-
Notifications
You must be signed in to change notification settings - Fork 240
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Block cheat codes in anvil #8277
Conversation
Adds a second api to the mainnet-fork, located at `public-PUBLIC_API_KEY`, in which all cheat codes are blocked. We define a cheat code as a method in the evm, hardhat, or anvil namespaces. We use njs for parsing the JSON RPC request body and testing the method namespace. The PUBLIC_API_KEY is only set for provernet, for other networks, we load the same API_KEY secret as always. This PR also enables logging for anvil, including a logrotate config to ensure we don't fill up the disk just with logs.
@@ -21,8 +22,11 @@ echo "result: ${MNEMONIC_STRIPPED:0:10}..." | |||
# Data directory for anvil state | |||
mkdir -p /data | |||
|
|||
# Log directory for anvil | |||
mkdir -p /var/log/anvil/ | |||
|
|||
# Run anvil silently |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: It's not silent anymore :-)
Adds a second api to the mainnet-fork, located at `public-PUBLIC_API_KEY`, in which all cheat codes are blocked. We define a cheat code as a method in the evm, hardhat, or anvil namespaces. We use njs for parsing the JSON RPC request body and testing the method namespace. The PUBLIC_API_KEY is only set for provernet, for other networks, we load the same API_KEY secret as always. This PR also enables logging for anvil, including a logrotate config to ensure we don't fill up the disk just with logs.
Benchmark resultsMetrics with a significant change:
Detailed resultsAll benchmarks are run on txs on the This benchmark source data is available in JSON format on S3 here. Proof generationEach column represents the number of threads used in proof generation.
L2 block published to L1Each column represents the number of txs on an L2 block published to L1.
L2 chain processingEach column represents the number of blocks on the L2 chain where each block has 8 txs.
Circuits statsStats on running time and I/O sizes collected for every kernel circuit run across all benchmarks.
Stats on running time collected for app circuits
AVM SimulationTime to simulate various public functions in the AVM.
Public DB AccessTime to access various public DBs.
Tree insertion statsThe duration to insert a fixed batch of leaves into each tree type.
MiscellaneousTransaction sizes based on how many contract classes are registered in the tx.
Transaction size based on fee payment method | Metric | | |
* master: (28 commits) chore: bump noir-bignum to 0.3.2 (#8276) feat: Populate epoch 0 from initial validator set (#8286) git subrepo push --branch=master noir-projects/aztec-nr git_subrepo.sh: Fix parent in .gitrepo file. [skip ci] chore: replace relative paths to noir-protocol-circuits git subrepo push --branch=master barretenberg chore(master): Release 0.51.1 (#8218) feat(avm): integrate new range and cmp gadgets (#8165) chore: rename process to propose for clarity (#8265) chore: Bump provernet agents to 8 and speed up bot (#8280) feat(avm): avm recursive verifier cpp (#8162) feat: moving fee payout + make proof submission sequential (#8262) feat: Block cheat codes in anvil (#8277) feat: wallet tx management (#8246) refactor(avm): replace range and cmp with gadgets (#8164) fix(docs): Update entrypoint details on accounts page (#8184) feat: l1-publisher cleanup (#8148) feat(avm): range check gadget (#7967) fix(ci): spot-runner-action was not built (#8274) fix: ts codegen (#8267) ...
In #8277 we added a PUBLIC_API_KEY that was used for accessing anvil with cheat codes disabled, and the API_KEY was left for "admin" access with cheat codes allowed. However, the API_KEY is also needed for connecting to the node, which is is needed for retrieving proofs, needed for prover nodes to operate. This PR changes how keys are handled. API_KEY is now mapped to the anvil public access, so it is not disclosed when sharing access to the node API. A new FORK_ADMIN_API_KEY is introduced for admin access, and only used for bootstrapping operations and for the bootstrapping sequencer.
In #8277 we added a PUBLIC_API_KEY that was used for accessing anvil with cheat codes disabled, and the API_KEY was left for "admin" access with cheat codes allowed. However, the API_KEY is also needed for connecting to the node, which is is needed for retrieving proofs, needed for prover nodes to operate. This PR changes how keys are handled. API_KEY is now mapped to the anvil public access, so it is not disclosed when sharing access to the node API. A new FORK_ADMIN_API_KEY is introduced for admin access, and only used for bootstrapping operations and for the bootstrapping sequencer.
In #8277 we added a PUBLIC_API_KEY that was used for accessing anvil with cheat codes disabled, and the API_KEY was left for "admin" access with cheat codes allowed. However, the API_KEY is also needed for connecting to the node, which is is needed for retrieving proofs, needed for prover nodes to operate. This PR changes how keys are handled. API_KEY is now mapped to the anvil public access, so it is not disclosed when sharing access to the node API. A new FORK_ADMIN_API_KEY is introduced for admin access, and only used for bootstrapping operations and for the bootstrapping sequencer.
Adds a second api to the mainnet-fork, located at `public-PUBLIC_API_KEY`, in which all cheat codes are blocked. We define a cheat code as a method in the evm, hardhat, or anvil namespaces. We use njs for parsing the JSON RPC request body and testing the method namespace. The PUBLIC_API_KEY is only set for provernet, for other networks, we load the same API_KEY secret as always. This PR also enables logging for anvil, including a logrotate config to ensure we don't fill up the disk just with logs.
In #8277 we added a PUBLIC_API_KEY that was used for accessing anvil with cheat codes disabled, and the API_KEY was left for "admin" access with cheat codes allowed. However, the API_KEY is also needed for connecting to the node, which is is needed for retrieving proofs, needed for prover nodes to operate. This PR changes how keys are handled. API_KEY is now mapped to the anvil public access, so it is not disclosed when sharing access to the node API. A new FORK_ADMIN_API_KEY is introduced for admin access, and only used for bootstrapping operations and for the bootstrapping sequencer.
In #8277 we added a PUBLIC_API_KEY that was used for accessing anvil with cheat codes disabled, and the API_KEY was left for "admin" access with cheat codes allowed. However, the API_KEY is also needed for connecting to the node, which is is needed for retrieving proofs, needed for prover nodes to operate. This PR changes how keys are handled. API_KEY is now mapped to the anvil public access, so it is not disclosed when sharing access to the node API. A new FORK_ADMIN_API_KEY is introduced for admin access, and only used for bootstrapping operations and for the bootstrapping sequencer.
Adds a second api to the mainnet-fork, located at
public-PUBLIC_API_KEY
, in which all cheat codes are blocked. We define a cheat code as a method in the evm, hardhat, or anvil namespaces. We use njs for parsing the JSON RPC request body and testing the method namespace.The PUBLIC_API_KEY is only set for provernet, for other networks, we load the same API_KEY secret as always.
This PR also enables logging for anvil, including a logrotate config to ensure we don't fill up the disk just with logs.