Clarify handling of deposits

This system relies on deposit only blocks to eventually force deposits through. If a deposit only block fails to be executed, we exit the rollup node because we are unable to continue.

Clarify handling of deposits
This system relies on deposit only blocks to eventually force deposits through. If a deposit only block fails to be executed, we exit the rollup node because we are unable to continue.
7607e77f · Joshua Gutow · e72c48f5 · 7607e77f · 7607e77f
Commit 7607e77f authored Oct 24, 2022 by Joshua Gutow
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 2 deletions

engine_queue.go op-node/rollup/derive/engine_queue.go +5 -1

derivation.md specs/derivation.md +3 -1

No files found.
--- a/op-node/rollup/derive/engine_queue.go
+++ b/op-node/rollup/derive/engine_queue.go
@@ -375,7 +375,9 @@ func (eq *EngineQueue) forceNextSafeAttributes(ctx context.Context) error {
 					depositCount += 1
 				}
 			}
-			// Deposit transaction execution errors are suppressed, but if they are not, we will be stuck
+			// Deposit transaction execution errors are suppressed in the execution engine, but if the
+			// block is somehow invalid, there is nothing we can do to recover & we should exit.
+			// TODO: Can this be triggered by an empty batch with invalid data (like parent hash or gas limit?)
 			if len(attrs.Transactions) == depositCount {
 				eq.log.Error("deposit only block was invalid", "parent", eq.safeHead, "err", err)
 				return NewCriticalError(fmt.Errorf("failed to process block with only deposit transactions: %w", err))
@@ -383,6 +385,8 @@ func (eq *EngineQueue) forceNextSafeAttributes(ctx context.Context) error {
 			// drop the payload without inserting it
 			eq.safeAttributes = eq.safeAttributes[1:]
 			// suppress the error b/c we want to retry with the next batch from the batch queue
+			// If there is no valid batch the node will eventually force a deposit only block. If
+			// the deposit only block fails, this will return the critical error above.
 			return nil
 		default:

--- a/specs/derivation.md
+++ b/specs/derivation.md
@@ -649,7 +649,9 @@ execution engine to be converted into a proper L2 block, which will become both
 If a payload attributes created from a batch cannot be inserted into the chain because of a validation error (i.e. there
 was an invalid transaction or state transition in the block) the batch should be dropped & the safe head should not be
-advanced. The engine queue will attempt to use the next batch for that timestamp from the batch queue.
+advanced. The engine queue will attempt to use the next batch for that timestamp from the batch queue. If no valid batch
+is found, the rollup node will create a deposit only batch which should always pass validation because deposits are always
+valid.
 Interaction with the execution engine via the execution engine API is detailed in the [Communication with the Execution
 Engine][exec-engine-comm] section.