Skip to content

Add SSZ Support #403

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jclapis wants to merge 85 commits into
base: main
Choose a base branch
from
Open

Add SSZ Support #403

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
85 commits
Select commit Hold shift + click to select a range
3a2c7d5
Add builder ssz flow
eserilev Feb 5, 2025
5059593
Integration tests, fixes, and clippy/linting
eserilev Feb 18, 2025
35b8542
resolve merge conflicts
eserilev Feb 19, 2025
4acddbe
resolve merge conflictds
eserilev Feb 23, 2025
7005422
fix tests
eserilev Feb 23, 2025
5935659
CBST2-04: Update JWT secrets on reload and revoke module endpoint (#295)
ManuelBilbao Jul 27, 2025
91f2cb4
Merge branch 'main' into sigp-audit-fixes
jclapis Jul 30, 2025
46e6f94
Merge branch 'main' into sigp-audit-fixes
jclapis Jul 31, 2025
b802fec
Merge branch 'main' into sigp-audit-fixes
jclapis Aug 12, 2025
151e811
Merge branch 'main' into sigp-audit-fixes
jclapis Aug 13, 2025
498eed9
CBST2-02: Make proposer commitment signatures unique to modules (#329)
jclapis Aug 19, 2025
af13089
Split `request_signature` into separate paths that return JSON (#350)
jclapis Aug 19, 2025
0ef8787
Add nonce and chain ID to signature requests (#354)
jclapis Aug 19, 2025
ee18aa1
Merge branch 'main' into sigp-audit-fixes
jclapis Aug 19, 2025
6988444
Merge `main` to `sigp-audit-fixes` (#361)
jclapis Aug 26, 2025
25bd5a6
Merge branch 'sigp-audit-fixes' of github.com:Commit-Boost/commit-boo…
jclapis Aug 26, 2025
52aec57
Add payload hash to signer JWT claims (#356)
jclapis Sep 2, 2025
f2a275b
Merge branch 'main' into sigp-audit-fixes
jclapis Sep 2, 2025
6b14d77
Add TLS to signer (#357)
jclapis Sep 3, 2025
eb61667
Removed old dependency (#370)
jclapis Sep 8, 2025
2dfe96b
Merge main to sigp audit fixes (#371)
jclapis Sep 9, 2025
06c207f
Started porting #252 back to main
jclapis Sep 9, 2025
24fabca
Finished porting, successful tests
jclapis Sep 9, 2025
f0875cd
Merge remote-tracking branch 'eserilev/add-builder-ssz-flow' into add…
jclapis Sep 9, 2025
bad5675
Cleaned up merge
jclapis Sep 9, 2025
50fccb5
Fixed clippy
jclapis Sep 9, 2025
86fa858
Swapped to LH's ForkName enum
jclapis Sep 15, 2025
e7335f6
Refactored encoding type support based on feedback
jclapis Sep 16, 2025
8c82b84
Fixed clippy
jclapis Sep 16, 2025
d566dea
Fix misc findings from reaudit (#376)
jclapis Sep 30, 2025
8ddb055
Added make to the build file
jclapis Sep 30, 2025
9103b51
Merge branch 'main' into sigp-audit-fixes
jclapis Oct 6, 2025
9a58c07
Merge branch 'main' into add-ssz-to-pbs
jclapis Oct 14, 2025
a3f8d9d
fix(signer): Mark a JWT failure if payload conversion fail (#387)
ManuelBilbao Oct 20, 2025
7bf2589
Merge branch 'sigp-audit-fixes' of github.com:Commit-Boost/commit-boo…
jclapis Oct 20, 2025
b66f411
Removed a test that was deleted in main
jclapis Oct 20, 2025
b541ffa
Merge branch 'main' into sigp-audit-fixes
jclapis Oct 20, 2025
01f6b04
Merge branch 'main' into add-ssz-to-pbs
jclapis Oct 21, 2025
58b4eb9
Merge branch 'main' into sigp-audit-fixes
jclapis Oct 21, 2025
a287e96
Merge branch 'main' into add-ssz-to-pbs
jclapis Oct 21, 2025
e58d67e
refactor(signer): Use config-based header to extract IP from (#388)
ManuelBilbao Oct 21, 2025
de99bb9
spawn
ltitanb Oct 23, 2025
06a3092
Merge branch 'lt/get-payload-v2-on-all' into add-ssz-to-pbs
jclapis Oct 27, 2025
a556aa9
Merge branch 'main' into add-ssz-to-pbs
jclapis Nov 3, 2025
3e4a7da
Changed get_accept_type() to allow multiple types
jclapis Nov 4, 2025
7ab1f7e
get_header()'s impl now works with multiple types
jclapis Nov 6, 2025
bfbcfe4
Added retry-different-accept-types thing to get_header
jclapis Nov 7, 2025
adfec62
Refactored and added some unit tests
jclapis Nov 10, 2025
b22eed8
Added explicit lowercase matching to EncodingType
jclapis Nov 10, 2025
0155533
Added the Fulu fork slot for Mainnet
jclapis Nov 10, 2025
a975048
Merge branch 'update-fulu-slot' into ssz-update-v2
jclapis Nov 10, 2025
d64adbb
Merge branch 'main' into ssz-update-v2
jclapis Nov 10, 2025
8ebfbd0
Cleaned up some error handling
jclapis Nov 10, 2025
2499bd5
Made some strings static
jclapis Nov 10, 2025
41d879e
PbsClientError can noe be created from BodyDeserializeError
jclapis Nov 10, 2025
42b8060
Fix clippy
jclapis Nov 11, 2025
a9680f7
Removed consensus-version-header from submit_block response
jclapis Nov 11, 2025
d7bde7f
Added multi-type support to submit_block
jclapis Nov 11, 2025
ad3f019
Updated the mock relay with multi-type support on submit_block
jclapis Nov 11, 2025
aaa0967
Updated the submit_block unit tests
jclapis Nov 11, 2025
83ca8f8
Added more multitype tests to submit_block, not done yet though
jclapis Nov 12, 2025
d36ef3b
Switched relay response handling to switch to JSON on any 4xx
jclapis Nov 17, 2025
58b63db
Merge branch 'main' into ssz-update-v2
jclapis Dec 9, 2025
85382a5
fix(signer): introduce config to set the amount of trusted proxies in…
ManuelBilbao Dec 10, 2025
d2b8226
Optimized get_header
jclapis Dec 10, 2025
fcd7425
Some refactoring of send_get_header_impl to process the payload
jclapis Dec 10, 2025
1a50d7d
Refactored get_header and submit_block based on feedback
jclapis Dec 17, 2025
19121f3
fix(signer): rightmost header fixes (#420)
ManuelBilbao Dec 23, 2025
d4d5260
Merge branch 'main' into sigp-audit-fixes
jclapis Jan 6, 2026
3dcc47c
Merge branch 'main' into ssz-update-v2
jclapis Feb 9, 2026
e30cbde
Merge branch 'main' into ssz-update-v2
jclapis Feb 9, 2026
ff0b3ef
Merge branch 'main' into ssz-update-v2
jclapis Mar 2, 2026
02364f3
Merge branch 'main' into sigp-audit-fixes
jclapis Mar 2, 2026
a5d444d
Merge branch 'main' into ssz-update-v2
jclapis Mar 2, 2026
533e4c0
Merge branch 'main' into sigp-audit-fixes
jclapis Mar 2, 2026
4681103
Merge remote-tracking branch 'upstream/main' into sigp-audit-fixes
JasonVranek Mar 17, 2026
9782d22
improve tls/cert config testing
JasonVranek Mar 17, 2026
bb28eb0
more util test coverage and remove duplicate env read from docker_ini…
JasonVranek Mar 20, 2026
511d07d
Bump lh from v8.0.0-rc.0 to stable v8.0.0, and bump rust from 1.89 to…
JasonVranek Mar 22, 2026
4afbf35
bump rust toolchain to nightly-2026-01-01
JasonVranek Mar 22, 2026
48e1eec
Add support for validation bypassing (#422)
jclapis Mar 23, 2026
7ddda6d
Merge remote-tracking branch 'upstream/sigp-audit-fixes' into ssz-upd…
JasonVranek Mar 23, 2026
717390e
address review comments
JasonVranek Mar 24, 2026
a949c83
Merge remote-tracking branch 'upstream/sigp-audit-fixes' into ssz-upd…
JasonVranek Mar 24, 2026
5daf7f9
Improve testing around SSZ/validation bypassing. Fix issue where bypa…
JasonVranek Mar 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions .cargo/audit.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# RUSTSEC-2026-0049: CRL revocation checking bug in rustls-webpki 0.101.7.
#
# Background: CRL (Certificate Revocation List) checking is an optional TLS
# feature where a client fetches a list of revoked certificates from URLs
# embedded in the cert itself, to confirm it hasn't been invalidated since
# issuance. This is distinct from normal certificate validation.
#
# The bug: when a cert lists multiple CRL distribution point URLs, only the
# first URL is checked; the rest are silently ignored. This matters only when
# CRL checking is enabled AND the UnknownStatusPolicy is set to Allow (meaning
# "if I can't determine revocation status, accept the cert anyway"). With that
# combination, a revoked certificate from a compromised CA could be accepted.
#
# Why this does not affect Commit-Boost: the vulnerable code path is never
# reached because no code in this codebase enables CRL checking at all.
# TLS is used in four places: (1) relay communication via reqwest with
# rustls-tls uses default CA validation with no CRL configured; (2) the signer
# server presents a TLS certificate but does not check client revocation;
# (3) the signer client pins a single self-signed certificate via
# add_root_certificate — CRL is irrelevant for self-signed certs; (4) the Dirk
# remote signer uses mTLS with a custom CA but again no CRL. In all cases the
# buggy CRL code in rustls-webpki is never invoked.
#
# Blocked on sigp/lighthouse upgrading past v8.0.1 without a compilation
# regression (SseEventSource missing cfg guard in eth2 error.rs).
[advisories]
ignore = ["RUSTSEC-2026-0049"]
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: nightly-2025-06-26
toolchain: nightly-2026-01-01
components: clippy, rustfmt

- name: Install protoc
Expand Down
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ targets.json
.idea/
logs
.vscode/
certs/

# Nix
.direnv/
Expand Down
Loading
Loading