gas-limiter: split bundle and mempool into independent per-address pools#485
gas-limiter: split bundle and mempool into independent per-address pools#485avalonche wants to merge 1 commit into
Conversation
…ools
Bundle txs and mempool txs share one per-address budget today, so any
limit tight enough to deter bundle abuse also throttles normal users.
Give each source its own AddressGasLimiter (held together as
Option<GasLimiters>) so bundle and mempool capacity/refill can be
configured separately, and route at the call site rather than via an
internal scope flag. Also relabel op_rbuilder_tx_simulation_duration
with kind={bundle,regular} and result={success,reverted} labels so
simulation latency can be sliced by tx source and EVM outcome.
avalonche
force-pushed
the
feat/gas-limiter-per-source-pools
branch
from
7d47bb7 to
65db769
Compare
akundaz
left a comment
akundaz
left a comment
There was a problem hiding this comment.
Today bundle txs and mempool txs share one per-address budget, so a limit tight enough to deter bundle abuse also throttles ordinary users.
Ordinary users will never max their budgets, so they would never be affected.
Other concerns:
- Revert protection doesn't apply to txs from
eth_sendRawTransaction, so a throttling mechanism just targeting them is unnecessary - If someone is hitting the limits by using reverted txs, I don't see why we should allow them to send
eth_sendRawTransactiontxs freely
I would like to see data on if we're actually throttling txs from eth_sendRawTransaction, that would help convince me that something like this is a good idea.
Valid concerns however I think that framing the public mempool and bundle mempool with separate budgets is the correct model, as they are very different resources from the builder perspective (because of revert protection). Even if we're not harming ordinary users yet, it is a good precaution in case we ever need to be more aggressive with bundle rate limiting.
This is not an issue if we consider them separate resources. Users hitting bundle limits will not send the same volume of orders through eth_sendRawTransaction, and even if they do they'll have to pay for it making it meaningful economic activity. |
I don't agree with this. The resource we are protecting is the builder's compute budget. So it doesn't matter what the source of a tx is.
Then this begs the question, why have limits for txs sent through I want to reiterate though the important piece we're missing here is actually data on order flow from |
Agree, eth_sendRawTransaction limiting must be removed, as it already have proper handling mechanism (on chain gas) |
|
The scope of this change is not whether we should be adding limits to |
4 participants
Summary
Split the per-address gas limiter into two independent pools — one for public-mempool txs and one for bundle txs (including backruns) — each with its own capacity and refill rate. Also relabels the existing tx-simulation duration histogram with
kindandresultlabels so latency can be sliced by source and EVM outcome.Why
Today bundle txs and mempool txs share one per-address budget, so a limit tight enough to deter bundle abuse also throttles ordinary users.
What changed
GasLimiters { mempool, bundle }holder owns one limiter per source. Routing by transaction metadataNew CLI flags
--gas-limiter.bundle-max-gas-per-address(default10000000)--gas-limiter.bundle-refill-rate-per-block(default1000000)The existing
--gas-limiter.enabled,--gas-limiter.max-gas-per-address,--gas-limiter.refill-rate-per-blockonly manages mempool limits. A singlegas_limiter_enabledtoggle turns both pool limits on together.