Operating system, services and reproducible builds
The software for nodes in the network is distributed as self-contained TEE VM images.
These images contain a minimal operating system based on Yocto with a verifiable boot chain, and all the required services. The operating system and all components support fully reproducible builds.
Key Services
These are the main services running inside an instance:
| Repository | Description |
|---|---|
| github.com/flashbots/rbuilder | The block building software |
| github.com/sigp/lighthouse | CL client |
| github.com/paradigmxyz/reth/ | EL client |
| github.com/flashbots/system-api | Interface between operators and services inside the TDX instance |
| github.com/flashbots/cvm-reverse-proxy | For verifying TDX measurements using attestations |
| github.com/flashbots/tdx-orderflow-proxy | Receiving and multiplexing orderflow |
Additional software that runs inside the TDX instance includes cron, time synchronization, utilities for mounting the encrypted disk and a Reth database downloader (for fast chain syncs).
Testnet as well as initial boostrap nodes will have additional software, such as Prometheus and Fluentbit to export logs and metrics, as well as SSH for direct debug access.
Boot sequence
This diagram shows the builder node boot sequence, services and data flows:
Orderflow Proxy
Orderflow Proxy is a key service running inside TDX (and also in the Flashbots infra). It's main responsibilities are:
- Receiving orderflow from peers and Flashbots.
- Receiving orderflow directly (from users, wallets, operators, etc).
- Multiplexing it to all other builder nodes.
- Sending it to the Redistribution Archive.
- Forwarding orderflow to the builder service.
TLS certificate and signing key
On startup, it creates a local TLS certificate and ECDSA key, and registers them at BuilderHub.
This allows builder nodes to know the certificates of all other builder nodes, and send orderflow only if the TLS private key matches the certificate (maintaining end-to-end confidentiality).
Block Builder Software
Currently, all block building nodes are based on Flashbots rbuilder software, a highly performant Ethereum L1 and L2 block building software based on Rust and Reth.
This rbuilder instance makes use of a local bidding service which uses confidential logic. This bidding service is downloaded and run as a private binary, pinned to a particular version. The private bidding code is necessary to avoid other builders outbidding BuilderNet if they'd have full visibility of the bidding logic.
Reproducible Builds
BuilderNet node TDX VM images can be fully reproducibly built. The overall build process is based on Yocto: https://www.yoctoproject.org
The Yocto Project (YP) is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture.
The main build process is defined in these manifests: https://github.com/flashbots/yocto-manifests.
To get started, follow the “Getting Started” instructions in the yocto-manifests README.