feat: Flashtestations (#39)

Author: akundaz

Cargo.toml

@@ -1,6 +1,6 @@
 [workspace]
 members = [
-    ".", # The main rblib library
+    ".",            # The main rblib library
     "tools/fbutil",
 ]
 resolver = "2"
@@ -34,7 +34,7 @@ jemalloc = ["rblib/jemalloc"]
 debug = ["tokio/full", "tokio/tracing", "dep:console-subscriber"]
 
 [dependencies]
-rblib = { git = "https://github.com/flashbots/rblib", rev = "198cbe65e59f7467c756d5ba6422155c98402291" }
+rblib = { git = "https://github.com/flashbots/rblib", rev = "b0e1ba3cfba5e190479e6dbcc95889422f0444ad" }
 
 futures = "0.3"
 tokio = "1.46"
@@ -44,9 +44,11 @@ eyre = "0.6"
 moka = "0.12"
 tracing = "0.1"
 clap = { version = "4.4", features = ["derive", "env", "string"] }
+reqwest = "0.12.24"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 serde_yaml = "0.9.33"
+itertools = "0.14.0"
 
 url = "2.5.2"
 rand = "0.9"
@@ -75,7 +77,7 @@ console-subscriber = { version = "0.4", optional = true }
 tracing-subscriber = "0.3.20"
 
 [dev-dependencies]
-rblib = { git = "https://github.com/flashbots/rblib", rev = "198cbe65e59f7467c756d5ba6422155c98402291", features = [
+rblib = { git = "https://github.com/flashbots/rblib", rev = "b0e1ba3cfba5e190479e6dbcc95889422f0444ad", features = [
     "test-utils",
 ] }
 

src/args.rs

@@ -1,17 +1,17 @@
 //! Command line interface extensions for the Flashblocks builder.
 
 use {
-	crate::playground::PlaygroundOptions,
+	crate::{
+		flashtestations::FlashtestationsArgs,
+		playground::PlaygroundOptions,
+		signer::BuilderSigner,
+	},
 	clap::{CommandFactory, FromArgMatches, Parser},
 	core::{net::SocketAddr, time::Duration},
-	derive_more::{Deref, From, FromStr, Into},
 	eyre::{Result, eyre},
-	rblib::{
-		alloy::signers::local::PrivateKeySigner,
-		reth::optimism::{
-			cli::{Cli as OpCli, chainspec::OpChainSpecParser, commands::Commands},
-			node::args::RollupArgs,
-		},
+	rblib::reth::optimism::{
+		cli::{Cli as OpCli, chainspec::OpChainSpecParser, commands::Commands},
+		node::args::RollupArgs,
 	},
 	std::path::PathBuf,
 };
@@ -50,6 +50,9 @@ pub struct BuilderArgs {
 
 	#[command(flatten)]
 	pub flashblocks_args: FlashblocksArgs,
+
+	#[command(flatten)]
+	pub flashtestations: FlashtestationsArgs,
 }
 
 #[derive(Debug, Clone, PartialEq, Eq, clap::Args)]
@@ -118,20 +121,6 @@ impl FlashblocksArgs {
 	}
 }
 
-/// This type is used to store the builder's secret key for signing the last
-/// transaction in the block.
-#[derive(Debug, Clone, Deref, FromStr, Into, From)]
-pub struct BuilderSigner {
-	signer: PrivateKeySigner,
-}
-
-impl PartialEq for BuilderSigner {
-	fn eq(&self, other: &Self) -> bool {
-		self.signer.address() == other.signer.address()
-	}
-}
-impl Eq for BuilderSigner {}
-
 /// This trait is used to extend Reth's CLI with additional functionality that
 /// are specific to the OP builder, such as populating default values for CLI
 /// arguments when running in the playground mode or checking the builder mode.

src/flashtestations/args.rs

@@ -0,0 +1,99 @@
+use {
+	crate::args::Cli,
+	clap::Parser,
+	rblib::{
+		alloy::primitives::Address,
+		reth::optimism::cli::commands::Commands,
+	},
+};
+
+/// Parameters for Flashtestations configuration
+/// The names in the struct are prefixed with `flashtestations`
+#[derive(Debug, Clone, PartialEq, Eq, clap::Args)]
+pub struct FlashtestationsArgs {
+	/// When set to true, the builder will initiate the flashtestations
+	/// workflow within the bootstrapping and block building process.
+	#[arg(
+		long = "flashtestations.enabled",
+		default_value = "false",
+		env = "ENABLE_FLASHTESTATIONS"
+	)]
+	pub flashtestations_enabled: bool,
+
+	/// Whether to use the debug HTTP service for quotes
+	#[arg(
+		long = "flashtestations.debug",
+		default_value = "false",
+		env = "FLASHTESTATIONS_DEBUG"
+	)]
+	pub debug: bool,
+
+	// Debug static key for the tee key. DO NOT USE IN PRODUCTION
+	#[arg(
+		long = "flashtestations.debug-tee-key-seed",
+		env = "FLASHTESTATIONS_DEBUG_TEE_KEY_SEED",
+		default_value = "debug"
+	)]
+	pub debug_tee_key_seed: String,
+
+	/// Path to save ephemeral TEE key between restarts
+	#[arg(
+		long = "flashtestations.tee-key-path",
+		env = "FLASHTESTATIONS_TEE_KEY_PATH",
+		default_value = "/run/flashtestation.key"
+	)]
+	pub flashtestations_key_path: String,
+
+	// Remote url for attestations
+	#[arg(
+		long = "flashtestations.quote-provider",
+		env = "FLASHTESTATIONS_QUOTE_PROVIDER"
+	)]
+	pub quote_provider: Option<String>,
+
+	/// The rpc url to post the onchain attestation requests to
+	#[arg(long = "flashtestations.rpc-url", env = "FLASHTESTATIONS_RPC_URL")]
+	rpc_url: Option<String>,
+
+	/// Enable end of block TEE proof
+	#[arg(
+		long = "flashtestations.enable-block-proofs",
+		env = "FLASHTESTATIONS_ENABLE_BLOCK_PROOFS",
+		default_value = "false"
+	)]
+	pub enable_block_proofs: bool,
+
+	/// The address of the flashtestations registry contract
+	#[arg(
+		long = "flashtestations.registry-address",
+		env = "FLASHTESTATIONS_REGISTRY_ADDRESS",
+		required_if_eq("flashtestations_enabled", "true")
+	)]
+	pub registry_address: Option<Address>,
+
+	/// The address of the builder policy contract
+	#[arg(
+		long = "flashtestations.builder-policy-address",
+		env = "FLASHTESTATIONS_BUILDER_POLICY_ADDRESS",
+		required_if_eq("flashtestations_enabled", "true")
+	)]
+	pub builder_policy_address: Option<Address>,
+
+	/// The version of the block builder verification proof
+	#[arg(
+		long = "flashtestations.builder-proof-version",
+		env = "FLASHTESTATIONS_BUILDER_PROOF_VERSION",
+		default_value = "1"
+	)]
+	pub builder_proof_version: u8,
+}
+
+impl Default for FlashtestationsArgs {
+	fn default() -> Self {
+		let args = Cli::parse_from(["dummy", "node"]);
+		let Commands::Node(node_command) = args.command else {
+			unreachable!()
+		};
+		node_command.ext.flashtestations
+	}
+}

src/flashtestations/attestation.rs

@@ -0,0 +1,97 @@
+use {
+	crate::signer::BuilderSigner,
+	eyre::ContextCompat,
+	rblib::alloy::{
+		hex,
+		primitives::{Bytes, keccak256},
+	},
+	reqwest::Client,
+	tracing::info,
+};
+
+const DEBUG_QUOTE_SERVICE_URL: &str =
+	"http://ns31695324.ip-141-94-163.eu:10080/attest";
+
+/// Remote attestation provider
+#[derive(Debug, Clone)]
+pub struct RemoteAttestationProvider {
+	client: Client,
+	service_url: String,
+}
+
+impl RemoteAttestationProvider {
+	pub fn try_new(
+		debug: bool,
+		quote_provider: Option<String>,
+	) -> eyre::Result<Self> {
+		let client = Client::new();
+
+		let service_url = if debug {
+			quote_provider.unwrap_or(DEBUG_QUOTE_SERVICE_URL.to_string())
+		} else {
+			quote_provider.context(
+				"remote quote provider must be specified when not in debug mode",
+			)?
+		};
+
+		Ok(Self {
+			client,
+			service_url,
+		})
+	}
+}
+
+impl RemoteAttestationProvider {
+	pub async fn get_attestation(
+		&self,
+		signer: &BuilderSigner,
+	) -> eyre::Result<Vec<u8>> {
+		let report_data = prepare_report_data(signer);
+		self.query_client(report_data).await
+	}
+
+	async fn query_client(&self, report_data: [u8; 64]) -> eyre::Result<Vec<u8>> {
+		let report_data_hex = hex::encode(report_data);
+		let url = format!("{}/{}", self.service_url, report_data_hex);
+
+		info!(target: "flashtestations", url = url, "fetching quote from remote attestation provider");
+
+		let response = self
+			.client
+			.get(&url)
+			.timeout(std::time::Duration::from_secs(10))
+			.send()
+			.await?
+			.error_for_status()?;
+		let body = response.bytes().await?.to_vec();
+
+		// TODO: Validate response?
+
+		Ok(body)
+	}
+}
+
+fn prepare_report_data(signer: &BuilderSigner) -> [u8; 64] {
+	// Prepare report data:
+	// - TEE address (20 bytes) at reportData[0:20]
+	// - Extended registration data hash (32 bytes) at reportData[20:52]
+	// - Total: 52 bytes, padded to 64 bytes with zeros
+
+	// Extract TEE address as 20 bytes
+	let tee_address_bytes: [u8; 20] = signer.address().into();
+
+	// Calculate keccak256 hash of empty bytes (32 bytes)
+	let empty_registration_data = Bytes::default();
+	let empty_registration_data_hash = keccak256(&empty_registration_data);
+
+	// Create 64-byte report data array
+	let mut report_data = [0u8; 64];
+
+	// Copy TEE address (20 bytes) to positions 0-19
+	report_data[0..20].copy_from_slice(&tee_address_bytes);
+
+	// Copy extended registration data hash (32 bytes) to positions 20-51
+	report_data[20..52].copy_from_slice(empty_registration_data_hash.as_ref());
+
+	report_data
+}