move signature below other checks

flashbots · Sep 21, 2023 · 3e5f962 · 3e5f962
1 parent 335bff2
commit 3e5f962
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 16 deletions.
diff --git a/services/api/optimistic_test.go b/services/api/optimistic_test.go
@@ -507,7 +507,10 @@ func TestBuilderApiSubmitNewBlockOptimisticV2_full(t *testing.T) {
 	badSigReq := common.TestBuilderSubmitBlockRequestV2(secretkey, getTestBidTrace(*pubkey, 10))
 	badSigReq.Signature[0] = 0xaa
 	invalidSigReq := common.TestBuilderSubmitBlockRequestV2(secretkey, getTestBidTrace(*pubkey, 10))
-	invalidSigReq.Message.Slot += 1
+	// Sign over a message with a different value.
+	diffSig, err := boostTypes.SignMessage(getTestBidTrace(*pubkey, 11), boostTypes.DomainBuilder, secretkey)
+	require.Nil(t, err)
+	invalidSigReq.Signature = phase0.BLSSignature(diffSig)
 	badTimestampReq := common.TestBuilderSubmitBlockRequestV2(secretkey, getTestBidTrace(*pubkey, 10))
 	badTimestampReq.ExecutionPayloadHeader.Timestamp -= 1
 	badWithdrawalsRootReq := common.TestBuilderSubmitBlockRequestV2(secretkey, getTestBidTrace(*pubkey, 10))

diff --git a/services/api/service.go b/services/api/service.go
@@ -2149,25 +2149,11 @@ func (api *RelayAPI) handleSubmitNewBlockV2(w http.ResponseWriter, req *http.Req
 		"value":                  bid.Value.String(),
 	})
 
-	// Verify the signature
-	log = log.WithField("timestampBeforeSignatureCheck", time.Now().UTC().UnixMilli())
-	ok, err := boostTypes.VerifySignature(bid, api.opts.EthNetDetails.DomainBuilder, bid.BuilderPubkey[:], sig[:])
-	log = log.WithField("timestampAfterSignatureCheck", time.Now().UTC().UnixMilli())
-	if err != nil {
-		log.WithError(err).Warn("failed verifying builder signature")
-		api.RespondError(w, http.StatusBadRequest, "failed verifying builder signature")
-		return
-	} else if !ok {
-		log.Warn("invalid builder signature")
-		api.RespondError(w, http.StatusBadRequest, "invalid signature")
-		return
-	}
-
 	log.WithFields(logrus.Fields{
 		"bid":         bid,
 		"signature":   sig,
 		"decode_time": pf.Decode,
-	}).Info("optimistically parsed bid and verified signature")
+	}).Info("optimistically parsed bid")
 
 	// Check optimistic eligibility.
 	builderPubkey := bid.BuilderPubkey
@@ -2242,6 +2228,20 @@ func (api *RelayAPI) handleSubmitNewBlockV2(w http.ResponseWriter, req *http.Req
 		return
 	}
 
+	// Verify the signature
+	log = log.WithField("timestampBeforeSignatureCheck", time.Now().UTC().UnixMilli())
+	ok, err = boostTypes.VerifySignature(bid, api.opts.EthNetDetails.DomainBuilder, bid.BuilderPubkey[:], sig[:])
+	log = log.WithField("timestampAfterSignatureCheck", time.Now().UTC().UnixMilli())
+	if err != nil {
+		log.WithError(err).Warn("failed verifying builder signature")
+		api.RespondError(w, http.StatusBadRequest, "failed verifying builder signature")
+		return
+	} else if !ok {
+		log.Warn("invalid builder signature")
+		api.RespondError(w, http.StatusBadRequest, "invalid signature")
+		return
+	}
+
 	// Create the redis pipeline tx
 	tx := api.redis.NewTxPipeline()