Skip to main content
The --l1-trust-rpc and --l2-trust-rpc flags control whether Kona performs additional verification on RPC responses to protect against malicious or faulty RPC providers. This guide helps you choose the right setting for your infrastructure and shows how to configure it.

Trust Modes

Default Behavior (trust enabled, true):
  • No additional block hash verification is performed
  • Optimized for performance
  • Suitable for local nodes and trusted infrastructure
  • Assumes the RPC provider is reliable and honest
Verification Mode (trust disabled, false):
  • All fetched blocks have their hashes verified against the requested hashes
  • Protects against malicious RPC providers returning incorrect blocks
  • Recommended for public or third-party RPC endpoints
  • Small performance overhead due to hash verification

Examples

Using trusted local RPCs (default):
Using untrusted public RPCs:
Mixed trust configuration:

Security Recommendations

  1. Local Infrastructure: Keep the default true setting for RPCs you control
  2. Public RPCs: Always set --trust-rpc false when using third-party endpoints
  3. Shared Infrastructure: Consider setting --trust-rpc false as a precaution
  4. Performance Testing: The verification overhead is minimal but can be measured in high-throughput scenarios

Next Steps