11 KiB
11 KiB
Todo
MVP
- simple proxy
- better locking. when lots of requests come in, we seem to be in the way of block updates
- load balance between multiple RPC servers
- support more than just ETH
- option to disable private rpc and send everything to primary
- support websocket clients
- we support websockets for the backends already, but we need them for the frontend too
- health check nodes by block height
- Dockerfile
- docker-compose.yml
- after connecting to a server, check that it gives the expected chainId
- the ethermine rpc is usually fastest. but its in the private tier. since we only allow synced rpcs, we are going to not have an rpc a lot of the time
- if not backends. return a 502 instead of delaying?
- move from warp to axum
- handle websocket disconnect and reconnect
- eth_sendRawTransaction should return the most common result, not the first
- use redis and redis-cell for rate limits
- it works for a few seconds and then gets stuck on something.
- its working with one backend node, but multiple breaks. something to do with pending transactions
- dashmap entry api is easy to deadlock! be careful with it!
- the web3proxyapp object gets cloned for every call. why do we need any arcs inside that? shouldn't they be able to connect to the app's? can we just use static lifetimes
- refactor Connection::spawn. have it return a handle to the spawned future of it running with block and transaction subscriptions
- refactor Connections::spawn. have it return a handle that is selecting on those handles?
- some production configs are occassionally stuck waiting at 100% cpu
- they stop processing new blocks. i'm guessing 2 blocks arrive at the same time, but i thought our locks would handle that
- even after removing a bunch of the locks, the deadlock still happens. i can't reliably reproduce. i just let it run for awhile and it happens.
- running gdb shows the thread at tokio tungstenite thread is spinning near 100% cpu and none of the rest of the program is proceeding
- fixed by https://github.com/gakonst/ethers-rs/pull/1287
- when sending with private relays, brownie's tx.wait can think the transaction was dropped. smarter retry on eth_getTransactionByHash and eth_getTransactionReceipt (maybe only if we sent the transaction ourselves)
- if web3 proxy gets an http error back, retry another node
- endpoint for health checks. if no synced servers, give a 502 error
- rpc errors propagate too far. one subscription failing ends the app. isolate the providers more (might already be fixed)
- incoming rate limiting (by ip)
- connection pool for redis
- automatically route to archive server when necessary
- originally, no processing was done to params; they were just serde_json::RawValue. this is probably fastest, but we need to look for "latest" and count elements, so we have to use serde_json::Value
- when getting the next server, filtering on "archive" isn't going to work well. need to check inner instead
- if the requested block is ahead of the best block, return without querying any backend servers
- handle log subscriptions
- basic request method stats
- http servers should check block at the very start
- Got warning: "WARN subscribe_new_heads:send_block: web3_proxy::connection: unable to get block from https://rpc.ethermine.org: Deserialization Error: expected value at line 1 column 1. Response: error code: 1015". this is cloudflare rate limiting on fetching a block, but this is a private rpc. why is there a block subscription?
- if the fastest server is at rate limits, when it gets a new head block, we can't serve any requests. only publish our pending_synced_connections (and update head block) when a quorum with open requests is reached
V1
- refactor so configs can change while running
- create the app without applying any config to it
- have a blocking future watching the config file and calling app.apply_config() on first load and on change
- work started on this in the "config_reloads" branch. because of how we pass channels around during spawn, this requires a larger refactor.
- interval for http subscriptions should be based on block time. load from config is easy, but better to query
- most things that are cached locally should probably be in shared redis caches
- stats when forks are resolved (and what chain they were on?)
- incoming rate limiting (by api key)
- failsafe. if no blocks or transactions in the last second, warn and reset the connection
- improved logging with useful instrumentation
- add a subscription that returns the head block number and hash but nothing else
- if we don't cache errors, then in-flight request caching is going to bottleneck
- i think now that we retry header not found and similar, caching errors should be fine
- improve caching
- if the eth_call (or similar) params include a block, we can cache for that. if its archive-age, itshould be fine to cache by number instead of hash
- add a "recent hashes" to synced connections with 64 parent blocks (maybe 128)
- if the call is something simple like "symbol" or "decimals", cache that too. though i think this could bite us
- when we receive a block, we should store it for later eth_getBlockByNumber and similar calls
- eth_blockNumber without a backend request
- if a rpc fails to connect at start, retry later instead of skipping it forever
- inspect any jsonrpc errors. if its something like "header not found" or "block with id $x not found" retry on another node (and add a negative score to that server)
- this error seems to happen when we use load balanced backend rpcs like pokt and ankr
- when block subscribers receive blocks, store them in a cache. use this cache instead of querying eth_getBlock
- if the fastest server has hit rate limits, we won't be able to serve any traffic until another server is synced.
- thundering herd problem if we only allow a lag of 0 blocks
- we can fix this by only
publish
ing the sorted list once a threshold of total soft limits is passed
- emit stats for successes, retries, failures, with the types of requests, account, chain, rpc
- automated soft limit
- look at average request time for getBlock? i'm not sure how good a proxy that will be for serving eth_call, but its a start
- if we send a transaction to private rpcs and then people query it on public rpcs things, some interfaces might think the transaction is dropped (i saw this happen in a brownie script of mine). how should we handle this?
- send getTransaction rpc requests to the private rpc tier
- don't "unwrap" anywhere. give proper errors
new endpoints for users:
- GET /user/login/$address
- returns a JSON string for the user to sign
- POST /user/login/$address
- returns a JSON string including the api key
- sets session cookie
- GET /user/$address
- checks for api key in session cookie or header
- returns a JSON string including user stats
- balance in USD
- deposits history (currency, amounts, transaction id)
- number of requests used (so we can calculate average spending over a month, burn rate for a user etc, something like "Your balance will be depleted in xx days)
- the email address of a user if he opted in to get contacted via email
- all the success/retry/fail counts and latencies (but that may better come from somewhere else)
- POST /user/$address
- opt-in link email address
- checks for api key in session cookie or header
- allows modifying user settings
- GET /$api_key
- proxies to web3 websocket
- POST /$api_key
- proxies to web3
- POST /users/process_transaction
- checks a transaction to see if it modifies a user's balance. records results in a sql database
- we will have our own event subscriber watching for "deposit" events, but sometimes events get missed and users might incorrectly "transfer" the tokens directly to an address instead of using the dapp
in another repo: event subscriber
- watch for transfer events to our contract and submit them to /payment/$tx_hash
- also have a command line script that support can run to manually check and submit a transaction
V2
- ethers has a transactions_unsorted httprpc method that we should probably use. all rpcs probably don't support it, so make it okay for that to fail
- if chain split detected, don't send transactions?
- have a "backup" tier that is only used when the primary tier has no servers or is multiple blocks behind. we don't want the backup tier taking over with the head block if they happen to be fast at that (but overall low/expensive rps). only if the primary tier has fallen behind or gone entirely offline should we go to third parties
- more advanced automated soft limit
- measure average latency of a node's responses and load balance on that
"Maybe some day" and other Miscellaneous Things
- instead of giving a rate limit error code, delay the connection's response at the start. reject if incoming requests is super high?
- add the backend server to the header?
- think more about how multiple rpc tiers should work
- maybe always try at least two servers in parallel? and then return the first? or only if the first one doesn't respond very quickly? this doubles our request load though.
- one proxy for multiple chains?
- zero downtime deploys
- are we using Acquire/Release/AcqRel properly? or do we need other modes?
- subscription id should be per connection, not global
- use https://github.com/ledgerwatch/interfaces to talk to erigon directly instead of through erigon's rpcdaemon (possible example code which uses ledgerwatch/interfaces: https://github.com/akula-bft/akula/tree/master)
- subscribe to pending transactions and build an intelligent gas estimator
- include private rpcs with regular queries? i don't want to overwhelm them, but they could be good for excess load
- flashbots specific methods
- flashbots protect fast mode or not? probably fast matches most user's needs, but no reverts is nice.
- https://docs.flashbots.net/flashbots-auction/searchers/advanced/rpc-endpoint#authentication maybe have per-user keys. or pass their header on if its set
- if no redis set, but public rate limits are set, exit with an error
- i saw "WebSocket connection closed unexpectedly" but no auto reconnect. need better logs on these
- if archive servers are added to the rotation while they are still syncing, they might get requests too soon. keep archive servers out of the configs until they are done syncing. full nodes should be fine to add to the configs even while syncing, though its a wasted connection
- when under load, i'm seeing "http interval lagging!". sometimes it happens when not loaded.