Cointime

Download App
iOS & Android

Exploring Eclipse's Canonical Ethereum Bridge and Proving System

From Eclipse, Ethereum's fastest L2, powered by the SVM

Eclipse is Ethereum's fastest Layer 2, powered by the Solana Virtual Machine (SVM).

As mentioned in our initial architecture post, Eclipse combines the best pieces of the modular stack: Ethereum as the settlement layer for our enshrined validating bridge, Celestia as the data availability layer, RISC Zero to generate our zero-knowledge fraud proofs, and Solana's SVM as the execution environment.

Eclipse is Ethereum's fastest Layer 2, powered by the Solana Virtual Machine (SVM).

As mentioned in our initial architecture post, Eclipse combines the best pieces of the modular stack: Ethereum as the settlement layer for our enshrined validating bridge, Celestia as the data availability layer, RISC Zero to generate our zero-knowledge fraud proofs, and Solana's SVM as the execution environment.

In this article, we will cover Eclipse's canonical bridge and fraud proof design. The upcoming release of our monorepo will contain the canonical bridge smart contracts, relayers, and a Docker container to run a test network for local development.

An Overview of Our Canonical Bridge

Eclipse is composed of three layers:

  1. Execution: A fork of the Solana Labs client (v1.17) for SVM transaction execution
  2. Settlement: Our canonical bridge defining Eclipse's fork-choice rule exists on Ethereum, where fraud proofs will also be submitted
  3. Data Availability: Eclipse publishes the data necessary to produce fraud proofs as data blobs on Celestia

The diagram below illustrates how these modules interact:

The rest of this article will focus on Eclipse's Ethereum bridge, as shown in the diagram. Blobstream will relay attestations signed by Celestia's validator set to certify to Ethereum that the data for a batch of Eclipse's slots was published correctly. This allows Eclipse's bridge to verify the data provided for fraud proofs against the signed data roots from Celestia. In the rest of this section, we will outline the processes by which:

  1. funds are deposited via our bridge,
  2. data blobs of batches of Eclipse's blocks are posted on Celestia,
  3. withdrawals via the bridge are handled, and
  4. fraud proofs are generated in worst-case scenarios.

Depositing via Eclipse's Native Ethereum Bridge

The flow when a user deposits onto Eclipse via the native Ethereum bridge is summarized as follows:

  • A user calls Eclipse's Deposit Bridge contract on Ethereum
  • From within Eclipse's SVM executor [1], the relayer [2] observes the user's deposit and destination address
  • Next, the relayer calls the SVM bridge program, which is responsible for transferring a user's deposit to the applicable destination address
  • The relayer verifies the deposit transaction via a zk-light client (to be implemented)
  • Finally, the block containing the subsequent post-deposit transfer transaction is finalized and published via a Solana Geyser Plugin

The diagram below shows the interactions between Ethereum, Celestia, and the SVM Executor during the deposit flow described above:

Publishing Eclipse's Slots to Celestia as Data Blobs

The flow for publishing batches of Eclipse's slots to Celestia as data blobs is summarized below:

  • The SVM executor publishes each Eclipse slot to the message queue via Geyser
  • The SVM executor posts batches of Eclipse's slots to Celestia as data blobs
  • The Celestia validator set produces commitments to the data blobs submitted, which can be used to prove the inclusion of a transaction on Eclipse's chain against the data root
  • The data roots contained in every single Celestia block header are relayed to Eclipse's bridge contract on Ethereum via Blobstream

The diagram below from Celestia explains how the commitment of the data within a given Celestia block is stored in the block header:

Withdrawing and Submitting Fraud Proofs to Eclipse's Ethereum Bridge

Similarly to other L2s that use fraud proofs (Arbitrum, Fuel, and many others), withdrawals from Eclipse require a challenge period during which verifiers can submit fraud proofs in the case of an invalid state transition:

  • At a regular cadence, the SVM executor posts a commitment to an epoch (a predetermined number of batches) of Eclipse's slots to Ethereum, along with collateral
  • Eclipse’s bridge contract conducts some basic checks to ensure that the data posted is well-formed (described in the Fraud Proof Design section)
  • If the submitted batch passes these basic checks, there is a predefined window during which verifiers can post fraud proofs in the case that the batch commitment implies an invalid state transition
  • If a verifier posts a successful fraud proof, they win the executor's collateral, the posted batch is rejected, and the canonical state of the Eclipse L2 is rolled back to the last valid batch commitment. Here, Eclipse's governance would have the ability to elect a new executor
  • If the challenge period elapses with no successful fraud proof, the executor recovers its collateral along with a reward
  • Consequently, the Eclipse bridge contract will now complete any withdrawal transactions that were included in the finalized batch

Fraud Proof Design

In this final section, we will detail Eclipse's fraud proof system design, inspired by Anatoly Yakovenko and John Adler. Generally, for any fraud proof, a verifier must:

  1. Identify a transaction containing an invalid state transition
  2. Provide the inputs to said transaction with the invalid state transition
  3. Demonstrate that re-executing said transaction with the given inputs results in an output that is not equal to what was committed on-chain

In Eclipse's case, (1) Celestia merklizes blobs of batches of blocks that Eclipse's SVM executor posts, allowing transaction inclusion proofs via Merkle witnesses. For (2), unlike EVM-based L2s, which post a Merkle root to the global state tree, for performance reasons Eclipse does not update a global state tree on a transaction-by-transaction basis, but we will explain how we ensure the correctness of inputs in more detail below. Finally, in the case of (3), Eclipse's verifier generates a zk-proof of the output(s) for a given transaction, unlike the interactive verification game approach common across EVM-based L2s.

All Eclipse transactions can be represented as taking a list of input accounts, executing a transaction, and producing a list of resultant output accounts:

The critical observation for our fraud proof design is that for transaction execution, it is always the case that any S_InputAccount must have been the S_OutputAccount of some previous transaction. This allows us to reference the last transaction in the chain that produced a given input account instead of providing a Merkle witness to a global state tree. As a result of our design, we introduce additional fraud accusation types, such as a reference to the previous transaction not being valid or the input account already being "spent" by some later transaction. We describe this process in more detail below:

Transaction Inputs Posted to Celestia

  • Transaction data (posted by the sequencer)
  • Transaction data (posted by the SVM executor) which contains the following:Transaction count [3]Celestia namespace location of the transaction dataAccount hash [4] for each input, with transaction count resulting in eachList of sysvars used and value of each, with transaction count resulting in each (if applicable) [5]Transaction output, if the transaction was successful; otherwise, an indicator that the transaction failed (either because it failed to parse or because it was unable to execute)
  • Transaction count [3]
  • Celestia namespace location of the transaction data
  • Account hash [4] for each input, with transaction count resulting in each
  • List of sysvars used and value of each, with transaction count resulting in each (if applicable) [5]
  • Transaction output, if the transaction was successful; otherwise, an indicator that the transaction failed (either because it failed to parse or because it was unable to execute)

Batch Commitments Posted to The Ethereum Bridge

In addition, the batches of transaction data posted to Celestia have their commitments relayed to the Ethereum contract. The commitments consist of:

  • The Celestia namespace location of the transaction data of the last transaction included in the batch
  • The Celestia namespace location of the execution data [6] of all included transactions
  • A list of deposits, withdrawals, and overrides, each of which comes with the transaction count of the associated Eclipse transaction

Criteria for an Invalid Batch

As explained above, there are several ways a batch can be found to be incorrect:

  • One of the linked Celestia namespace locations is malformed or does not point to data of the required type
  • There is a transaction on Celestia with no associated execution data, which can be due to two reasons:The transaction, which was supposed to be the most recent in the batch, has no associated execution data.In such a case, a verifier verifies that this is the case and the Ethereum bridge contract checks that the latest entry in the execution data list does not correspond to the correct transaction dataThe execution data of a different transaction is missingA verifier posts the Celestia namespace location of the transaction data of the offending transaction and the previous and following transactions in the order that was successfully executed. Following this, the bridge contract checks that this transaction was skipped
  • The transaction, which was supposed to be the most recent in the batch, has no associated execution data.In such a case, a verifier verifies that this is the case and the Ethereum bridge contract checks that the latest entry in the execution data list does not correspond to the correct transaction data
  • In such a case, a verifier verifies that this is the case and the Ethereum bridge contract checks that the latest entry in the execution data list does not correspond to the correct transaction data
  • The execution data of a different transaction is missingA verifier posts the Celestia namespace location of the transaction data of the offending transaction and the previous and following transactions in the order that was successfully executed. Following this, the bridge contract checks that this transaction was skipped
  • A verifier posts the Celestia namespace location of the transaction data of the offending transaction and the previous and following transactions in the order that was successfully executed. Following this, the bridge contract checks that this transaction was skipped
  • There is a transaction whose execution data is incorrect, which could be caused by the following:The transaction count associated with an account hash or sysvar does not produce the claimed output.In this case, a verifier posts the Celestia namespace location of the execution data for the given transaction with the corresponding count, and the bridge contract checks that the given value is incorrect.The transaction count associated with an account hash or sysvar is outdatedA verifier posts the Celestia namespace location of the execution data for a newer transaction, modifying the value in question, and the bridge contract checks that this is indeed newer.The transaction output is incorrect, or the transaction uses an input that is not listed:In this case, a zk-proof of the correct execution of the transaction or a zk-proof that the transaction uses an input that is not listed is needed. This can be obtained in two ways:A verifier posts the proof, orA verifier posts the index of the transaction claimed to be fraudulent, and the Eclipse bridge contract uses this to solicit a zk-proof from RISC Zero's BonsaiThere was a deposit from Ethereum more than N batches ago, but there is no corresponding deposit in the transaction list (included in the batch commitment posted to the bridge contract) for the N past batches. Alternatively, there is a deposit in the transaction list with no related Ethereum deposit transaction, or the transaction exists but has already been included in another Eclipse batchThe bridge contract in all of these cases can determine that this has happened and regard such a batch as invalidThere is a deposit or withdrawal executed with no corresponding entry in the transaction listIn such a case, a verifier posts the Celestia namespace location of the given execution data, and the bridge contract checks this fact to judge the transaction as invalidThere is a deposit or withdrawal in the transaction list whose associated Eclipse transaction is not performing the expected action or whose transaction count is not within its expected transaction count range. In such a case, either one of the following would happen:The bridge would automatically determine this is the case and refuse the corresponding batchA verifier notices the invalid state transition and posts proof of the offending transaction, which is then verified by the bridge contract
  • The transaction count associated with an account hash or sysvar does not produce the claimed output.In this case, a verifier posts the Celestia namespace location of the execution data for the given transaction with the corresponding count, and the bridge contract checks that the given value is incorrect.
  • In this case, a verifier posts the Celestia namespace location of the execution data for the given transaction with the corresponding count, and the bridge contract checks that the given value is incorrect.
  • The transaction count associated with an account hash or sysvar is outdatedA verifier posts the Celestia namespace location of the execution data for a newer transaction, modifying the value in question, and the bridge contract checks that this is indeed newer.
  • A verifier posts the Celestia namespace location of the execution data for a newer transaction, modifying the value in question, and the bridge contract checks that this is indeed newer.
  • The transaction output is incorrect, or the transaction uses an input that is not listed:In this case, a zk-proof of the correct execution of the transaction or a zk-proof that the transaction uses an input that is not listed is needed. This can be obtained in two ways:A verifier posts the proof, orA verifier posts the index of the transaction claimed to be fraudulent, and the Eclipse bridge contract uses this to solicit a zk-proof from RISC Zero's Bonsai
  • In this case, a zk-proof of the correct execution of the transaction or a zk-proof that the transaction uses an input that is not listed is needed. This can be obtained in two ways:A verifier posts the proof, orA verifier posts the index of the transaction claimed to be fraudulent, and the Eclipse bridge contract uses this to solicit a zk-proof from RISC Zero's Bonsai
  • A verifier posts the proof, or
  • A verifier posts the index of the transaction claimed to be fraudulent, and the Eclipse bridge contract uses this to solicit a zk-proof from RISC Zero's Bonsai
  • There was a deposit from Ethereum more than N batches ago, but there is no corresponding deposit in the transaction list (included in the batch commitment posted to the bridge contract) for the N past batches. Alternatively, there is a deposit in the transaction list with no related Ethereum deposit transaction, or the transaction exists but has already been included in another Eclipse batchThe bridge contract in all of these cases can determine that this has happened and regard such a batch as invalid
  • The bridge contract in all of these cases can determine that this has happened and regard such a batch as invalid
  • There is a deposit or withdrawal executed with no corresponding entry in the transaction listIn such a case, a verifier posts the Celestia namespace location of the given execution data, and the bridge contract checks this fact to judge the transaction as invalid
  • In such a case, a verifier posts the Celestia namespace location of the given execution data, and the bridge contract checks this fact to judge the transaction as invalid
  • There is a deposit or withdrawal in the transaction list whose associated Eclipse transaction is not performing the expected action or whose transaction count is not within its expected transaction count range. In such a case, either one of the following would happen:The bridge would automatically determine this is the case and refuse the corresponding batchA verifier notices the invalid state transition and posts proof of the offending transaction, which is then verified by the bridge contract
  • The bridge would automatically determine this is the case and refuse the corresponding batch
  • A verifier notices the invalid state transition and posts proof of the offending transaction, which is then verified by the bridge contract

If any commitment batch is found to be incorrect, the Eclipse bridge contract will roll back the bridge to that of the last provably correct batch commitment. Note that transactions are never removed from the chain, even in the case of fraud, so only the commitment needs to be re-computed.

Parting Thoughts

This article aimed to give a high-level guide to Eclipse's trust-minimized bridge on Ethereum and explain some details about our fraud proof design. Given the modular nature of our L2 and the nascence of our technology stack, we will continue to release articles and documentation about various aspects of Eclipse in the coming weeks.

To get involved with Eclipse Testnet, please follow our instructions here. You can contact us on Twitter or Discord with specific inquiries about our Testnet, bridge, or technical questions.

Footnotes

[1]: The node which computes the results of SVM transactions and applies the eventual output to Eclipse’s new state

[2]: An operator which passes on-chain events between Ethereum and Eclipse

[3]: Note that the executor, not the sequencer, posts this. If it were included in the data posted by the sequencer, it would add the complication that the sequencer could skip over a count, making it impossible for the executor to do their job correctly. This could be compensated for in the fraud proof design, but it would add extra complexity. A second advantage of having only the executor post the count is that it makes it easy to allow transaction overrides to be posted to Celestia, if desired.

[4]: SVM accounts can be represented with a unique hash. The only way this hash is modified is via a transaction.

[5]: To do this without an excessive amount of hashing, we will run a trace on each executed program to see which parts of each used sysvar are actually accessed. This is possible, but will require modifying Solana's BPF interpreter.

[6]: This includes data for attempted transactions that failed to execute.

Comments

All Comments

Recommended for you

  • Whale Transfers 1,133 BTC to Coinbase Prime, Valued at $71.48 Million

    According to Onchain Lens monitoring, a whale transferred 1,133 BTC from Coinbase to Coinbase Prime through an intermediary wallet, valued at $71.48 million.

  • U.S. AI Chip Stocks Decline Before Market Open, Intel Falls Over 3%

    On July 7, U.S. AI chip stocks experienced widespread declines before the market opened. Intel dropped over 3%, while AMD, Qualcomm, and NXP fell more than 2%. TSMC, Broadcom, and Tesla decreased by over 1%, and NVIDIA declined by 0.7%.

  • China's Central Bank Increases Gold Reserves for the 20th Consecutive Month

    As of the end of June, China's gold reserves stood at 75.44 million ounces (approximately 2,346.446 tons), an increase of 480,000 ounces (about 14.93 tons) from the end of May, which reported 74.96 million ounces (approximately 2,331.52 tons). This marks the 20th consecutive month of gold accumulation.

  • China's Foreign Exchange Reserves in June at $341.6262 Billion

    On July 7, China's foreign exchange reserves for June stood at $341.6262 billion, a decrease of $26 billion from the end of May, representing a decline of 0.75%, with expectations set at $343.2 billion.

  • U.S. Storage Stocks Drop Pre-Market, SanDisk and Micron Down Over 4%

    On July 7, U.S. storage concept stocks collectively fell in pre-market trading. Western Digital dropped over 5%, SanDisk and Micron Technology fell over 4%, Seagate Technology declined over 3%, Rambus fell over 2%, and SMI fell over 1%.

  • U.S. Stocks in Optical Communication Sector Drop Pre-Market

    On July 7, stocks in the optical communication sector of the U.S. market collectively fell pre-market. Astera Labs dropped over 4%, while Marvell Technology, Credo Technology, and AXT Inc. fell more than 3%. Tower Semiconductor, MaxLinear, Corning, Applied Optoelectronics, GlobalFoundries, Lumentum, and Qorvo all declined by more than 2%. Coherent, Nokia, Amphenol, and Broadcom dropped over 1%.

  • Pre-market Decline in U.S. Storage Stocks

    In pre-market trading, U.S. storage concept stocks experienced a widespread decline, with Micron Technology falling by 4.8%, SanDisk dropping over 4%, Corning down more than 2%, and Intel decreasing by over 3%.

  • Two Departments: Support for Reinsurance Institutions to Increase Capital and Issue Supplementary Capital Tools

    On July 7, the National Financial Supervision and Administration Bureau and the Shanghai Municipal Government released several measures to accelerate the construction of the Shanghai International Reinsurance Center. Among these measures, they proposed to enhance the quality and efficiency of the reinsurance industry, support reinsurance institutions in increasing capital and expanding shares, and issuing supplementary capital tools to improve the capacity for internal capital accumulation and external capital supplementation, thereby strengthening the reinsurance industry's capabilities. The initiative aims to guide the insurance industry to focus on major national projects, strategic emerging industries, and livelihood security, consolidating insurance and reinsurance underwriting capabilities to enhance risk protection levels. It also supports reinsurance institutions in leveraging their professional technical advantages to assist the insurance industry in reducing risk.

  • Sources: Saudi Arabia Plans to Expand Oil Pipeline to Red Sea, Increasing Capacity by 2 Million Barrels Daily to Bypass Strait of Hormuz

    On July 7, five informed sources revealed that Saudi Arabia is considering expanding the crude oil pipeline capacity to its western coast on the Red Sea, allowing Saudi Arabia and its neighbors to transport more oil without passing through the Strait of Hormuz. This east-west pipeline, built in the early 1980s, has gained strategic importance since the outbreak of the Iran war in February and the disruption of shipping in the Strait of Hormuz. The pipeline can deliver up to 7 million barrels of crude oil per day to the Red Sea port. The CEO of Saudi Aramco stated in May that approximately 2 million barrels are supplied to west coast refineries, while about 5 million barrels are for export. Sources indicate that Saudi Arabia is in preliminary discussions with some neighboring countries regarding the pipeline expansion, aiming to add about 2 million barrels of pipeline capacity per day. It remains unclear whether Aramco's planned expansion involves upgrading existing infrastructure or constructing new pipelines. One source mentioned that the expansion plan also includes a smaller refined oil pipeline. Two sources indicated that the expansion scale could range from 1 million to 2 million barrels per day, with refined oil also being considered. Another source stated that the project would take several years and cost billions of dollars, requiring adjustments to Saudi crude pricing mechanisms.

  • Citi: Tencent's WorkBuddy Gains Momentum, Maintains 'Buy' Rating

    On July 7, Citi released a research report stating that, according to the latest industry data, Tencent's AI agent product WorkBuddy has reached 20 million monthly active users (MAU) and over 13 million daily active users (DAU), with a DAU/MAU ratio between 65% and 75%. Considering the product has only been launched for a few months, user stickiness and daily engagement are performing strongly. Citi quoted Tencent's management as saying that in terms of daily active users, Tencent is leading its Chinese peers in the deployment of AI agents. Early user data reflects strong natural growth for both CodeBuddy and WorkBuddy, with high retention rates. Early users are interacting with the AI agents for long durations and with high frequency, creating a positive feedback loop. It is expected that AI products will become a key revenue source for Tencent Cloud. The firm believes that WorkBuddy's success demonstrates the strength of Tencent's ecosystem, the synergy between various productivity tools, and users' trust in Tencent's products and security. Citi maintains a 'Buy' rating on Tencent with a target price of HKD 763 unchanged.