Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Block cheat codes in anvil #8277

Merged
merged 3 commits into from
Aug 29, 2024
Merged

feat: Block cheat codes in anvil #8277

merged 3 commits into from
Aug 29, 2024

Conversation

spalladino
Copy link
Collaborator

Adds a second api to the mainnet-fork, located at
public-PUBLIC_API_KEY, in which all cheat codes are blocked. We define a cheat code as a method in the evm, hardhat, or anvil namespaces. We use njs for parsing the JSON RPC request body and testing the method namespace.

The PUBLIC_API_KEY is only set for provernet, for other networks, we load the same API_KEY secret as always.

This PR also enables logging for anvil, including a logrotate config to ensure we don't fill up the disk just with logs.

Adds a second api to the mainnet-fork, located at
`public-PUBLIC_API_KEY`, in which all cheat codes are blocked. We define
a cheat code as a method in the evm, hardhat, or anvil namespaces. We
use njs for parsing the JSON RPC request body and testing the method
namespace.

The PUBLIC_API_KEY is only set for provernet, for other networks, we
load the same API_KEY secret as always.

This PR also enables logging for anvil, including a logrotate config to
ensure we don't fill up the disk just with logs.
@@ -21,8 +22,11 @@ echo "result: ${MNEMONIC_STRIPPED:0:10}..."
# Data directory for anvil state
mkdir -p /data

# Log directory for anvil
mkdir -p /var/log/anvil/

# Run anvil silently
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: It's not silent anymore :-)

@spalladino spalladino requested a review from PhilWindle August 29, 2024 19:49
@spalladino spalladino merged commit 4a82f53 into master Aug 29, 2024
23 checks passed
@spalladino spalladino deleted the palla/secure-anvil branch August 29, 2024 19:56
spalladino added a commit that referenced this pull request Aug 29, 2024
Adds a second api to the mainnet-fork, located at
`public-PUBLIC_API_KEY`, in which all cheat codes are blocked. We define
a cheat code as a method in the evm, hardhat, or anvil namespaces. We
use njs for parsing the JSON RPC request body and testing the method
namespace.

The PUBLIC_API_KEY is only set for provernet, for other networks, we
load the same API_KEY secret as always.

This PR also enables logging for anvil, including a logrotate config to
ensure we don't fill up the disk just with logs.
@AztecBot
Copy link
Collaborator

Benchmark results

Metrics with a significant change:

  • protocol_circuit_simulation_time_in_ms (base-rollup): 3,445 (+17%)
  • avm_simulation_time_ms (Token:assert_minter_and_mint): 66.5 (-79%)
  • avm_simulation_time_ms (Token:_increase_public_balance): 39.0 (-33%)
  • avm_simulation_bytecode_size_in_bytes (FeeJuice:set_portal): 2,128 (-48%)
  • avm_simulation_bytecode_size_in_bytes (FeeJuice:mint_public): 5,415 (-17%)
  • avm_simulation_bytecode_size_in_bytes (Token:mint_public): 10,101 (-20%)
  • avm_simulation_bytecode_size_in_bytes (Token:assert_minter_and_mint): 6,844 (-19%)
Detailed results

All benchmarks are run on txs on the Benchmarking contract on the repository. Each tx consists of a batch call to create_note and increment_balance, which guarantees that each tx has a private call, a nested private call, a public call, and a nested public call, as well as an emitted private note, an unencrypted log, and public storage read and write.

This benchmark source data is available in JSON format on S3 here.

Proof generation

Each column represents the number of threads used in proof generation.

Metric 1 threads 4 threads 16 threads 32 threads 64 threads
proof_construction_time_sha256_ms 5,763 1,557 713 765 (+1%) 772 (-1%)
proof_construction_time_sha256_30_ms 11,470 (-1%) 3,090 (-1%) 1,388 (-2%) 1,425 (-2%) 1,473 (-1%)
proof_construction_time_sha256_100_ms 44,022 11,788 5,407 5,575 (-4%) 5,501 (-3%)
proof_construction_time_poseidon_hash_ms 78.0 34.0 (-28%) 34.0 58.0 (+2%) 88.0 (+2%)
proof_construction_time_poseidon_hash_30_ms 1,529 421 203 225 271
proof_construction_time_poseidon_hash_100_ms 5,647 1,508 (-1%) 674 720 (-3%) 748

L2 block published to L1

Each column represents the number of txs on an L2 block published to L1.

Metric 4 txs 8 txs 16 txs
l1_rollup_calldata_size_in_bytes 4,356 7,876 14,884
l1_rollup_calldata_gas 50,244 92,980 178,012
l1_rollup_execution_gas 842,904 1,576,536 3,361,624
l2_block_processing_time_in_ms 258 (+2%) 451 (+1%) 832 (+1%)
l2_block_building_time_in_ms 11,412 22,247 44,535
l2_block_rollup_simulation_time_in_ms 11,412 22,247 44,535
l2_block_public_tx_process_time_in_ms 9,649 20,424 (-1%) 42,663

L2 chain processing

Each column represents the number of blocks on the L2 chain where each block has 8 txs.

Metric 3 blocks 5 blocks
node_history_sync_time_in_ms 3,007 (+2%) 4,012 (+5%)
node_database_size_in_bytes 12,595,280 16,711,760
pxe_database_size_in_bytes 16,254 26,813

Circuits stats

Stats on running time and I/O sizes collected for every kernel circuit run across all benchmarks.

Circuit simulation_time_in_ms witness_generation_time_in_ms input_size_in_bytes output_size_in_bytes proving_time_in_ms
private-kernel-init 95.8 398 (+1%) 21,735 44,860 N/A
private-kernel-inner 173 (+1%) 704 72,544 45,007 N/A
private-kernel-reset-tiny 307 712 (-4%) 65,593 44,846 N/A
private-kernel-tail 167 135 (-1%) 50,644 52,257 N/A
base-parity 5.61 (+1%) N/A 160 96.0 N/A
root-parity 35.5 (-1%) N/A 73,948 96.0 N/A
base-rollup ⚠️ 3,445 (+17%) N/A 189,136 664 N/A
block-root-rollup 41.4 N/A 58,205 2,448 N/A
public-kernel-setup 84.4 N/A 105,085 71,222 N/A
public-kernel-app-logic 97.5 N/A 104,911 71,222 N/A
public-kernel-tail 857 N/A 390,582 16,414 N/A
private-kernel-reset-small 308 N/A 66,341 45,629 N/A
private-kernel-tail-to-public 1,374 625 (+1%) 455,400 1,825 N/A
public-kernel-teardown 83.8 (-1%) N/A 105,349 71,222 N/A
merge-rollup 20.7 (+3%) N/A 38,174 664 N/A
undefined N/A N/A N/A N/A 79,258 (+1%)

Stats on running time collected for app circuits

Function input_size_in_bytes output_size_in_bytes witness_generation_time_in_ms
ContractClassRegisterer:register 1,344 11,731 343 (+1%)
ContractInstanceDeployer:deploy 1,408 11,731 18.3 (+1%)
MultiCallEntrypoint:entrypoint 1,920 11,731 404
FeeJuice:deploy 1,376 11,731 386
SchnorrAccount:constructor 1,312 11,731 73.9 (+1%)
SchnorrAccount:entrypoint 2,304 (-1%) 11,731 395 (+1%)
Token:privately_mint_private_note 1,280 11,731 107 (+5%)
FPC:fee_entrypoint_public 1,344 11,731 26.8 (+5%)
Token:transfer 1,312 11,731 224 (-3%)
Benchmarking:create_note 1,344 11,731 86.7 (+2%)
SchnorrAccount:verify_private_authwit 1,280 11,731 27.7 (+1%)
Token:unshield 1,376 11,731 515 (-1%)
FPC:fee_entrypoint_private 1,376 11,731 734 (+7%)

AVM Simulation

Time to simulate various public functions in the AVM.

Function time_ms bytecode_size_in_bytes
FeeJuice:_increase_public_balance 60.5 (+6%) 7,101 (-13%)
FeeJuice:set_portal 12.6 (+15%) ⚠️ 2,128 (-48%)
Token:constructor 80.7 25,285 (-13%)
FPC:constructor 54.3 17,853 (-6%)
FeeJuice:mint_public 39.2 (-4%) ⚠️ 5,415 (-17%)
Token:mint_public 43.6 (-8%) ⚠️ 10,101 (-20%)
Token:assert_minter_and_mint ⚠️ 66.5 (-79%) ⚠️ 6,844 (-19%)
AuthRegistry:set_authorized 37.2 (-24%) 3,969 (-5%)
FPC:prepare_fee 232 (-3%) 6,747
Token:transfer_public 22.0 (-26%) 38,126 (-4%)
FPC:pay_refund 51.1 (-19%) 9,398
Benchmarking:increment_balance 1,199 (-1%) 6,179 (-15%)
Token:_increase_public_balance ⚠️ 39.0 (-33%) 7,705 (-11%)
FPC:pay_refund_with_shielded_rebate 62.5 (+1%) 9,881

Public DB Access

Time to access various public DBs.

Function time_ms
get-nullifier-index 0.163 (+3%)

Tree insertion stats

The duration to insert a fixed batch of leaves into each tree type.

Metric 1 leaves 16 leaves 64 leaves 128 leaves 256 leaves 512 leaves 1024 leaves
batch_insert_into_append_only_tree_16_depth_ms 2.21 3.93 N/A N/A N/A N/A N/A
batch_insert_into_append_only_tree_16_depth_hash_count 16.8 31.7 N/A N/A N/A N/A N/A
batch_insert_into_append_only_tree_16_depth_hash_ms 0.115 (+1%) 0.111 N/A N/A N/A N/A N/A
batch_insert_into_append_only_tree_32_depth_ms N/A N/A 11.3 (+1%) 17.7 (+1%) 31.2 (+2%) 59.7 (+1%) 114 (-1%)
batch_insert_into_append_only_tree_32_depth_hash_count N/A N/A 95.9 159 287 543 1,055
batch_insert_into_append_only_tree_32_depth_hash_ms N/A N/A 0.109 (+1%) 0.103 (+1%) 0.101 (+1%) 0.103 (+2%) 0.100 (-2%)
batch_insert_into_indexed_tree_20_depth_ms N/A N/A 14.4 26.0 (+1%) 43.8 (+1%) 82.9 161 (-2%)
batch_insert_into_indexed_tree_20_depth_hash_count N/A N/A 109 207 355 691 1,363
batch_insert_into_indexed_tree_20_depth_hash_ms N/A N/A 0.109 (-1%) 0.105 0.106 (+1%) 0.102 0.102 (-2%)
batch_insert_into_indexed_tree_40_depth_ms N/A N/A 16.6 N/A N/A N/A N/A
batch_insert_into_indexed_tree_40_depth_hash_count N/A N/A 132 N/A N/A N/A N/A
batch_insert_into_indexed_tree_40_depth_hash_ms N/A N/A 0.106 N/A N/A N/A N/A

Miscellaneous

Transaction sizes based on how many contract classes are registered in the tx.

Metric 0 registered classes 1 registered classes
tx_size_in_bytes 64,779 668,997

Transaction size based on fee payment method

| Metric | |
| - | |

TomAFrench added a commit that referenced this pull request Aug 30, 2024
* master: (28 commits)
  chore: bump noir-bignum to 0.3.2 (#8276)
  feat: Populate epoch 0 from initial validator set (#8286)
  git subrepo push --branch=master noir-projects/aztec-nr
  git_subrepo.sh: Fix parent in .gitrepo file. [skip ci]
  chore: replace relative paths to noir-protocol-circuits
  git subrepo push --branch=master barretenberg
  chore(master): Release 0.51.1 (#8218)
  feat(avm): integrate new range and cmp gadgets (#8165)
  chore: rename process to propose for clarity (#8265)
  chore: Bump provernet agents to 8 and speed up bot (#8280)
  feat(avm): avm recursive verifier cpp (#8162)
  feat: moving fee payout + make proof submission sequential (#8262)
  feat: Block cheat codes in anvil (#8277)
  feat: wallet tx management (#8246)
  refactor(avm): replace range and cmp with gadgets (#8164)
  fix(docs): Update entrypoint details on accounts page (#8184)
  feat: l1-publisher cleanup (#8148)
  feat(avm): range check gadget (#7967)
  fix(ci): spot-runner-action was not built (#8274)
  fix: ts codegen (#8267)
  ...
spalladino added a commit that referenced this pull request Aug 30, 2024
In #8277 we added a PUBLIC_API_KEY that was used for accessing anvil
with cheat codes disabled, and the API_KEY was left for "admin" access
with cheat codes allowed. However, the API_KEY is also needed for
connecting to the node, which is is needed for retrieving proofs, needed
for prover nodes to operate.

This PR changes how keys are handled. API_KEY is now mapped to the anvil
public access, so it is not disclosed when sharing access to the node
API. A new FORK_ADMIN_API_KEY is introduced for admin access, and only
used for bootstrapping operations and for the bootstrapping sequencer.
spalladino added a commit that referenced this pull request Aug 30, 2024
In #8277 we added a PUBLIC_API_KEY that was used for accessing anvil
with cheat codes disabled, and the API_KEY was left for "admin" access
with cheat codes allowed. However, the API_KEY is also needed for
connecting to the node, which is is needed for retrieving proofs, needed
for prover nodes to operate.

This PR changes how keys are handled. API_KEY is now mapped to the anvil
public access, so it is not disclosed when sharing access to the node
API. A new FORK_ADMIN_API_KEY is introduced for admin access, and only
used for bootstrapping operations and for the bootstrapping sequencer.
spalladino added a commit that referenced this pull request Aug 30, 2024
In #8277 we added a PUBLIC_API_KEY that was used for accessing anvil
with cheat codes disabled, and the API_KEY was left for "admin" access
with cheat codes allowed. However, the API_KEY is also needed for
connecting to the node, which is is needed for retrieving proofs, needed
for prover nodes to operate.

This PR changes how keys are handled. API_KEY is now mapped to the anvil
public access, so it is not disclosed when sharing access to the node
API. A new FORK_ADMIN_API_KEY is introduced for admin access, and only
used for bootstrapping operations and for the bootstrapping sequencer.
codygunton pushed a commit that referenced this pull request Aug 30, 2024
Adds a second api to the mainnet-fork, located at
`public-PUBLIC_API_KEY`, in which all cheat codes are blocked. We define
a cheat code as a method in the evm, hardhat, or anvil namespaces. We
use njs for parsing the JSON RPC request body and testing the method
namespace.

The PUBLIC_API_KEY is only set for provernet, for other networks, we
load the same API_KEY secret as always.

This PR also enables logging for anvil, including a logrotate config to
ensure we don't fill up the disk just with logs.
spalladino added a commit that referenced this pull request Aug 30, 2024
In #8277 we added a PUBLIC_API_KEY that was used for accessing anvil
with cheat codes disabled, and the API_KEY was left for "admin" access
with cheat codes allowed. However, the API_KEY is also needed for
connecting to the node, which is is needed for retrieving proofs, needed
for prover nodes to operate.

This PR changes how keys are handled. API_KEY is now mapped to the anvil
public access, so it is not disclosed when sharing access to the node
API. A new FORK_ADMIN_API_KEY is introduced for admin access, and only
used for bootstrapping operations and for the bootstrapping sequencer.
spalladino added a commit that referenced this pull request Sep 3, 2024
In #8277 we added a PUBLIC_API_KEY that was used for accessing anvil
with cheat codes disabled, and the API_KEY was left for "admin" access
with cheat codes allowed. However, the API_KEY is also needed for
connecting to the node, which is is needed for retrieving proofs, needed
for prover nodes to operate.

This PR changes how keys are handled. API_KEY is now mapped to the anvil
public access, so it is not disclosed when sharing access to the node
API. A new FORK_ADMIN_API_KEY is introduced for admin access, and only
used for bootstrapping operations and for the bootstrapping sequencer.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants