--l1-trust-rpc and --l2-trust-rpc flags control whether Kona performs additional verification on RPC responses to protect against malicious or faulty RPC providers. This guide helps you choose the right setting for your infrastructure and shows how to configure it.
Trust Modes
Default Behavior (trust enabled,true):
- No additional block hash verification is performed
- Optimized for performance
- Suitable for local nodes and trusted infrastructure
- Assumes the RPC provider is reliable and honest
false):
- All fetched blocks have their hashes verified against the requested hashes
- Protects against malicious RPC providers returning incorrect blocks
- Recommended for public or third-party RPC endpoints
- Small performance overhead due to hash verification
Examples
Using trusted local RPCs (default):Security Recommendations
- Local Infrastructure: Keep the default
truesetting for RPCs you control - Public RPCs: Always set
--trust-rpc falsewhen using third-party endpoints - Shared Infrastructure: Consider setting
--trust-rpc falseas a precaution - Performance Testing: The verification overhead is minimal but can be measured in high-throughput scenarios
Next Steps
- Both flags are catalogued with the rest of the node’s options in the Kona node CLI reference.
- To get a node running end to end, follow the binary guide or the Docker guide.