@aztec/foundation 4.0.0-devnet.2-patch.3 → 4.0.0-devnet.3-patch.0

package/src/config/index.ts

@@ -177,6 +177,21 @@ export function bigintConfigHelper(defaultVal?: bigint): Pick<ConfigMapping, 'pa
       if (val === '') {
         return defaultVal;
       }
+      // Handle scientific notation (e.g. "1e+23", "2E23") which BigInt() doesn't accept directly.
+      // We parse it losslessly using bigint arithmetic instead of going through float64.
+      if (/[eE]/.test(val)) {
+        const match = val.match(/^(-?\d+(?:\.(\d+))?)[eE]([+-]?\d+)$/);
+        if (!match) {
+          throw new Error(`Cannot convert '${val}' to a BigInt`);
+        }
+        const digits = match[1].replace('.', '');
+        const decimalPlaces = match[2]?.length ?? 0;
+        const exponent = parseInt(match[3], 10) - decimalPlaces;
+        if (exponent < 0) {
+          throw new Error(`Cannot convert '${val}' to a BigInt: result is not an integer`);
+        }
+        return BigInt(digits) * 10n ** BigInt(exponent);
+      }
       return BigInt(val);
     },
     defaultValue: defaultVal,

package/src/config/network_config.ts

@@ -5,10 +5,13 @@ export const NetworkConfigSchema = z
     bootnodes: z.array(z.string()),
     snapshots: z.array(z.string()),
     blobFileStoreUrls: z.array(z.string()).optional(),
+    txCollectionFileStoreUrls: z.array(z.string()).optional(),
     registryAddress: z.string(),
     feeAssetHandlerAddress: z.string().optional(),
     l1ChainId: z.number(),
     blockDurationMs: z.number().positive().optional(),
+    nodeVersion: z.string().optional(),
+    txPublicSetupAllowListExtend: z.string().optional(),
   })
   .passthrough(); // Allow additional unknown fields to pass through
 

package/src/config/network_name.ts

@@ -5,8 +5,7 @@ export type NetworkNames =
   | 'testnet'
   | 'mainnet'
   | 'next-net'
-  | 'devnet'
-  | `v${number}-devnet-${number}`;
+  | 'devnet';
 
 export function getActiveNetworkName(name?: string): NetworkNames {
   const network = name || process.env.NETWORK;
@@ -24,8 +23,6 @@ export function getActiveNetworkName(name?: string): NetworkNames {
     return 'next-net';
   } else if (network === 'devnet') {
     return 'devnet';
-  } else if (/^v\d+-devnet-\d+$/.test(network)) {
-    return network as `v${number}-devnet-${number}`;
   }
   throw new Error(`Unknown network: ${network}`);
 }

package/src/crypto/poseidon/index.ts

@@ -1,21 +1,35 @@
-import { BarretenbergSync } from '@aztec/bb.js';
+import { Barretenberg, BarretenbergSync } from '@aztec/bb.js';
 
 import { Fr } from '../../curves/bn254/field.js';
 import { type Fieldable, serializeToFields } from '../../serialize/serialize.js';
 
+const IS_BROWSER = typeof self !== 'undefined';
+
+async function poseidon2HashFields(inputFields: Fr[]): Promise<Fr> {
+  if (IS_BROWSER) {
+    await BarretenbergSync.initSingleton();
+    const api = BarretenbergSync.getSingleton();
+    const response = api.poseidon2Hash({
+      inputs: inputFields.map(i => i.toBuffer()),
+    });
+    return Fr.fromBuffer(Buffer.from(response.hash));
+  } else {
+    await Barretenberg.initSingleton();
+    const api = Barretenberg.getSingleton();
+    const response = await api.poseidon2Hash({
+      inputs: inputFields.map(i => i.toBuffer()),
+    });
+    return Fr.fromBuffer(Buffer.from(response.hash));
+  }
+}
+
 /**
  * Create a poseidon hash (field) from an array of input fields.
  * @param input - The input fields to hash.
  * @returns The poseidon hash.
  */
-export async function poseidon2Hash(input: Fieldable[]): Promise<Fr> {
-  const inputFields = serializeToFields(input);
-  await BarretenbergSync.initSingleton();
-  const api = BarretenbergSync.getSingleton();
-  const response = api.poseidon2Hash({
-    inputs: inputFields.map(i => i.toBuffer()),
-  });
-  return Fr.fromBuffer(Buffer.from(response.hash));
+export function poseidon2Hash(input: Fieldable[]): Promise<Fr> {
+  return poseidon2HashFields(serializeToFields(input));
 }
 
 /**
@@ -24,15 +38,10 @@ export async function poseidon2Hash(input: Fieldable[]): Promise<Fr> {
  * @param separator - The domain separator.
  * @returns The poseidon hash.
  */
-export async function poseidon2HashWithSeparator(input: Fieldable[], separator: number): Promise<Fr> {
+export function poseidon2HashWithSeparator(input: Fieldable[], separator: number): Promise<Fr> {
   const inputFields = serializeToFields(input);
   inputFields.unshift(new Fr(separator));
-  await BarretenbergSync.initSingleton();
-  const api = BarretenbergSync.getSingleton();
-  const response = api.poseidon2Hash({
-    inputs: inputFields.map(i => i.toBuffer()),
-  });
-  return Fr.fromBuffer(Buffer.from(response.hash));
+  return poseidon2HashFields(inputFields);
 }
 
 /**
@@ -42,19 +51,24 @@ export async function poseidon2HashWithSeparator(input: Fieldable[], separator:
  */
 export async function poseidon2Permutation(input: Fieldable[]): Promise<Fr[]> {
   const inputFields = serializeToFields(input);
-  // We'd like this assertion but it's not possible to use it in the browser.
-  // assert(input.length === 4, 'Input state must be of size 4');
-  await BarretenbergSync.initSingleton();
-  const api = BarretenbergSync.getSingleton();
-  const response = api.poseidon2Permutation({
-    inputs: inputFields.map(i => i.toBuffer()),
-  });
-  // We'd like this assertion but it's not possible to use it in the browser.
-  // assert(response.outputs.length === 4, 'Output state must be of size 4');
-  return response.outputs.map(o => Fr.fromBuffer(Buffer.from(o)));
+  if (IS_BROWSER) {
+    await BarretenbergSync.initSingleton();
+    const api = BarretenbergSync.getSingleton();
+    const response = api.poseidon2Permutation({
+      inputs: inputFields.map(i => i.toBuffer()),
+    });
+    return response.outputs.map(o => Fr.fromBuffer(Buffer.from(o)));
+  } else {
+    await Barretenberg.initSingleton();
+    const api = Barretenberg.getSingleton();
+    const response = await api.poseidon2Permutation({
+      inputs: inputFields.map(i => i.toBuffer()),
+    });
+    return response.outputs.map(o => Fr.fromBuffer(Buffer.from(o)));
+  }
 }
 
-export async function poseidon2HashBytes(input: Buffer): Promise<Fr> {
+export function poseidon2HashBytes(input: Buffer): Promise<Fr> {
   const inputFields = [];
   for (let i = 0; i < input.length; i += 31) {
     const fieldBytes = Buffer.alloc(32, 0);
@@ -65,11 +79,5 @@ export async function poseidon2HashBytes(input: Buffer): Promise<Fr> {
     inputFields.push(Fr.fromBuffer(fieldBytes));
   }
 
-  await BarretenbergSync.initSingleton();
-  const api = BarretenbergSync.getSingleton();
-  const response = api.poseidon2Hash({
-    inputs: inputFields.map(i => i.toBuffer()),
-  });
-
-  return Fr.fromBuffer(Buffer.from(response.hash));
+  return poseidon2HashFields(inputFields);
 }

package/src/crypto/secp256k1-signer/utils.ts

@@ -210,3 +210,35 @@ export function recoverPublicKey(hash: Buffer32, signature: Signature, opts: Rec
   const publicKey = sig.recoverPublicKey(hash.buffer).toHex(false);
   return Buffer.from(publicKey, 'hex');
 }
+
+/** Arbitrary hash used for testing signature recoverability. */
+const PROBE_HASH = Buffer32.fromBuffer(keccak256(Buffer.from('signature-recoverability-probe')));
+
+/**
+ * Generates a random valid ECDSA signature that is recoverable to some address.
+ * Since Signature.random() produces real signatures via secp256k1 signing, the result is always
+ * recoverable, but we verify defensively by checking tryRecoverAddress.
+ */
+export function generateRecoverableSignature(): Signature {
+  for (let i = 0; i < 100; i++) {
+    const sig = Signature.random();
+    if (tryRecoverAddress(PROBE_HASH, sig) !== undefined) {
+      return sig;
+    }
+  }
+  throw new Secp256k1Error('Failed to generate a recoverable signature after 100 attempts');
+}
+
+/**
+ * Generates a random signature where ECDSA address recovery fails.
+ * Uses random r/s values (not from real signing) so that r is unlikely to be a valid secp256k1 x-coordinate.
+ */
+export function generateUnrecoverableSignature(): Signature {
+  for (let i = 0; i < 100; i++) {
+    const sig = new Signature(Buffer32.random(), Buffer32.random(), 27);
+    if (tryRecoverAddress(PROBE_HASH, sig) === undefined) {
+      return sig;
+    }
+  }
+  throw new Secp256k1Error('Failed to generate an unrecoverable signature after 100 attempts');
+}

package/src/curves/bn254/field.ts

@@ -118,14 +118,18 @@ abstract class BaseField {
   }
 
   cmp(rhs: BaseField): -1 | 0 | 1 {
-    const rhsBigInt = rhs.asBigInt;
-    return this.asBigInt === rhsBigInt ? 0 : this.asBigInt < rhsBigInt ? -1 : 1;
+    return BaseField.cmpAsBigInt(this.asBigInt, rhs.asBigInt);
   }
 
   static cmp(lhs: BaseField, rhs: BaseField): -1 | 0 | 1 {
     return lhs.cmp(rhs);
   }
 
+  // Actual bigint comparison. Arguments must have been validated previously.
+  static cmpAsBigInt(lhs: bigint, rhs: bigint): -1 | 0 | 1 {
+    return lhs === rhs ? 0 : lhs < rhs ? -1 : 1;
+  }
+
   isZero(): boolean {
     return this.asBigInt === 0n;
   }

package/src/curves/grumpkin/point.ts

@@ -65,7 +65,7 @@ export class Point {
   }
 
   /**
-   * Generate a random Point instance.
+   * Generate a random Point instance that is on the curve.
    *
    * @returns A randomly generated Point instance.
    */

package/src/eth-signature/eth_signature.ts

@@ -1,8 +1,10 @@
 import { Buffer32 } from '@aztec/foundation/buffer';
 import { BufferReader, serializeToBuffer } from '@aztec/foundation/serialize';
 
+import { secp256k1 } from '@noble/curves/secp256k1';
 import { z } from 'zod';
 
+import { randomBytes } from '../crypto/random/index.js';
 import { hasHexPrefix, hexToBuffer } from '../string/index.js';
 
 /**
@@ -77,8 +79,12 @@ export class Signature {
     return new Signature(Buffer32.fromBuffer(hexToBuffer(sig.r)), Buffer32.fromBuffer(hexToBuffer(sig.s)), sig.yParity);
   }
 
+  /** Generates a random valid ECDSA signature with a low s-value by signing a random message with a random key. */
   static random(): Signature {
-    return new Signature(Buffer32.random(), Buffer32.random(), 1);
+    const privateKey = randomBytes(32);
+    const message = randomBytes(32);
+    const { r, s, recovery } = secp256k1.sign(message, privateKey);
+    return new Signature(Buffer32.fromBigInt(r), Buffer32.fromBigInt(s), recovery ? 28 : 27);
   }
 
   static empty(): Signature {

package/src/log/bigint-utils.ts

@@ -11,6 +11,9 @@ export function convertBigintsToStrings(obj: unknown): unknown {
   }
 
   if (obj !== null && typeof obj === 'object') {
+    if (typeof (obj as any).toJSON === 'function') {
+      return convertBigintsToStrings((obj as any).toJSON());
+    }
     const result: Record<string, unknown> = {};
     for (const key in obj) {
       result[key] = convertBigintsToStrings((obj as Record<string, unknown>)[key]);

package/src/schemas/api.ts

@@ -37,7 +37,10 @@ export type ApiSchema = {
 };
 
 /** Return whether an API schema defines a valid function schema for a given method name. */
-export function schemaHasMethod(schema: ApiSchema, methodName: string) {
+export function schemaHasMethod<T extends ApiSchema>(
+  schema: T,
+  methodName: string,
+): methodName is Extract<keyof T, string> {
   return (
     typeof methodName === 'string' &&
     Object.hasOwn(schema, methodName) &&

package/src/serialize/buffer_reader.ts

@@ -286,16 +286,39 @@ export class BufferReader {
   }
 
   /**
-   * Read an array of a fixed size with elements of type T from the buffer.
-   * The 'itemDeserializer' object should have a 'fromBuffer' method that takes a BufferReader instance as input,
-   * and returns an instance of the desired deserialized data type T.
-   * This method will call the 'fromBuffer' method for each element in the array and return the resulting array.
+   * Read an array from the buffer using lazy allocation (new Array + loop).
+   * Safe for use with untrusted sizes — does not pre-allocate memory proportional to size.
    *
-   * @param size - The fixed number of elements in the array.
+   * @param size - The number of elements to read.
    * @param itemDeserializer - An object with a 'fromBuffer' method to deserialize individual elements of type T.
    * @returns An array of instances of type T.
    */
-  public readArray<T, N extends number>(
+  public readArray<T>(
+    size: number,
+    itemDeserializer: {
+      /**
+       * A function for deserializing data from a BufferReader instance.
+       */
+      fromBuffer: (reader: BufferReader) => T;
+    },
+  ): T[] {
+    const result = new Array<T>(size);
+    for (let i = 0; i < size; i++) {
+      result[i] = itemDeserializer.fromBuffer(this);
+    }
+    return result;
+  }
+
+  /**
+   * Read a fixed-size tuple from the buffer using dense allocation (Array.from).
+   * Only use with compile-time constant sizes — the size parameter MUST NOT come from untrusted input
+   * as Array.from pre-allocates memory proportional to size.
+   *
+   * @param size - The fixed number of elements (must be a compile-time constant).
+   * @param itemDeserializer - An object with a 'fromBuffer' method to deserialize individual elements of type T.
+   * @returns A densely-allocated tuple of instances of type T.
+   */
+  public readTuple<T, N extends number>(
     size: N,
     itemDeserializer: {
       /**

package/src/serialize/field_reader.ts

@@ -169,12 +169,30 @@ export class FieldReader {
    * @param itemDeserializer - An object with a 'fromFields' method to deserialize individual elements of type T.
    * @returns An array of instances of type T.
    */
-  public readArray<T, N extends number>(
+  /**
+   * Read an array from the field array using lazy allocation (new Array + loop).
+   * Safe for use with untrusted sizes.
+   */
+  public readArray<T>(
+    size: number,
+    itemDeserializer: {
+      fromFields: (reader: FieldReader) => T;
+    },
+  ): T[] {
+    const result = new Array<T>(size);
+    for (let i = 0; i < size; i++) {
+      result[i] = itemDeserializer.fromFields(this);
+    }
+    return result;
+  }
+
+  /**
+   * Read a fixed-size tuple from the field array using dense allocation (Array.from).
+   * Only use with compile-time constant sizes — the size parameter MUST NOT come from untrusted input.
+   */
+  public readTuple<T, N extends number>(
     size: N,
     itemDeserializer: {
-      /**
-       * A function for deserializing data from a FieldReader instance.
-       */
       fromFields: (reader: FieldReader) => T;
     },
   ): Tuple<T, N> {

package/src/transport/transport_client.ts

@@ -91,7 +91,7 @@ export class TransportClient<Payload> extends EventEmitter {
     }
     const msgId = this.msgId++;
     const msg = { msgId, payload };
-    log.debug(format(`->`, msg));
+    log.trace(format(`->`, msg));
     return new Promise<any>((resolve, reject) => {
       this.pendingRequests.push({ resolve, reject, msgId });
       this.socket!.send(msg, transfer).catch(reject);
@@ -111,7 +111,7 @@ export class TransportClient<Payload> extends EventEmitter {
       this.close();
       return;
     }
-    log.debug(format(`<-`, msg));
+    log.trace(format(`<-`, msg));
     if (isEventMessage(msg)) {
       this.emit('event_msg', msg.payload);
       return;

package/src/trees/membership_witness.ts

@@ -94,7 +94,7 @@ export class MembershipWitness<N extends number> {
   static fromBuffer<N extends number>(buffer: Buffer | BufferReader, size: N): MembershipWitness<N> {
     const reader = BufferReader.asReader(buffer);
     const leafIndex = toBigIntBE(reader.readBytes(32));
-    const siblingPath = reader.readArray(size, Fr);
+    const siblingPath = reader.readArray(size, Fr) as Tuple<Fr, N>;
     return new MembershipWitness(size, leafIndex, siblingPath);
   }
 
@@ -108,7 +108,7 @@ export class MembershipWitness<N extends number> {
       fromBuffer: (buffer: Buffer | BufferReader) => {
         const reader = BufferReader.asReader(buffer);
         const leafIndex = toBigIntBE(reader.readBytes(32));
-        const siblingPath = reader.readArray(size, Fr);
+        const siblingPath = reader.readArray(size, Fr) as Tuple<Fr, N>;
         return new MembershipWitness(size, leafIndex, siblingPath);
       },
     };