envelope
00:39:08
Bharath:Replying to "why have to sign the..." In the case where the proposer talks to the staked builder, the proposer doesn’t have to touch the payload envelope at all
00:39:21
Milos:What are the main objections to trustless payments?
00:39:28
Bharath:Replying to "why have to sign the..." Off-protocol builders things get slightly trickier here
00:41:27
NC:Replying to "What are the main ob..." The whole ePBS doesn’t prevent people from going off-protocol, and we sfi ePBS mostly because of scaling benefit it brings by restructuring slot, not because of trustless payment
00:42:14
Bharath:Replying to "It seems to me that ..." I think we will have to blind the execution payload in the envelope when we talk to unstaked builders right? We don’t have to do payload blinding if we only talk to builders which are staked
00:42:32
Barnabas:The reason we use relays is because we can’t directly go to builders.
00:42:45
Potuz:Replying to "It seems to me that ..." we hopefully never again need to talk to unstaked builders
00:43:02
Bharath:Replying to "It seems to me that ..." Yup me too, but I m not sure if that will happen
00:43:05
Justin Traglia:It’s not really ePBS without trustless payments. The trustless payments isn’t really that complicated. Less trust in the system the better.
00:43:34
Potuz:Wow I was not expecting to see the OFAC angle on the record
00:43:47
Eitan:IMO Yesterday was a good example of why trustless payments is a good thing. When the circuit breaker triggered the network started producing local blocks. As local building becomes more expensive from a resource/bandwidth context this becomes dangerous. With trustless payments we’d never have to revert to local building
00:43:48
Bharath:Replying to "It seems to me that ..." The builder-api with staked builders stays the same as the status quo today. But with off-protocol builders, blinding will be required IMO
00:43:58
NC:Replying to "It’s not really ePBS..." But extra efforts required for implementing and testing it so we meet the 6 month fork cadence
00:44:23
Justin Traglia:Replying to "It’s not really ePBS..." At this point, removing trustless payments will delay things more.
00:45:06
Lorenzo:Replying to "It’s not really e..." would be good to understand this point better, according to some CL devs the complexity is low but havent heard from many / not sure if all have started implementing
00:46:20
Potuz:that's a feature not a bug
00:46:59
christophschlegel:If private bids are desired by builders, relays could offer them as well
00:47:22
Bharath:Replying to "why do you need to s..." Also the builder will require the beacon_block_root to build the execution payload envelope
00:47:48
Potuz:Replying to "Why do we need relay..." apparently because validators want to censor OFAC transactions
00:48:02
Bharath:Replying to "why do you need to s..." The builder could either listen to the gossip topic for the beacon block but getting it via the builder-api would be faster
00:48:26
Bharath:Replying to "why do you need to s..." The builder could broadcast the ExecutionPayloadEnvelope faster and also aid in beacon block disemmination
00:48:47
nflaig:Replying to "IMO Yesterday was a ..." but in case the network is unstable we might have less than 60% attestation quorum in which case payments cannot be guruanteed, so you would likely wanna local build anyways?
00:49:10
Potuz:Replying to "IMO Yesterday was a ..." you are guaranteed payments if they are included
00:49:28
Lorenzo:Replying to "Why do we need rel..." validators will censor whether there are relays or not
00:50:27
Dustin:well, it's something that's touted in lists of MEV relays today
00:50:35
nflaig:Replying to "IMO Yesterday was a ..." but that's out of the control of the proposer, so it's no longer "trustless"
00:50:40
Dustin:it's not really a secret some people want OFAC compliance
00:51:01
Potuz:that's fine, but the protocol making protocol decisions to keep this service and favor it is absolutely crazy
00:52:58
Cayman Nava:The current design of trustless payments is not enforceable and folks have noted that the mechanism won't always be used. Doesn't sound like a robust design. The EIP should split out the entire staked-builder and trustless payment flow to allow for more research with better properties. This will derisk the scaling benefits of the slot restructuring / block/payload split.
00:53:00
Barnabas:We need to look at what is good for Ethereum. OFAC requirements is absolutely not a point of view Ethereum should ever consider. If it is, we have lost the battle.
00:53:59
Barnabas:If you are here because you trying to protect your “business”. Or afraid that you going to go out of business because a feature that Ethereum wants to introduce to make the protocol itself better, then its also not something that Ethereum should need to worry about imo.
00:54:00
Lorenzo:Replying to "We need to look at..." I think this is missing the point, the point is that because (sadly) some validators are censoring, the effect will be a more centralized builder market
00:54:06
Potuz:Replying to "The current design o..." how is it not enforceable?
00:54:19
christophschlegel:Replying to "The current design o..." What is the problem of it not always being used? It’s already valuable to have the option to use it
00:55:22
Dustin:Replying to "The current design..." Have never understood the "it won't always be used, don't provide it" argument
00:55:24
alex:Replying to "If you are here beca..." yea that’s not the worry. the worry is that it is good for proposers to be able to source blocks from many builders. and this will likely result in fewer builders.
00:55:26
NC:Replying to "The current design o..." The problem is we want the slot restructuring to pave road for 6s slot. This has nothing to do with trustless payment
00:55:33
Eitan:Replying to "The current design o…" At the very least it is very valuable as a fallback mechanism
00:55:36
Dustin:Replying to "The current design..." "we" want various things
00:55:46
Potuz:ePBS is completely open, the arguments being put forward is that removing gatekeepers actually makes for a closed system and this does not make sense
00:55:51
Dustin:Replying to "The current design..." Speaking personally, scaling was secondary to me
00:55:59
george:Replying to "If you are here be..." would note that as a builder it is net better for us to be enshrined... What im saying here is that there are some validators that require preferences other than pure bid value and if there are no relays there to offer this service they will connect directly to builders and potentially enshrine those builders
00:56:21
Dustin:Replying to "The current design..." (caveat, in this particular way not speaking for Nimbus)
00:56:24
Justin Traglia:FYI I am okay with staying on the call to continue discussing this. Sorry, there wasn’t enough time allocated to this.
00:56:25
alex:Replying to "If you are here beca..." (or both are true in this case, we think this may be bad for relays, and bad for 87% of proposers that seem to prefer trusting one relay to get blocks from many builders)
00:57:20
george:Replying to "ePBS is completely..." In the past few years of relays have there been any examples of them gatekeeping?
00:57:38
Max:You can’t enforce it. Mike Neuder spent quite a bit of time going around in circles on the topic.
00:58:08
Dustin:Replying to "You can’t enforce..." if people want to fake-self-build how is that ever "enforceable"?
00:58:13
Eitan:Replying to "ePBS is completely o…" they definitely have the ability to gate keep regardless if they have or not in the past
00:58:15
Potuz:Replying to "You can’t enforce it..." yes which is fantastic to see the same people that cosigned the paper of Mike about relays not dissapearing, not saying that ePBS will make them dissapear
00:58:29
Lorenzo:would trustless payments be SFI'd as its own EIP if it were not bundled with the slot restructuring?
00:58:32
Max:Replying to "You can’t enforce it..." The question is whether there is an incentive to do this, now and in the future.
00:58:40
Dustin:Replying to "You can’t enforce..." short of removing self-building entirely, which is even worse
00:59:09
ethDreamer (Mark):Replying to "You can’t enforce it..." Self-building will likely go away in the future when L1 execution requires proofs
00:59:13
NC:Replying to "would trustless paym..." Yea that’s a good angle to think about this
00:59:44
Dustin:Replying to "You can’t enforce..." yeah, some years from now
01:00:10
george:Replying to "ePBS is completely..." fair point. But there have been examples of proposers gatekeeping. So if we move the whitelist to proposers that I think worse
01:01:12
alex:i will say i think epbs does a pretty good job of supporting trusted payments right now. still some open questions but i see little reason to bypass today. not sure we’d ever have to remove it as specced. i’d be more worried we keep implementing things we don’t need (contested).
01:05:17
Potuz:even if they aren't used in the default case, the mere existence of them is already good enough for liveness and resilience
01:07:00
terence:you can use execution payment
01:07:10
brunoflashbots:Sorry, small caveat. Trusteless payments either happens off-chain or the relay makes the builder set permisioned.
01:07:56
alex:@brunoflashbots can you clarify, trustless payments will happen off chain? today there seems to be a lot of trust involved actually.
01:08:23
alex:Replying to "Sorry, small caveat...." ah, yea that is true. but you’re saying that is reason to build it into the protocol?
01:09:04
alex:Replying to "Sorry, small caveat...." that seems a bit of a quick decision 😅 . there is a lot we could build.
01:09:20
alex:Replying to "Sorry, small caveat...." if the cost was high i’d agree, but haven’t seen a clear argument why.
01:09:35
george:relays can receive the full block so will be the one responsible for delivering the full payload
01:09:42
terence:btw we are 10 mins over time, and we should have a next step before wrapping up this call
01:09:53
Justin Traglia:Replying to "btw we are 10 mins o..." Yeah good idea.
01:09:56
Barnabas:I haven’t got a single argument why the protocol shouldn’t have trustless payments implemented as an option. OFAC required validators are still going exist, and they can still use a relay, or they can go directly to a builder. This is fine. Ideally once FOCIL is around, all validators that require OFAC will just simply go away, as they actually are not a net benefit for the health of the network.
01:09:57
Justin Traglia:Replying to "btw we are 10 mins o..." Let’s try to wrap up.
01:10:15
Potuz:it'd be nice to run a temp monitor so that Alex Stokes has something to go on on ACDC
01:10:47
NC:Replying to "I haven’t got a sing..." But is this the design that everyone agree when we sfi'ed 7732?
01:11:17
Potuz:Replying to "I haven’t got a sing..." not everyone, but this IS the design that was SFId
01:11:50
Justin Traglia:Replying to "it'd be nice to run ..." I’m not exactly sure how to do the temp check. Any suggestions?
01:11:54
Justin Traglia:Replying to "it'd be nice to run ..." Maybe a message here?
01:12:02
Justin Traglia:Replying to "it'd be nice to run ..." In this thread.
01:12:03
Potuz:Replying to "it'd be nice to run ..." ask @stokes
01:12:07
Potuz:Replying to "it'd be nice to run ..." no clue
01:12:45
Potuz:Replying to "it'd be nice to run ..." Prysm is for not removing trustless payments... (if some say they aren't they'll get yelled at)
01:12:50
nflaig:Replying to "I haven’t got a sing..." the claim for a long time has been that trustless payments is required for pipelining which is not true, so we never had a honest discussion about trustless payments and whether it's good to include it or not. But we are having that discussion now :)
01:14:13
stokes:for a temp check, i’d be curious for each client team to say if they think we should keep as-is or take out trustless payments
01:14:23
Potuz:happy someone is saying the obvious
01:14:46
stokes:i think all of the community voices here say take them out (except for some of the flashbots voices?)
01:14:52
terence:is current status good enough for ethereum though?
01:15:02
Dustin:Replying to "i think all of the..." community voices == relay voices?
01:15:14
brunoflashbots:Replying to "i think all of the c..." XD
01:15:14
Potuz:Again the reasons to have them have been spelled out, the purpose of this meeting is to have a reason to remove them
01:15:14
Dustin:Replying to "i think all of the..." they're part of the community, yes
01:15:22
Potuz:not to explain reasons to have them
01:15:27
DA | Flashbots:Replying to "i think all of the c..." Flashbots has no set opinion.
01:15:30
Lorenzo:Replying to "i think all of the..." builders, node operators (few of them that i spoke to)
01:15:32
stokes:Replying to "i think all of the c…" relays, builders
01:15:44
Dustin:Replying to "i think all of the..." oh I guess I counted Titan as both
01:15:54
Caleb:the more options the better though, as long as secutiry can be guaranteed
01:16:05
alex:right, would love to have this conversation. it seems v contentious which benefits it brings. i will agree they’ve been explored and shared by many previously 👍.
01:16:44
stokes:Replying to "i think all of the c…" yeah staking pools can also have a view on this
01:16:56
stokes:Replying to "i think all of the c…" i think @Potuz has been talking to lido tho
01:17:01
stokes:Replying to "i think all of the c…" as an example
01:17:19
Potuz:Replying to "i think all of the c..." I have talked to a lot of community members
01:17:26
Potuz:Replying to "i think all of the c..." didn't want to bring them here
01:17:34
Potuz:Replying to "i think all of the c..." because it wasn't about keeping them
01:17:39
Potuz:Replying to "i think all of the c..." but to find out why to remove them

Summary

11 highlights · 3 action itemsExperimental

fork status and schedule

  • Consensus-specs v1.6.1 released; new release available if clients need it00:00:47
  • Final EPBS breakout call Dec 19; discussions move to ACDT (Glamsterdam) after00:01:05

client updates

  • Most client teams limited progress due to Fusaka issues00:01:44
  • Lodestar merged state transition PR, passed all v1.6.1 spec tests00:03:35
  • Grandine completed Sync Manager, request-response, payload assignment; fork choice passing initial tests00:03:56

repricing updates

  • Dynamic penalty proposal published on ETH Research with spec and backtesting00:06:47
  • Penalties: 0.02-0.04 ETH baseline, up to 1 ETH in volatility; targets 0.5% failure rate00:10:27
  • Penalties track via pending payments container; applies to self-builders too00:17:14

organizational

  • Builder API flow presented: staked builders similar to today; off-protocol needs blinded envelopes00:27:45
  • Trustless payments removal debate: contentious on centralization impact and relay viability00:36:48
  • Trustless payments discussion to continue at ACDC next week for decision01:15:47

Action Items

  • All client teams: Review unmerged EPBS PRs shared by Justin00:00:58
  • Community: Provide feedback on dynamic penalty spec and ETH Research post00:22:17
  • Client teams: Prepare trustless payments position for ACDC temp check01:11:54

Targets

  • December 19th - Final EPBS breakout call before moving to ACDT00:01:05