Replace builder_index with opaque bytes in RequestAuth by JasonVranek · Pull Request #149 · ethereum/builder-specs

JasonVranek · 2026-02-13T20:03:15Z

We require per-builder authorization on GET /execution_payload_bid and POST /validators to prevent builder-to-builder replay attacks. The current PR changed the authorization data from a builder url to builder_index. A single builder_index is insufficient as it is likely there isn't a 1:1 relationship between a URLs and indices which will result in the validator needing to generate multiple signatures and make multiple redundant requests to the same URL. The same reasoning applies if builder_index is replaced by builder_pubkey.

The purpose of this PR is to future proof ourselves by generalizing the RequestAuth struct to:

class RequestAuth(Container):
    message: ByteList[MAX_AUTH_DATA_BYTES]

Having message as opaque bytes allows for arbitrary authorization schemes to be used in the future. For example message can encode a builder's URL or something more complicated, as long as the builder understands how to interpret the bytes.

bharath-123 added 30 commits January 8, 2026 10:13

initial builder-api for gloas

d87aa1a

updates

f087efb

pass in params while querying execution payload bid

85f6f8f

introduce validator registrations v2

5ed1841

run doctoc

503eee6

update validator registration v2

7dde2ec

add more specs

8011cd8

run lint

610bfae

updates

beef159

abstract execution_payment_accepted to a BuilderPreferences struct

9a6eeb7

minor fixes

36fdcd2

run doctoc

75a9906

use correct method to check if builder is active

b2b5974

save

6e8f58a

updates

5f67639

add information for bidding

d503193

update

c78bccd

add bid request auth

959babe

remove builder index from validator registration

61cc85e

add validator registration type

a382dcc

link to api calls

29c1908

add some notes

ec5f63f

fix return type of execution_payload_bid.yaml

2ee40cd

use max_trusted_bid in builder preferences

104cd7d

run linter

aef010d

fix spellchecker

ef1ffce

update bid request auth according to feedback

e988c62

minor updates

fbaeee5

use a salt in the bid request auth

0cd4399

correctly render constants table

b299c34

bharath-123 and others added 8 commits January 9, 2026 22:40

address feedback

d7bf68f

update bid request auth to request auth

c39bf4a

fix typo

75749c0

use salt instead of url

accd79c

use get-upcoming-proposal-slots

53c7d9f

Update liveness failsafe section

b522a99

update RequestAuth types

9d5be35

Replace builder_index with opaque bytes in RequestAuth

6136cd7

bharath-123 force-pushed the epbs-updates branch from 9d5be35 to 3b5735b Compare March 12, 2026 08:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Replace builder_index with opaque bytes in RequestAuth#149

Replace builder_index with opaque bytes in RequestAuth#149
JasonVranek wants to merge 38 commits into
ethereum:epbs-updatesfrom
JasonVranek:epbs-updates

JasonVranek commented Feb 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

JasonVranek commented Feb 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants