feat(backrun): set max backrun bundle tx limit and gas limit (#122)

cody-wang-cb · web-flow · commit ffb966fc8076 · 2025-12-23T11:35:19.000-05:00
diff --git a/crates/ingress-rpc/src/lib.rs b/crates/ingress-rpc/src/lib.rs
@@ -193,6 +193,14 @@ pub struct Config {
     #[arg(long, env = "TIPS_INGRESS_BACKRUN_ENABLED", default_value = "false")]
     pub backrun_enabled: bool,
 
+    /// Maximum number of transactions allowed in a backrun bundle (including target tx)
+    #[arg(long, env = "MAX_BACKRUN_TXS", default_value = "5")]
+    pub max_backrun_txs: usize,
+
+    /// Maximum total gas limit for all transactions in a backrun bundle
+    #[arg(long, env = "MAX_BACKRUN_GAS_LIMIT", default_value = "5000000")]
+    pub max_backrun_gas_limit: u64,
+
     /// URL of third-party RPC endpoint to forward raw transactions to (enables forwarding if set)
     #[arg(long, env = "TIPS_INGRESS_RAW_TX_FORWARD_RPC")]
     pub raw_tx_forward_rpc: Option<Url>,
diff --git a/crates/ingress-rpc/src/service.rs b/crates/ingress-rpc/src/service.rs
@@ -82,6 +82,8 @@ pub struct IngressService<Q: MessageQueue, M: Mempool> {
     builder_tx: broadcast::Sender<MeterBundleResponse>,
     backrun_enabled: bool,
     builder_backrun_tx: broadcast::Sender<AcceptedBundle>,
+    max_backrun_txs: usize,
+    max_backrun_gas_limit: u64,
 }
 
 impl<Q: MessageQueue, M: Mempool> IngressService<Q, M> {
@@ -127,18 +129,40 @@ impl<Q: MessageQueue, M: Mempool> IngressService<Q, M> {
             builder_tx,
             backrun_enabled: config.backrun_enabled,
             builder_backrun_tx,
+            max_backrun_txs: config.max_backrun_txs,
+            max_backrun_gas_limit: config.max_backrun_gas_limit,
         }
     }
 }
 
+fn validate_backrun_bundle_limits(
+    txs_count: usize,
+    total_gas_limit: u64,
+    max_backrun_txs: usize,
+    max_backrun_gas_limit: u64,
+) -> Result<(), String> {
+    if txs_count < 2 {
+        return Err(
+            "Backrun bundle must have at least 2 transactions (target + backrun)".to_string(),
+        );
+    }
+    if txs_count > max_backrun_txs {
+        return Err(format!(
+            "Backrun bundle exceeds max transaction count: {txs_count} > {max_backrun_txs}",
+        ));
+    }
+    if total_gas_limit > max_backrun_gas_limit {
+        return Err(format!(
+            "Backrun bundle exceeds max gas limit: {total_gas_limit} > {max_backrun_gas_limit}",
+        ));
+    }
+    Ok(())
+}
+
 #[async_trait]
 impl<Q: MessageQueue + 'static, M: Mempool + 'static> IngressApiServer for IngressService<Q, M> {
     async fn send_backrun_bundle(&self, bundle: Bundle) -> RpcResult<BundleHash> {
         if !self.backrun_enabled {
-            info!(
-                message = "Backrun bundle submission is disabled",
-                backrun_enabled = self.backrun_enabled
-            );
             return Err(
                 EthApiError::InvalidParams("Backrun bundle submission is disabled".into())
                     .into_rpc_err(),
@@ -149,15 +173,23 @@ impl<Q: MessageQueue + 'static, M: Mempool + 'static> IngressApiServer for Ingre
         let (accepted_bundle, bundle_hash) =
             self.validate_parse_and_meter_bundle(&bundle, false).await?;
 
+        let total_gas_limit: u64 = accepted_bundle.txs.iter().map(|tx| tx.gas_limit()).sum();
+        validate_backrun_bundle_limits(
+            accepted_bundle.txs.len(),
+            total_gas_limit,
+            self.max_backrun_txs,
+            self.max_backrun_gas_limit,
+        )
+        .map_err(|e| EthApiError::InvalidParams(e).into_rpc_err())?;
+
         self.metrics.backrun_bundles_received_total.increment(1);
 
-        if let Err(e) = self.builder_backrun_tx.send(accepted_bundle.clone()) {
-            warn!(
-                message = "Failed to send backrun bundle to builders",
-                bundle_hash = %bundle_hash,
-                error = %e
-            );
-        }
+        self.builder_backrun_tx
+            .send(accepted_bundle.clone())
+            .map_err(|e| {
+                EthApiError::InvalidParams(format!("Failed to send backrun bundle: {e}"))
+                    .into_rpc_err()
+            })?;
 
         self.send_audit_event(&accepted_bundle, bundle_hash);
 
@@ -578,6 +610,8 @@ mod tests {
             raw_tx_forward_rpc: None,
             chain_id: 11,
             user_operation_topic: String::new(),
+            max_backrun_txs: 5,
+            max_backrun_gas_limit: 5000000,
         }
     }
 
@@ -854,4 +888,26 @@ mod tests {
 
         assert!(wrong_user_op_result.is_err());
     }
+
+    #[test]
+    fn test_validate_backrun_bundle_rejects_invalid() {
+        // Too few transactions (need at least 2: target + backrun)
+        let result = validate_backrun_bundle_limits(1, 21000, 5, 5000000);
+        assert!(result.is_err());
+        assert!(result.unwrap_err().contains("at least 2 transactions"));
+
+        // Exceeds max tx count
+        let result = validate_backrun_bundle_limits(6, 21000, 5, 5000000);
+        assert!(result.is_err());
+        assert!(
+            result
+                .unwrap_err()
+                .contains("exceeds max transaction count")
+        );
+
+        // Exceeds max gas limit
+        let result = validate_backrun_bundle_limits(2, 6000000, 5, 5000000);
+        assert!(result.is_err());
+        assert!(result.unwrap_err().contains("exceeds max gas limit"));
+    }
 }
