# Week 2-4 Notes: ## [Unbundling PBS](https://ethresear.ch/t/unbundling-pbs-towards-protocol-enforced-proposer-commitments-pepc/13879?u=barnabe) Why PBS in ETH Protocol Protects proposer and ensure liveness of the chain Proposer utilises the services of a builder Contract between parties for the delivery of some goods (valuable blockspace) Contract honored atomically Contract fails to be made and the goods are not delivered/block content is not published Contract is successfully made and payment always succeeds, no matter what the party committed to supply the goods does. Contrasts MEV-Boost Proposer could enter into a commitment with a relay by signing a block header (sign block header) but fail to publish the block in time Proposer is not trustlessly compensated while missing the opportunity to make a block IP-PBS is flawed Bound to specific mechanism to make blockspace contracts But there is a trustless infrastructure for the proposer to sell off entirely their right of making the block Few ideas show that a proposer can be fairly unsophisticated and achieve most of the value their position confers upon them (inclusion lists, increasing proposer agency by letting them build part of the block ideas) Ex: Blockspace Futures (selling rights to make their block in advance) In IP-PBS cartel of builders must honour an out-of-protocol market. Winner of the blockspace future trusts the winner of the slot $n$ IP-PBS auction to let them make the block The notion of a blockspace winner is semantically violated Value cannot be achieved by an untrusted proposer Builder colocation with trusted proposers could also increase the delta between what IP-PBS returns to an unsophisticated proposer and what trusted proposers can achieve beyond simple latency improvements???? Incentive to use IP-PBS is cosmetic Builders can make arrangements out-of-band with proposers, who then ignore bids received via the IP-PBS facility. Incentive is reduced using MEV-smoothing But this further entrenches a specific allocation mechanism of blockspace Suboptimal -> doesn't have ethereum realized highest possible social welfare Current Version of IP-PBS feels strongly opinionated with respect to the organization of a market around blockspace Real problem we are trying to solve is trustless infrastructure for commitments to be honored Commitment to provide partial block contents or be penalized up to the promise that was made IP-PBS attempts to set a "good default" for unsophisticated proposers, yet appears to require proposer intervention to ensure censorship-resistance. Need a mechanism for credible signalling in general, not a mechanism for credibly realising one specific signal Main Points: * Build a Permissionless scheme for validators to enter into commitments with third parties * Start by protocolizing Eigenlayer to ensure out-of-protocol commitments entered into by validators are reflected into the protocol * Recognize this is not enough * Allows for attacks up to malicious bound * Protocol cannot enforce the validator won't deviate when the profit is greater than the slashed amount * Simply can't move to the protocol the outcome of commitments (if validator slashed or not) * Need to include *whether the commitment was satisfied or not* and base protocol validity on that * Propose Optimisitic Block Validity Notion * A Validator could do something slashable to the commitments they entered into * Slashable behavior made canonical by attesters, * Everyone involved eventually gets slashed * Return to Pessimistic Block Validity * Validator behavior must be proven correct (no slashing) for block validity * Allow Proposers to submit commitments expressed as EVM execution in their block * Attesters can then simply check validity of the block they receive with respect to the commitments that were made * Elaborate on the need to develop a solution to data availability concerns * Ensure that neither proposer nor committed third-party is able to grief one another * 2 Distinctions * *Selling Auctions* * Proposer auctions somehting valuable to third-party * Right to make a block * *Procurement Auctions* * Proposer attempts to obtain something valuable from the third-party * Validity proof of the execution payload * Revisit the Idea of *Proposer Dumbness* * Assume the existence of a generalized market for commitments * Idea of by addition of protocol features aimed at leveling the playing field between smart and dumb proposers In Protocol Eigenlayer Allows permissionless feature addition to the consensus layer Relying on Eigenlayer may provide weaker guarantees Eigenlayer suffers from Prinicipal Agent Problem (PAP) Protocol outsources its security to a set of validators which are staked When Validators are slashed out-of-band by Eigenlayer middleware Protocol does not realize that the agents to which it has delegated security may have weaker incentives to participate in the protocol than the protocol is led to believe via its own state One way to make the protocol aware of such discrepancies is to allow Eigenlayer or any other system to update a validator's in-protocol balance Let Validators allow external addresses to slash them and the protocol is able to see the amount slashed Ex: A validator is allowed to sign a message saying "Address 0xabc is allowed to slash me" Message included on-chain after which 0xabc can submit a slashing msg to the protocol for some amount of stake Allowing external constructs to influence the state of the protocol may sound unwise But Validators participating in eigenlayer will enter into such schemes Protocolizing it doesn't reduce the potential for protocol misalignment coming from validator restaking and getting slashed out-of-protocol. Due to Operational errors Not performing their duties correctly middleware smart contract risk bribing etc. Protocolizing removes part of the principal agent problem coming from the restaking IP-Eigenlayer has at least a correct view of the amount currently guaranteeing safety of the system Multiple issues to think through Does Eigenlayer slashing exit the validator from the active PoS set or simply diminishes their balance Should there be a fee market for restaking/slashing beacon chain msgs PAP problem is removed but does not solve the commitment-based problems of *Maliciousness Upper Bound* A restaked validator could decide to get slashed if they expect their malicious action to net them a greater payoff than the slashed amount Protocol-Enforced proposer commitments To generalize beyond a whole block auction proposed by IP-PBS Need the validator to be able to enter into any commitment while being secured by the protocol Recognize there are many protocol-related commitments which are verifiable on-chain via BEACONROOT opcode Ex: "the exec-block made at slot $x$ was signed by builder $y$, as committed by proposer $z$" To determine whether a commitment was entered into and whether it was appropriately fulfilled the protocol needs to distinguish between 3 potential outcomes 1.) Validator entered into a commitment with a 3rd party and either: i.) The 3rd delivered their part of the commitment -> the commitment payout is processed ii.) The 3rd party did not deliver their part of the commitment -> the commitment payout is processed 2.) The validator never entered into a commitment 3.) The validator entered into a commitment with a 3rd party, then did something violating that commitment Stole the goods from the 3rd party for their own benefit. The protocol should ensure safety for *only* once of the 1st two alternatives Should not be possible for the validator to enter into a commitment with a 3rd party and then finalize a version of history where they did not enter into a commitment with a 3rd party. Current 2-slot PBS satisifies this 2-slot PBS Proposer first enters into and record commitments to be made safe/finalized in a first round After, committed 3rd parties are expected to deliver on the commitments in a 2nd round Even though we use this pattern as a template, there could be important deviations to consider and possibilities to generalize beyond Schemes where the proposer is able to enter into commitments well before their own slot Believe this does not undermine the core idea expressed in the following Protocol needs to determine whether the commitment was fulfilled Discriminate between outcomes 1.i & 1.ii Can build toward this using IP-Eigenlayer adding attesters as validity checkers Committee-based optimistic block validity External commitments in IP-Eigenlayer are entered into by the validator via a smart contract deployed on the execution layer. Attesters need to check validity of the commitment fulfillment Ex: Proposer commitment is finalized or made safe enough for the committed 3rd party to be willing to release their goods Committed 3rd party releases their contribution Proposer "steals" the goods (bundle theft in blockspace market as idea) releasing a block violating the commitments they set, in time for attesters to vote on it The proposer is slashed by the protocolized Eigenlayer as the the violation of their commitment can be proven on the execution layer The proposer makes off with the goods value because attesters make canonical the proposer's theft. Value may be far greater than the stake they committed Non-Protocol-Enforced commitment-based schemes have issues because it is possible for the proposer to make canonical a history which violates their commitments Realize attesters are also able to determine whether the propser fulfilled their end of the bargain or whether they deviated With IP-PBS attesters, won't vote on a builder block made by the proposer It would violate the validity of the beacon chain state transition function where the proposer gave rights to the builder to make the block