@aztec/cli 2.1.0-rc.24 → 2.1.0-rc.28

package/src/cmds/validator_keys/new.ts

@@ -0,0 +1,120 @@
+import type { EthAddress } from '@aztec/foundation/eth-address';
+import type { LogFn } from '@aztec/foundation/log';
+import type { AztecAddress } from '@aztec/stdlib/aztec-address';
+
+import { wordlist } from '@scure/bip39/wordlists/english.js';
+import { dirname } from 'path';
+import { generateMnemonic, mnemonicToAccount } from 'viem/accounts';
+
+import {
+  buildValidatorEntries,
+  logValidatorSummaries,
+  maybePrintJson,
+  resolveKeystoreOutputPath,
+  writeBlsBn254ToFile,
+  writeEthJsonV3ToFile,
+  writeKeystoreFile,
+} from './shared.js';
+
+export type NewValidatorKeystoreOptions = {
+  dataDir?: string;
+  file?: string;
+  count?: number;
+  publisherCount?: number;
+  mnemonic?: string;
+  passphrase?: string;
+  accountIndex?: number;
+  addressIndex?: number;
+  separatePublisher?: boolean;
+  ikm?: string;
+  blsPath?: string;
+  blsOnly?: boolean;
+  password?: string;
+  outDir?: string;
+  json?: boolean;
+  feeRecipient: AztecAddress;
+  coinbase?: EthAddress;
+  remoteSigner?: string;
+  fundingAccount?: EthAddress;
+};
+
+export async function newValidatorKeystore(options: NewValidatorKeystoreOptions, log: LogFn) {
+  const {
+    dataDir,
+    file,
+    count,
+    publisherCount = 0,
+    json,
+    coinbase,
+    accountIndex = 0,
+    addressIndex = 0,
+    feeRecipient,
+    remoteSigner,
+    fundingAccount,
+    blsOnly,
+    blsPath,
+    ikm,
+    mnemonic: _mnemonic,
+    password,
+    outDir,
+  } = options;
+
+  if (remoteSigner && !_mnemonic) {
+    throw new Error(
+      'Using --remote-signer requires a deterministic key source. Provide --mnemonic to derive keys, or omit --remote-signer to write new private keys to keystore.',
+    );
+  }
+
+  const mnemonic = _mnemonic ?? generateMnemonic(wordlist);
+
+  const validatorCount = typeof count === 'number' && Number.isFinite(count) && count > 0 ? Math.floor(count) : 1;
+  const { outputPath } = await resolveKeystoreOutputPath(dataDir, file);
+
+  const { validators, summaries } = await buildValidatorEntries({
+    validatorCount,
+    publisherCount,
+    accountIndex,
+    baseAddressIndex: addressIndex,
+    mnemonic,
+    ikm,
+    blsPath,
+    blsOnly,
+    feeRecipient,
+    coinbase,
+    remoteSigner,
+    fundingAccount,
+  });
+
+  // If password provided, write ETH JSON V3 and BLS BN254 keystores and replace plaintext
+  if (password !== undefined) {
+    const keystoreOutDir = outDir && outDir.length > 0 ? outDir : dirname(outputPath);
+    await writeEthJsonV3ToFile(validators, { outDir: keystoreOutDir, password });
+    await writeBlsBn254ToFile(validators, { outDir: keystoreOutDir, password });
+  }
+
+  const keystore = {
+    schemaVersion: 1,
+    validators,
+  };
+
+  await writeKeystoreFile(outputPath, keystore);
+
+  maybePrintJson(log, json, keystore as unknown as Record<string, any>);
+  if (!json) {
+    log(`Wrote validator keystore to ${outputPath}`);
+  }
+
+  // Always print a concise summary of public keys (addresses and BLS pubkeys)
+  logValidatorSummaries(log, summaries);
+
+  if (!blsOnly && mnemonic && remoteSigner) {
+    for (let i = 0; i < validatorCount; i++) {
+      const addrIdx = addressIndex + i;
+      const acct = mnemonicToAccount(mnemonic, {
+        accountIndex,
+        addressIndex: addrIdx,
+      });
+      log(`attester address: ${acct.address} remoteSignerUrl: ${remoteSigner}`);
+    }
+  }
+}

package/src/cmds/validator_keys/shared.ts

@@ -0,0 +1,321 @@
+import { prettyPrintJSON } from '@aztec/cli/utils';
+import { computeBn254G1PublicKeyCompressed, deriveBlsPrivateKey } from '@aztec/foundation/crypto';
+import { createBn254Keystore } from '@aztec/foundation/crypto/bls/bn254_keystore';
+import type { EthAddress } from '@aztec/foundation/eth-address';
+import type { LogFn } from '@aztec/foundation/log';
+import type { EthAccount, EthPrivateKey, ValidatorKeyStore } from '@aztec/node-keystore/types';
+import type { AztecAddress } from '@aztec/stdlib/aztec-address';
+
+import { Wallet } from '@ethersproject/wallet';
+import { constants as fsConstants, mkdirSync } from 'fs';
+import { access, writeFile } from 'fs/promises';
+import { homedir } from 'os';
+import { dirname, isAbsolute, join } from 'path';
+import { mnemonicToAccount } from 'viem/accounts';
+
+export type ValidatorSummary = { attesterEth?: string; attesterBls?: string; publisherEth?: string[] };
+
+export type BuildValidatorsInput = {
+  validatorCount: number;
+  publisherCount?: number;
+  accountIndex: number;
+  baseAddressIndex: number;
+  mnemonic: string;
+  ikm?: string;
+  blsPath?: string;
+  blsOnly?: boolean;
+  feeRecipient: AztecAddress;
+  coinbase?: EthAddress;
+  remoteSigner?: string;
+  fundingAccount?: EthAddress;
+};
+
+export function withValidatorIndex(path: string, index: number) {
+  const parts = path.split('/');
+  if (parts.length >= 4 && parts[0] === 'm' && parts[1] === '12381' && parts[2] === '3600') {
+    parts[3] = String(index);
+    return parts.join('/');
+  }
+  return path;
+}
+
+/**
+ * Compute a compressed BN254 G1 public key from a private key.
+ * @param privateKeyHex - Private key as 0x-prefixed hex string
+ * @returns Compressed G1 point (32 bytes with sign bit in MSB)
+ */
+export async function computeBlsPublicKeyCompressed(privateKeyHex: string): Promise<string> {
+  return await computeBn254G1PublicKeyCompressed(privateKeyHex);
+}
+
+export function deriveEthAttester(
+  mnemonic: string,
+  baseAccountIndex: number,
+  addressIndex: number,
+  remoteSigner?: string,
+): EthAccount | EthPrivateKey {
+  const acct = mnemonicToAccount(mnemonic, { accountIndex: baseAccountIndex, addressIndex });
+  return remoteSigner
+    ? ({ address: acct.address as unknown as EthAddress, remoteSignerUrl: remoteSigner } as EthAccount)
+    : (('0x' + Buffer.from(acct.getHdKey().privateKey!).toString('hex')) as EthPrivateKey);
+}
+
+export async function buildValidatorEntries(input: BuildValidatorsInput) {
+  const {
+    validatorCount,
+    publisherCount = 0,
+    accountIndex,
+    baseAddressIndex,
+    mnemonic,
+    ikm,
+    blsPath,
+    blsOnly,
+    feeRecipient,
+    coinbase,
+    remoteSigner,
+    fundingAccount,
+  } = input;
+
+  const defaultBlsPath = 'm/12381/3600/0/0/0';
+  const summaries: ValidatorSummary[] = [];
+
+  const validators = await Promise.all(
+    Array.from({ length: validatorCount }, async (_unused, i) => {
+      const addressIndex = baseAddressIndex + i;
+      const basePath = blsPath ?? defaultBlsPath;
+      const perValidatorPath = withValidatorIndex(basePath, addressIndex);
+
+      const blsPrivKey = blsOnly || ikm || mnemonic ? deriveBlsPrivateKey(mnemonic, ikm, perValidatorPath) : undefined;
+      const blsPubCompressed = blsPrivKey ? await computeBlsPublicKeyCompressed(blsPrivKey) : undefined;
+
+      if (blsOnly) {
+        const attester = { bls: blsPrivKey! };
+        summaries.push({ attesterBls: blsPubCompressed });
+        return { attester, feeRecipient } as ValidatorKeyStore;
+      }
+
+      const ethAttester = deriveEthAttester(mnemonic, accountIndex, addressIndex, remoteSigner);
+      const attester = blsPrivKey ? { eth: ethAttester, bls: blsPrivKey } : ethAttester;
+
+      let publisherField: EthAccount | EthPrivateKey | (EthAccount | EthPrivateKey)[] | undefined;
+      const publisherAddresses: string[] = [];
+      if (publisherCount > 0) {
+        const publishersBaseIndex = baseAddressIndex + validatorCount + i * publisherCount;
+        const publisherAccounts = Array.from({ length: publisherCount }, (_unused2, j) => {
+          const publisherAddressIndex = publishersBaseIndex + j;
+          const pubAcct = mnemonicToAccount(mnemonic, {
+            accountIndex,
+            addressIndex: publisherAddressIndex,
+          });
+          publisherAddresses.push(pubAcct.address as unknown as string);
+          return remoteSigner
+            ? ({ address: pubAcct.address as unknown as EthAddress, remoteSignerUrl: remoteSigner } as EthAccount)
+            : (('0x' + Buffer.from(pubAcct.getHdKey().privateKey!).toString('hex')) as EthPrivateKey);
+        });
+        publisherField = publisherCount === 1 ? publisherAccounts[0] : publisherAccounts;
+      }
+
+      const acct = mnemonicToAccount(mnemonic, {
+        accountIndex,
+        addressIndex,
+      });
+      const attesterEthAddress = acct.address as unknown as string;
+      summaries.push({
+        attesterEth: attesterEthAddress,
+        attesterBls: blsPubCompressed,
+        publisherEth: publisherAddresses.length > 0 ? publisherAddresses : undefined,
+      });
+
+      return {
+        attester,
+        ...(publisherField !== undefined ? { publisher: publisherField } : {}),
+        feeRecipient,
+        coinbase,
+        fundingAccount,
+      } as ValidatorKeyStore;
+    }),
+  );
+
+  return { validators, summaries };
+}
+
+export async function resolveKeystoreOutputPath(dataDir?: string, file?: string) {
+  const defaultDataDir = join(homedir(), '.aztec', 'keystore');
+  const resolvedDir = dataDir && dataDir.length > 0 ? dataDir : defaultDataDir;
+  let outputPath: string;
+  if (file && file.length > 0) {
+    outputPath = isAbsolute(file) ? file : join(resolvedDir, file);
+  } else {
+    let index = 1;
+    while (true) {
+      const candidate = join(resolvedDir, `key${index}.json`);
+      try {
+        await access(candidate, fsConstants.F_OK);
+        index += 1;
+      } catch {
+        outputPath = candidate;
+        break;
+      }
+    }
+  }
+  return { resolvedDir, outputPath: outputPath! };
+}
+
+export async function writeKeystoreFile(path: string, keystore: unknown) {
+  mkdirSync(dirname(path), { recursive: true });
+  await writeFile(path, JSON.stringify(keystore, null, 2), { encoding: 'utf-8' });
+}
+
+export function logValidatorSummaries(log: LogFn, summaries: ValidatorSummary[]) {
+  const lines: string[] = [];
+  for (let i = 0; i < summaries.length; i++) {
+    const v = summaries[i];
+    lines.push(`acc${i + 1}:`);
+    lines.push(`  attester:`);
+    if (v.attesterEth) {
+      lines.push(`    eth: ${v.attesterEth}`);
+    }
+    if (v.attesterBls) {
+      lines.push(`    bls: ${v.attesterBls}`);
+    }
+    if (v.publisherEth && v.publisherEth.length > 0) {
+      lines.push(`  publisher:`);
+      for (const addr of v.publisherEth) {
+        lines.push(`    - ${addr}`);
+      }
+    }
+  }
+  if (lines.length > 0) {
+    log(lines.join('\n'));
+  }
+}
+
+export function maybePrintJson(log: LogFn, jsonFlag: boolean | undefined, obj: unknown) {
+  if (jsonFlag) {
+    log(prettyPrintJSON(obj as Record<string, any>));
+  }
+}
+
+/**
+ * Writes a BN254 keystore file for a BN254 BLS private key.
+ * Returns the absolute path to the written file.
+ *
+ * @param outDir - Directory to write the keystore file to
+ * @param fileNameBase - Base name for the keystore file (will be sanitized)
+ * @param password - Password for encrypting the private key
+ * @param privateKeyHex - Private key as 0x-prefixed hex string (32 bytes)
+ * @param pubkeyHex - Public key as hex string
+ * @param derivationPath - BIP-44 style derivation path
+ * @returns Absolute path to the written keystore file
+ */
+export async function writeBn254BlsKeystore(
+  outDir: string,
+  fileNameBase: string,
+  password: string,
+  privateKeyHex: string,
+  pubkeyHex: string,
+  derivationPath: string,
+): Promise<string> {
+  mkdirSync(outDir, { recursive: true });
+
+  const keystore = createBn254Keystore(password, privateKeyHex, pubkeyHex, derivationPath);
+
+  const safeBase = fileNameBase.replace(/[^a-zA-Z0-9_-]/g, '_');
+  const outPath = join(outDir, `keystore-${safeBase}.json`);
+  await writeFile(outPath, JSON.stringify(keystore, null, 2), { encoding: 'utf-8' });
+  return outPath;
+}
+
+/** Replace plaintext BLS keys in validators with { path, password } pointing to BN254 keystore files. */
+export async function writeBlsBn254ToFile(
+  validators: ValidatorKeyStore[],
+  options: { outDir: string; password: string },
+): Promise<void> {
+  for (let i = 0; i < validators.length; i++) {
+    const v = validators[i];
+    if (!v || typeof v !== 'object' || !('attester' in v)) {
+      continue;
+    }
+    const att = (v as any).attester;
+
+    // Shapes: { bls: <hex> } or { eth: <ethAccount>, bls?: <hex> } or plain EthAccount
+    const blsKey: string | undefined = typeof att === 'object' && 'bls' in att ? (att as any).bls : undefined;
+    if (!blsKey || typeof blsKey !== 'string') {
+      continue;
+    }
+
+    const pub = await computeBlsPublicKeyCompressed(blsKey);
+    const path = 'm/12381/3600/0/0/0';
+    const fileBase = `${String(i + 1)}_${pub.slice(2, 18)}`;
+    const keystorePath = await writeBn254BlsKeystore(options.outDir, fileBase, options.password, blsKey, pub, path);
+
+    if (typeof att === 'object') {
+      (att as any).bls = { path: keystorePath, password: options.password };
+    }
+  }
+}
+
+/** Writes an Ethereum JSON V3 keystore using ethers, returns absolute path */
+export async function writeEthJsonV3Keystore(
+  outDir: string,
+  fileNameBase: string,
+  password: string,
+  privateKeyHex: string,
+): Promise<string> {
+  const safeBase = fileNameBase.replace(/[^a-zA-Z0-9_-]/g, '_');
+  mkdirSync(outDir, { recursive: true });
+  const wallet = new Wallet(privateKeyHex);
+  const json = await wallet.encrypt(password);
+  const outPath = join(outDir, `keystore-eth-${safeBase}.json`);
+  await writeFile(outPath, json, { encoding: 'utf-8' });
+  return outPath;
+}
+
+/** Replace plaintext ETH keys in validators with { path, password } pointing to JSON V3 files. */
+export async function writeEthJsonV3ToFile(
+  validators: ValidatorKeyStore[],
+  options: { outDir: string; password: string },
+): Promise<void> {
+  const maybeEncryptEth = async (account: any, label: string) => {
+    if (typeof account === 'string' && account.startsWith('0x') && account.length === 66) {
+      const fileBase = `${label}_${account.slice(2, 10)}`;
+      const p = await writeEthJsonV3Keystore(options.outDir, fileBase, options.password, account);
+      return { path: p, password: options.password };
+    }
+    return account;
+  };
+
+  for (let i = 0; i < validators.length; i++) {
+    const v = validators[i];
+    if (!v || typeof v !== 'object') {
+      continue;
+    }
+
+    // attester may be string (eth), object with eth, or remote signer
+    const att = (v as any).attester;
+    if (typeof att === 'string') {
+      (v as any).attester = await maybeEncryptEth(att, `attester_${i + 1}`);
+    } else if (att && typeof att === 'object' && 'eth' in att) {
+      (att as any).eth = await maybeEncryptEth((att as any).eth, `attester_${i + 1}`);
+    }
+
+    // publisher can be single or array
+    if ('publisher' in v) {
+      const pub = (v as any).publisher;
+      if (Array.isArray(pub)) {
+        const out: any[] = [];
+        for (let j = 0; j < pub.length; j++) {
+          out.push(await maybeEncryptEth(pub[j], `publisher_${i + 1}_${j + 1}`));
+        }
+        (v as any).publisher = out;
+      } else if (pub !== undefined) {
+        (v as any).publisher = await maybeEncryptEth(pub, `publisher_${i + 1}`);
+      }
+    }
+
+    // Optional fundingAccount within validator
+    if ('fundingAccount' in v) {
+      (v as any).fundingAccount = await maybeEncryptEth((v as any).fundingAccount, `funding_${i + 1}`);
+    }
+  }
+}

package/src/config/chain_l2_config.ts

@@ -152,11 +152,10 @@ export const stagingIgnitionL2ChainConfig: L2ChainConfig = {
   activationThreshold: 200_000n * 10n ** 18n,
   localEjectionThreshold: 196_000n * 10n ** 18n,
 
-  governanceProposerRoundSize: 300, // TODO TMNT-322
-  governanceProposerQuorum: 151, // TODO TMNT-322
+  governanceProposerRoundSize: 300,
+  governanceProposerQuorum: 151,
 
   // Node slashing config
-  // TODO TMNT-330
   slashMinPenaltyPercentage: 0.5,
   slashMaxPenaltyPercentage: 2.0,
   slashInactivityTargetPercentage: 0.7,
@@ -252,40 +251,69 @@ export const testnetL2ChainConfig: L2ChainConfig = {
   skipArchiverInitialSync: true,
   blobAllowEmptySources: true,
 
-  // Deployment stuff
   /** How many seconds an L1 slot lasts. */
   ethereumSlotDuration: 12,
   /** How many seconds an L2 slots lasts (must be multiple of ethereum slot duration). */
-  aztecSlotDuration: 36,
+  aztecSlotDuration: 72,
   /** How many L2 slots an epoch lasts. */
   aztecEpochDuration: 32,
   /** The target validator committee size. */
-  aztecTargetCommitteeSize: 48,
+  aztecTargetCommitteeSize: 24,
   /** The number of epochs to lag behind the current epoch for validator selection. */
   lagInEpochs: 2,
   /** The number of epochs after an epoch ends that proofs are still accepted. */
   aztecProofSubmissionEpochs: 1,
-  /** The deposit amount for a validator */
-  activationThreshold: DefaultL1ContractsConfig.activationThreshold,
-  /** The minimum stake for a validator. */
-  ejectionThreshold: DefaultL1ContractsConfig.ejectionThreshold,
-  /** The local ejection threshold for a validator. Stricter than ejectionThreshold but local to a specific rollup */
-  localEjectionThreshold: DefaultL1ContractsConfig.localEjectionThreshold,
-  /** The slashing round size */
-  slashingRoundSizeInEpochs: DefaultL1ContractsConfig.slashingRoundSizeInEpochs,
-  /** Governance proposing round size */
-  governanceProposerRoundSize: DefaultL1ContractsConfig.governanceProposerRoundSize,
+
+  // This is a diff from mainnet: we have 2-strikes you're out, rather than 3 on mainnet.
+  localEjectionThreshold: 198_000n * 10n ** 18n,
+  /** How many sequencers must agree with a slash for it to be executed. */
+  slashingQuorum: 65,
+  slashingRoundSizeInEpochs: 4,
+  slashingExecutionDelayInRounds: 28,
+  slashingLifetimeInRounds: 34,
+  slashingVetoer: EthAddress.fromString('0xBbB4aF368d02827945748b28CD4b2D42e4A37480'),
+  slashingOffsetInRounds: 2,
+
+  slashingDisableDuration: 259_200, // 3 days
+  slasherFlavor: 'tally',
+
+  slashAmountSmall: 2_000n * 10n ** 18n,
+  slashAmountMedium: 2_000n * 10n ** 18n,
+  slashAmountLarge: 2_000n * 10n ** 18n,
+
   /** The mana target for the rollup */
   manaTarget: 0n,
+
   /** The proving cost per mana */
-  provingCostPerMana: DefaultL1ContractsConfig.provingCostPerMana,
-  /** Exit delay for stakers */
-  exitDelaySeconds: DefaultL1ContractsConfig.exitDelaySeconds,
+  provingCostPerMana: 0n,
 
-  ...DefaultSlashConfig,
-  slashPrunePenalty: 0n,
-  slashDataWithholdingPenalty: 0n,
-  slashInactivityPenalty: DefaultL1ContractsConfig.slashAmountMedium,
+  exitDelaySeconds: 4 * 24 * 60 * 60, // 4 days
+
+  activationThreshold: 200_000n * 10n ** 18n,
+  ejectionThreshold: 100_000n * 10n ** 18n,
+
+  governanceProposerRoundSize: 300,
+  governanceProposerQuorum: 151,
+
+  // Node slashing config
+  slashInactivityTargetPercentage: 0.8,
+  slashInactivityConsecutiveEpochThreshold: 2,
+  slashInactivityPenalty: 2_000n * 10n ** 18n,
+  slashPrunePenalty: 0n, // 2_000n * 10n ** 18n, We disable slashing for prune offenses right now
+  slashDataWithholdingPenalty: 0n, // 2_000n * 10n ** 18n, We disable slashing for data withholding offenses right now
+  slashProposeInvalidAttestationsPenalty: 2_000n * 10n ** 18n,
+  slashAttestDescendantOfInvalidPenalty: 2_000n * 10n ** 18n,
+  slashUnknownPenalty: 2_000n * 10n ** 18n,
+  slashBroadcastedInvalidBlockPenalty: 2_000n * 10n ** 18n, // 10_000n * 10n ** 18n, Disabled for now until further testing
+  slashGracePeriodL2Slots: 1_200, // One day from deployment
+  slashOffenseExpirationRounds: 8,
+
+  slashMinPenaltyPercentage: 0.5,
+  slashMaxPenaltyPercentage: 2.0,
+  slashMaxPayloadSize: 50,
+  slashExecuteRoundsLookBack: 4,
+
+  sentinelEnabled: true,
 
   ...DefaultNetworkDBMapSizeConfig,
 };
@@ -321,54 +349,57 @@ export const mainnetL2ChainConfig: L2ChainConfig = {
   lagInEpochs: 2,
   /** The number of epochs after an epoch ends that proofs are still accepted. */
   aztecProofSubmissionEpochs: 1,
+
+  localEjectionThreshold: 196_000n * 10n ** 18n,
   /** How many sequencers must agree with a slash for it to be executed. */
   slashingQuorum: 65,
-
   slashingRoundSizeInEpochs: 4,
-  slashingLifetimeInRounds: 40,
   slashingExecutionDelayInRounds: 28,
-  slashingDisableDuration: 5 * 24 * 60 * 60, // 5 days in seconds
-  slashAmountSmall: 2_000n * 10n ** 18n,
-  slashAmountMedium: 10_000n * 10n ** 18n,
-  slashAmountLarge: 50_000n * 10n ** 18n,
+  slashingLifetimeInRounds: 34,
+  slashingVetoer: EthAddress.ZERO, // TODO TMNT-329
   slashingOffsetInRounds: 2,
+
+  slashingDisableDuration: 259_200, // 3 days
   slasherFlavor: 'tally',
-  slashingVetoer: EthAddress.ZERO, // TODO TMNT-329
+
+  slashAmountSmall: 2_000n * 10n ** 18n,
+  slashAmountMedium: 2_000n * 10n ** 18n,
+  slashAmountLarge: 2_000n * 10n ** 18n,
 
   /** The mana target for the rollup */
   manaTarget: 0n,
 
-  exitDelaySeconds: 5 * 24 * 60 * 60,
-
   /** The proving cost per mana */
   provingCostPerMana: 0n,
 
-  ejectionThreshold: 100_000n * 10n ** 18n,
+  exitDelaySeconds: 4 * 24 * 60 * 60, // 4 days
+
   activationThreshold: 200_000n * 10n ** 18n,
-  localEjectionThreshold: 196_000n * 10n ** 18n,
+  ejectionThreshold: 100_000n * 10n ** 18n,
 
-  governanceProposerRoundSize: 300, // TODO TMNT-322
-  governanceProposerQuorum: 151, // TODO TMNT-322
+  governanceProposerRoundSize: 1000,
+  governanceProposerQuorum: 600,
 
   // Node slashing config
-  // TODO TMNT-330
-  slashMinPenaltyPercentage: 0.5,
-  slashMaxPenaltyPercentage: 2.0,
-  slashInactivityTargetPercentage: 0.7,
+  slashInactivityTargetPercentage: 0.8,
   slashInactivityConsecutiveEpochThreshold: 2,
   slashInactivityPenalty: 2_000n * 10n ** 18n,
   slashPrunePenalty: 0n, // 2_000n * 10n ** 18n, We disable slashing for prune offenses right now
   slashDataWithholdingPenalty: 0n, // 2_000n * 10n ** 18n, We disable slashing for data withholding offenses right now
-  slashProposeInvalidAttestationsPenalty: 50_000n * 10n ** 18n,
-  slashAttestDescendantOfInvalidPenalty: 50_000n * 10n ** 18n,
+  slashProposeInvalidAttestationsPenalty: 2_000n * 10n ** 18n,
+  slashAttestDescendantOfInvalidPenalty: 2_000n * 10n ** 18n,
   slashUnknownPenalty: 2_000n * 10n ** 18n,
-  slashBroadcastedInvalidBlockPenalty: 0n, // 10_000n * 10n ** 18n, Disabled for now until further testing
-  slashMaxPayloadSize: 50,
-  slashGracePeriodL2Slots: 32 * 4, // One round from genesis
+  slashBroadcastedInvalidBlockPenalty: 2_000n * 10n ** 18n, // 10_000n * 10n ** 18n, Disabled for now until further testing
+  slashGracePeriodL2Slots: 1_200, // One day from deployment
   slashOffenseExpirationRounds: 8,
-  sentinelEnabled: true,
+
+  slashMinPenaltyPercentage: 0.5,
+  slashMaxPenaltyPercentage: 2.0,
+  slashMaxPayloadSize: 50,
   slashExecuteRoundsLookBack: 4,
 
+  sentinelEnabled: true,
+
   ...DefaultNetworkDBMapSizeConfig,
 };