Validate execution payload bid

hangleang · hangleang · commit 37838ce84b3e · 2025-11-28T10:58:29.000+07:00
diff --git a/fork_choice_store/src/error.rs b/fork_choice_store/src/error.rs
@@ -7,7 +7,7 @@ use types::{
     bellatrix::containers::PowBlock,
     combined::{Attestation, DataColumnSidecar, SignedAggregateAndProof, SignedBeaconBlock},
     deneb::containers::BlobSidecar,
-    gloas::containers::PayloadAttestationMessage,
+    gloas::containers::{PayloadAttestationMessage, SignedExecutionPayloadBid},
     phase0::primitives::{Slot, SubnetId, ValidatorIndex},
     preset::{Mainnet, Preset},
 };
@@ -138,6 +138,26 @@ pub enum Error<P: Preset> {
         data_column_sidecar: Arc<DataColumnSidecar<P>>,
         computed: ValidatorIndex,
     },
+    #[error("execution payload bid's builder is not active: {payload_bid:?}")]
+    ExecutionPayloadBidBuilderInactive {
+        payload_bid: Arc<SignedExecutionPayloadBid>,
+    },
+    #[error("execution payload bid's builder has been slashed: {payload_bid:?}")]
+    ExecutionPayloadBidBuilderSlashed {
+        payload_bid: Arc<SignedExecutionPayloadBid>,
+    },
+    #[error("execution payload bid's builder has invalid withdrawal credentials: {payload_bid:?}")]
+    ExecutionPayloadBidBuilderInvalid {
+        payload_bid: Arc<SignedExecutionPayloadBid>,
+    },
+    #[error("off-protocol payment is disallowed in gossip: {payload_bid:?}")]
+    ExecutionPayloadBidOffProtocolPaymentDisallowed {
+        payload_bid: Arc<SignedExecutionPayloadBid>,
+    },
+    #[error("execution payload bid has invalid signature: {payload_bid:?}")]
+    InvalidExecutionPayloadBidSignature {
+        payload_bid: Arc<SignedExecutionPayloadBid>,
+    },
     #[error("aggregate and proof has invalid signature: {aggregate_and_proof:?}")]
     InvalidAggregateAndProofSignature {
         aggregate_and_proof: Arc<SignedAggregateAndProof<P>>,
diff --git a/fork_choice_store/src/lib.rs b/fork_choice_store/src/lib.rs
@@ -82,8 +82,8 @@ pub use crate::{
         AttestationAction, AttestationItem, AttestationOrigin, AttestationValidationError,
         AttesterSlashingOrigin, BlobSidecarAction, BlobSidecarOrigin, BlockAction, BlockOrigin,
         ChainLink, DataAvailabilityPolicy, DataColumnSidecarAction, DataColumnSidecarOrigin,
-        PartialBlockAction, PayloadAction, PayloadAttestationAction, PayloadAttestationOrigin,
-        Storage, ValidAttestation,
+        ExecutionPayloadBidAction, ExecutionPayloadBidOrigin, PartialBlockAction, PayloadAction,
+        PayloadAttestationAction, PayloadAttestationOrigin, Storage, ValidAttestation,
     },
     segment::Segment,
     state_cache_processor::{Error as StateCacheError, StateCacheProcessor},
diff --git a/fork_choice_store/src/misc.rs b/fork_choice_store/src/misc.rs
@@ -23,7 +23,7 @@ use types::{
         SignedBeaconBlock,
     },
     deneb::containers::BlobSidecar,
-    gloas::containers::PayloadAttestationMessage,
+    gloas::containers::{PayloadAttestationMessage, SignedExecutionPayloadBid},
     nonstandard::{PayloadStatus, Publishable, ValidationOutcome},
     phase0::{
         containers::{AttestationData, Checkpoint},
@@ -278,6 +278,75 @@ impl<I> AggregateAndProofOrigin<I> {
     }
 }
 
+#[derive(Debug, AsRefStr)]
+pub enum ExecutionPayloadBidOrigin<I> {
+    Gossip(I),
+    Api(OneshotSender<Result<ValidationOutcome>>),
+}
+
+impl Serialize for ExecutionPayloadBidOrigin<GossipId> {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: Serializer,
+    {
+        serializer.serialize_str(self.as_ref())
+    }
+}
+
+impl<I> ExecutionPayloadBidOrigin<I> {
+    #[must_use]
+    pub fn split(self) -> (Option<I>, Option<OneshotSender<Result<ValidationOutcome>>>) {
+        match self {
+            Self::Gossip(gossip_id) => (Some(gossip_id), None),
+            Self::Api(sender) => (None, Some(sender)),
+        }
+    }
+
+    #[must_use]
+    pub fn gossip_id(self) -> Option<I> {
+        match self {
+            Self::Gossip(gossip_id) => Some(gossip_id),
+            Self::Api(_) => None,
+        }
+    }
+
+    #[must_use]
+    pub const fn gossip_id_ref(&self) -> Option<&I> {
+        match self {
+            Self::Gossip(gossip_id) => Some(gossip_id),
+            Self::Api(_) => None,
+        }
+    }
+
+    #[must_use]
+    pub const fn is_from_gossip(&self) -> bool {
+        matches!(self, Self::Gossip(_))
+    }
+
+    #[must_use]
+    pub const fn verify_signatures(&self) -> bool {
+        match self {
+            Self::Gossip(_) | Self::Api(_) => true,
+        }
+    }
+
+    #[must_use]
+    pub const fn send_to_validator(&self) -> bool {
+        match self {
+            Self::Gossip(_) | Self::Api(_) => true,
+        }
+    }
+
+    // TODO: use Debug instead
+    #[must_use]
+    pub const fn metrics_label(&self) -> &str {
+        match self {
+            Self::Gossip(_) => "Gossip",
+            Self::Api(_) => "Api",
+        }
+    }
+}
+
 #[derive(Debug)]
 pub struct AttestationItem<P: Preset, I> {
     pub item: Arc<Attestation<P>>,
@@ -803,6 +872,11 @@ pub enum PayloadAttestationAction {
     DelayUntilBlock(Arc<PayloadAttestationMessage>, H256),
 }
 
+pub enum ExecutionPayloadBidAction {
+    Accept(Arc<SignedExecutionPayloadBid>),
+    Ignore(Publishable),
+}
+
 pub enum PartialBlockAction {
     Accept,
     Ignore,
diff --git a/fork_choice_store/src/store.rs b/fork_choice_store/src/store.rs
@@ -55,7 +55,7 @@ use types::{
     },
     gloas::containers::{
         DataColumnSidecar as GloasDataColumnSidecar, ExecutionPayloadBid,
-        PayloadAttestationMessage, SignedExecutionPayloadEnvelope,
+        PayloadAttestationMessage, SignedExecutionPayloadBid, SignedExecutionPayloadEnvelope,
     },
     nonstandard::{BlobSidecarWithId, DataColumnSidecarWithId, PayloadStatus, Phase, WithStatus},
     phase0::{
@@ -87,7 +87,8 @@ use crate::{
     store_config::StoreConfig,
     supersets::MultiPhaseAggregateAndProofSets as AggregateAndProofSupersets,
     validations::validate_merge_block,
-    AttestationOrigin, PayloadAttestationAction, PayloadAttestationOrigin,
+    AttestationOrigin, ExecutionPayloadBidAction, ExecutionPayloadBidOrigin,
+    PayloadAttestationAction, PayloadAttestationOrigin,
 };
 
 /// [`Store`] from the Fork Choice specification.
@@ -233,7 +234,7 @@ pub struct Store<P: Preset, S: Storage<P>> {
         (Slot, H256, ColumnIndex),
         ContiguousList<KzgCommitment, P::MaxBlobCommitmentsPerBlock>,
     >,
-    accepted_payload_bids: HashMap<(Slot, H256), ExecutionPayloadBid>,
+    accepted_payload_bids: HashMap<(Slot, H256), HashMap<ValidatorIndex, ExecutionPayloadBid>>,
     blob_cache: BlobCache<P>,
     state_cache: Arc<StateCacheProcessor<P>>,
     storage: Arc<S>,
@@ -1278,6 +1279,98 @@ impl<P: Preset, S: Storage<P>> Store<P, S> {
         Ok(BlockAction::Accept(chain_link, attester_slashing_results))
     }
 
+    pub fn validate_execution_payload_bid<I>(
+        &self,
+        payload_bid: Arc<SignedExecutionPayloadBid>,
+        origin: &ExecutionPayloadBidOrigin<I>,
+    ) -> Result<ExecutionPayloadBidAction> {
+        let bid = payload_bid.message;
+        let builder_index = bid.builder_index;
+
+        // > off-protocol payment is disallowed in gossip, the `bid.execution_payment` MUST be zero
+        if origin.is_from_gossip() {
+            ensure!(
+                bid.execution_payment == 0,
+                Error::<P>::ExecutionPayloadBidOffProtocolPaymentDisallowed { payload_bid }
+            );
+        }
+
+        // > the `bid.slot` is the current slot or the next slot
+        if bid.slot > self.slot() + 1 {
+            return Ok(ExecutionPayloadBidAction::Ignore(false));
+        }
+
+        // > the `bid.parent_block_hash` is the block hash of a known execution payload in fork choice
+        if !self
+            .execution_payload_locations
+            .contains_key(&bid.parent_block_hash)
+        {
+            return Ok(ExecutionPayloadBidAction::Ignore(true));
+        }
+
+        // > the `bid.parent_block_root` is the hash tree root of a known beacon block in fork choice
+        let Some(state) = self.state_by_block_root(bid.parent_block_root) else {
+            return Ok(ExecutionPayloadBidAction::Ignore(true));
+        };
+
+        // > the builder is active, and non-slashed builder.
+        let current_epoch = accessors::get_current_epoch(&state);
+        let builder = state.validators().get(builder_index)?;
+        ensure!(
+            !builder.slashed,
+            Error::<P>::ExecutionPayloadBidBuilderSlashed { payload_bid }
+        );
+        ensure!(
+            predicates::is_active_validator(builder, current_epoch),
+            Error::<P>::ExecutionPayloadBidBuilderInactive { payload_bid }
+        );
+
+        // > the builder's withdrawal credentials' prefix is BUILDER_WITHDRAWAL_PREFIX
+        ensure!(
+            predicates::has_builder_withdrawal_credential(builder),
+            Error::<P>::ExecutionPayloadBidBuilderInvalid { payload_bid }
+        );
+
+        // > the `bid.value` is less or equal than the builder's excess balance
+        let builder_balance = *state.balances().get(builder_index)?;
+        if bid.value + P::MIN_ACTIVATION_BALANCE > builder_balance {
+            return Ok(ExecutionPayloadBidAction::Ignore(false));
+        }
+
+        if origin.verify_signatures() {
+            let pubkey = self.pubkey_cache.get_or_insert(builder.pubkey)?;
+
+            // > `signed_execution_payload_bid.signature` is valid builder's signature
+            if let Err(error) =
+                bid.verify(&self.chain_config, &state, payload_bid.signature, pubkey)
+            {
+                bail!(
+                    error.context(Error::<P>::InvalidExecutionPayloadBidSignature { payload_bid })
+                );
+            }
+        }
+
+        if let Some(payload_bids) = self
+            .accepted_payload_bids
+            .get(&(bid.slot, bid.parent_block_root))
+        {
+            // > this is the first signed bid seen from the given builder for this slot
+            if payload_bids.contains_key(&builder_index) {
+                return Ok(ExecutionPayloadBidAction::Ignore(true));
+            }
+
+            // > this bid is the highest value bid seen for the corresponding slot and the given parent block hash.
+            if let Some(highest_bid) = payload_bids.values().max_by_key(|bid| bid.value) {
+                if bid.value <= highest_bid.value {
+                    // This bid doesn't have a higher value than the existing bid
+                    return Ok(ExecutionPayloadBidAction::Ignore(false));
+                }
+            }
+        }
+
+        Ok(ExecutionPayloadBidAction::Accept(payload_bid))
+    }
+
     #[expect(clippy::too_many_lines)]
     pub fn validate_aggregate_and_proof<I>(
         &self,
@@ -2320,7 +2413,11 @@ impl<P: Preset, S: Storage<P>> Store<P, S> {
         );
 
         // [IGNORE] The sidecar's beacon_block_root has been seen via a valid signed execution payload bid.
-        let Some(payload_bid) = self.accepted_payload_bids.get(&(slot, block_root)) else {
+        let Some(payload_bid) = self
+            .accepted_payload_bids
+            .get(&(slot, block_root))
+            .and_then(|bids| bids.values().max_by_key(|bid| bid.value))
+        else {
             return Ok(DataColumnSidecarAction::DelayUntilState(
                 data_column_sidecar,
                 block_root,
