Hi! Franck from the Waku team here.
@vbuterin mentioned that Waku could be useful for ERC-4337 in terms of DoS protection. I’d like to provide an overview on how Waku may help with the implementation of this ERC.
Waku Introduction
Waku is a family of protocol designed to enable communication with a focus on privacy, censorship-resistance and resource-restricted devices. Waku’s specs are CC0 and code Apache2.0+MIT. Waku is designed in a modular manner, enabling cherry-picking of the desired protocols and functionalities.
Keys properties are:
Scalable Libp2p setup
Waku uses libp2p protocols and libraries. Waku Relay, the backbone of message routing uses libp2p-gossipsub with specific parameters. Discovery is done via discv5.
Waku aims to serve applications with millions of users. Hence, the Waku protocols are designed to split traffic on several shards (gossipsub topics), while maintaining a single discovery layer efficient in a sharded context.
Generalized & DoS protected
Waku enables generalized communication, where specific validation rules may not be applicable (in contrast to the Ethereum mempool for example, where transaction can be validated). This means that Waku messages can contain any arbitrary payload.
This incur a risk of any actor flooding the network and DoS users who do not have the bandwidth provision to correctly participate to gossipsub.
Waku solves this problem by using RLN (Rate Limited Nullifier) [1] [2]. RLN limits the number of messages a publisher can send over an epoch. Publisher must join a zero-knowledge membership set on chain first. Then, attach a proof linked to a given epoch to their messages. If they exceed the messages rate limit over a given epoch, their messages can be rejected at gossipsub level, eventually leading to disconnection from the network. Slashing is also possible but not currently considered.
Resource-restricted devices
One of Waku’s focus is to enable access to the p2p network to resource restricted devices: mobile, browser, laptop. Instead of using centralized, and hence prone to censorship and surveillance, REST APIs.
This is done with a combination of libp2p request-response protocols that enables a device to:
- Access specific messages, instead of routing the whole gossipsub topic content. Messages are tagged with a content topic, to enable easy filtering.
- Publish messages without routing the gossipsub topic traffic
- Access historical messages thanks to service nodes caching recent traffic
- Use a libp2p request-response protocol for discovery, instead of using discv5
- Enable several message reliability strategies, to ensure that messages are indeed sent and received. An important factor when tabs can be closed, network connection switched, devices suspended. Scenarios common for consumer devices, and not servers.
ERC-4337 Review
Below is an attempt to summarize ERC-4337 critical points in terms of network communication needs and requirements, and how Waku may assist in this context.
Network topology and discovery
The following points where extracted from the published EIP [3] and Ethereum magician thread [4].
I am making some assumptions; corrections and feedback are welcome.
Allow any bundler (think: block builder) to participate in the process of including account abstracted user operations.
Work with all activity happening over a public mempool; users do not need to know the direct communication addresses (eg. IP, onion) of any specific actors
Try to support other use cases: Privacy-preserving applications
The alt-mempool “topic” is a unique identifier. By convention, this is the IPFS hash of the document describing (in clear test and YAML file) the specifics of this alt mempool
Alt-mempools are served by the same bundlers participating in the canonical mempool, but change the rules and may introduce denial-of-service attack vectors.
In summary, the intent is to provide permissionless access to a new type of mempool.
A canonical mempool is proposed. However, different validation rules may be necessary, hence a proposal to create alternative mempools as separate gossipsub networks is proposed. Where the pubsub topic of these networks can be derived from the location of the mempool rules (IPFS CID).
There is also a future intent to help support privacy-preserving applications, a point important enough to be present in the EIP.
In Yoav’s notes [5], it is highlighted that a given mempool (gossipsub network) needs to maintain a unique set of validation rules, to avoid network fragmentation. Hence, alternative validation rules, or potential whitelisting of a smart contract, need to happen in a separate mempool/topic.
Alternative mempools are further defined in ERC-7562 [6].
Alt-mempools are served by the same bundlers participating in the canonical mempool, but change the rules and may introduce denial-of-service attack vectors.
In the bundler specs [7], a more precise description of network behaviour is proposed. I assume that a mempool topic refers to a pubsub topic of the underlying libp2p-gossipsub setup. This includes a description of discv5 usage.
In summary, all bundlers participate in the canonical mempool, forming one gossipsub network. If a bundler wishes to participate in the alt mempool, it needs to remain in the canonical mempool. ENRs do not provide any indication of the alt mempools a bundler subscribes to.
Moreover, the same discv5 network is used for Ethereum and the canonical mempool.
I am assuming that the “canonical mempool” refers to a mempool specific for user operations, and is not mixed up with the existing Ethereum mempools used for transaction and block propagation.
This means that a bundler will find nodes via discv5. These may be other nodes that may or may not participate in ERC-4337. Then, by attempting to connect to those nodes using libp2p-gossipsub, it will understand whether said node:
- participate in ERC-4337 canonical mempool
- participate in any alternate mempool
Meaning that in someway, libp2p-gossipsub is used as capability discovery. As the number of alt mempool increase, the Needles-In-Haystack problem will likely increase. This would longer delays to find bundlers in a specific alt mempool.
From our earlier studies [8], if 1% of the nodes in the discv5 DHT have the sought capability, then it takes on average more than 14 queries to the distributed hash table to discover a usable node on a random walk.
The official discv5 doc also estimate 1% to be the rough threshold for reasonable lookup performance, as implied by [9].
One also needs to take in account the steps to filter out a node. No ENR extension is proposed for ERC-7562 [6] [7]. Hence, to know whether a node is in the alt mempool of interest, a libp2p-gossipsub connection needs to be established to allow a SUBSCRIBE event to be emitted. Only then, would the searching node learn if this remote peer is part of the desired alt mempool. Drastically increasing the search time.
To solve this problem, Waku extended the ENR object to include shards values [10]. Enabling more efficient filtering of nodes as part of discovery.
Waku discv5 usage [11] also defines a Waku-only routing table which (for now) is smaller than the Ethereum routing table.
Note that by default Waku nodes also support some mechanisms to smoothen discovery: bootstrapping from a configured list or a DNS domain [12]. Investigation to enable parallel discovery methods such as rendezvous to improve speed of finding useful nodes are in progress.
Verification rules
In the canonical mempool, several verification steps are necessary when validating gossipsub messages [6]. Knowing that an alt mempool can define its own validation rules. A differentiation between staked and unstaked entities is made, I assume to reduce the chance of DoS by unstaked entities.
If running validation rules is resource-consuming, whether on the canonical or alt mempool, it may be worth rate limiting the number of UserOperation a given publisher can send. This can help reduce a potential DoS created by hogging node resources in running validation.
Such rate limit could be applied on all mempools, or only on alt mempools with more heavy validation requirements. In this instance, Waku RLN Relay (RLN + gossipsub) [13] can be used to rate limit any entity publish to the mempool, in a decentralized, permissionless and private manner.
End user access
@yoav [5] argues the necessity of a peer-to-peer network for the bundler to collect UserOps:
A single centralized bundler could defend itself by throttling RPC calls that cause problems. It could throttle by IP, API key, or any other common DoS protection.
However, such a bundler would be centralized so it might censor its users, or it might be taken down by network-level DDoS or by legal action
However, the expectation for wallet implementations is unclear. Are they supposed to rely on centralized RPC API, as per the status quo for standard transactions? Is the intent for the portal network [14] or similar light client focused initiative to help wallet publish UserOps long term? (I could not find any reference to this).
Waku defines a number of protocols [15] that could enable any wallet to push UserOps directly to the canonical mempol or alt mempool. These are libp2p protocols that could be implemented by any bundler. Waku Peer Exchange [16] could enable wallets to find bundlers in the right mempool, and push UserOps directly to them. Avoiding introducing centralized entities between users and bundlers.
Conclusion
In conclusion, the added value of Waku over a vanilla usage of libp2p-gossipsub may be useful to achieve the goals originally intended in EIP-4337 [3]. However, my knowledge of the current implementations effort is limited and I may have missed critical points.
I invite implementers to review this proposed value and reach out for further discussion.
References
[1] https://rate-limiting-nullifier.github.io/rln-docs/
[2] https://github.com/vacp2p/rfc-index/blob/main/waku/standards/core/17/rln-relay.md
[3] https://eips.ethereum.org/EIPS/eip-4337
[4] https://ethereum-magicians.org/t/erc-4337-account-abstraction-via-entry-point-contract-specification/7160
[5] https://notes.ethereum.org/@yoav/unified-erc-4337-mempool
[6] https://eips.ethereum.org/EIPS/eip-7562
[7] https://github.com/eth-infinitism/bundler-spec/blob/main/p2p-specs/p2p-interface.md
[8] https://vac.dev/rlog/wakuv2-apd/#random-walk-discovery
[9] https://github.com/ethereum/devp2p/blob/6b0abc3d956a626c28dce1307ee9f546db17b6bd/discv5/discv5-theory.md#ad-placement-and-topic-radius
[10] https://github.com/waku-org/specs/blob/master/standards/core/enr.md
[11] https://github.com/vacp2p/rfc-index/blob/main/waku/standards/core/33/discv5.md
[12] https://github.com/vacp2p/rfc-index/blob/main/waku/standards/core/10/waku2.md
[13] https://github.com/vacp2p/rfc-index/blob/main/waku/standards/core/17/rln-relay.md
[14] https://ethereum.org/en/developers/docs/networking-layer/portal-network/
[15] https://github.com/vacp2p/rfc-index/blob/main/waku/standards/core/64/network.md#non-relay-nodes
[16] https://github.com/waku-org/specs/blob/master/standards/core/peer-exchange.md