diff --git a/pages/builders/chain-operators/tools/op-txproxy.mdx b/pages/builders/chain-operators/tools/op-txproxy.mdx index 1433b2b68..83f7c7a97 100644 --- a/pages/builders/chain-operators/tools/op-txproxy.mdx +++ b/pages/builders/chain-operators/tools/op-txproxy.mdx @@ -20,16 +20,6 @@ A [passthrough proxy](https://github.com/ethereum-optimism/infra/tree/main/op-tx To safely expose this endpoint publicly, additional stateless constraints are applied. These constraints help scale validation rules horizontally and preemptively reject conditional transactions before they reach the sequencer. Various metrics are emitted to guide necessary adjustments. -#### Authentication - -The caller authenticates using any valid ECDSA-secp256k1 key, such as an Ethereum key. The signature is computed over the [EIP-191](https://eips.ethereum.org/EIPS/eip-191) hash of the request body. The calling address does **not need to hold an Ethereum balance**; it is simply used for identification. - -With the signature and signing address, the request is authenticated under the `X-Optimism-Signature` header with the value `: `. - -* Requests with a missing authentication header fail with the `-32003` (transaction rejected) json rpc error code. -* Requests with a mismatch in recovered signer and supplied public key will have the http request failed with status code `400 - Bad Request`. - -Currently, no authorization policies are implemented on this endpoint. However, the authentication mechanism is in place to allow for future implementation of policies such as allowlists, localized rate limits, and other potential restrictions. #### Runtime shutoff This service can be configured with a flag or environment variable to reject conditional transactions without needing to interrupt the execution engine. This feature is useful for diagnosing issues. @@ -59,7 +49,6 @@ When the request passes validation, it is passed through to the configured backe `--sendRawTxConditional.backend ($OP_TXPROXY_SENDRAWTXCONDITIONAL_BACKENDS)` - Per the [specification](/stack/features/send-raw-transaction-conditional), conditional transactions are not gossiped between peers. Thus, if you use replicas in an active/passive sequencer setup, this request must be broadcasted to all replicas. diff --git a/pages/builders/tools/build/account-abstraction.mdx b/pages/builders/tools/build/account-abstraction.mdx index 266286735..8b014756e 100644 --- a/pages/builders/tools/build/account-abstraction.mdx +++ b/pages/builders/tools/build/account-abstraction.mdx @@ -23,7 +23,7 @@ import { Callout } from 'nextra/components' The OP Stack includes support for the `eth_sendRawTransactionConditional` RPC method to assist bundlers on shared 4337 mempools. See the [specification](/stack/features/send-raw-transaction-conditional) for how this method is implemented in op-geth. -If enabled by the chain operator, also see the supplemental [op-txproxy](/builders/chain-operators/tools/op-txproxy) service, if applied, as this enforces request authentication for this method. +If used by the chain operator, also see the supplemental [op-txproxy](/builders/chain-operators/tools/op-txproxy) service which may apply additional restrictions prior to reaching the block builder. As of today, this endpoint is not enabled by default in the stack. The operator must explicitly configure this.