refactor: move hash memoization out of signed

[prestwich]

This is a breaking change

Motivation

See discussion in #1460 and #1483

Memoizing the hash in Signed is inappropriate, as the transaction does not know its full 2718 serialization without being embedded in an envelope. This breaks the hash out into a Sealed type that is produced when the Envelope is constructed. The sealed type is transparent to the user

Solution

• Introduce Enveloped type alias
• ensure that From<> impls properly Seal
• ensure that impl Encodable2718 for TxEnvelope produces the correct trie_hash by returning the memoized hash. This previously produced incorrect hashes for 4844 txns with sidecars

PR Checklist

• Added Tests
• Added Documentation
• Breaking changes

[klkvr]

should all of those be Sealable impls?

[prestwich]

no, only the envelope knows the correct serialization for its components (tx types don't know their flag as it may be network dependent c.f. issue #1483)

[prestwich]

this is ready for re-review

[emhane]

excellent, but, what's the plan for alloy_consensus::TypedTransaction now? it's essentially the same type

[prestwich]

TypedTransaction is the unsigned version. As such neither signature or hash is known, and it just includes a signable version of the inner transaction and is used in the NetworkWallet::<N>::sign_transaction_from API

actually now that you mention it, we need to apply #1489 to TypedTransaction as well

[prestwich]

#1494

[mattsse]

is there no other way to get the tx hash?

if the only solution is to go through the txenvelope enum this will be very inconvenient

[prestwich]

c.f. #1483. Technically it's legal for networks to make envelopes that do the following:

• use the same inner type, but a different serialization (e.g. a TxLegacy serialized borsht instead of RLP)
• use a different tx flag for the same inner type (e.g. a TxEnvelope containing TxEip1559 at 23 instead of 2
• use the same inner type at multiple tx flags (e.g. a TxEnvelope containing TxEip1559 at both 2 and 23)

So there is no way to correctly get the hash of a transaction without wrapping it in the specific network's envelope first

[mattsse]

imo if a network does this then that's on them, because the type id is even part of the eip itself, if they'd choose 23 then this would no longer be 1559

[klkvr]

all of those usecases can be solved by introducing a separate inner transaction type (e.g. network can provide its own TxLegacy)

right now it makes total sense for separate transaction types to know their full encoding because we don't yet have a case of network rolling out encoding of transaction conflicting with existing tx types. also given that most of the networks target for compatibility with ethereum I'd consider such case very unlikely

[prestwich]

I also consider it unlikely. But it's still the only correct abstraction of an EIP-2718 envelope if we want our code to be reusable.

because the type id is even part of the eip itself

This is a fair reading of the spec. And @klkvr is right that people downstream can just duplicate 500 lines of code per tx type to change a single constant. However, it costs us very little to have the envelope drive serialization and hashing and prevents future headaches when someone inevitably does something silly here

For another interesting example, consider the extension sentinel value in eip-2718 0xff 🙃 This is also unlikely ofc, but tx-association falls down in extended envelopes

[klkvr]

At current state of alloy transactions do know their encoding and their type byte. I've seen a lot of examples of people using encode_with_signature and I don't think there's a reason to break this API (which would be required to make tx type envelope-associated)

IMO this edge case (Ethereum transactions with different type byte) is very unlikely and already can be solved by introducing separate types

[prestwich]

At current state of alloy transactions do know their encoding and their type byte.

yes, this is the logic bug in #1483. They do, but they should not, as the type byte is an envelope feature, not a transaction feature. See #1483 and #1485 (comment)

I do not know of any network that do this, but i do think that the cost of implementing it correctly now is small, while the cost of fixing it later is large

I've seen a lot of examples of people using encode_with_signature and I don't think there's a reason to break this API (which would be required to make tx type envelope-associated)

This API is broken right now, and their usage is almost certainly incorrect. It's why the encoding/decoding functions were private before #529, and why #529 hides them from users. We deliberately set out to prevent people from doing this and made it officially not part of the public API. as TxEnvelope is the only safe and correct API for transaction enc/decoding in Ethereum.

[klkvr]

This API is broken right now, and their usage is almost certainly incorrect.

could you please elaborate a bit on that? is it broken for 4844 case?

[prestwich]

could you please elaborate a bit on that? is it broken for 4844 case?

There's that, yes. 4844 transaction with sidecars produce incorrect trie_hash output right now. So that needs to be solved regardless.

• The docs for encode_with_signature are wrong
• encode_with_signature produces 2718 output when with_header is false, and RLP in network format when with_header is true. All other encode_ methods produce RLP output in non-network format
• decode_with_signature is missing entirely
• EncodableSignature seems to now be redundant as reth migrated to alloy-primitives::Signature
• sometimes header presence is determined by method name encode_fields, while sometimes it's by arg with_header: bool (related to second bullet above)

I can continue, but basically this is a broken API that confuses multiple serialization schemes and is almost impossible to correctly use

The long term fix is to change the RLP derive to allow flattening and field-only serialization

[prestwich]

actually this is a good time to just make a cleanup PR. I'll go do that

[prestwich]

holding off on rebasing this as it's better with #1496

[prestwich]

post-#1496 would y'all prefer a PR that does not break out memoization, and instead just fixes #1537 using the new tx_hash api?

[prestwich]

closing per discussion in slack