Ignore verify blob proof

[curryxbo]

Summary by CodeRabbit

• Bug Fixes
  • Disabled blob verification in rollup data processing to streamline data handling.

[coderabbitai]

Walkthrough

A blob proof verification call in the fetchRollupDataByTxHash function has been commented out. Previously, the function verified blob proofs and logged errors on verification failure; the verification step is now bypassed, though blob addition to the sidecar remains intact.

Changes

Cohort / File(s)	Summary
Blob verification bypass node/derivation/derivation.go	Commented out VerifyBlobProof call in fetchRollupDataByTxHash, removing blob proof verification and associated error handling

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Attention area: Clarify rationale for disabling blob proof verification—confirm this is intentional and understand security/performance implications of bypassing this check
• Single-file scope: Change is localized to one function, simplifying review scope

Possibly related PRs

• Get all blobs corresponding to this timestamp when filter failed #745: Modifies blob handling in fetchRollupDataByTxHash and blob sidecar retrieval/verification logic in the same file
• When not found blob return error #753: Adjusts blob-handling control flow in fetchRollupDataByTxHash and modifies match-checking and error return behavior

Suggested labels

validator

Suggested reviewers

• FletcherMan

Poem

🐰 A blob proof once guarded the way,
But now rests in comments, tucked away,
We trust the chain to carry us through,
No verification—just push it on through! 💫

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly reflects the main change: commenting out the blob verification call in fetchRollupDataByTxHash to bypass VerifyBlobProof.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ignoreVerifyBlob

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 415ca28 and 6277d66.

📒 Files selected for processing (1)

• node/derivation/derivation.go (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: test
• GitHub Check: test
• GitHub Check: Analyze (rust)
• GitHub Check: Analyze (rust)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Critical: Blob proof verification has been disabled without justification.

Commenting out VerifyBlobProof bypasses the cryptographic validation that ensures blob data matches its KZG commitment. This verification is fundamental to EIP-4844 blob security and data availability guarantees in rollup systems.

Without verification, the system will accept:

• Corrupted blob data
• Malicious or tampered blobs
• Data that doesn't match the commitment hash

This could lead to state corruption, consensus failures, or security vulnerabilities in the rollup derivation process.

Required actions:

1. Provide clear justification for why verification is being disabled
2. If this is temporary (debugging/testing), add a TODO comment with a tracking issue
3. Consider using a feature flag if verification needs to be optionally disabled
4. Otherwise, restore the verification call immediately

If there's a legitimate reason for this change (e.g., verification is redundant due to upstream checks), please document it clearly in the code and PR description.

🤖 Prompt for AI Agents

node/derivation/derivation.go lines 362-365: the call to VerifyBlobProof was
commented out, disabling required KZG blob verification; restore the
VerifyBlobProof call as originally implemented so blobs are cryptographically
validated and log+continue on error, or if verification must be disabled
temporarily add a clear TODO with a tracking issue number and a short
justification comment; if you need opt-out behavior make it behind a feature
flag/config (default enabled) and gate the VerifyBlobProof call accordingly,
ensuring any removal or bypass is documented in the PR description and code
comments.