Skip to content

README.md

Latest commit

 

History

History
76 lines (56 loc) · 3.7 KB

README.md

File metadata and controls

76 lines (56 loc) · 3.7 KB

Commit-Boost

Ci Docs Release Chat X

A new Ethereum validator sidecar focused on standardizing the last mile of communication between validators and third-party protocols.

Overview

Commit-Boost is a modular sidecar that allows Ethereum validators to opt-in to different commitment protocols

For node operators

  • Run a single sidecar with support for MEV-Boost and other proposer commitments protocols, such as preconfirmations and inclusion lists
  • Out-of-the-box support for metrics reporting and dashboards to have clear insight into what is happening in your validator
  • Plug-in system to add custom modules, e.g. receive a notification on Telegram if a relay fails to deliver a block

For developers

  • A modular platform to develop and distribute proposer commitments protocols
  • A single API to interact with validators
  • Support for hard-forks and new protocol requirements

Get started

Audit

Commit-Boost received an audit from Sigma Prime. Find the report here.

Verifying release artifacts

All release binaries are signed using Sigstore cosign. You can verify that a binary was built by the official Commit-Boost CI pipeline from the tagged commit of any release.

Prerequisites

Install cosign: cosign installation guide

Verify a binary

# Set the release version and your target architecture
# Architecture options: darwin_arm64, linux_arm64, linux_x86-64
export REPO=Commit-Boost/commit-boost-client
export VERSION=vX.Y.Z
export ARCH=linux_x86-64
export BIN=commit-boost-pbs

# Download the binary tarball and its signature bundle
curl -L \
	-o "$BIN-$VERSION-$ARCH.tar.gz" \
	"https://github.com/$REPO/releases/download/$VERSION/$BIN-$VERSION-$ARCH.tar.gz"

curl -L \
  -o "$BIN-$VERSION-$ARCH.tar.gz.sigstore.json" \
  "https://github.com/$REPO/releases/download/$VERSION/$BIN-$VERSION-$ARCH.tar.gz.sigstore.json"

# Verify the binary was signed by the official CI pipeline
cosign verify-blob \
  "$BIN-$VERSION-$ARCH.tar.gz" \
  --bundle "$BIN-$VERSION-$ARCH.tar.gz.sigstore.json" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
  --certificate-identity="https://github.com/Commit-Boost/commit-boost-client/.github/workflows/release.yml@refs/heads/main"

A successful verification prints Verified OK. If the binary was modified after being built by CI, verification will fail.

The .sigstore.json bundle for each binary is attached to the release alongside the tarball itself.

Acknowledgements

License

MIT + Apache-2.0