|
| 1 | +# [L2ToL2CrossDomainMessenger SentMessage context]: Design Doc |
| 2 | + |
| 3 | +| | | |
| 4 | +| ------------------ | -------------------------------------------------------- | |
| 5 | +| Author | _Hamdi Allam_ | |
| 6 | +| Created at | _2025-04-14_ | |
| 7 | +| Initial Reviewers | _Wonderland, Mark Tyneway, Harry Markley, Karl Floersch_ | |
| 8 | +| Need Approval From | _Wonderland, Ben Clabby, Mark Tyneway_ | |
| 9 | +| Status | _Draft / In Review / Implementing Actions / Final_ | |
| 10 | + |
| 11 | +## Purpose |
| 12 | + |
| 13 | +<!-- This section is also sometimes called “Motivations” or “Goals”. --> |
| 14 | + |
| 15 | +<!-- It is fine to remove this section from the final document, |
| 16 | +but understanding the purpose of the doc when writing is very helpful. --> |
| 17 | + |
| 18 | +As more contracts are built that natively integrate with superchain interop, several single-action experiences can span up to N+1 op-stack chains to achieve their desired outcome. As multiple cross domain message are spawned from single transactions, being able to propogate contextual information unrelated to the core message, like headers in HTTP, is important to be able to tie subsequent cross domain messages together. |
| 19 | + |
| 20 | +## Summary |
| 21 | + |
| 22 | +<!-- Most (if not all) documents should have a summary. |
| 23 | +While the length will likely be proportional to the length of the full document, |
| 24 | +the summary should be as succinct as possible. --> |
| 25 | + |
| 26 | +We make space for internal contextual information by adding opaque bytes to each `SentMessage` event. The `L2ToL2CrossDomainMessenger` can internally take care of populating and propogating this context on nested cross domain messages. |
| 27 | + |
| 28 | +## Problem Statement + Context |
| 29 | + |
| 30 | +<!-- Describe the specific problem that the document is seeking to address as well |
| 31 | +as information needed to understand the problem and design space. |
| 32 | +If more information is needed on the costs of the problem, |
| 33 | +this is a good place to that information. --> |
| 34 | + |
| 35 | +As is, the `SentMessage` event explictly emits some contextual information along with the core message, i.e `messageNonce`. If additional contextual information is required, a breaking abi change must be made in order to include it. |
| 36 | + |
| 37 | +This leaves no room for flexibilty for including new contextual information without making a more complex breaking change to the messenger. |
| 38 | + |
| 39 | +## Proposed Solution |
| 40 | + |
| 41 | +<!-- A high level overview of the proposed solution. |
| 42 | +When there are multiple alternatives there should be an explanation |
| 43 | +of why one solution was picked over other solutions. |
| 44 | +As a rule of thumb, including code snippets (except for defining an external API) |
| 45 | +is likely too low level. --> |
| 46 | + |
| 47 | +Introudce opaque context bytes field in `SentMessage`. This field MUST be versioned such that it can evolve with new or removed fields. |
| 48 | + |
| 49 | +```solidity |
| 50 | +event SentMessage(uint256 indexed destination, address indexed target, uint256 indexed messageNonce, address sender, bytes message, bytes context); |
| 51 | +``` |
| 52 | + |
| 53 | +This proposal simply includes this field without specifying the first versioned format. By leaving it as empty for now, we can populate the first version in a later |
| 54 | +design that requires it. |
| 55 | + |
| 56 | +- See [incentivized message delivery](https://github.com/ethereum-optimism/design-docs/pull/272). |
| 57 | + |
| 58 | +**Note**: The context itself **MUST** be included in the pre-image of the cross domain message hash. While `CrossL2Inbox` validation ensures log integrity, we must include the context in the preimage in order for `resendMessage` which re-emits stale `SentMessage` event to gaurantee that context hasn't been tampered with. |
| 59 | + |
| 60 | +## Resource Usage |
| 61 | + |
| 62 | +<!-- What is the resource usage of the proposed solution? |
| 63 | +Does it consume a large amount of computational resources or time? --> |
| 64 | + |
| 65 | +There's a small added gas cost to emitting the `SentMessage` event with an extra field. In this proposal, the field is empty bytes so the overhead is most minimal. As further designs encode information into this context, resource usage must be bounded as the gas overhead applies to every outbound message and executing relay transaction. |
| 66 | + |
| 67 | +### Single Point of Failure and Multi Client Considerations |
| 68 | + |
| 69 | +<!-- Details on how this change will impact multiple clients. Do we need to plan for changes to both op-geth and op-reth? --> |
| 70 | + |
| 71 | +1. Resource Usage |
| 72 | +2. Appropriate versioning on the context to not break in-flight messages |
| 73 | + |
| 74 | +## Failure Mode Analysis |
| 75 | + |
| 76 | +<!-- Link to the failure mode analysis document, created from the fma-template.md file. --> |
| 77 | + |
| 78 | +- |
| 79 | + |
| 80 | +## Alternatives Considered |
| 81 | + |
| 82 | +<!-- List out a short summary of each possible solution that was considered. |
| 83 | +Comparing the effort of each solution --> |
| 84 | + |
| 85 | +To avoid breaking the abi, the context could be encoded within the `message` field. However the `message` is not currently version and convolutes the purpose of the field (raw target calldata). Keeping these fields explictly seperate makes the overall cross domain message much more readable and decodable. |
| 86 | + |
| 87 | +## Risks & Uncertainties |
| 88 | + |
| 89 | +<!-- An overview of what could go wrong. |
| 90 | +Also any open questions that need more work to resolve. --> |
| 91 | + |
| 92 | +No meaningful usage of any metadata in context. In the setting the context can be versioned such that it is always empty, minimizing gas overhead. This flexibility in this field is a strength, as the parameter can always be re-purposed or extended to new usecases. |
0 commit comments