From 03b09618cc619a40cddd2169df400dd0d28a0ec5 Mon Sep 17 00:00:00 2001 From: Ryan Schneider Date: Mon, 9 Sep 2024 16:34:48 -0700 Subject: [PATCH 1/5] protect: Add documentation on `eth_getTransactionCount` behavior. --- .../additional-documentation/eth-gettransactioncount | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 docs/flashbots-protect/additional-documentation/eth-gettransactioncount diff --git a/docs/flashbots-protect/additional-documentation/eth-gettransactioncount b/docs/flashbots-protect/additional-documentation/eth-gettransactioncount new file mode 100644 index 00000000..bd855e9e --- /dev/null +++ b/docs/flashbots-protect/additional-documentation/eth-gettransactioncount @@ -0,0 +1,7 @@ +--- +title: eth_getTransactionCount +--- + +When sending the `eth_getTransactionCount` RPC, users should sign their requests following our `X-Flashbots-Signature` standard to be able to their current `pending` transaction count. + +More details here after I confirm the page renders. From c93946701ac2becc5407a373fe7258eb03d46500 Mon Sep 17 00:00:00 2001 From: Ryan Schneider Date: Thu, 12 Sep 2024 17:25:31 -0700 Subject: [PATCH 2/5] fixup: Switch to "Nonce Management" page --- .../eth-gettransactioncount | 7 -- docs/flashbots-protect/nonce-management.mdx | 82 +++++++++++++++++++ docs/sidebars.js | 1 + 3 files changed, 83 insertions(+), 7 deletions(-) delete mode 100644 docs/flashbots-protect/additional-documentation/eth-gettransactioncount create mode 100644 docs/flashbots-protect/nonce-management.mdx diff --git a/docs/flashbots-protect/additional-documentation/eth-gettransactioncount b/docs/flashbots-protect/additional-documentation/eth-gettransactioncount deleted file mode 100644 index bd855e9e..00000000 --- a/docs/flashbots-protect/additional-documentation/eth-gettransactioncount +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: eth_getTransactionCount ---- - -When sending the `eth_getTransactionCount` RPC, users should sign their requests following our `X-Flashbots-Signature` standard to be able to their current `pending` transaction count. - -More details here after I confirm the page renders. diff --git a/docs/flashbots-protect/nonce-management.mdx b/docs/flashbots-protect/nonce-management.mdx new file mode 100644 index 00000000..f94f3641 --- /dev/null +++ b/docs/flashbots-protect/nonce-management.mdx @@ -0,0 +1,82 @@ +--- +title: Nonce Management +--- + +Normally, a wallet can call `eth_getTransactionCount` to get the next nonce to use for a transaction. +However, since transactions sent to Flashbots Protect are potentially sensitive, even exposing the incremented nonce can leak information about the user's activity. + +As such, Flashbots Protect requires that all requests to `eth_getTransactionCount` be signed by the user when querying the `"pending"` nonce. + +To query the `"pending"` nonce, requests must be signed with the user's private key. This is done by sending a JSON-RPC request to the Flashbots Protect RPC endpoint with the following parameters: + +```json +{ + "jsonrpc": "2.0", + "method": "eth_getTransactionCount", + "params": [ + "0xYOUR_ADDRESS", + "pending" + ], + "id": 1 +} +``` + +The request is signed and the signature is included in the `X-Flashbots-Signature` header. + +### Authentication + +To authenticate your request, Flashbots endpoints require you to sign the payload and include the signed payload in the `X-Flashbots-Signature` header of your request. + +```curl +curl -X POST -H "Content-Type: application/json" -H "X-Flashbots-Signature: :" --data '{"jsonrpc":"2.0","method":"eth_getTransactionCount","params":["0xYOUR_ADDRESS","pending"],"id":1}' https://rpc.flashbots.net +``` + +The private key of the address your want to query must be used to sign the payload. + +The signature is calculated by taking the [EIP-191](https://eips.ethereum.org/EIPS/eip-191) hash of the json body encoded as UTF-8 bytes. Here's an example using ethers.js: + + + + +```ts +import {Wallet, utils} from 'ethers'; + +const privateKey = '0x1234'; +const wallet = new Wallet(privateKey); +const body = + '{"jsonrpc":"2.0","method":"eth_getTransactionCount","params":["0xYOUR_ADDRESS","pending"],"id":1}'; +const signature = wallet.address + ':' + wallet.signMessage(utils.id(body)); +``` + + + + +```py +from web3 import Web3 +from eth_account import Account, messages + +body = '{"jsonrpc":"2.0","method":"eth_getTransactionCount","params":["0xYOUR_ADDRESS","pending"],"id":1}' +message = messages.encode_defunct(text=Web3.keccak(text=body).hex()) +signature = Account.from_key(private_key).address + ':' + Account.sign_message(message, private_key).signature.hex() +``` + + + + +```go +body := `{"jsonrpc":"2.0","method":"eth_getTransactionCount","params":["0xYOUR_ADDRESS","pending"],"id":1}` +hashedBody := crypto.Keccak256Hash([]byte(body)).Hex() +sig, err := crypto.Sign(accounts.TextHash([]byte(hashedBody)), privKey) +signature := crypto.PubkeyToAddress(privKey.PublicKey).Hex() + ":" + hexutil.Encode(sig) +``` + + + + diff --git a/docs/sidebars.js b/docs/sidebars.js index 274c93e9..ef85cc47 100644 --- a/docs/sidebars.js +++ b/docs/sidebars.js @@ -56,6 +56,7 @@ module.exports = { 'flashbots-protect/mev-share', 'flashbots-protect/gas-fee-refunds', 'flashbots-protect/cancellations', + 'flashbots-protect/nonce-management', 'flashbots-protect/stuck_transactions', 'flashbots-protect/large-transactions', { From ca87c0e820f2ff335f8162312fb8c61c73b502ce Mon Sep 17 00:00:00 2001 From: Ryan Schneider Date: Thu, 12 Sep 2024 17:28:29 -0700 Subject: [PATCH 3/5] fixup: import Tab code --- docs/flashbots-protect/nonce-management.mdx | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/flashbots-protect/nonce-management.mdx b/docs/flashbots-protect/nonce-management.mdx index f94f3641..f4b3fc0c 100644 --- a/docs/flashbots-protect/nonce-management.mdx +++ b/docs/flashbots-protect/nonce-management.mdx @@ -2,7 +2,10 @@ title: Nonce Management --- -Normally, a wallet can call `eth_getTransactionCount` to get the next nonce to use for a transaction. +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + +Normally, a wallet can call `eth_getTransactionCount` to get the next nonce to use for a transaction. However, since transactions sent to Flashbots Protect are potentially sensitive, even exposing the incremented nonce can leak information about the user's activity. As such, Flashbots Protect requires that all requests to `eth_getTransactionCount` be signed by the user when querying the `"pending"` nonce. @@ -31,7 +34,7 @@ To authenticate your request, Flashbots endpoints require you to sign the payloa curl -X POST -H "Content-Type: application/json" -H "X-Flashbots-Signature: :" --data '{"jsonrpc":"2.0","method":"eth_getTransactionCount","params":["0xYOUR_ADDRESS","pending"],"id":1}' https://rpc.flashbots.net ``` -The private key of the address your want to query must be used to sign the payload. +The private key of the address your want to query must be used to sign the payload. The signature is calculated by taking the [EIP-191](https://eips.ethereum.org/EIPS/eip-191) hash of the json body encoded as UTF-8 bytes. Here's an example using ethers.js: From bb02d11da799ada9b2ef2ccd88ad072eedba7ac4 Mon Sep 17 00:00:00 2001 From: Ryan Schneider Date: Thu, 12 Sep 2024 18:33:46 -0700 Subject: [PATCH 4/5] fixup: Clarify behavior when not signed --- docs/flashbots-protect/nonce-management.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/flashbots-protect/nonce-management.mdx b/docs/flashbots-protect/nonce-management.mdx index f4b3fc0c..ccafb91f 100644 --- a/docs/flashbots-protect/nonce-management.mdx +++ b/docs/flashbots-protect/nonce-management.mdx @@ -8,9 +8,9 @@ import TabItem from '@theme/TabItem'; Normally, a wallet can call `eth_getTransactionCount` to get the next nonce to use for a transaction. However, since transactions sent to Flashbots Protect are potentially sensitive, even exposing the incremented nonce can leak information about the user's activity. -As such, Flashbots Protect requires that all requests to `eth_getTransactionCount` be signed by the user when querying the `"pending"` nonce. +As such, transactions sent to Flashbots Protect are only included in the `eth_getTransactionCount` results when querying the `"pending"` nonce, and only if the request is signed by the user's private key. -To query the `"pending"` nonce, requests must be signed with the user's private key. This is done by sending a JSON-RPC request to the Flashbots Protect RPC endpoint with the following parameters: +This is done by sending a JSON-RPC request to the Flashbots Protect RPC endpoint with the following parameters: ```json { @@ -24,11 +24,11 @@ To query the `"pending"` nonce, requests must be signed with the user's private } ``` -The request is signed and the signature is included in the `X-Flashbots-Signature` header. +The request is signed and the signature is included in the `X-Flashbots-Signature` header. Without such a signature, the returned nonce will only include transactions sent to the public mempool. ### Authentication -To authenticate your request, Flashbots endpoints require you to sign the payload and include the signed payload in the `X-Flashbots-Signature` header of your request. +To authenticate your request, sign the payload and include the signed payload in the `X-Flashbots-Signature` header of your request. ```curl curl -X POST -H "Content-Type: application/json" -H "X-Flashbots-Signature: :" --data '{"jsonrpc":"2.0","method":"eth_getTransactionCount","params":["0xYOUR_ADDRESS","pending"],"id":1}' https://rpc.flashbots.net From e99813fe3b20af6f0505374e7cfd143c6e5eaa3e Mon Sep 17 00:00:00 2001 From: Ryan Schneider Date: Fri, 13 Sep 2024 08:57:49 -0700 Subject: [PATCH 5/5] Update docs/flashbots-protect/nonce-management.mdx --- docs/flashbots-protect/nonce-management.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/flashbots-protect/nonce-management.mdx b/docs/flashbots-protect/nonce-management.mdx index ccafb91f..f7face46 100644 --- a/docs/flashbots-protect/nonce-management.mdx +++ b/docs/flashbots-protect/nonce-management.mdx @@ -24,7 +24,7 @@ This is done by sending a JSON-RPC request to the Flashbots Protect RPC endpoint } ``` -The request is signed and the signature is included in the `X-Flashbots-Signature` header. Without such a signature, the returned nonce will only include transactions sent to the public mempool. +The request is then signed and the signature is included in the `X-Flashbots-Signature` header. Without such a signature, the returned nonce will only include transactions sent to the public mempool. ### Authentication