Merge branch 'develop' into 01-22-op-chain-ops_Use_precalculated_mint_events

4696c22f · mergify[bot] · GitHub · 471cd4ce · 63758d82 · 4696c22f
Commit 4696c22f authored Jan 23, 2023 by mergify[bot] Committed by GitHub Jan 23, 2023
31 changed files
--- a/.changeset/quiet-chairs-count.md
+++ b/.changeset/quiet-chairs-count.md
+---
+'@eth-optimism/proxyd': minor
+---
+
+Add sender-based rate limiter
--- a/op-bindings/hardhat/hardhat.go
+++ b/op-bindings/hardhat/hardhat.go
@@ -76,6 +76,7 @@ func (h *Hardhat) init() error {
 // initDeployments reads all of the deployment json files from disk and then
 // caches the deserialized `Deployment` structs.
 func (h *Hardhat) initDeployments() error {
+	knownDeployments := make(map[string]string)
 	for _, deploymentPath := range h.DeploymentPaths {
 		fileSystem := os.DirFS(filepath.Join(deploymentPath, h.network))
 		err := fs.WalkDir(fileSystem, ".", func(path string, d fs.DirEntry, err error) error {
@@ -103,7 +104,16 @@ func (h *Hardhat) initDeployments() error {
 			}

 			deployment.Name = filepath.Base(name[:len(name)-5])
+			if knownDeployments[deployment.Name] != "" {
+				return fmt.Errorf(
+					"discovered duplicate deployment %s. old: %s, new: %s",
+					deployment.Name,
+					knownDeployments[deployment.Name],
+					name,
+				)
+			}
 			h.deployments = append(h.deployments, &deployment)
+			knownDeployments[deployment.Name] = name
 			return nil
 		})
 		if err != nil {

--- a/op-bindings/hardhat/hardhat_test.go
+++ b/op-bindings/hardhat/hardhat_test.go
@@ -146,6 +146,20 @@ func TestHardhatGetDeployments(t *testing.T) {
 	require.NotNil(t, deployment)
 }

+func TestHardhatGetDeploymentsDuplicates(t *testing.T) {
+	t.Parallel()
+
+	// Set the network to an empty string to simulate
+	// an invalid network name.
+	_, err := hardhat.New(
+		"",
+		[]string{"testdata/artifacts"},
+		[]string{"testdata/deployments"},
+	)
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "duplicate deployment")
+}
+
 func TestHardhatGetStorageLayout(t *testing.T) {
 	t.Parallel()


--- a/op-bindings/hardhat/testdata/deployments/alpha/OptimismPortal.json
+++ b/op-bindings/hardhat/testdata/deployments/alpha/OptimismPortal.json
--- a/op-bindings/hardhat/testdata/deployments/alpha/OptimismPortalProxy.json
+++ b/op-bindings/hardhat/testdata/deployments/alpha/OptimismPortalProxy.json
--- a/op-node/heartbeat/service.go
+++ b/op-node/heartbeat/service.go
+// Package heartbeat provides a service for sending heartbeats to a server.
 package heartbeat

 import (
@@ -22,6 +23,8 @@ type Payload struct {
 	ChainID uint64 `json:"chainID"`
 }

+// Beat sends a heartbeat to the server at the given URL. It will send a heartbeat immediately, and then every SendInterval.
+// Beat spawns a goroutine that will send heartbeats until the context is canceled.
 func Beat(
 	ctx context.Context,
 	log log.Logger,

--- a/op-node/metrics/metrics.go
+++ b/op-node/metrics/metrics.go
+// Package metrics provides a set of metrics for the op-node.
 package metrics

 import (
@@ -63,6 +64,7 @@ type Metricer interface {
 	Document() []metrics.DocumentedMetric
 }

+// Metrics tracks all the metrics for the op-node.
 type Metrics struct {
 	Info *prometheus.GaugeVec
 	Up   prometheus.Gauge
@@ -118,6 +120,7 @@ type Metrics struct {

 var _ Metricer = (*Metrics)(nil)

+// NewMetrics creates a new [Metrics] instance with the given process name.
 func NewMetrics(procName string) *Metrics {
 	if procName == "" {
 		procName = "default"

--- a/op-node/p2p/gossip.go
+++ b/op-node/p2p/gossip.go
@@ -140,6 +140,8 @@ func BuildGlobalGossipParams(cfg *rollup.Config) pubsub.GossipSubParams {
 	return params
 }

+// NewGossipSub configures a new pubsub instance with the specified parameters.
+// PubSub uses a GossipSubRouter as it's router under the hood.
 func NewGossipSub(p2pCtx context.Context, h host.Host, cfg *rollup.Config, gossipConf GossipSetupConfigurables, m GossipMetricer) (*pubsub.PubSub, error) {
 	denyList, err := pubsub.NewTimeCachedBlacklist(30 * time.Second)
 	if err != nil {

--- a/op-node/p2p/node.go
+++ b/op-node/p2p/node.go
@@ -23,6 +23,7 @@ import (
 	"github.com/ethereum-optimism/optimism/op-node/rollup"
 )

+// NodeP2P is a p2p node, which can be used to gossip messages.
 type NodeP2P struct {
 	host    host.Host           // p2p host (optional, may be nil)
 	gater   ConnectionGater     // p2p gater, to ban/unban peers with, may be nil even with p2p enabled
@@ -34,6 +35,8 @@ type NodeP2P struct {
 	gsOut    GossipOut        // p2p gossip application interface for publishing
 }

+// NewNodeP2P creates a new p2p node, and returns a reference to it. If the p2p is disabled, it returns nil.
+// If metrics are configured, a bandwidth monitor will be spawned in a goroutine.
 func NewNodeP2P(resourcesCtx context.Context, rollupCfg *rollup.Config, log log.Logger, setup SetupP2P, gossipIn GossipIn, runCfg GossipRuntimeConfig, metrics metrics.Metricer) (*NodeP2P, error) {
 	if setup == nil {
 		return nil, errors.New("p2p node cannot be created without setup")

--- a/op-node/sources/batching.go
+++ b/op-node/sources/batching.go
@@ -12,9 +12,9 @@ import (
 	"github.com/ethereum/go-ethereum/rpc"
 )

-// IterativeBatchCall is an util to create a job to fetch many RPC requests in batches,
-// and enable the caller to parallelize easily and safely, handle and re-try errors,
-// and pick a batch size all by simply calling Fetch again and again until it returns io.EOF.
+// IterativeBatchCall batches many RPC requests with safe and easy parallelization.
+// Request errors are handled and re-tried, and the batch size is configurable.
+// Executing IterativeBatchCall is as simple as calling Fetch repeatedly until it returns io.EOF.
 type IterativeBatchCall[K any, V any] struct {
 	completed uint32       // tracks how far to completing all requests we are
 	resetLock sync.RWMutex // ensures we do not concurrently read (incl. fetch) / reset
@@ -77,7 +77,7 @@ func (ibc *IterativeBatchCall[K, V]) Reset() {
 }

 // Fetch fetches more of the data, and returns io.EOF when all data has been fetched.
-// This method is safe to call concurrently: it will parallelize the fetching work.
+// This method is safe to call concurrently; it will parallelize the fetching work.
 // If no work is available, but the fetching is not done yet,
 // then Fetch will block until the next thing can be fetched, or until the context expires.
 func (ibc *IterativeBatchCall[K, V]) Fetch(ctx context.Context) error {

--- a/op-node/sources/eth_client.go
+++ b/op-node/sources/eth_client.go
+// Package sources exports a number of clients used to access ethereum chain data.
+//
+// There are a number of these exported clients used by the op-node:
+// [L1Client] wraps an RPC client to retrieve L1 ethereum data.
+// [L2Client] wraps an RPC client to retrieve L2 ethereum data.
+// [RollupClient] wraps an RPC client to retrieve rollup data.
+// [EngineClient] extends the [L2Client] providing engine API bindings.
+//
+// Internally, the listed clients wrap an [EthClient] which itself wraps a specified RPC client.
 package sources

 import (
@@ -126,8 +135,8 @@ func (s *EthClient) OnReceiptsMethodErr(m ReceiptsFetchingMethod, err error) {
 	}
 }

-// NewEthClient wraps a RPC with bindings to fetch ethereum data,
-// while logging errors, parallel-requests constraint, tracking metrics (optional), and caching.
+// NewEthClient returns an [EthClient], wrapping an RPC with bindings to fetch ethereum data with added error logging,
+// metric tracking, and caching. The [EthClient] uses a [LimitRPC] wrapper to limit the number of concurrent RPC requests.
 func NewEthClient(client client.RPC, log log.Logger, metrics caching.Metrics, config *EthClientConfig) (*EthClient, error) {
 	if err := config.Check(); err != nil {
 		return nil, fmt.Errorf("bad config, cannot create L1 source: %w", err)

--- a/op-node/sources/l1_client.go
+++ b/op-node/sources/l1_client.go
@@ -68,6 +68,8 @@ func NewL1Client(client client.RPC, log log.Logger, metrics caching.Metrics, con
 	}, nil
 }

+// L1BlockRefByLabel returns the [eth.L1BlockRef] for the given block label.
+// Notice, we cannot cache a block reference by label because labels are not guaranteed to be unique.
 func (s *L1Client) L1BlockRefByLabel(ctx context.Context, label eth.BlockLabel) (eth.L1BlockRef, error) {
 	info, err := s.InfoByLabel(ctx, label)
 	if err != nil {
@@ -83,6 +85,8 @@ func (s *L1Client) L1BlockRefByLabel(ctx context.Context, label eth.BlockLabel)
 	return ref, nil
 }

+// L1BlockRefByNumber returns an [eth.L1BlockRef] for the given block number.
+// Notice, we cannot cache a block reference by number because L1 re-orgs can invalidate the cached block reference.
 func (s *L1Client) L1BlockRefByNumber(ctx context.Context, num uint64) (eth.L1BlockRef, error) {
 	info, err := s.InfoByNumber(ctx, num)
 	if err != nil {
@@ -93,6 +97,8 @@ func (s *L1Client) L1BlockRefByNumber(ctx context.Context, num uint64) (eth.L1Bl
 	return ref, nil
 }

+// L1BlockRefByHash returns the [eth.L1BlockRef] for the given block hash.
+// We cache the block reference by hash as it is safe to assume collision will not occur.
 func (s *L1Client) L1BlockRefByHash(ctx context.Context, hash common.Hash) (eth.L1BlockRef, error) {
 	if v, ok := s.l1BlockRefsCache.Get(hash); ok {
 		return v.(eth.L1BlockRef), nil

--- a/op-node/sources/l2_client.go
+++ b/op-node/sources/l2_client.go
@@ -70,6 +70,9 @@ type L2Client struct {
 	systemConfigsCache *caching.LRUCache
 }

+// NewL2Client constructs a new L2Client instance. The L2Client is a thin wrapper around the EthClient with added functions
+// for fetching and caching eth.L2BlockRef values. This includes fetching an L2BlockRef by block number, label, or hash.
+// See: [L2BlockRefByLabel], [L2BlockRefByNumber], [L2BlockRefByHash]
 func NewL2Client(client client.RPC, log log.Logger, metrics caching.Metrics, config *L2ClientConfig) (*L2Client, error) {
 	ethClient, err := NewEthClient(client, log, metrics, &config.EthClientConfig)
 	if err != nil {
@@ -84,7 +87,7 @@ func NewL2Client(client client.RPC, log log.Logger, metrics caching.Metrics, con
 	}, nil
 }

-// L2BlockRefByLabel returns the L2 block reference for the given label.
+// L2BlockRefByLabel returns the [eth.L2BlockRef] for the given block label.
 func (s *L2Client) L2BlockRefByLabel(ctx context.Context, label eth.BlockLabel) (eth.L2BlockRef, error) {
 	payload, err := s.PayloadByLabel(ctx, label)
 	if err != nil {
@@ -104,7 +107,7 @@ func (s *L2Client) L2BlockRefByLabel(ctx context.Context, label eth.BlockLabel)
 	return ref, nil
 }

-// L2BlockRefByNumber returns the L2 block reference for the given block number.
+// L2BlockRefByNumber returns the [eth.L2BlockRef] for the given block number.
 func (s *L2Client) L2BlockRefByNumber(ctx context.Context, num uint64) (eth.L2BlockRef, error) {
 	payload, err := s.PayloadByNumber(ctx, num)
 	if err != nil {
@@ -119,7 +122,7 @@ func (s *L2Client) L2BlockRefByNumber(ctx context.Context, num uint64) (eth.L2Bl
 	return ref, nil
 }

-// L2BlockRefByHash returns the L2 block reference for the given block hash.
+// L2BlockRefByHash returns the [eth.L2BlockRef] for the given block hash.
 // The returned BlockRef may not be in the canonical chain.
 func (s *L2Client) L2BlockRefByHash(ctx context.Context, hash common.Hash) (eth.L2BlockRef, error) {
 	if ref, ok := s.l2BlockRefsCache.Get(hash); ok {
@@ -139,8 +142,8 @@ func (s *L2Client) L2BlockRefByHash(ctx context.Context, hash common.Hash) (eth.
 	return ref, nil
 }

-// SystemConfigByL2Hash returns the system config (matching the config updates up to and including the L1 origin) for the given L2 block hash.
-// The returned SystemConfig may not be in the canonical chain when the hash is not canonical.
+// SystemConfigByL2Hash returns the [eth.SystemConfig] (matching the config updates up to and including the L1 origin) for the given L2 block hash.
+// The returned [eth.SystemConfig] may not be in the canonical chain when the hash is not canonical.
 func (s *L2Client) SystemConfigByL2Hash(ctx context.Context, hash common.Hash) (eth.SystemConfig, error) {
 	if ref, ok := s.systemConfigsCache.Get(hash); ok {
 		return ref.(eth.SystemConfig), nil

--- a/op-proposer/Dockerfile
+++ b/op-proposer/Dockerfile
@@ -8,6 +8,7 @@ COPY ./op-bindings /app/op-bindings
 COPY ./op-node /app/op-node
 COPY ./op-proposer /app/op-proposer
 COPY ./op-service /app/op-service
+COPY ./op-signer /app/op-signer
 COPY ./.git /app/.git

 WORKDIR /app/op-proposer

--- a/op-proposer/docker.go.work
+++ b/op-proposer/docker.go.work
@@ -5,4 +5,5 @@ use (
 	./op-node
 	./op-proposer
 	./op-service
+	./op-signer
 )
--- a/op-proposer/flags/flags.go
+++ b/op-proposer/flags/flags.go
@@ -8,6 +8,7 @@ import (
 	opmetrics "github.com/ethereum-optimism/optimism/op-service/metrics"
 	oppprof "github.com/ethereum-optimism/optimism/op-service/pprof"
 	oprpc "github.com/ethereum-optimism/optimism/op-service/rpc"
+	opsigner "github.com/ethereum-optimism/optimism/op-signer/client"
 )

 const envVarPrefix = "OP_PROPOSER"
@@ -112,6 +113,7 @@ func init() {
 	optionalFlags = append(optionalFlags, oplog.CLIFlags(envVarPrefix)...)
 	optionalFlags = append(optionalFlags, opmetrics.CLIFlags(envVarPrefix)...)
 	optionalFlags = append(optionalFlags, oppprof.CLIFlags(envVarPrefix)...)
+	optionalFlags = append(optionalFlags, opsigner.CLIFlags(envVarPrefix)...)

 	Flags = append(requiredFlags, optionalFlags...)
 }

--- a/op-proposer/go.mod
+++ b/op-proposer/go.mod
@@ -7,6 +7,7 @@ require (
 	github.com/ethereum-optimism/optimism/op-bindings v0.10.10
 	github.com/ethereum-optimism/optimism/op-node v0.10.10
 	github.com/ethereum-optimism/optimism/op-service v0.10.10
+	github.com/ethereum-optimism/optimism/op-signer v0.1.0
 	github.com/ethereum/go-ethereum v1.10.26
 	github.com/stretchr/testify v1.8.1
 	github.com/urfave/cli v1.22.9
@@ -25,7 +26,9 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/deckarep/golang-set v1.8.0 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 // indirect
+	github.com/dyson/certman v0.3.0 // indirect
 	github.com/fjl/memsize v0.0.1 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-stack/stack v1.8.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
@@ -89,7 +92,7 @@ require (
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
 	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect
-	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
+	golang.org/x/sync v0.1.0 // indirect
 	golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43 // indirect
 	golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 // indirect
 	golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect

--- a/op-proposer/go.sum
+++ b/op-proposer/go.sum
@@ -98,6 +98,8 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 h1:HbphB4TFFXpv7MNrT52FGrrgVXF1
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0/go.mod h1:DZGJHZMqrU4JJqFAWUS2UO1+lbSKsdiOoYi9Zzey7Fc=
 github.com/decred/dcrd/lru v1.0.0/go.mod h1:mxKOwFd7lFjN2GZYsiz/ecgqR6kkYAl+0pz0tEMk218=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
+github.com/dyson/certman v0.3.0 h1:S7WCUim5faT/OiBhiY3u5cMaiC9MNKiA+8PJDXLaIYQ=
+github.com/dyson/certman v0.3.0/go.mod h1:RMWlyA9op6D9SxOBRRX3sxnParehv9gf52WWUJPd1JA=
 github.com/edsrzf/mmap-go v1.1.0 h1:6EUwBLQ/Mcr1EYLE4Tn1VdW1A4ckqCQWZBw8Hr0kjpQ=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -113,12 +115,15 @@ github.com/ethereum-optimism/optimism/op-node v0.10.10 h1:edmxboiYSIk9n4A3paEF7I
 github.com/ethereum-optimism/optimism/op-node v0.10.10/go.mod h1:EEcHgMdKiWasJGO5uzspRN2xM1/OB+ehgVgMj4RgPas=
 github.com/ethereum-optimism/optimism/op-service v0.10.10 h1:B5mGpATX6zPkDABoh6smCjh6Z5mA2KWh71MD1i6T5ww=
 github.com/ethereum-optimism/optimism/op-service v0.10.10/go.mod h1:wbtHqi1fv00B3agj7a2zdP3OFanEfGZ23zPgGgFCF/c=
+github.com/ethereum-optimism/optimism/op-signer v0.1.0 h1:wH44Deai43YQWO0pEd44pDm3BahdAtSmrOHKiPvTB8Y=
+github.com/ethereum-optimism/optimism/op-signer v0.1.0/go.mod h1:u8sN6X/c20pP9F1Ey7jH3fi19D08Y+T9ep3PGJfdyi8=
 github.com/fjl/memsize v0.0.1 h1:+zhkb+dhUgx0/e+M8sF0QqiouvMQUiKR+QYvdxIOKcQ=
 github.com/fjl/memsize v0.0.1/go.mod h1:VvhXpOYNQvB+uIk2RvXzuaQtkQJzzIx6lSBe1xv7hi0=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
 github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
+github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
+github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/gballet/go-libpcsclite v0.0.0-20191108122812-4678299bea08 h1:f6D9Hr8xV8uYKlyuj8XIruxlh9WjVjdh1gIicAS7ays=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -527,8 +532,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -586,6 +591,7 @@ golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43 h1:OK7RB6t2WQX54srQQYSXMW8dF5C6/8+oA/s5QBmmto4=
 golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=

--- a/op-proposer/proposer/config.go
+++ b/op-proposer/proposer/config.go
@@ -14,6 +14,7 @@ import (
 	opmetrics "github.com/ethereum-optimism/optimism/op-service/metrics"
 	oppprof "github.com/ethereum-optimism/optimism/op-service/pprof"
 	oprpc "github.com/ethereum-optimism/optimism/op-service/rpc"
+	opsigner "github.com/ethereum-optimism/optimism/op-signer/client"
 )

 // Config contains the well typed fields that are used to initialize the output submitter.
@@ -86,6 +87,9 @@ type CLIConfig struct {
 	MetricsConfig opmetrics.CLIConfig

 	PprofConfig oppprof.CLIConfig
+
+	// SignerConfig contains the client config for op-signer service
+	SignerConfig opsigner.CLIConfig
 }

 func (c CLIConfig) Check() error {
@@ -101,6 +105,9 @@ func (c CLIConfig) Check() error {
 	if err := c.PprofConfig.Check(); err != nil {
 		return err
 	}
+	if err := c.SignerConfig.Check(); err != nil {
+		return err
+	}
 	return nil
 }

@@ -124,5 +131,6 @@ func NewConfig(ctx *cli.Context) CLIConfig {
 		LogConfig:         oplog.ReadCLIConfig(ctx),
 		MetricsConfig:     opmetrics.ReadCLIConfig(ctx),
 		PprofConfig:       oppprof.ReadCLIConfig(ctx),
+		SignerConfig:      opsigner.ReadCLIConfig(ctx),
 	}
 }
--- a/op-proposer/proposer/l2_output_submitter.go
+++ b/op-proposer/proposer/l2_output_submitter.go
@@ -18,6 +18,7 @@ import (
 	"github.com/ethereum/go-ethereum/accounts/abi"
 	"github.com/ethereum/go-ethereum/accounts/abi/bind"
 	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/common/hexutil"
 	"github.com/ethereum/go-ethereum/core/types"
 	"github.com/ethereum/go-ethereum/crypto"
 	"github.com/ethereum/go-ethereum/ethclient"
@@ -34,6 +35,7 @@ import (
 	opmetrics "github.com/ethereum-optimism/optimism/op-service/metrics"
 	oppprof "github.com/ethereum-optimism/optimism/op-service/pprof"
 	oprpc "github.com/ethereum-optimism/optimism/op-service/rpc"
+	opsigner "github.com/ethereum-optimism/optimism/op-signer/client"
 )

 const (
@@ -160,10 +162,27 @@ func NewL2OutputSubmitter(cfg CLIConfig, l log.Logger) (*L2OutputSubmitter, erro
 	var l2OutputPrivKey *ecdsa.PrivateKey
 	var err error

+	var signer SignerFactory
+	var fromAddress common.Address
+	if cfg.SignerConfig.Enabled() {
+		signerClient, err := opsigner.NewSignerClientFromConfig(l, cfg.SignerConfig)
+		if err != nil {
+			l.Error("Unable to create Signer Client", "error", err)
+			return nil, err
+		}
+		fromAddress = common.BytesToAddress(hexutil.MustDecode(cfg.SignerConfig.Address))
+		signer = func(chainID *big.Int) SignerFn {
+			return func(ctx context.Context, address common.Address, tx *types.Transaction) (*types.Transaction, error) {
+				if address.String() != cfg.SignerConfig.Address {
+					return nil, fmt.Errorf("attempting to sign for %s, expected %s: ", address, cfg.SignerConfig.Address)
+				}
+				return signerClient.SignTransaction(ctx, tx)
+			}
+		}
+	} else {
 		if cfg.PrivateKey != "" && cfg.Mnemonic != "" {
 			return nil, errors.New("cannot specify both a private key and a mnemonic")
 		}
-
 		if cfg.PrivateKey == "" {
 			// Parse l2output wallet private key and L2OO contract address.
 			wallet, err := hdwallet.NewFromMnemonic(cfg.Mnemonic)
@@ -185,6 +204,14 @@ func NewL2OutputSubmitter(cfg CLIConfig, l log.Logger) (*L2OutputSubmitter, erro
 				return nil, err
 			}
 		}
+		fromAddress = crypto.PubkeyToAddress(l2OutputPrivKey.PublicKey)
+		signer = func(chainID *big.Int) SignerFn {
+			s := opcrypto.PrivateKeySignerFn(l2OutputPrivKey, chainID)
+			return func(_ context.Context, addr common.Address, tx *types.Transaction) (*types.Transaction, error) {
+				return s(addr, tx)
+			}
+		}
+	}

 	l2ooAddress, err := parseAddress(cfg.L2OOAddress)
 	if err != nil {
@@ -204,13 +231,6 @@ func NewL2OutputSubmitter(cfg CLIConfig, l log.Logger) (*L2OutputSubmitter, erro
 		return nil, err
 	}

-	signer := func(chainID *big.Int) SignerFn {
-		s := opcrypto.PrivateKeySignerFn(l2OutputPrivKey, chainID)
-		return func(_ context.Context, addr common.Address, tx *types.Transaction) (*types.Transaction, error) {
-			return s(addr, tx)
-		}
-	}
-
 	txMgrConfg := txmgr.Config{
 		Log:                       l,
 		Name:                      "L2Output Submitter",
@@ -227,7 +247,7 @@ func NewL2OutputSubmitter(cfg CLIConfig, l log.Logger) (*L2OutputSubmitter, erro
 		L1Client:           l1Client,
 		RollupClient:       rollupClient,
 		AllowNonFinalized:  cfg.AllowNonFinalized,
-		From:               crypto.PubkeyToAddress(l2OutputPrivKey.PublicKey),
+		From:               fromAddress,
 		SignerFnFactory:    signer,
 	}


--- a/packages/contracts-bedrock/.gas-snapshot
+++ b/packages/contracts-bedrock/.gas-snapshot
@@ -92,16 +92,17 @@ L1ERC721Bridge_Test:test_finalizeBridgeERC721_notFromRemoteMessenger_reverts() (
 L1ERC721Bridge_Test:test_finalizeBridgeERC721_notViaLocalMessenger_reverts() (gas: 16093)
 L1ERC721Bridge_Test:test_finalizeBridgeERC721_selfToken_reverts() (gas: 17593)
 L1ERC721Bridge_Test:test_finalizeBridgeERC721_succeeds() (gas: 323814)
-L1StandardBridge_DepositERC20To_Test:test_depositERC20To_succeeds() (gas: 576276)
-L1StandardBridge_DepositERC20_Test:test_depositERC20_succeeds() (gas: 574103)
+L1StandardBridge_DepositERC20To_Test:test_depositERC20To_succeeds() (gas: 624279)
+L1StandardBridge_DepositERC20_Test:test_depositERC20_succeeds() (gas: 621958)
 L1StandardBridge_DepositERC20_TestFail:test_depositERC20_notEoa_reverts() (gas: 22320)
-L1StandardBridge_DepositETHTo_Test:test_depositETHTo_succeeds() (gas: 324839)
-L1StandardBridge_DepositETH_Test:test_depositETH_succeeds() (gas: 367666)
+L1StandardBridge_DepositETHTo_Test:test_depositETHTo_succeeds() (gas: 358590)
+L1StandardBridge_DepositETH_Test:test_depositETH_succeeds() (gas: 401413)
 L1StandardBridge_DepositETH_TestFail:test_depositETH_notEoa_reverts() (gas: 40780)
+L1StandardBridge_FinalizeBridgeETH_Test:test_finalizeBridgeETH_succeeds() (gas: 48661)
 L1StandardBridge_FinalizeBridgeETH_TestFail:test_finalizeBridgeETH_incorrectValue_reverts() (gas: 34207)
 L1StandardBridge_FinalizeBridgeETH_TestFail:test_finalizeBridgeETH_sendToMessenger_reverts() (gas: 34288)
 L1StandardBridge_FinalizeBridgeETH_TestFail:test_finalizeBridgeETH_sendToSelf_reverts() (gas: 34257)
-L1StandardBridge_FinalizeERC20Withdrawal_Test:test_finalizeERC20Withdrawal_succeeds() (gas: 492896)
+L1StandardBridge_FinalizeERC20Withdrawal_Test:test_finalizeERC20Withdrawal_succeeds() (gas: 495885)
 L1StandardBridge_FinalizeERC20Withdrawal_TestFail:test_finalizeERC20Withdrawal_notMessenger_reverts() (gas: 31148)
 L1StandardBridge_FinalizeERC20Withdrawal_TestFail:test_finalizeERC20Withdrawal_notOtherBridge_reverts() (gas: 31504)
 L1StandardBridge_FinalizeETHWithdrawal_Test:test_finalizeETHWithdrawal_succeeds() (gas: 58686)
@@ -163,16 +164,17 @@ L2OutputOracleUpgradeable_Test:test_initValuesOnProxy_succeeds() (gas: 26093)
 L2OutputOracleUpgradeable_Test:test_initializeImpl_alreadyInitialized_reverts() (gas: 15149)
 L2OutputOracleUpgradeable_Test:test_initializeProxy_alreadyInitialized_reverts() (gas: 20131)
 L2OutputOracleUpgradeable_Test:test_upgrading_succeeds() (gas: 180413)
+L2StandardBridge_FinalizeBridgeETH_Test:test_finalizeBridgeETH_succeeds() (gas: 36076)
 L2StandardBridge_Test:test_finalizeBridgeETH_incorrectValue_reverts() (gas: 23843)
 L2StandardBridge_Test:test_finalizeBridgeETH_sendToMessenger_reverts() (gas: 23982)
 L2StandardBridge_Test:test_finalizeBridgeETH_sendToSelf_reverts() (gas: 23893)
-L2StandardBridge_Test:test_finalizeDeposit_succeeds() (gas: 89473)
+L2StandardBridge_Test:test_finalizeDeposit_succeeds() (gas: 90641)
 L2StandardBridge_Test:test_initialize_succeeds() (gas: 24270)
-L2StandardBridge_Test:test_receive_succeeds() (gas: 141940)
-L2StandardBridge_Test:test_withdrawTo_succeeds() (gas: 344914)
+L2StandardBridge_Test:test_receive_succeeds() (gas: 176698)
+L2StandardBridge_Test:test_withdrawTo_succeeds() (gas: 384552)
 L2StandardBridge_Test:test_withdraw_insufficientValue_reverts() (gas: 19627)
-L2StandardBridge_Test:test_withdraw_notEOA_reverts() (gas: 251798)
-L2StandardBridge_Test:test_withdraw_succeeds() (gas: 344228)
+L2StandardBridge_Test:test_withdraw_notEOA_reverts() (gas: 251836)
+L2StandardBridge_Test:test_withdraw_succeeds() (gas: 382649)
 L2ToL1MessagePasserTest:test_burn_succeeds() (gas: 112572)
 L2ToL1MessagePasserTest:test_initiateWithdrawal_fromContract_succeeds() (gas: 70423)
 L2ToL1MessagePasserTest:test_initiateWithdrawal_fromEOA_succeeds() (gas: 75874)

--- a/packages/contracts-bedrock/contracts/test/L1StandardBridge.t.sol
+++ b/packages/contracts-bedrock/contracts/test/L1StandardBridge.t.sol
--- a/packages/contracts-bedrock/contracts/test/L2StandardBridge.t.sol
+++ b/packages/contracts-bedrock/contracts/test/L2StandardBridge.t.sol
--- a/proxyd/backend.go
+++ b/proxyd/backend.go
@@ -78,13 +78,26 @@ var (
 		Message:       "over rate limit",
 		HTTPErrorCode: 429,
 	}
+	ErrOverSenderRateLimit = &RPCErr{
+		Code:          JSONRPCErrorInternal - 17,
+		Message:       "sender is over rate limit",
+		HTTPErrorCode: 429,
+	}

 	ErrBackendUnexpectedJSONRPC = errors.New("backend returned an unexpected JSON-RPC response")
 )

 func ErrInvalidRequest(msg string) *RPCErr {
 	return &RPCErr{
-		Code:          -32601,
+		Code:          -32600,
+		Message:       msg,
+		HTTPErrorCode: 400,
+	}
+}
+
+func ErrInvalidParams(msg string) *RPCErr {
+	return &RPCErr{
+		Code:          -32602,
 		Message:       msg,
 		HTTPErrorCode: 400,
 	}

--- a/proxyd/config.go
+++ b/proxyd/config.go
@@ -104,6 +104,14 @@ type BatchConfig struct {
 	ErrorMessage string `toml:"error_message"`
 }

+// SenderRateLimitConfig configures the sender-based rate limiter
+// for eth_sendRawTransaction requests.
+type SenderRateLimitConfig struct {
+	Enabled  bool
+	Interval TOMLDuration
+	Limit    int
+}
+
 type Config struct {
 	WSBackendGroup        string                `toml:"ws_backend_group"`
 	Server                ServerConfig          `toml:"server"`
@@ -119,6 +127,7 @@ type Config struct {
 	RPCMethodMappings     map[string]string     `toml:"rpc_method_mappings"`
 	WSMethodWhitelist     []string              `toml:"ws_method_whitelist"`
 	WhitelistErrorMessage string                `toml:"whitelist_error_message"`
+	SenderRateLimit       SenderRateLimitConfig `toml:"sender_rate_limit"`
 }

 func ReadFromEnvOrConfig(value string) (string, error) {

--- a/proxyd/integration_tests/sender_rate_limit_test.go
+++ b/proxyd/integration_tests/sender_rate_limit_test.go
+package integration_tests
+
+import (
+	"bufio"
+	"fmt"
+	"math"
+	"os"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/ethereum-optimism/optimism/proxyd"
+	"github.com/stretchr/testify/require"
+)
+
+const txHex1 = "0x02f8b28201a406849502f931849502f931830147f9948f3ddd0fbf3e78ca1d6c" +
+	"d17379ed88e261249b5280b84447e7ef2400000000000000000000000089c8b1" +
+	"b2774201bac50f627403eac1b732459cf7000000000000000000000000000000" +
+	"0000000000000000056bc75e2d63100000c080a0473c95566026c312c9664cd6" +
+	"1145d2f3e759d49209fe96011ac012884ec5b017a0763b58f6fa6096e6ba28ee" +
+	"08bfac58f58fb3b8bcef5af98578bdeaddf40bde42"
+
+const txHex2 = "0xf8aa82afd2830f4240830493e094464959ad46e64046b891f562cff202a465d5" +
+	"22f380b844d5bade070000000000000000000000004200000000000000000000" +
+	"0000000000000000060000000000000000000000000000000000000000000000" +
+	"0000000025ef43fc0038a05d8ea9837ea81469bda4dadbe852fdd37fcfbcd666" +
+	"5641a35e4726fbc04364e7a0107e20bb34aea53c695a551204a11d42fe465055" +
+	"510ee240e8f884fb70289be6"
+
+const dummyRes = `{"id": 123, "jsonrpc": "2.0", "result": "dummy"}`
+
+const limRes = `{"error":{"code":-32017,"message":"sender is over rate limit"},"id":1,"jsonrpc":"2.0"}`
+
+func TestSenderRateLimitValidation(t *testing.T) {
+	goodBackend := NewMockBackend(SingleResponseHandler(200, dummyRes))
+	defer goodBackend.Close()
+
+	require.NoError(t, os.Setenv("GOOD_BACKEND_RPC_URL", goodBackend.URL()))
+
+	config := ReadConfig("sender_rate_limit")
+
+	// Don't perform rate limiting in this test since we're only testing
+	// validation.
+	config.SenderRateLimit.Limit = math.MaxInt
+	client := NewProxydClient("http://127.0.0.1:8545")
+	shutdown, err := proxyd.Start(config)
+	require.NoError(t, err)
+	defer shutdown()
+
+	f, err := os.Open("testdata/testdata.txt")
+	require.NoError(t, err)
+	defer f.Close()
+
+	scanner := bufio.NewScanner(f)
+	scanner.Scan() // skip header
+	for scanner.Scan() {
+		record := strings.Split(scanner.Text(), "|")
+		name, body, expResponseBody := record[0], record[1], record[2]
+		require.NoError(t, err)
+		t.Run(name, func(t *testing.T) {
+			res, _, err := client.SendRequest([]byte(body))
+			require.NoError(t, err)
+			RequireEqualJSON(t, []byte(expResponseBody), res)
+		})
+	}
+}
+
+func TestSenderRateLimitLimiting(t *testing.T) {
+	goodBackend := NewMockBackend(SingleResponseHandler(200, dummyRes))
+	defer goodBackend.Close()
+
+	require.NoError(t, os.Setenv("GOOD_BACKEND_RPC_URL", goodBackend.URL()))
+
+	config := ReadConfig("sender_rate_limit")
+	client := NewProxydClient("http://127.0.0.1:8545")
+	shutdown, err := proxyd.Start(config)
+	require.NoError(t, err)
+	defer shutdown()
+
+	// Two separate requests from the same sender
+	// should be rate limited.
+	res1, code1, err := client.SendRequest(makeSendRawTransaction(txHex1))
+	require.NoError(t, err)
+	res2, code2, err := client.SendRequest(makeSendRawTransaction(txHex1))
+	require.NoError(t, err)
+	RequireEqualJSON(t, []byte(dummyRes), res1)
+	require.Equal(t, 200, code1)
+	RequireEqualJSON(t, []byte(limRes), res2)
+	require.Equal(t, 429, code2)
+
+	// Clear the limiter.
+	time.Sleep(1100 * time.Millisecond)
+
+	// Two separate requests from different senders
+	// should not be rate limited.
+	res1, code1, err = client.SendRequest(makeSendRawTransaction(txHex1))
+	require.NoError(t, err)
+	res2, code2, err = client.SendRequest(makeSendRawTransaction(txHex2))
+	require.NoError(t, err)
+	RequireEqualJSON(t, []byte(dummyRes), res1)
+	require.Equal(t, 200, code1)
+	RequireEqualJSON(t, []byte(dummyRes), res2)
+	require.Equal(t, 200, code2)
+
+	// Clear the limiter.
+	time.Sleep(1100 * time.Millisecond)
+
+	// A batch request should rate limit within the batch itself.
+	batch := []byte(fmt.Sprintf(
+		`[%s, %s, %s]`,
+		makeSendRawTransaction(txHex1),
+		makeSendRawTransaction(txHex1),
+		makeSendRawTransaction(txHex2),
+	))
+	res, code, err := client.SendRequest(batch)
+	require.NoError(t, err)
+	require.Equal(t, 200, code)
+	RequireEqualJSON(t, []byte(fmt.Sprintf(
+		`[%s, %s, %s]`,
+		dummyRes,
+		limRes,
+		dummyRes,
+	)), res)
+}
+
+func makeSendRawTransaction(dataHex string) []byte {
+	return []byte(`{"jsonrpc":"2.0","method":"eth_sendRawTransaction","params":["` + dataHex + `"],"id":1}`)
+}
--- a/proxyd/integration_tests/testdata/sender_rate_limit.toml
+++ b/proxyd/integration_tests/testdata/sender_rate_limit.toml
+[server]
+rpc_port = 8545
+
+[backend]
+response_timeout_seconds = 1
+
+[backends]
+[backends.good]
+rpc_url = "$GOOD_BACKEND_RPC_URL"
+ws_url = "$GOOD_BACKEND_RPC_URL"
+
+[backend_groups]
+[backend_groups.main]
+backends = ["good"]
+
+[rpc_method_mappings]
+eth_chainId = "main"
+eth_sendRawTransaction = "main"
+
+[sender_rate_limit]
+enabled = true
+interval = "1s"
+limit = 1
\ No newline at end of file
--- a/proxyd/integration_tests/testdata/testdata.txt
+++ b/proxyd/integration_tests/testdata/testdata.txt
+name|body|responseBody
+not json|not json|{"jsonrpc":"2.0","error":{"code":-32700,"message":"parse error"},"id":null}
+not json-rpc|{"foo":"bar"}|{"jsonrpc":"2.0","error":{"code":-32600,"message":"invalid JSON-RPC version"},"id":null}
+missing fields json-rpc|{"jsonrpc":"2.0"}|{"jsonrpc":"2.0","error":{"code":-32600,"message":"no method specified"},"id":null}
+bad method json-rpc|{"jsonrpc":"2.0","method":"eth_notSendRawTransaction","id":1}|{"jsonrpc":"2.0","error":{"code":-32001,"message":"rpc method is not whitelisted"},"id":1}
+no transaction data|{"jsonrpc":"2.0","method":"eth_sendRawTransaction","params":[],"id":1}|{"jsonrpc":"2.0","error":{"code":-32602,"message":"missing value for required argument 0"},"id":1}
+invalid transaction data|{"jsonrpc":"2.0","method":"eth_sendRawTransaction","params":["0xf6806872fcc650ad4e77e0629206426cd183d751e9ddcc8d5e77"],"id":1}|{"jsonrpc":"2.0","error":{"code":-32602,"message":"rlp: value size exceeds available input length"},"id":1}
+invalid transaction data|{"jsonrpc":"2.0","method":"eth_sendRawTransaction","params":["0x1234"],"id":1}|{"jsonrpc":"2.0","error":{"code":-32602,"message":"transaction type not supported"},"id":1}
+valid transaction data - simple send|{"jsonrpc":"2.0","method":"eth_sendRawTransaction","params":["0x02f8748201a415843b9aca31843b9aca3182520894f80267194936da1e98db10bce06f3147d580a62e880de0b6b3a764000080c001a0b50ee053102360ff5fedf0933b912b7e140c90fe57fa07a0cebe70dbd72339dda072974cb7bfe5c3dc54dde110e2b049408ccab8a879949c3b4d42a3a7555a618b"],"id":1}|{"id": 123, "jsonrpc": "2.0", "result": "dummy"}
+valid transaction data - contract call|{"jsonrpc":"2.0","method":"eth_sendRawTransaction","params":["0x02f8b28201a406849502f931849502f931830147f9948f3ddd0fbf3e78ca1d6cd17379ed88e261249b5280b84447e7ef2400000000000000000000000089c8b1b2774201bac50f627403eac1b732459cf70000000000000000000000000000000000000000000000056bc75e2d63100000c080a0473c95566026c312c9664cd61145d2f3e759d49209fe96011ac012884ec5b017a0763b58f6fa6096e6ba28ee08bfac58f58fb3b8bcef5af98578bdeaddf40bde42"],"id":1}|{"id": 123, "jsonrpc": "2.0", "result": "dummy"}
+batch with mixed results|[{"jsonrpc":"2.0","method":"eth_sendRawTransaction","params":["0x02f8748201a415843b9aca31843b9aca3182520894f80267194936da1e98db10bce06f3147d580a62e880de0b6b3a764000080c001a0b50ee053102360ff5fedf0933b912b7e140c90fe57fa07a0cebe70dbd72339dda072974cb7bfe5c3dc54dde110e2b049408ccab8a879949c3b4d42a3a7555a618b"],"id":1},{"bad":"json"},{"jsonrpc":"2.0","method":"eth_fooTheBar","params":[],"id":123}]|[{"id": 123, "jsonrpc": "2.0", "result": "dummy"},{"jsonrpc":"2.0","error":{"code":-32600,"message":"invalid JSON-RPC version"},"id":null},{"jsonrpc":"2.0","error":{"code":-32001,"message":"rpc method is not whitelisted"},"id":123}]
\ No newline at end of file
--- a/proxyd/integration_tests/validation_test.go
+++ b/proxyd/integration_tests/validation_test.go
@@ -12,10 +12,10 @@ import (
 const (
 	notWhitelistedResponse        = `{"jsonrpc":"2.0","error":{"code":-32001,"message":"rpc method is not whitelisted custom message"},"id":999}`
 	parseErrResponse              = `{"jsonrpc":"2.0","error":{"code":-32700,"message":"parse error"},"id":null}`
-	invalidJSONRPCVersionResponse = `{"error":{"code":-32601,"message":"invalid JSON-RPC version"},"id":null,"jsonrpc":"2.0"}`
-	invalidIDResponse             = `{"error":{"code":-32601,"message":"invalid ID"},"id":null,"jsonrpc":"2.0"}`
-	invalidMethodResponse         = `{"error":{"code":-32601,"message":"no method specified"},"id":null,"jsonrpc":"2.0"}`
-	invalidBatchLenResponse       = `{"error":{"code":-32601,"message":"must specify at least one batch call"},"id":null,"jsonrpc":"2.0"}`
+	invalidJSONRPCVersionResponse = `{"error":{"code":-32600,"message":"invalid JSON-RPC version"},"id":null,"jsonrpc":"2.0"}`
+	invalidIDResponse             = `{"error":{"code":-32600,"message":"invalid ID"},"id":null,"jsonrpc":"2.0"}`
+	invalidMethodResponse         = `{"error":{"code":-32600,"message":"no method specified"},"id":null,"jsonrpc":"2.0"}`
+	invalidBatchLenResponse       = `{"error":{"code":-32600,"message":"must specify at least one batch call"},"id":null,"jsonrpc":"2.0"}`
 )

 func TestSingleRPCValidation(t *testing.T) {

--- a/proxyd/proxyd.go
+++ b/proxyd/proxyd.go
@@ -78,6 +78,15 @@ func Start(config *Config) (func(), error) {
 		ErrTooManyBatchRequests.Message = config.BatchConfig.ErrorMessage
 	}

+	if config.SenderRateLimit.Enabled {
+		if config.SenderRateLimit.Limit <= 0 {
+			return nil, errors.New("limit in sender_rate_limit must be > 0")
+		}
+		if time.Duration(config.SenderRateLimit.Interval) < time.Second {
+			return nil, errors.New("interval in sender_rate_limit must be >= 1s")
+		}
+	}
+
 	maxConcurrentRPCs := config.Server.MaxConcurrentRPCs
 	if maxConcurrentRPCs == 0 {
 		maxConcurrentRPCs = math.MaxInt64
@@ -244,6 +253,7 @@ func Start(config *Config) (func(), error) {
 		config.Server.MaxUpstreamBatchSize,
 		rpcCache,
 		config.RateLimit,
+		config.SenderRateLimit,
 		config.Server.EnableRequestLog,
 		config.Server.MaxRequestBodyLogLen,
 		config.BatchConfig.MaxSize,

--- a/proxyd/server.go
+++ b/proxyd/server.go
@@ -14,6 +14,9 @@ import (
 	"sync"
 	"time"

+	"github.com/ethereum/go-ethereum/common/hexutil"
+	"github.com/ethereum/go-ethereum/core/types"
+
 	"github.com/ethereum/go-ethereum/log"
 	"github.com/go-redis/redis/v8"
 	"github.com/gorilla/mux"
@@ -50,6 +53,7 @@ type Server struct {
 	upgrader             *websocket.Upgrader
 	mainLim              FrontendRateLimiter
 	overrideLims         map[string]FrontendRateLimiter
+	senderLim            FrontendRateLimiter
 	limExemptOrigins     []*regexp.Regexp
 	limExemptUserAgents  []*regexp.Regexp
 	rpcServer            *http.Server
@@ -71,6 +75,7 @@ func NewServer(
 	maxUpstreamBatchSize int,
 	cache RPCCache,
 	rateLimitConfig RateLimitConfig,
+	senderRateLimitConfig SenderRateLimitConfig,
 	enableRequestLog bool,
 	maxRequestBodyLogLen int,
 	maxBatchSize int,
@@ -135,6 +140,10 @@ func NewServer(
 			return nil, err
 		}
 	}
+	var senderLim FrontendRateLimiter
+	if senderRateLimitConfig.Enabled {
+		senderLim = limiterFactory(time.Duration(senderRateLimitConfig.Interval), senderRateLimitConfig.Limit, "senders")
+	}

 	return &Server{
 		backendGroups:        backendGroups,
@@ -154,6 +163,7 @@ func NewServer(
 		},
 		mainLim:             mainLim,
 		overrideLims:        overrideLims,
+		senderLim:           senderLim,
 		limExemptOrigins:    limExemptOrigins,
 		limExemptUserAgents: limExemptUserAgents,
 	}, nil
@@ -409,6 +419,17 @@ func (s *Server) handleBatchRPC(ctx context.Context, reqs []json.RawMessage, isL
 			continue
 		}

+		// Apply a sender-based rate limit if it is enabled. Note that sender-based rate
+		// limits apply regardless of origin or user-agent. As such, they don't use the
+		// isLimited method.
+		if parsedReq.Method == "eth_sendRawTransaction" && s.senderLim != nil {
+			if err := s.rateLimitSender(ctx, parsedReq); err != nil {
+				RecordRPCError(ctx, BackendProxyd, parsedReq.Method, err)
+				responses[i] = NewRPCErrorRes(parsedReq.ID, err)
+				continue
+			}
+		}
+
 		id := string(parsedReq.ID)
 		// If this is a duplicate Request ID, move the Request to a new batchGroup
 		ids[id]++
@@ -575,6 +596,54 @@ func (s *Server) isUnlimitedUserAgent(origin string) bool {
 	return false
 }

+func (s *Server) rateLimitSender(ctx context.Context, req *RPCReq) error {
+	var params []string
+	if err := json.Unmarshal(req.Params, &params); err != nil {
+		log.Debug("error unmarshaling raw transaction params", "err", err, "req_Id", GetReqID(ctx))
+		return ErrParseErr
+	}
+
+	if len(params) != 1 {
+		log.Debug("raw transaction request has invalid number of params", "req_id", GetReqID(ctx))
+		// The error below is identical to the one Geth responds with.
+		return ErrInvalidParams("missing value for required argument 0")
+	}
+
+	var data hexutil.Bytes
+	if err := data.UnmarshalText([]byte(params[0])); err != nil {
+		log.Debug("error decoding raw tx data", "err", err, "req_id", GetReqID(ctx))
+		// Geth returns the raw error from UnmarshalText.
+		return ErrInvalidParams(err.Error())
+	}
+
+	// Inflates a types.Transaction object from the transaction's raw bytes.
+	tx := new(types.Transaction)
+	if err := tx.UnmarshalBinary(data); err != nil {
+		log.Debug("could not unmarshal transaction", "err", err, "req_id", GetReqID(ctx))
+		return ErrInvalidParams(err.Error())
+	}
+
+	// Convert the transaction into a Message object so that we can get the
+	// sender. This method performs an ecrecover, which can be expensive.
+	msg, err := tx.AsMessage(types.LatestSignerForChainID(tx.ChainId()), nil)
+	if err != nil {
+		log.Debug("could not get message from transaction", "err", err, "req_id", GetReqID(ctx))
+		return ErrInvalidParams(err.Error())
+	}
+
+	ok, err := s.senderLim.Take(ctx, msg.From().Hex())
+	if err != nil {
+		log.Error("error taking from sender limiter", "err", err, "req_id", GetReqID(ctx))
+		return ErrInternal
+	}
+	if !ok {
+		log.Debug("sender rate limit exceeded", "sender", msg.From(), "req_id", GetReqID(ctx))
+		return ErrOverSenderRateLimit
+	}
+
+	return nil
+}
+
 func setCacheHeader(w http.ResponseWriter, cached bool) {
 	if cached {
 		w.Header().Set(cacheStatusHdr, "HIT")