I propose Option 2 for its flexiblity

Agreed Option 2 is best :) A nice-to-have goal is for the optimistic relay code to be upstreamed to https://github.com/flashbots/mev-boost-relay, and for that we should avoid redefining things like HighPrio.

Great work! I also agree on option 2.

One question about point 2 of the implementation: I'm assuming the OptimisticBlock channel would still only talk to the prio-load-balancer (when enabled), and not to the block validation nodes directly?

I'm also wondering if there's a possible edge case where there are optimistic blocks buffered in memory when the service is shut down (can happen whenever), and we end up never validating them. The worst-case block validation time can reach up to 6s. 95th percentile is way lower, but the distribution has a very long right tail so it does happen. Just thinking out loud.

Excited to see this idea come to life :)

Ok I added more to this implementation. I break down the changes into 3 main sequences:

a) Block Submission Flow
b) Optimistic Block Processing
c) Block Proposal Flow

I will describe each of these in more detail and the changes required for them.

0. Block builders submit blocks to the Builder API endpoint of the relay.
1. The block builder API goroutine fetches the status of the block builder from redis.
2. Based on the status of the builder, 3 paths can be taken.
   a. if the builder is in optimistic mode, send the block to the Optimistic Block Channel.
   b. if the builder is in high prio mode, send the block to the prio-load-balancer.
   c. if the builder is in low prio mode, send the block to the prio-load-balancer.
3. If the builder in not in optimistic mode, wait until the block has been successfully simulated on the validation nodes.
4. Update the builders current bid in redis.

Notice that for builders in optimistic mode, we update the bid after sending the block to the Optimistic Block Channel, without validating it. This is where the improved performance can be achieved.

0. The OptimisticBlockProcessor receives a block from the Optimistic Block Channel (this happens in a different goroutine than the Builder API).
1. The OptimisticBlockProcessor sends the block as high prio to the prio-load-balancer.
2. The block is simulated on the validating nodes, and the status is returned to the OptimisticBlockProcessor.
3. If the simulation is failed, the status of the builder is updated to no longer be Optimistic (currently I am setting it as low prio).

This goroutine handles the simulation of all the blocks that we optimistically skipped in the Block Submission Flow. If we determine that a builder submitted an invalid block, we change their status and stop optimistically handling their blocks.

0. mev-boost calls getHeader on the Proposer API of the relay. This is part of the MEV-Block Block Proposal as documented in https://docs.flashbots.net/flashbots-mev-boost/architecture-overview/block-proposal.
1. mev-boost calls getPayload on the Proposer API of the relay. This triggers the publication of a SignedBeaconBlock.
2. In a separate goroutine, the Proposer API sends the block that was just proposed to the prio-load-balancer.
3. The block is simulated using the validation nodes and the status is returned to the Proposer API.
4. If the block simulation failed, that means we need to refund the proposer. We insert a new row into the ProposerRefundTable with the details of the bid and the SignedBlindedBlock, which contains enough information to confirm that the refund is owed.

This flow represents the process of checking if our optimistic block processing ever results in a validator submitting an invalid block. Since block builders will post collateral, this will be used to reimburse the validator. Since refunds should be a relatively rare event, we plan on handling them manually when they occur.

based on the advice of @JustinDrake, I added a check for the amount of collateral from the Builder, which is set in the database and redis. If their collateral is less than a block that the propose, then we fall back to high prio queue for that block. I chose to make this state change not permanent, because they might have just found one really profitable block, and it could turn out to be correct, so we shouldn't penalize them just because their collateral can't cover the block value.

I am going to create a state machine diagram outlining the status and collateral fields of the builder in the redis cache and the db.

One open question is how we get the redis cache updated with the collatoral values we set in the DB. Still need to iron this out a bit.

also an additional note about the DB. It seems like the migration code is in place so that people who are already running the relay can include upstream changes and the DB can remain in place while just changing the fields. I modified the 001-initdb file directly, which would make these changes incompatible with relays that are already running. This might be something that we want to consider refactoring to make this backwards compatible, but the migration logic would be non-trivial. (e.g., we need to update the builder status based on the values of the existing rows rather than just dropping the column and adding a new one).

OK another rather large structural change in: 3a37075

0. Add a field called collateral_id to the BlockBuilder table. We will use this to identify builders that use multiple builder pubkeys, but want to have the same collateral backstopping them.
1. Add GetBlockBuildersFromCollateralID to the DB service which fetches all the builder pubkeys that have the same collateral id.
2. Add demoteBuildersCollateralID to the API service which uses a single builder pubkey to fetch all pubkeys that share a collateral id and demotes them in both redis and the db.
3. Call demoteBuildersCollateralID from startOptimisticBlockProcessor and handleGetPayload if the simulation fails in either case.