@aztec/p2p 0.0.0-test.1 → 0.0.1-commit.1142ef1

package/src/services/libp2p/libp2p_service.ts

@@ -1,26 +1,44 @@
 import type { EpochCacheInterface } from '@aztec/epoch-cache';
-import { Fr } from '@aztec/foundation/fields';
-import { createLibp2pComponentLogger, createLogger } from '@aztec/foundation/log';
-import { SerialQueue } from '@aztec/foundation/queue';
+import { BlockNumber } from '@aztec/foundation/branded-types';
+import { randomInt } from '@aztec/foundation/crypto/random';
+import { Fr } from '@aztec/foundation/curves/bn254';
+import { type Logger, createLibp2pComponentLogger, createLogger } from '@aztec/foundation/log';
 import { RunningPromise } from '@aztec/foundation/running-promise';
+import { Timer } from '@aztec/foundation/timer';
 import type { AztecAsyncKVStore } from '@aztec/kv-store';
-import type { L2BlockSource } from '@aztec/stdlib/block';
+import { getVKTreeRoot } from '@aztec/noir-protocol-circuits-types/vk-tree';
+import { protocolContractsHash } from '@aztec/protocol-contracts';
+import type { EthAddress, L2Block, L2BlockSource } from '@aztec/stdlib/block';
+import type { ContractDataSource } from '@aztec/stdlib/contract';
+import { GasFees } from '@aztec/stdlib/gas';
 import type { ClientProtocolCircuitVerifier, PeerInfo, WorldStateSynchronizer } from '@aztec/stdlib/interfaces/server';
 import {
-  BlockAttestation,
   BlockProposal,
+  CheckpointAttestation,
+  CheckpointProposal,
+  type CheckpointProposalCore,
   type Gossipable,
   P2PClientType,
+  P2PMessage,
   PeerErrorSeverity,
-  TopicTypeMap,
-  getTopicTypeForClientType,
+  TopicType,
+  createTopicString,
+  getTopicsForClientAndConfig,
   metricsTopicStrToLabels,
 } from '@aztec/stdlib/p2p';
 import { MerkleTreeId } from '@aztec/stdlib/trees';
-import { Tx, type TxHash, type TxValidationResult } from '@aztec/stdlib/tx';
-import { Attributes, OtelMetricsAdapter, type TelemetryClient, WithTracer, trackSpan } from '@aztec/telemetry-client';
+import { Tx, type TxHash, type TxValidationResult, type TxValidator } from '@aztec/stdlib/tx';
+import type { UInt64 } from '@aztec/stdlib/types';
+import { compressComponentVersions } from '@aztec/stdlib/versioning';
+import {
+  Attributes,
+  OtelMetricsAdapter,
+  SpanStatusCode,
+  type TelemetryClient,
+  WithTracer,
+  trackSpan,
+} from '@aztec/telemetry-client';
 
-import type { ENR } from '@chainsafe/enr';
 import {
   type GossipSub,
   type GossipSubComponents,
@@ -33,17 +51,27 @@ import { noise } from '@chainsafe/libp2p-noise';
 import { yamux } from '@chainsafe/libp2p-yamux';
 import { bootstrap } from '@libp2p/bootstrap';
 import { identify } from '@libp2p/identify';
-import { type Message, type PeerId, TopicValidatorResult } from '@libp2p/interface';
+import { type Message, type MultiaddrConnection, type PeerId, TopicValidatorResult } from '@libp2p/interface';
 import type { ConnectionManager } from '@libp2p/interface-internal';
-import '@libp2p/kad-dht';
 import { mplex } from '@libp2p/mplex';
 import { tcp } from '@libp2p/tcp';
+import { ENR } from '@nethermindeth/enr';
 import { createLibp2p } from 'libp2p';
 
 import type { P2PConfig } from '../../config.js';
+import { ProposalSlotCapExceededError } from '../../errors/attestation-pool.error.js';
 import type { MemPools } from '../../mem_pools/interface.js';
-import { AttestationValidator, BlockProposalValidator } from '../../msg_validators/index.js';
 import {
+  BlockProposalValidator,
+  CheckpointAttestationValidator,
+  CheckpointProposalValidator,
+  FishermanAttestationValidator,
+} from '../../msg_validators/index.js';
+import { MessageSeenValidator } from '../../msg_validators/msg_seen_validator/msg_seen_validator.js';
+import { getDefaultAllowedSetupFunctions } from '../../msg_validators/tx_validator/allowed_public_setup.js';
+import { type MessageValidator, createTxMessageValidators } from '../../msg_validators/tx_validator/factory.js';
+import {
+  AggregateTxValidator,
   DataTxValidator,
   DoubleSpendTxValidator,
   MetadataTxValidator,
@@ -51,23 +79,45 @@ import {
 } from '../../msg_validators/tx_validator/index.js';
 import { GossipSubEvent } from '../../types/index.js';
 import { type PubSubLibp2p, convertToMultiaddr } from '../../util.js';
+import { getVersions } from '../../versioning.js';
 import { AztecDatastore } from '../data_store.js';
+import { DiscV5Service } from '../discv5/discV5_service.js';
 import { SnappyTransform, fastMsgIdFn, getMsgIdFn, msgIdToStrFn } from '../encoding.js';
 import { gossipScoreThresholds } from '../gossipsub/scoring.js';
+import type { PeerManagerInterface } from '../peer-manager/interface.js';
 import { PeerManager } from '../peer-manager/peer_manager.js';
 import { PeerScoring } from '../peer-manager/peer_scoring.js';
-import { DEFAULT_SUB_PROTOCOL_VALIDATORS, ReqRespSubProtocol, type SubProtocolMap } from '../reqresp/interface.js';
+import type { P2PReqRespConfig } from '../reqresp/config.js';
+import {
+  DEFAULT_SUB_PROTOCOL_VALIDATORS,
+  type ReqRespInterface,
+  ReqRespSubProtocol,
+  type ReqRespSubProtocolHandler,
+  type ReqRespSubProtocolHandlers,
+  type ReqRespSubProtocolValidators,
+  type SubProtocolMap,
+  ValidationError,
+} from '../reqresp/interface.js';
+import { reqRespBlockTxsHandler } from '../reqresp/protocols/block_txs/block_txs_handler.js';
 import { reqGoodbyeHandler } from '../reqresp/protocols/goodbye.js';
-import { pingHandler, reqRespBlockHandler, reqRespTxHandler, statusHandler } from '../reqresp/protocols/index.js';
+import {
+  AuthRequest,
+  BlockTxsRequest,
+  BlockTxsResponse,
+  StatusMessage,
+  pingHandler,
+  reqRespBlockHandler,
+  reqRespStatusHandler,
+  reqRespTxHandler,
+} from '../reqresp/protocols/index.js';
 import { ReqResp } from '../reqresp/reqresp.js';
-import type { P2PService, PeerDiscoveryService } from '../service.js';
-
-interface MessageValidator {
-  validator: {
-    validateTx(tx: Tx): Promise<TxValidationResult>;
-  };
-  severity: PeerErrorSeverity;
-}
+import type {
+  P2PBlockReceivedCallback,
+  P2PCheckpointReceivedCallback,
+  P2PService,
+  PeerDiscoveryService,
+} from '../service.js';
+import { P2PInstrumentation } from './instrumentation.js';
 
 interface ValidationResult {
   name: string;
@@ -77,74 +127,125 @@ interface ValidationResult {
 
 type ValidationOutcome = { allPassed: true } | { allPassed: false; failure: ValidationResult };
 
+// REFACTOR: Unify with the type above
+type ReceivedMessageValidationResult<T> =
+  | { obj: T; result: Exclude<TopicValidatorResult, TopicValidatorResult.Reject> }
+  | { obj?: undefined; result: TopicValidatorResult.Reject };
+
 /**
  * Lib P2P implementation of the P2PService interface.
  */
-export class LibP2PService<T extends P2PClientType> extends WithTracer implements P2PService {
-  private jobQueue: SerialQueue = new SerialQueue();
-  private peerManager: PeerManager;
+export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends WithTracer implements P2PService {
   private discoveryRunningPromise?: RunningPromise;
+  private msgIdSeenValidators: Record<TopicType, MessageSeenValidator> = {} as Record<TopicType, MessageSeenValidator>;
 
   // Message validators
-  private attestationValidator: AttestationValidator;
   private blockProposalValidator: BlockProposalValidator;
+  private checkpointProposalValidator: CheckpointProposalValidator;
+  private checkpointAttestationValidator: CheckpointAttestationValidator;
+
+  private protocolVersion = '';
+  private topicStrings: Record<TopicType, string> = {} as Record<TopicType, string>;
 
-  // Request and response sub service
-  public reqresp: ReqResp;
+  private feesCache: { blockNumber: BlockNumber; gasFees: GasFees } | undefined;
 
   /**
    * Callback for when a block is received from a peer.
    * @param block - The block received from the peer.
    * @returns The attestation for the block, if any.
    */
-  private blockReceivedCallback: (block: BlockProposal) => Promise<BlockAttestation | undefined>;
+  private blockReceivedCallback: P2PBlockReceivedCallback;
+
+  /**
+   * Callback for when a checkpoint proposal is received from a peer.
+   * @param checkpoint - The checkpoint proposal received from the peer.
+   * @returns The attestations for the checkpoint, if any.
+   */
+  private checkpointReceivedCallback: P2PCheckpointReceivedCallback;
+
+  private gossipSubEventHandler: (e: CustomEvent<GossipsubMessage>) => void;
+
+  private instrumentation: P2PInstrumentation;
+
+  private telemetry: TelemetryClient;
+
+  protected logger: Logger;
 
   constructor(
     private clientType: T,
     private config: P2PConfig,
-    private node: PubSubLibp2p,
+    protected node: PubSubLibp2p,
     private peerDiscoveryService: PeerDiscoveryService,
-    private mempools: MemPools<T>,
-    private l2BlockSource: L2BlockSource,
-    epochCache: EpochCacheInterface,
+    private reqresp: ReqRespInterface,
+    private peerManager: PeerManagerInterface,
+    protected mempools: MemPools,
+    private archiver: L2BlockSource & ContractDataSource,
+    private epochCache: EpochCacheInterface,
     private proofVerifier: ClientProtocolCircuitVerifier,
     private worldStateSynchronizer: WorldStateSynchronizer,
     telemetry: TelemetryClient,
-    private logger = createLogger('p2p:libp2p_service'),
+    logger: Logger = createLogger('p2p:libp2p_service'),
   ) {
     super(telemetry, 'LibP2PService');
+    this.telemetry = telemetry;
 
-    const peerScoring = new PeerScoring(config);
-    this.reqresp = new ReqResp(config, node, peerScoring);
+    // Create child logger with fisherman prefix if in fisherman mode
+    this.logger = config.fishermanMode ? logger.createChild('[FISHERMAN]') : logger;
 
-    this.peerManager = new PeerManager(
-      node,
-      peerDiscoveryService,
-      config,
-      telemetry,
-      createLogger(`${logger.module}:peer_manager`),
-      peerScoring,
-      this.reqresp,
+    this.instrumentation = new P2PInstrumentation(telemetry, 'LibP2PService');
+
+    this.msgIdSeenValidators[TopicType.tx] = new MessageSeenValidator(config.seenMessageCacheSize);
+    this.msgIdSeenValidators[TopicType.block_proposal] = new MessageSeenValidator(config.seenMessageCacheSize);
+    this.msgIdSeenValidators[TopicType.checkpoint_proposal] = new MessageSeenValidator(config.seenMessageCacheSize);
+    this.msgIdSeenValidators[TopicType.checkpoint_attestation] = new MessageSeenValidator(config.seenMessageCacheSize);
+
+    const versions = getVersions(config);
+    this.protocolVersion = compressComponentVersions(versions);
+    logger.info(`Started libp2p service with protocol version ${this.protocolVersion}`);
+
+    this.topicStrings[TopicType.tx] = createTopicString(TopicType.tx, this.protocolVersion);
+    this.topicStrings[TopicType.block_proposal] = createTopicString(TopicType.block_proposal, this.protocolVersion);
+    this.topicStrings[TopicType.checkpoint_proposal] = createTopicString(
+      TopicType.checkpoint_proposal,
+      this.protocolVersion,
+    );
+    this.topicStrings[TopicType.checkpoint_attestation] = createTopicString(
+      TopicType.checkpoint_attestation,
+      this.protocolVersion,
     );
 
-    // Update gossipsub score params
-    this.node.services.pubsub.score.params.appSpecificScore = (peerId: string) => {
-      return this.peerManager.getPeerScore(peerId);
-    };
-    this.node.services.pubsub.score.params.appSpecificWeight = 10;
+    this.blockProposalValidator = new BlockProposalValidator(epochCache, { txsPermitted: !config.disableTransactions });
+    this.checkpointProposalValidator = new CheckpointProposalValidator(epochCache, {
+      txsPermitted: !config.disableTransactions,
+    });
+    this.checkpointAttestationValidator = config.fishermanMode
+      ? new FishermanAttestationValidator(epochCache, mempools.attestationPool, telemetry)
+      : new CheckpointAttestationValidator(epochCache);
 
-    this.attestationValidator = new AttestationValidator(epochCache);
-    this.blockProposalValidator = new BlockProposalValidator(epochCache);
+    this.gossipSubEventHandler = this.handleGossipSubEvent.bind(this);
 
-    this.blockReceivedCallback = async (block: BlockProposal): Promise<BlockAttestation | undefined> => {
+    this.blockReceivedCallback = async (block: BlockProposal): Promise<boolean> => {
       this.logger.debug(
-        `Handler not yet registered: Block received callback not set. Received block for slot ${block.slotNumber.toNumber()} from peer.`,
-        { p2pMessageIdentifier: await block.p2pMessageIdentifier() },
+        `Handler not yet registered: Block received callback not set. Received block for slot ${block.slotNumber} from peer.`,
+        { p2pMessageIdentifier: await block.p2pMessageLoggingIdentifier() },
       );
-      return undefined;
+      return false;
+    };
+
+    this.checkpointReceivedCallback = (
+      checkpoint: CheckpointProposalCore,
+    ): Promise<CheckpointAttestation[] | undefined> => {
+      this.logger.debug(
+        `Handler not yet registered: Checkpoint received callback not set. Received checkpoint for slot ${checkpoint.slotNumber} from peer.`,
+      );
+      return Promise.resolve(undefined);
     };
   }
 
+  public updateConfig(config: Partial<P2PReqRespConfig>) {
+    this.reqresp.updateConfig(config);
+  }
+
   /**
    * Creates an instance of the LibP2P service.
    * @param config - The configuration to use when creating the service.
@@ -154,69 +255,152 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
   public static async new<T extends P2PClientType>(
     clientType: T,
     config: P2PConfig,
-    peerDiscoveryService: PeerDiscoveryService,
     peerId: PeerId,
-    mempools: MemPools<T>,
-    l2BlockSource: L2BlockSource,
-    epochCache: EpochCacheInterface,
-    proofVerifier: ClientProtocolCircuitVerifier,
-    worldStateSynchronizer: WorldStateSynchronizer,
-    store: AztecAsyncKVStore,
-    telemetry: TelemetryClient,
-    logger = createLogger('p2p:libp2p_service'),
+    deps: {
+      mempools: MemPools;
+      l2BlockSource: L2BlockSource & ContractDataSource;
+      epochCache: EpochCacheInterface;
+      proofVerifier: ClientProtocolCircuitVerifier;
+      worldStateSynchronizer: WorldStateSynchronizer;
+      peerStore: AztecAsyncKVStore;
+      telemetry: TelemetryClient;
+      logger: Logger;
+      packageVersion: string;
+    },
   ) {
-    const { tcpListenAddress, tcpAnnounceAddress, maxPeerCount } = config;
-    const bindAddrTcp = convertToMultiaddr(tcpListenAddress, 'tcp');
-    // We know tcpAnnounceAddress cannot be null here because we set it or throw when setting up the service.
-    const announceAddrTcp = convertToMultiaddr(tcpAnnounceAddress!, 'tcp');
+    const {
+      worldStateSynchronizer,
+      epochCache,
+      l2BlockSource,
+      mempools,
+      proofVerifier,
+      peerStore,
+      telemetry,
+      logger,
+      packageVersion,
+    } = deps;
+    const { p2pPort, maxPeerCount, listenAddress } = config;
+    const bindAddrTcp = convertToMultiaddr(listenAddress, p2pPort, 'tcp');
 
-    const datastore = new AztecDatastore(store);
+    const datastore = new AztecDatastore(peerStore);
 
     const otelMetricsAdapter = new OtelMetricsAdapter(telemetry);
 
-    // If bootstrap nodes are provided, also provide them to the p2p service
+    const peerDiscoveryService = new DiscV5Service(
+      peerId,
+      config,
+      packageVersion,
+      telemetry,
+      createLogger(`${logger.module}:discv5_service`),
+    );
+
+    // Seed libp2p's bootstrap discovery with private and trusted peers
+    const bootstrapNodes = [...config.privatePeers, ...config.trustedPeers];
+
     const peerDiscovery = [];
-    if (peerDiscoveryService.bootstrapNodes.length > 0) {
-      peerDiscovery.push(bootstrap({ list: peerDiscoveryService.bootstrapNodes }));
+    if (bootstrapNodes.length > 0) {
+      peerDiscovery.push(bootstrap({ list: bootstrapNodes }));
     }
 
+    const versions = getVersions(config);
+    const protocolVersion = compressComponentVersions(versions);
+
+    const txTopic = createTopicString(TopicType.tx, protocolVersion);
+    const blockProposalTopic = createTopicString(TopicType.block_proposal, protocolVersion);
+    const checkpointProposalTopic = createTopicString(TopicType.checkpoint_proposal, protocolVersion);
+    const checkpointAttestationTopic = createTopicString(TopicType.checkpoint_attestation, protocolVersion);
+
+    const preferredPeersEnrs: ENR[] = config.preferredPeers.map(enr => ENR.decodeTxt(enr));
+    const directPeers = (
+      await Promise.all(
+        preferredPeersEnrs.map(async enr => {
+          const peerId = await enr.peerId();
+          const address = enr.getLocationMultiaddr('tcp');
+          if (address === undefined) {
+            throw new Error(`Direct peer ${peerId.toString()} has no TCP address, ENR: ${enr.encodeTxt()}`);
+          }
+          return {
+            id: peerId,
+            addrs: [address],
+          };
+        }),
+      )
+    ).filter(peer => peer !== undefined);
+
+    const announceTcpMultiaddr = config.p2pIp ? [convertToMultiaddr(config.p2pIp, p2pPort, 'tcp')] : [];
+
     const node = await createLibp2p({
       start: false,
       peerId,
       addresses: {
         listen: [bindAddrTcp],
-        announce: [announceAddrTcp],
+        announce: announceTcpMultiaddr,
       },
       transports: [
         tcp({
-          maxConnections: config.maxPeerCount,
+          // It's better to have this number a bit higher than our maxPeerCount because it's sets the limit on transport (TCP) layer
+          // The connection attempts to the node on TCP layer are not necessarily valid Aztec peers so we want to have a bit of leeway here
+          // If we hit the limit, the connection will be temporarily accepted and immediately dropped.
+          // Docs: https://nodejs.org/api/net.html#servermaxconnections
+          maxConnections: maxPeerCount * 2,
           // socket option: the maximum length of the queue of pending connections
-          // https://nodejs.org/dist/latest-v18.x/docs/api/net.html#serverlisten
+          // https://nodejs.org/dist/latest-v22.x/docs/api/net.html#serverlisten
           // it's not safe if we increase this number
           backlog: 5,
           closeServerOnMaxConnections: {
-            closeAbove: maxPeerCount ?? Infinity,
-            listenBelow: maxPeerCount ?? Infinity,
+            // The property `maxConnections` will protect us against the most DDOS attack
+            // This property protects us in case of burst of new connections where server is not able to close them quickly enough
+            // In case closeAbove is reached, the server stops listening altogether
+            // It's important that there is enough difference between closeAbove and listenAbove,
+            // otherwise the server.listener will flap between being closed and open potentially degrading perf even more
+            closeAbove: maxPeerCount * 3,
+            listenBelow: Math.floor(maxPeerCount * 0.9),
           },
         }),
       ],
       datastore,
       peerDiscovery,
-      streamMuxers: [mplex(), yamux()],
+      streamMuxers: [yamux(), mplex()],
       connectionEncryption: [noise()],
       connectionManager: {
-        minConnections: 0,
-
+        minConnections: 0, // Disable libp2p peer dialing, we do it manually
+        // We set maxConnections above maxPeerCount because if we hit limit of maxPeerCount
+        // libp2p will start aggressively rejecting all new connections, preventing network discovery and crawling.
+        maxConnections: maxPeerCount * 2,
         maxParallelDials: 100,
         dialTimeout: 30_000,
         maxPeerAddrsToDial: 5,
         maxIncomingPendingConnections: 5,
       },
+      connectionGater: {
+        denyInboundConnection: (maConn: MultiaddrConnection) => {
+          const allowed = peerManager.isNodeAllowedToConnect(maConn.remoteAddr.nodeAddress().address);
+          if (allowed) {
+            return false;
+          }
+
+          logger.debug(`Connection gater: Denying inbound connection from ${maConn.remoteAddr.toString()}`);
+          return true;
+        },
+        denyInboundEncryptedConnection: (peerId: PeerId, _maConn: MultiaddrConnection) => {
+          //NOTE: it is not necessary to check address here because this was already done by
+          // denyInboundConnection
+          const allowed = peerManager.isNodeAllowedToConnect(peerId);
+          if (allowed) {
+            return false;
+          }
+
+          logger.debug(`Connection gater: Denying inbound encrypted connection from ${peerId.toString()}`);
+          return true;
+        },
+      },
       services: {
         identify: identify({
           protocolPrefix: 'aztec',
+          runOnConnectionOpen: true,
         }),
         pubsub: gossipsub({
+          directPeers,
           debugName: 'gossipsub',
           globalSignaturePolicy: SignaturePolicy.StrictNoSign,
           allowPublishToZeroTopicPeers: true,
@@ -228,29 +412,35 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
           heartbeatInterval: config.gossipsubInterval,
           mcacheLength: config.gossipsubMcacheLength,
           mcacheGossip: config.gossipsubMcacheGossip,
+          seenTTL: config.gossipsubSeenTTL,
           msgIdFn: getMsgIdFn,
           msgIdToStrFn: msgIdToStrFn,
           fastMsgIdFn: fastMsgIdFn,
           dataTransform: new SnappyTransform(),
           metricsRegister: otelMetricsAdapter,
-          metricsTopicStrToLabel: metricsTopicStrToLabels(),
+          metricsTopicStrToLabel: metricsTopicStrToLabels(protocolVersion),
           asyncValidation: true,
           scoreThresholds: gossipScoreThresholds,
           scoreParams: createPeerScoreParams({
             // IPColocation factor can be disabled for local testing - default to -5
             IPColocationFactorWeight: config.debugDisableColocationPenalty ? 0 : -5.0,
             topics: {
-              [Tx.p2pTopic]: createTopicScoreParams({
+              [txTopic]: createTopicScoreParams({
                 topicWeight: 1,
                 invalidMessageDeliveriesWeight: -20,
                 invalidMessageDeliveriesDecay: 0.5,
               }),
-              [BlockAttestation.p2pTopic]: createTopicScoreParams({
+              [blockProposalTopic]: createTopicScoreParams({
                 topicWeight: 1,
                 invalidMessageDeliveriesWeight: -20,
                 invalidMessageDeliveriesDecay: 0.5,
               }),
-              [BlockProposal.p2pTopic]: createTopicScoreParams({
+              [checkpointProposalTopic]: createTopicScoreParams({
+                topicWeight: 1,
+                invalidMessageDeliveriesWeight: -20,
+                invalidMessageDeliveriesDecay: 0.5,
+              }),
+              [checkpointAttestationTopic]: createTopicScoreParams({
                 topicWeight: 1,
                 invalidMessageDeliveriesWeight: -20,
                 invalidMessageDeliveriesDecay: 0.5,
@@ -265,11 +455,34 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
       logger: createLibp2pComponentLogger(logger.module),
     });
 
+    const peerScoring = new PeerScoring(config, telemetry);
+    const reqresp = new ReqResp(config, node, peerScoring, createLogger(`${logger.module}:reqresp`));
+
+    const peerManager = new PeerManager(
+      node,
+      peerDiscoveryService,
+      config,
+      telemetry,
+      createLogger(`${logger.module}:peer_manager`),
+      peerScoring,
+      reqresp,
+      worldStateSynchronizer,
+      protocolVersion,
+      epochCache,
+    );
+
+    // Update gossipsub score params
+    node.services.pubsub.score.params.appSpecificWeight = 10;
+    node.services.pubsub.score.params.appSpecificScore = (peerId: string) =>
+      peerManager.shouldDisableP2PGossip(peerId) ? -Infinity : peerManager.getPeerScore(peerId);
+
     return new LibP2PService(
       clientType,
       config,
       node,
       peerDiscoveryService,
+      reqresp,
+      peerManager,
       mempools,
       l2BlockSource,
       epochCache,
@@ -291,55 +504,72 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
     }
 
     // Get listen & announce addresses for logging
-    const { tcpListenAddress, tcpAnnounceAddress } = this.config;
-    if (!tcpAnnounceAddress) {
+    const { p2pIp, p2pPort } = this.config;
+    if (!p2pIp) {
       throw new Error('Announce address not provided.');
     }
-    const announceTcpMultiaddr = convertToMultiaddr(tcpAnnounceAddress, 'tcp');
-
-    // Start job queue, peer discovery service and libp2p node
-    this.jobQueue.start();
-    await this.peerDiscoveryService.start();
-    await this.node.start();
-
-    // Subscribe to standard GossipSub topics by default
-    for (const topic of getTopicTypeForClientType(this.clientType)) {
-      this.subscribeToTopic(TopicTypeMap[topic].p2pTopic);
-    }
+    const announceTcpMultiaddr = convertToMultiaddr(p2pIp, p2pPort, 'tcp');
 
     // Create request response protocol handlers
     const txHandler = reqRespTxHandler(this.mempools);
     const goodbyeHandler = reqGoodbyeHandler(this.peerManager);
-    const blockHandler = reqRespBlockHandler(this.l2BlockSource);
+    const blockHandler = reqRespBlockHandler(this.archiver);
+    const statusHandler = reqRespStatusHandler(this.protocolVersion, this.worldStateSynchronizer, this.logger);
 
-    const requestResponseHandlers = {
+    const requestResponseHandlers: Partial<ReqRespSubProtocolHandlers> = {
       [ReqRespSubProtocol.PING]: pingHandler,
-      [ReqRespSubProtocol.STATUS]: statusHandler,
-      [ReqRespSubProtocol.TX]: txHandler.bind(this),
+      [ReqRespSubProtocol.STATUS]: statusHandler.bind(this),
       [ReqRespSubProtocol.GOODBYE]: goodbyeHandler.bind(this),
       [ReqRespSubProtocol.BLOCK]: blockHandler.bind(this),
     };
 
+    if (!this.config.disableTransactions) {
+      const blockTxsHandler = reqRespBlockTxsHandler(this.mempools.attestationPool, this.mempools.txPool);
+      requestResponseHandlers[ReqRespSubProtocol.BLOCK_TXS] = blockTxsHandler.bind(this);
+    }
+
+    if (!this.config.disableTransactions) {
+      requestResponseHandlers[ReqRespSubProtocol.TX] = txHandler.bind(this);
+    }
+
+    // Define the sub protocol validators - This is done within this start() method to gain a callback to the existing validateTx function
+    const reqrespSubProtocolValidators = {
+      ...DEFAULT_SUB_PROTOCOL_VALIDATORS,
+      [ReqRespSubProtocol.TX]: this.validateRequestedTxs.bind(this),
+      [ReqRespSubProtocol.BLOCK_TXS]: this.validateRequestedBlockTxs.bind(this),
+      [ReqRespSubProtocol.BLOCK]: this.validateRequestedBlock.bind(this),
+    };
+
+    await this.peerManager.initializePeers();
+
+    await this.reqresp.start(requestResponseHandlers, reqrespSubProtocolValidators);
+
+    await this.node.start();
+
+    // Subscribe to standard GossipSub topics by default
+    for (const topic of getTopicsForClientAndConfig(this.clientType, this.config.disableTransactions)) {
+      this.subscribeToTopic(this.topicStrings[topic]);
+    }
+
     // add GossipSub listener
-    this.node.services.pubsub.addEventListener(GossipSubEvent.MESSAGE, this.handleGossipSubEvent.bind(this));
+    this.node.services.pubsub.addEventListener(GossipSubEvent.MESSAGE, this.gossipSubEventHandler);
 
-    // Start running promise for peer discovery
+    // Start running promise for peer discovery and metrics collection
+    if (!this.config.p2pDiscoveryDisabled) {
+      await this.peerDiscoveryService.start();
+    }
     this.discoveryRunningPromise = new RunningPromise(
-      () => this.peerManager.heartbeat(),
+      async () => {
+        await this.peerManager.heartbeat();
+      },
       this.logger,
       this.config.peerCheckIntervalMS,
     );
     this.discoveryRunningPromise.start();
 
-    // Define the sub protocol validators - This is done within this start() method to gain a callback to the existing validateTx function
-    const reqrespSubProtocolValidators = {
-      ...DEFAULT_SUB_PROTOCOL_VALIDATORS,
-      // TODO(#11336): A request validator for blocks
-      [ReqRespSubProtocol.TX]: this.validateRequestedTx.bind(this),
-    };
-    await this.reqresp.start(requestResponseHandlers, reqrespSubProtocolValidators);
     this.logger.info(`Started P2P service`, {
-      listen: tcpListenAddress,
+      listen: this.config.listenAddress,
+      port: this.config.p2pPort,
       announce: announceTcpMultiaddr,
       peerId: this.node.peerId.toString(),
     });
@@ -351,14 +581,11 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
    */
   public async stop() {
     // Remove gossip sub listener
-    this.node.services.pubsub.removeEventListener(GossipSubEvent.MESSAGE, this.handleGossipSubEvent.bind(this));
+    this.node.services.pubsub.removeEventListener(GossipSubEvent.MESSAGE, this.gossipSubEventHandler);
 
     // Stop peer manager
     this.logger.debug('Stopping peer manager...');
     await this.peerManager.stop();
-
-    this.logger.debug('Stopping job queue...');
-    await this.jobQueue.end();
     this.logger.debug('Stopping running promise...');
     await this.discoveryRunningPromise?.stop();
     this.logger.debug('Stopping peer discovery service...');
@@ -370,6 +597,18 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
     this.logger.info('LibP2P service stopped');
   }
 
+  addReqRespSubProtocol(
+    subProtocol: ReqRespSubProtocol,
+    handler: ReqRespSubProtocolHandler,
+    validator?: ReqRespSubProtocolValidators[ReqRespSubProtocol],
+  ): Promise<void> {
+    return this.reqresp.addSubProtocol(subProtocol, handler, validator);
+  }
+
+  public registerThisValidatorAddresses(address: EthAddress[]): void {
+    this.peerManager.registerThisValidatorAddresses(address);
+  }
+
   public getPeers(includePending?: boolean): PeerInfo[] {
     return this.peerManager.getPeers(includePending);
   }
@@ -387,23 +626,6 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
     setImmediate(() => void safeJob());
   }
 
-  /**
-   * Send Request via the ReqResp service
-   * The subprotocol defined will determine the request and response types
-   *
-   * See the subProtocolMap for the mapping of subprotocols to request/response types in `interface.ts`
-   *
-   * @param protocol The request response protocol to use
-   * @param request The request type to send
-   * @returns
-   */
-  sendRequest<SubProtocol extends ReqRespSubProtocol>(
-    protocol: SubProtocol,
-    request: InstanceType<SubProtocolMap[SubProtocol]['request']>,
-  ): Promise<InstanceType<SubProtocolMap[SubProtocol]['response']> | undefined> {
-    return this.reqresp.sendRequest(protocol, request);
-  }
-
   /**
    * Send a batch of requests to peers, and return the responses
    * @param protocol - The request response protocol to use
@@ -413,8 +635,9 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
   sendBatchRequest<SubProtocol extends ReqRespSubProtocol>(
     protocol: SubProtocol,
     requests: InstanceType<SubProtocolMap[SubProtocol]['request']>[],
-  ): Promise<InstanceType<SubProtocolMap[SubProtocol]['response']>[] | undefined> {
-    return this.reqresp.sendBatchRequest(protocol, requests);
+    pinnedPeerId: PeerId | undefined,
+  ): Promise<InstanceType<SubProtocolMap[SubProtocol]['response']>[]> {
+    return this.reqresp.sendBatchRequest(protocol, requests, pinnedPeerId);
   }
 
   /**
@@ -425,9 +648,12 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
     return this.peerDiscoveryService.getEnr();
   }
 
-  public registerBlockReceivedCallback(callback: (block: BlockProposal) => Promise<BlockAttestation | undefined>) {
+  public registerBlockReceivedCallback(callback: P2PBlockReceivedCallback) {
     this.blockReceivedCallback = callback;
-    this.logger.verbose('Block received callback registered');
+  }
+
+  public registerCheckpointReceivedCallback(callback: P2PCheckpointReceivedCallback) {
+    this.checkpointReceivedCallback = callback;
   }
 
   /**
@@ -444,175 +670,516 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
   /**
    * Publishes data to a topic.
    * @param topic - The topic to publish to.
-   * @param data - The data to publish.
+   * @param data - The message to publish.
    * @returns The number of recipients the data was sent to.
    */
-  private async publishToTopic(topic: string, data: Uint8Array) {
+  private async publishToTopic(topic: string, message: Gossipable) {
     if (!this.node.services.pubsub) {
       throw new Error('Pubsub service not available.');
     }
-    const result = await this.node.services.pubsub.publish(topic, data);
-
+    const isBlockProposal = topic === this.topicStrings[TopicType.block_proposal];
+    const traceContext =
+      this.config.debugP2PInstrumentMessages && isBlockProposal ? this.telemetry.getTraceContext() : undefined;
+    const p2pMessage = P2PMessage.fromGossipable(message, this.config.debugP2PInstrumentMessages, traceContext);
+    const result = await this.node.services.pubsub.publish(topic, p2pMessage.toMessageData());
     return result.recipients.length;
   }
 
+  /**
+   * Checks if this message has already been seen, based on its msgId computed from hashing the message data.
+   * Note that we do not rely on the seenCache from gossipsub since we want to keep a longer history of seen
+   * messages to avoid tx echoes across the network.
+   */
+  protected preValidateReceivedMessage(
+    msg: Message,
+    msgId: string,
+    source: PeerId,
+  ): { result: boolean; topicType?: TopicType } {
+    let topicType: TopicType | undefined;
+
+    switch (msg.topic) {
+      case this.topicStrings[TopicType.tx]:
+        topicType = TopicType.tx;
+        break;
+      case this.topicStrings[TopicType.block_proposal]:
+        topicType = TopicType.block_proposal;
+        break;
+      case this.topicStrings[TopicType.checkpoint_proposal]:
+        topicType = TopicType.checkpoint_proposal;
+        break;
+      case this.topicStrings[TopicType.checkpoint_attestation]:
+        topicType = TopicType.checkpoint_attestation;
+        break;
+      default:
+        this.logger.error(`Received message on unknown topic: ${msg.topic}`);
+        break;
+    }
+
+    const validator = topicType ? this.msgIdSeenValidators[topicType] : undefined;
+
+    if (!validator || !validator.addMessage(msgId)) {
+      this.instrumentation.incMessagePrevalidationStatus(false, topicType);
+      this.node.services.pubsub.reportMessageValidationResult(msgId, source.toString(), TopicValidatorResult.Ignore);
+      return { result: false, topicType };
+    }
+
+    this.instrumentation.incMessagePrevalidationStatus(true, topicType);
+
+    return { result: true, topicType };
+  }
+
+  /**
+   * Safely deserializes a P2PMessage from raw message data.
+   * @param msgId - The message ID.
+   * @param source - The peer ID of the message source.
+   * @param data - The raw message data.
+   * @returns The deserialized P2PMessage or undefined if deserialization fails.
+   */
+  private safelyDeserializeP2PMessage(msgId: string, source: PeerId, data: Uint8Array): P2PMessage | undefined {
+    try {
+      return P2PMessage.fromMessageData(Buffer.from(data), this.config.debugP2PInstrumentMessages);
+    } catch (err) {
+      this.logger.error(`Error deserializing P2PMessage`, err, {
+        msgId,
+        source: source.toString(),
+      });
+      this.node.services.pubsub.reportMessageValidationResult(msgId, source.toString(), TopicValidatorResult.Reject);
+      this.peerManager.penalizePeer(source, PeerErrorSeverity.LowToleranceError);
+      return undefined;
+    }
+  }
+
   /**
    * Handles a new gossip message that was received by the client.
    * @param topic - The message's topic.
    * @param data - The message data
    */
-  private async handleNewGossipMessage(msg: Message, msgId: string, source: PeerId) {
-    if (msg.topic === Tx.p2pTopic) {
-      await this.handleGossipedTx(msg, msgId, source);
+  protected async handleNewGossipMessage(msg: Message, msgId: string, source: PeerId) {
+    const msgReceivedTime = Date.now();
+    let topicType: TopicType | undefined;
+    const p2pMessage = this.safelyDeserializeP2PMessage(msgId, source, msg.data);
+    if (!p2pMessage) {
+      return;
     }
-    if (msg.topic === BlockAttestation.p2pTopic && this.clientType === P2PClientType.Full) {
-      await this.processAttestationFromPeer(msg, msgId, source);
+
+    const preValidationResult = this.preValidateReceivedMessage(msg, msgId, source);
+
+    if (!preValidationResult.result) {
+      return;
     }
-    if (msg.topic == BlockProposal.p2pTopic) {
-      await this.processBlockFromPeer(msg, msgId, source);
+
+    // Determine topic type for attributes
+    if (msg.topic === this.topicStrings[TopicType.tx]) {
+      topicType = TopicType.tx;
+    } else if (msg.topic === this.topicStrings[TopicType.checkpoint_attestation]) {
+      topicType = TopicType.checkpoint_attestation;
+    } else if (msg.topic === this.topicStrings[TopicType.block_proposal]) {
+      topicType = TopicType.block_proposal;
+    } else if (msg.topic === this.topicStrings[TopicType.checkpoint_proposal]) {
+      topicType = TopicType.checkpoint_proposal;
+    }
+
+    // Process the message, optionally within a linked span for trace propagation
+    const processMessage = async () => {
+      if (msg.topic === this.topicStrings[TopicType.tx]) {
+        await this.handleGossipedTx(p2pMessage.payload, msgId, source);
+      } else if (msg.topic === this.topicStrings[TopicType.checkpoint_attestation]) {
+        if (this.clientType === P2PClientType.Full) {
+          await this.processCheckpointAttestationFromPeer(p2pMessage.payload, msgId, source);
+        }
+      } else if (msg.topic === this.topicStrings[TopicType.block_proposal]) {
+        await this.processBlockFromPeer(p2pMessage.payload, msgId, source);
+      } else if (msg.topic === this.topicStrings[TopicType.checkpoint_proposal]) {
+        await this.handleGossipedCheckpointProposal(p2pMessage.payload, msgId, source);
+      } else {
+        this.logger.error(`Received message on unknown topic: ${msg.topic}`);
+      }
+    };
+
+    const latency = p2pMessage.timestamp !== undefined ? msgReceivedTime - p2pMessage.timestamp.getTime() : undefined;
+    const propagatedContext = p2pMessage.traceContext
+      ? this.telemetry.extractPropagatedContext(p2pMessage.traceContext)
+      : undefined;
+
+    if (propagatedContext) {
+      await this.tracer.startActiveSpan(
+        'LibP2PService.processMessage',
+        {
+          attributes: {
+            [Attributes.TOPIC_NAME]: topicType!,
+            [Attributes.PEER_ID]: source.toString(),
+          },
+        },
+        propagatedContext,
+        async span => {
+          try {
+            await processMessage();
+            span.setStatus({
+              code: SpanStatusCode.OK,
+            });
+          } catch (err) {
+            span.setStatus({
+              code: SpanStatusCode.ERROR,
+              message: String(err),
+            });
+            if (typeof err === 'string' || (err && err instanceof Error)) {
+              span.recordException(err);
+            }
+            throw err;
+          } finally {
+            span.end();
+          }
+        },
+      );
+    } else {
+      await processMessage();
+    }
+
+    if (latency !== undefined && topicType !== undefined) {
+      this.instrumentation.recordMessageLatency(topicType, latency);
     }
 
     return;
   }
 
-  private async validateReceivedMessage<T>(
-    validationFunc: () => Promise<{ result: boolean; obj: T }>,
+  protected async validateReceivedMessage<T>(
+    validationFunc: () => Promise<ReceivedMessageValidationResult<T>>,
     msgId: string,
     source: PeerId,
-  ): Promise<{ result: boolean; obj: T | undefined }> {
-    let resultAndObj: { result: boolean; obj: T | undefined } = { result: false, obj: undefined };
+    topicType: TopicType,
+  ): Promise<ReceivedMessageValidationResult<T>> {
+    let resultAndObj: ReceivedMessageValidationResult<T> = { result: TopicValidatorResult.Reject };
+    const timer = new Timer();
     try {
       resultAndObj = await validationFunc();
     } catch (err) {
-      this.logger.error(`Error deserialising and validating message `, err);
+      this.peerManager.penalizePeer(source, PeerErrorSeverity.LowToleranceError);
+      this.logger.error(`Error deserializing and validating gossipsub message`, err, {
+        msgId,
+        source: source.toString(),
+        topicType,
+      });
     }
 
-    this.node.services.pubsub.reportMessageValidationResult(
-      msgId,
-      source.toString(),
-      resultAndObj.result && resultAndObj.obj ? TopicValidatorResult.Accept : TopicValidatorResult.Reject,
-    );
+    if (resultAndObj.result === TopicValidatorResult.Accept) {
+      this.instrumentation.recordMessageValidation(topicType, timer);
+    }
+
+    this.node.services.pubsub.reportMessageValidationResult(msgId, source.toString(), resultAndObj.result);
     return resultAndObj;
   }
 
-  private async handleGossipedTx(msg: Message, msgId: string, source: PeerId) {
-    const validationFunc = async () => {
-      const tx = Tx.fromBuffer(Buffer.from(msg.data));
-      const result = await this.validatePropagatedTx(tx, source);
-      return { result, obj: tx };
+  protected async handleGossipedTx(payloadData: Buffer, msgId: string, source: PeerId) {
+    const validationFunc: () => Promise<ReceivedMessageValidationResult<Tx>> = async () => {
+      const tx = Tx.fromBuffer(payloadData);
+      const isValid = await this.validatePropagatedTx(tx, source);
+      const exists = isValid && (await this.mempools.txPool.hasTx(tx.getTxHash()));
+
+      this.logger.trace(`Validate propagated tx`, {
+        isValid,
+        exists,
+        [Attributes.P2P_ID]: source.toString(),
+      });
+
+      if (!isValid) {
+        return { result: TopicValidatorResult.Reject };
+      } else if (exists) {
+        return { result: TopicValidatorResult.Ignore, obj: tx };
+      } else {
+        return { result: TopicValidatorResult.Accept, obj: tx };
+      }
     };
 
-    const { result, obj: tx } = await this.validateReceivedMessage<Tx>(validationFunc, msgId, source);
-    if (!result || !tx) {
+    const { result, obj: tx } = await this.validateReceivedMessage<Tx>(validationFunc, msgId, source, TopicType.tx);
+    if (result !== TopicValidatorResult.Accept || !tx) {
       return;
     }
-    const txHash = await tx.getTxHash();
+
+    const txHash = tx.getTxHash();
     const txHashString = txHash.toString();
-    this.logger.verbose(`Received tx ${txHashString} from external peer ${source.toString()}.`);
+    this.logger.verbose(`Received tx ${txHashString} from external peer ${source.toString()} via gossip`, {
+      source: source.toString(),
+      txHash: txHashString,
+    });
+
+    if (this.config.dropTransactions && randomInt(1000) < this.config.dropTransactionsProbability * 1000) {
+      this.logger.warn(`Intentionally dropping tx ${txHashString} (probability rule)`);
+      return;
+    }
+
+    this.instrumentation.incrementTxReceived(1);
     await this.mempools.txPool.addTxs([tx]);
   }
 
-  /**Process Attestation From Peer
-   * When a proposal is received from a peer, we add it to the attestation pool, so it can be accessed by other services.
-   *
-   * @param attestation - The attestation to process.
+  /**
+   * Process a checkpoint attestation from a peer.
+   * Validates the attestation and adds it to the pool.
    */
-  private async processAttestationFromPeer(msg: Message, msgId: string, source: PeerId): Promise<void> {
-    const validationFunc = async () => {
-      const attestation = BlockAttestation.fromBuffer(Buffer.from(msg.data));
-      const result = await this.validateAttestation(source, attestation);
-      this.logger.trace(`validatePropagatedAttestation: ${result}`, {
-        [Attributes.SLOT_NUMBER]: attestation.payload.header.globalVariables.slotNumber.toString(),
+  private async processCheckpointAttestationFromPeer(
+    payloadData: Buffer,
+    msgId: string,
+    source: PeerId,
+  ): Promise<void> {
+    const validationFunc: () => Promise<ReceivedMessageValidationResult<CheckpointAttestation>> = async () => {
+      const attestation = CheckpointAttestation.fromBuffer(payloadData);
+      const pool = this.mempools.attestationPool;
+      const isValid = await this.validateCheckpointAttestation(source, attestation);
+      const exists = isValid && (await pool.hasCheckpointAttestation(attestation));
+
+      let canAdd = true;
+      if (isValid && !exists) {
+        const slot = attestation.payload.header.slotNumber;
+        const { committee } = await this.epochCache.getCommittee(slot);
+        const committeeSize = committee?.length ?? 0;
+        canAdd = await pool.canAddCheckpointAttestation(attestation, committeeSize);
+      }
+
+      this.logger.trace(`Validate propagated checkpoint attestation`, {
+        isValid,
+        exists,
+        canAdd,
+        [Attributes.SLOT_NUMBER]: attestation.payload.header.slotNumber.toString(),
         [Attributes.P2P_ID]: source.toString(),
       });
-      return { result, obj: attestation };
+
+      if (!isValid) {
+        return { result: TopicValidatorResult.Reject };
+      } else if (exists) {
+        return { result: TopicValidatorResult.Ignore, obj: attestation };
+      } else if (!canAdd) {
+        this.logger.warn(`Dropping checkpoint attestation due to per-(slot, proposalId) attestation cap`, {
+          slot: attestation.payload.header.slotNumber.toString(),
+          archive: attestation.archive.toString(),
+          source: source.toString(),
+        });
+        return { result: TopicValidatorResult.Ignore, obj: attestation };
+      } else {
+        return { result: TopicValidatorResult.Accept, obj: attestation };
+      }
     };
 
-    const { result, obj: attestation } = await this.validateReceivedMessage<BlockAttestation>(
+    const { result, obj: attestation } = await this.validateReceivedMessage<CheckpointAttestation>(
       validationFunc,
       msgId,
       source,
+      TopicType.checkpoint_attestation,
     );
-    if (!result || !attestation) {
+
+    if (result !== TopicValidatorResult.Accept || !attestation) {
       return;
     }
+
     this.logger.debug(
-      `Received attestation for block ${attestation.blockNumber.toNumber()} slot ${attestation.slotNumber.toNumber()} from external peer.`,
+      `Received checkpoint attestation for slot ${attestation.slotNumber} from external peer ${source.toString()}`,
       {
-        p2pMessageIdentifier: await attestation.p2pMessageIdentifier(),
-        slot: attestation.slotNumber.toNumber(),
+        p2pMessageIdentifier: await attestation.p2pMessageLoggingIdentifier(),
+        slot: attestation.slotNumber,
         archive: attestation.archive.toString(),
-        block: attestation.blockNumber.toNumber(),
+        source: source.toString(),
       },
     );
-    await this.mempools.attestationPool!.addAttestations([attestation]);
+
+    await this.mempools.attestationPool.addCheckpointAttestations([attestation]);
   }
 
-  private async processBlockFromPeer(msg: Message, msgId: string, source: PeerId): Promise<void> {
-    const validationFunc = async () => {
-      const block = BlockProposal.fromBuffer(Buffer.from(msg.data));
-      const result = await this.validateBlockProposal(source, block);
-      this.logger.trace(`validatePropagatedBlock: ${result}`, {
-        [Attributes.SLOT_NUMBER]: block.payload.header.globalVariables.slotNumber.toString(),
+  private async processBlockFromPeer(payloadData: Buffer, msgId: string, source: PeerId): Promise<void> {
+    const validationFunc: () => Promise<ReceivedMessageValidationResult<BlockProposal>> = async () => {
+      const block = BlockProposal.fromBuffer(payloadData);
+      const isValid = await this.validateBlockProposal(source, block);
+      const pool = this.mempools.attestationPool;
+
+      const exists = isValid && (await pool.hasBlockProposal(block));
+      const canAdd = isValid && (await pool.canAddProposal(block));
+
+      this.logger.trace(`Validate propagated block proposal`, {
+        isValid,
+        exists,
+        canAdd,
+        [Attributes.SLOT_NUMBER]: block.slotNumber.toString(),
         [Attributes.P2P_ID]: source.toString(),
       });
-      return { result, obj: block };
+
+      if (!isValid) {
+        return { result: TopicValidatorResult.Reject };
+      } else if (exists) {
+        return { result: TopicValidatorResult.Ignore, obj: block };
+      } else if (!canAdd) {
+        this.peerManager.penalizePeer(source, PeerErrorSeverity.MidToleranceError);
+        this.logger.warn(`Penalizing peer for block proposal exceeding per-slot cap`, {
+          slot: block.slotNumber.toString(),
+          archive: block.archive.toString(),
+          source: source.toString(),
+        });
+        return { result: TopicValidatorResult.Reject };
+      } else {
+        return { result: TopicValidatorResult.Accept, obj: block };
+      }
     };
 
-    const { result, obj: block } = await this.validateReceivedMessage<BlockProposal>(validationFunc, msgId, source);
+    const { result, obj: block } = await this.validateReceivedMessage<BlockProposal>(
+      validationFunc,
+      msgId,
+      source,
+      TopicType.block_proposal,
+    );
+
     if (!result || !block) {
       return;
     }
-    await this.processValidBlockProposal(block);
+
+    await this.processValidBlockProposal(block, source);
   }
 
   // REVIEW: callback pattern https://github.com/AztecProtocol/aztec-packages/issues/7963
+  // REFACTOR(palla): This method should be moved to the p2p_client or to a separate component,
+  // should not be here as it does not deal with p2p networking.
   @trackSpan('Libp2pService.processValidBlockProposal', async block => ({
-    [Attributes.BLOCK_NUMBER]: block.blockNumber.toNumber(),
-    [Attributes.SLOT_NUMBER]: block.slotNumber.toNumber(),
+    [Attributes.SLOT_NUMBER]: block.slotNumber,
     [Attributes.BLOCK_ARCHIVE]: block.archive.toString(),
-    [Attributes.P2P_ID]: await block.p2pMessageIdentifier().then(i => i.toString()),
+    [Attributes.P2P_ID]: await block.p2pMessageLoggingIdentifier().then(i => i.toString()),
   }))
-  private async processValidBlockProposal(block: BlockProposal) {
-    this.logger.verbose(
-      `Received block ${block.blockNumber.toNumber()} for slot ${block.slotNumber.toNumber()} from external peer.`,
-      {
-        p2pMessageIdentifier: await block.p2pMessageIdentifier(),
-        slot: block.slotNumber.toNumber(),
-        archive: block.archive.toString(),
-        block: block.blockNumber.toNumber(),
-      },
+  private async processValidBlockProposal(block: BlockProposal, sender: PeerId) {
+    const slot = block.slotNumber;
+    this.logger.verbose(`Received block proposal for slot ${slot} from external peer ${sender.toString()}.`, {
+      p2pMessageIdentifier: await block.p2pMessageLoggingIdentifier(),
+      source: sender.toString(),
+      ...block.toBlockInfo(),
+    });
+
+    // Attempt to add proposal
+    try {
+      await this.mempools.attestationPool.addBlockProposal(block);
+    } catch (err: unknown) {
+      // Drop proposals if we hit per-slot cap in the attestation pool; rethrow unknown errors
+      if (err instanceof ProposalSlotCapExceededError) {
+        this.logger.warn(`Dropping block proposal due to per-slot proposal cap`, {
+          slot: String(slot),
+          archive: block.archive.toString(),
+          error: (err as Error).message,
+        });
+        return;
+      }
+      throw err;
+    }
+
+    // Mark the txs in this proposal as non-evictable
+    await this.mempools.txPool.markTxsAsNonEvictable(block.txHashes);
+
+    // Call the block received callback to validate the proposal.
+    // Note: Validators do NOT attest to individual blocks, only to checkpoint proposals.
+    const isValid = await this.blockReceivedCallback(block, sender);
+    if (!isValid) {
+      this.logger.warn(`Block proposal validation failed for block ${block.blockNumber}`, block.toBlockInfo());
+    }
+  }
+
+  /**
+   * Handle a gossiped checkpoint proposal.
+   * Validates and processes the checkpoint proposal, then triggers the callback for attestation.
+   */
+  private async handleGossipedCheckpointProposal(payloadData: Buffer, msgId: string, source: PeerId): Promise<void> {
+    // TODO(palla/mbps): This pattern is repeated across multiple message handlers, consider abstracting it.
+    const validationFunc: () => Promise<ReceivedMessageValidationResult<CheckpointProposal>> = async () => {
+      const checkpoint = CheckpointProposal.fromBuffer(payloadData);
+      const isValid = await this.validateCheckpointProposal(source, checkpoint);
+      const pool = this.mempools.attestationPool;
+
+      const exists = isValid && (await pool.hasCheckpointProposal(checkpoint));
+      const canAdd = isValid && (await pool.canAddCheckpointProposal(checkpoint));
+
+      this.logger.trace(`Validate propagated checkpoint proposal`, {
+        isValid,
+        exists,
+        canAdd,
+        [Attributes.SLOT_NUMBER]: checkpoint.slotNumber.toString(),
+        [Attributes.P2P_ID]: source.toString(),
+      });
+
+      if (!isValid) {
+        return { result: TopicValidatorResult.Reject };
+      } else if (exists) {
+        return { result: TopicValidatorResult.Ignore, obj: checkpoint };
+      } else if (!canAdd) {
+        this.peerManager.penalizePeer(source, PeerErrorSeverity.MidToleranceError);
+        this.logger.warn(`Penalizing peer for checkpoint proposal exceeding per-slot cap`, {
+          slot: checkpoint.slotNumber.toString(),
+          archive: checkpoint.archive.toString(),
+          source: source.toString(),
+        });
+        return { result: TopicValidatorResult.Reject };
+      } else {
+        return { result: TopicValidatorResult.Accept, obj: checkpoint };
+      }
+    };
+
+    const { result, obj: checkpoint } = await this.validateReceivedMessage<CheckpointProposal>(
+      validationFunc,
+      msgId,
+      source,
+      TopicType.checkpoint_proposal,
     );
-    const attestation = await this.blockReceivedCallback(block);
 
-    // TODO: fix up this pattern - the abstraction is not nice
-    // The attestation can be undefined if no handler is registered / the validator deems the block invalid
-    if (attestation != undefined) {
-      this.logger.verbose(
-        `Broadcasting attestation for block ${attestation.blockNumber.toNumber()} slot ${attestation.slotNumber.toNumber()}`,
-        {
-          p2pMessageIdentifier: await attestation.p2pMessageIdentifier(),
-          slot: attestation.slotNumber.toNumber(),
-          archive: attestation.archive.toString(),
-          block: attestation.blockNumber.toNumber(),
-        },
-      );
-      await this.broadcastAttestation(attestation);
+    if (result !== TopicValidatorResult.Accept || !checkpoint) {
+      return;
     }
+
+    await this.processValidCheckpointProposal(checkpoint, source);
   }
 
   /**
-   * Broadcast an attestation to all peers.
-   * @param attestation - The attestation to broadcast.
+   * Process a validated checkpoint proposal.
+   * Extracts and processes the last block proposal (if present) first, then processes the checkpoint.
+   * The block callback is invoked before the checkpoint callback.
    */
-  @trackSpan('Libp2pService.broadcastAttestation', async attestation => ({
-    [Attributes.BLOCK_NUMBER]: attestation.payload.header.globalVariables.blockNumber.toNumber(),
-    [Attributes.SLOT_NUMBER]: attestation.payload.header.globalVariables.slotNumber.toNumber(),
-    [Attributes.BLOCK_ARCHIVE]: attestation.archive.toString(),
-    [Attributes.P2P_ID]: await attestation.p2pMessageIdentifier().then(i => i.toString()),
+  @trackSpan('Libp2pService.processValidCheckpointProposal', async checkpoint => ({
+    [Attributes.SLOT_NUMBER]: checkpoint.slotNumber,
+    [Attributes.BLOCK_ARCHIVE]: checkpoint.archive.toString(),
+    [Attributes.P2P_ID]: await checkpoint.p2pMessageLoggingIdentifier().then(i => i.toString()),
   }))
-  private async broadcastAttestation(attestation: BlockAttestation) {
-    await this.propagate(attestation);
+  private async processValidCheckpointProposal(checkpoint: CheckpointProposal, sender: PeerId) {
+    const slot = checkpoint.slotNumber;
+    this.logger.verbose(`Received checkpoint proposal for slot ${slot} from external peer ${sender.toString()}.`, {
+      p2pMessageIdentifier: await checkpoint.p2pMessageLoggingIdentifier(),
+      slot: checkpoint.slotNumber,
+      archive: checkpoint.archive.toString(),
+      source: sender.toString(),
+    });
+
+    // Extract block proposal before adding to pool (pool stores them separately)
+    const blockProposal = checkpoint.getBlockProposal();
+
+    // Add proposal to the pool (this extracts and stores block proposal separately)
+    await this.mempools.attestationPool.addCheckpointProposal(checkpoint);
+
+    // Mark txs as non-evictable if present (from the last block)
+    if (checkpoint.txHashes.length > 0) {
+      await this.mempools.txPool.markTxsAsNonEvictable(checkpoint.txHashes);
+    }
+
+    // If there was a last block proposal, invoke the block callback first for validation.
+    // Note: The block proposal is already stored in the pool by addCheckpointProposal.
+    if (blockProposal) {
+      const isValid = await this.blockReceivedCallback(blockProposal, sender);
+      if (!isValid) {
+        this.logger.warn(`Block proposal from checkpoint failed validation`, {
+          slot: slot.toString(),
+          archive: checkpoint.archive.toString(),
+          blockNumber: blockProposal.blockNumber.toString(),
+        });
+        return;
+      }
+    }
+
+    // Call the checkpoint received callback with the core version (without lastBlock)
+    // to validate and potentially generate attestations
+    const attestations = await this.checkpointReceivedCallback(checkpoint.toCore(), sender);
+    if (attestations && attestations.length > 0) {
+      // If the callback returned attestations, add them to the pool and propagate them
+      await this.mempools.attestationPool.addCheckpointAttestations(attestations);
+      for (const attestation of attestations) {
+        await this.propagate(attestation);
+      }
+    }
   }
 
   /**
@@ -620,111 +1187,312 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
    * @param message - The message to propagate.
    */
   public async propagate<T extends Gossipable>(message: T) {
-    const p2pMessageIdentifier = await message.p2pMessageIdentifier();
+    const p2pMessageIdentifier = await message.p2pMessageLoggingIdentifier();
     this.logger.trace(`Message ${p2pMessageIdentifier} queued`, { p2pMessageIdentifier });
-    void this.jobQueue
-      .put(async () => {
-        await this.sendToPeers(message);
-      })
-      .catch(error => {
-        this.logger.error(`Error propagating message ${p2pMessageIdentifier}`, { error });
-      });
+    void this.sendToPeers(message).catch(error => {
+      this.logger.error(`Error propagating message ${p2pMessageIdentifier}`, { error });
+    });
   }
 
   /**
-   * Validate a tx that has been requested from a peer.
+   * Validate the requested block transactions. Allow partial returns.
+   * @param request - The block transactions request.
+   * @param response - The block transactions response.
+   * @param peerId - The ID of the peer that made the request.
+   * @returns True if the requested block transactions are valid, false otherwise.
+   */
+  @trackSpan('Libp2pService.validateRequestedBlockTxs', request => ({
+    [Attributes.BLOCK_HASH]: request.blockHash.toString(),
+  }))
+  private async validateRequestedBlockTxs(
+    request: BlockTxsRequest,
+    response: BlockTxsResponse,
+    peerId: PeerId,
+  ): Promise<boolean> {
+    const requestedTxValidator = this.createRequestedTxValidator();
+
+    try {
+      if (!response.blockHash.equals(request.blockHash)) {
+        this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
+        throw new ValidationError(
+          `Received block txs for unexpected block: expected ${request.blockHash.toString()}, got ${response.blockHash.toString()}`,
+        );
+      }
+
+      if (response.txIndices.getLength() !== request.txIndices.getLength()) {
+        this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
+        throw new ValidationError(
+          `Received block txs with mismatched bitvector length: expected ${request.txIndices.getLength()}, got ${response.txIndices.getLength()}`,
+        );
+      }
+
+      // Check no duplicates and not exceeding returnable count
+      const requestedIndices = new Set(request.txIndices.getTrueIndices());
+      const availableIndices = new Set(response.txIndices.getTrueIndices());
+      const maxReturnable = [...requestedIndices].filter(i => availableIndices.has(i)).length;
+
+      const returnedHashes = await Promise.all(response.txs.map(tx => tx.getTxHash().toString()));
+      const uniqueReturned = new Set(returnedHashes.map(h => h.toString()));
+      if (uniqueReturned.size !== returnedHashes.length) {
+        this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
+        throw new ValidationError(`Received duplicate txs in block txs response`);
+      }
+      if (response.txs.length > maxReturnable) {
+        this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
+        throw new ValidationError(
+          `Received more txs (${response.txs.length}) than requested-and-available (${maxReturnable})`,
+        );
+      }
+
+      // Given proposal (should have locally), ensure returned txs are valid subset and match request indices
+      const proposal = await this.mempools.attestationPool.getBlockProposal(request.blockHash.toString());
+      if (proposal) {
+        // Build intersected indices
+        const intersectIdx = request.txIndices.getTrueIndices().filter(i => response.txIndices.isSet(i));
+
+        // Enforce subset membership and preserve increasing order by index.
+        const hashToIndexInProposal = new Map<string, number>(
+          proposal.txHashes.map((h, i) => [h.toString(), i] as [string, number]),
+        );
+        const allowedIndexSet = new Set(intersectIdx);
+        const indices = returnedHashes.map(h => hashToIndexInProposal.get(h));
+        const allAllowed = indices.every(idx => idx !== undefined && allowedIndexSet.has(idx));
+        const strictlyIncreasing = indices.every((idx, i) => (i === 0 ? idx !== undefined : idx! > indices[i - 1]!));
+        if (!allAllowed || !strictlyIncreasing) {
+          this.peerManager.penalizePeer(peerId, PeerErrorSeverity.LowToleranceError);
+          throw new ValidationError('Returned txs do not match expected subset/order for requested indices');
+        }
+      } else {
+        // No local proposal, cannot check the membership/order of the returned txs
+        this.logger.warn(
+          `Block proposal not found for block hash ${request.blockHash.toString()}; cannot validate membership/order of returned txs`,
+        );
+        return false;
+      }
+
+      await Promise.all(response.txs.map(tx => this.validateRequestedTx(tx, peerId, requestedTxValidator)));
+      return true;
+    } catch (e: any) {
+      if (e instanceof ValidationError) {
+        this.logger.warn(`Failed validation for requested block txs from peer ${peerId.toString()}`);
+      } else {
+        this.logger.error(`Error during validation of requested block txs`, e);
+      }
+
+      return false;
+    }
+  }
+
+  /**
+   * Validate a collection of txs that has been requested from a peer.
    *
-   * The core component of this validator is that the tx hash MUST match the requested tx hash,
+   * The core component of this validator is that each tx hash MUST match the requested tx hash,
    * In order to perform this check, the tx proof must be verified.
    *
    * Note: This function is called from within `ReqResp.sendRequest` as part of the
    * ReqRespSubProtocol.TX subprotocol validation.
    *
-   * @param requestedTxHash - The hash of the tx that was requested.
-   * @param responseTx - The tx that was received as a response to the request.
+   * @param requestedTxHash - The collection of the txs that was requested.
+   * @param responseTx - The collection of txs that was received as a response to the request.
    * @param peerId - The peer ID of the peer that sent the tx.
-   * @returns True if the tx is valid, false otherwise.
+   * @returns True if the whole collection of txs is valid, false otherwise.
    */
   @trackSpan('Libp2pService.validateRequestedTx', (requestedTxHash, _responseTx) => ({
     [Attributes.TX_HASH]: requestedTxHash.toString(),
   }))
-  private async validateRequestedTx(requestedTxHash: TxHash, responseTx: Tx, peerId: PeerId): Promise<boolean> {
-    const proofValidator = new TxProofValidator(this.proofVerifier);
-    const validProof = await proofValidator.validateTx(responseTx);
-
-    // If the node returns the wrong data, we penalize it
-    if (!requestedTxHash.equals(await responseTx.getTxHash())) {
-      // Returning the wrong data is a low tolerance error
-      this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
+  private async validateRequestedTxs(requestedTxHash: TxHash[], responseTx: Tx[], peerId: PeerId): Promise<boolean> {
+    const requested = new Set(requestedTxHash.map(h => h.toString()));
+    const requestedTxValidator = this.createRequestedTxValidator();
+
+    //TODO: (mralj) - this is somewhat naive implementation, if single tx is invlid we consider the whole response invalid.
+    // I think we should still extract the valid txs and return them, so that we can still use the response.
+    try {
+      await Promise.all(responseTx.map(tx => this.validateRequestedTx(tx, peerId, requestedTxValidator, requested)));
+      return true;
+    } catch (e: any) {
+      if (e instanceof ValidationError) {
+        this.logger.warn(`Failed to validate requested txs from peer ${peerId.toString()}, reason ${e.message}`);
+      } else {
+        this.logger.error(`Error during validation of requested txs`, e);
+      }
+
       return false;
     }
+  }
 
-    if (validProof.result === 'invalid') {
-      // If the proof is invalid, but the txHash is correct, then this is an active attack and we severly punish
-      this.peerManager.penalizePeer(peerId, PeerErrorSeverity.LowToleranceError);
+  /**
+   * Validates a BLOCK response.
+   *
+   * If a local copy exists, enforces hash equality. If missing, rejects (no penalty) since the hash cannot be verified.
+   * Penalizes on block number mismatch or hash mismatch.
+   *
+   * @param requestedBlockNumber - The requested block number.
+   * @param responseBlock - The block returned by the peer.
+   * @param peerId - The peer that returned the block.
+   * @returns True if the response is valid, false otherwise.
+   */
+  @trackSpan('Libp2pService.validateRequestedBlock', (requestedBlockNumber, _responseBlock) => ({
+    [Attributes.BLOCK_NUMBER]: requestedBlockNumber.toString(),
+  }))
+  private async validateRequestedBlock(
+    requestedBlockNumber: Fr,
+    responseBlock: L2Block,
+    peerId: PeerId,
+  ): Promise<boolean> {
+    try {
+      const reqNum = Number(requestedBlockNumber.toString());
+      if (responseBlock.number !== reqNum) {
+        this.peerManager.penalizePeer(peerId, PeerErrorSeverity.LowToleranceError);
+        return false;
+      }
+
+      const local = await this.archiver.getBlock(BlockNumber(reqNum));
+      if (!local) {
+        // We are missing the local block; we cannot verify the hash yet. Reject without penalizing.
+        // TODO: Consider extending this validator to accept an expected hash or
+        // performing quorum-based checks when using P2P syncing prior to L1 sync.
+        this.logger.warn(`Local block ${reqNum} not found; rejecting BLOCK response without hash verification`);
+        return false;
+      }
+      const [localHash, respHash] = await Promise.all([local.hash(), responseBlock.hash()]);
+      if (!localHash.equals(respHash)) {
+        this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
+        return false;
+      }
+
+      return true;
+    } catch (e) {
+      this.logger.warn(`Error validating requested block`, e);
       return false;
     }
+  }
 
-    return true;
+  private createRequestedTxValidator(): TxValidator {
+    return new AggregateTxValidator(
+      new DataTxValidator(),
+      new MetadataTxValidator({
+        l1ChainId: new Fr(this.config.l1ChainId),
+        rollupVersion: new Fr(this.config.rollupVersion),
+        protocolContractsHash,
+        vkTreeRoot: getVKTreeRoot(),
+      }),
+      new TxProofValidator(this.proofVerifier),
+    );
   }
 
-  @trackSpan('Libp2pService.validatePropagatedTx', async tx => ({
-    [Attributes.TX_HASH]: (await tx.getTxHash()).toString(),
+  private async validateRequestedTx(tx: Tx, peerId: PeerId, txValidator: TxValidator, requested?: Set<`0x${string}`>) {
+    const penalize = (severity: PeerErrorSeverity) => this.peerManager.penalizePeer(peerId, severity);
+
+    if (!(await tx.validateTxHash())) {
+      penalize(PeerErrorSeverity.MidToleranceError);
+      throw new ValidationError(`Received tx with invalid hash ${tx.getTxHash().toString()}.`);
+    }
+
+    if (requested && !requested.has(tx.getTxHash().toString())) {
+      penalize(PeerErrorSeverity.MidToleranceError);
+      throw new ValidationError(`Received tx with hash ${tx.getTxHash().toString()} that was not requested.`);
+    }
+
+    const { result } = await txValidator.validateTx(tx);
+    if (result === 'invalid') {
+      penalize(PeerErrorSeverity.LowToleranceError);
+      throw new ValidationError(`Received tx with hash ${tx.getTxHash().toString()} that is invalid.`);
+    }
+  }
+
+  @trackSpan('Libp2pService.validatePropagatedTx', tx => ({
+    [Attributes.TX_HASH]: tx.getTxHash().toString(),
   }))
   private async validatePropagatedTx(tx: Tx, peerId: PeerId): Promise<boolean> {
-    const blockNumber = (await this.l2BlockSource.getBlockNumber()) + 1;
-    const messageValidators = this.createMessageValidators(blockNumber);
-    const outcome = await this.runValidations(tx, messageValidators);
+    const currentBlockNumber = await this.archiver.getBlockNumber();
 
-    if (outcome.allPassed) {
-      return true;
+    // We accept transactions if they are not expired by the next slot (checked based on the IncludeByTimestamp field)
+    const { ts: nextSlotTimestamp } = this.epochCache.getEpochAndSlotInNextL1Slot();
+    const messageValidators = await this.createMessageValidators(currentBlockNumber, nextSlotTimestamp);
+
+    for (const validator of messageValidators) {
+      const outcome = await this.runValidations(tx, validator);
+
+      if (outcome.allPassed) {
+        continue;
+      }
+      const { name } = outcome.failure;
+      let { severity } = outcome.failure;
+
+      // Double spend validator has a special case handler
+      if (name === 'doubleSpendValidator') {
+        const txBlockNumber = BlockNumber(currentBlockNumber + 1); // tx is expected to be in the next block
+        severity = await this.handleDoubleSpendFailure(tx, txBlockNumber);
+      }
+
+      this.peerManager.penalizePeer(peerId, severity);
+      return false;
     }
-    const { name } = outcome.failure;
-    let { severity } = outcome.failure;
+    return true;
+  }
 
-    // Double spend validator has a special case handler
-    if (name === 'doubleSpendValidator') {
-      severity = await this.handleDoubleSpendFailure(tx, blockNumber);
+  private async getGasFees(blockNumber: BlockNumber): Promise<GasFees> {
+    if (blockNumber === this.feesCache?.blockNumber) {
+      return this.feesCache.gasFees;
     }
 
-    this.peerManager.penalizePeer(peerId, severity);
-    return false;
+    const header = await this.archiver.getBlockHeader(blockNumber);
+    const gasFees = header?.globalVariables.gasFees ?? GasFees.empty();
+    this.feesCache = { blockNumber, gasFees };
+    return gasFees;
+  }
+
+  public async validate(txs: Tx[]): Promise<void> {
+    const currentBlockNumber = await this.archiver.getBlockNumber();
+
+    // We accept transactions if they are not expired by the next slot (checked based on the IncludeByTimestamp field)
+    const { ts: nextSlotTimestamp } = this.epochCache.getEpochAndSlotInNextL1Slot();
+    const messageValidators = await this.createMessageValidators(currentBlockNumber, nextSlotTimestamp);
+
+    await Promise.all(
+      txs.map(async tx => {
+        for (const validator of messageValidators) {
+          const outcome = await this.runValidations(tx, validator);
+          if (!outcome.allPassed) {
+            throw new Error('Invalid tx detected', { cause: { outcome } });
+          }
+        }
+      }),
+    );
   }
 
   /**
-   * Create message validators for the given block number.
+   * Create message validators for the given block number and timestamp.
    *
    * Each validator is a pair of a validator and a severity.
    * If a validator fails, the peer is penalized with the severity of the validator.
    *
-   * @param blockNumber - The block number to create validators for.
+   * @param currentBlockNumber - The current synced block number.
+   * @param nextSlotTimestamp - The timestamp of the next slot (used to validate txs are not expired).
    * @returns The message validators.
    */
-  private createMessageValidators(blockNumber: number): Record<string, MessageValidator> {
-    return {
-      dataValidator: {
-        validator: new DataTxValidator(),
-        severity: PeerErrorSeverity.HighToleranceError,
-      },
-      metadataValidator: {
-        validator: new MetadataTxValidator(new Fr(this.config.l1ChainId), new Fr(blockNumber)),
-        severity: PeerErrorSeverity.HighToleranceError,
-      },
-      proofValidator: {
-        validator: new TxProofValidator(this.proofVerifier),
-        severity: PeerErrorSeverity.MidToleranceError,
-      },
-      doubleSpendValidator: {
-        validator: new DoubleSpendTxValidator({
-          nullifiersExist: async (nullifiers: Buffer[]) => {
-            const merkleTree = this.worldStateSynchronizer.getCommitted();
-            const indices = await merkleTree.findLeafIndices(MerkleTreeId.NULLIFIER_TREE, nullifiers);
-            return indices.map(index => index !== undefined);
-          },
-        }),
-        severity: PeerErrorSeverity.HighToleranceError,
-      },
-    };
+  private async createMessageValidators(
+    currentBlockNumber: BlockNumber,
+    nextSlotTimestamp: UInt64,
+  ): Promise<Record<string, MessageValidator>[]> {
+    const gasFees = await this.getGasFees(currentBlockNumber);
+    const allowedInSetup = this.config.txPublicSetupAllowList ?? (await getDefaultAllowedSetupFunctions());
+
+    const blockNumberInWhichTheTxIsConsideredToBeIncluded = BlockNumber(currentBlockNumber + 1);
+
+    return createTxMessageValidators(
+      nextSlotTimestamp,
+      blockNumberInWhichTheTxIsConsideredToBeIncluded,
+      this.worldStateSynchronizer,
+      gasFees,
+      this.config.l1ChainId,
+      this.config.rollupVersion,
+      protocolContractsHash,
+      this.archiver,
+      this.proofVerifier,
+      !this.config.disableTransactions,
+      allowedInSetup,
+    );
   }
 
   /**
@@ -739,28 +1507,26 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
   ): Promise<ValidationOutcome> {
     const validationPromises = Object.entries(messageValidators).map(async ([name, { validator, severity }]) => {
       const { result } = await validator.validateTx(tx);
-      return { name, isValid: result === 'valid', severity };
+      return { name, isValid: result !== 'invalid', severity };
     });
 
     // A promise that resolves when all validations have been run
-    const allValidations = Promise.all(validationPromises);
-
-    // A promise that resolves when the first validation fails
-    const firstFailure = Promise.race(
-      validationPromises.map(async promise => {
-        const result = await promise;
-        return result.isValid ? new Promise(() => {}) : result;
-      }),
-    );
-
-    // Wait for the first validation to fail or all validations to pass
-    const result = await Promise.race([
-      allValidations.then(() => ({ allPassed: true as const })),
-      firstFailure.then(failure => ({ allPassed: false as const, failure: failure as ValidationResult })),
-    ]);
-
-    // If all validations pass, allPassed will be true, if failed, then the failure will be the first validation to fail
-    return result;
+    const allValidations = await Promise.all(validationPromises);
+    const failed = allValidations.find(x => !x.isValid);
+    if (failed) {
+      return {
+        allPassed: false,
+        failure: {
+          isValid: { result: 'invalid' as const, reason: ['Failed validation'] },
+          name: failed.name,
+          severity: failed.severity,
+        },
+      };
+    } else {
+      return {
+        allPassed: true,
+      };
+    }
   }
 
   /**
@@ -774,7 +1540,7 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
    * @param peerId - The peer ID of the peer that sent the tx.
    * @returns Severity
    */
-  private async handleDoubleSpendFailure(tx: Tx, blockNumber: number): Promise<PeerErrorSeverity> {
+  private async handleDoubleSpendFailure(tx: Tx, blockNumber: BlockNumber): Promise<PeerErrorSeverity> {
     if (blockNumber <= this.config.doubleSpendSeverePeerPenaltyWindow) {
       return PeerErrorSeverity.HighToleranceError;
     }
@@ -782,7 +1548,7 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
     const snapshotValidator = new DoubleSpendTxValidator({
       nullifiersExist: async (nullifiers: Buffer[]) => {
         const merkleTree = this.worldStateSynchronizer.getSnapshot(
-          blockNumber - this.config.doubleSpendSeverePeerPenaltyWindow,
+          BlockNumber(blockNumber - this.config.doubleSpendSeverePeerPenaltyWindow),
         );
         const indices = await merkleTree.findLeafIndices(MerkleTreeId.NULLIFIER_TREE, nullifiers);
         return indices.map(index => index !== undefined);
@@ -798,20 +1564,20 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
   }
 
   /**
-   * Validate an attestation.
+   * Validate a checkpoint attestation.
    *
-   * @param attestation - The attestation to validate.
-   * @returns True if the attestation is valid, false otherwise.
+   * @param attestation - The checkpoint attestation to validate.
+   * @returns True if the checkpoint attestation is valid, false otherwise.
    */
-  @trackSpan('Libp2pService.validateAttestation', async (_, attestation) => ({
-    [Attributes.BLOCK_NUMBER]: attestation.payload.header.globalVariables.blockNumber.toNumber(),
-    [Attributes.SLOT_NUMBER]: attestation.payload.header.globalVariables.slotNumber.toNumber(),
+  @trackSpan('Libp2pService.validateCheckpointAttestation', async (_, attestation) => ({
+    [Attributes.SLOT_NUMBER]: attestation.payload.header.slotNumber,
     [Attributes.BLOCK_ARCHIVE]: attestation.archive.toString(),
-    [Attributes.P2P_ID]: await attestation.p2pMessageIdentifier().then(i => i.toString()),
+    [Attributes.P2P_ID]: await attestation.p2pMessageLoggingIdentifier().then(i => i.toString()),
   }))
-  public async validateAttestation(peerId: PeerId, attestation: BlockAttestation): Promise<boolean> {
-    const severity = await this.attestationValidator.validate(attestation);
+  public async validateCheckpointAttestation(peerId: PeerId, attestation: CheckpointAttestation): Promise<boolean> {
+    const severity = await this.checkpointAttestationValidator.validate(attestation);
     if (severity) {
+      this.logger.debug(`Penalizing peer ${peerId} for checkpoint attestation validation failure`);
       this.peerManager.penalizePeer(peerId, severity);
       return false;
     }
@@ -826,11 +1592,32 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
    * @returns True if the block proposal is valid, false otherwise.
    */
   @trackSpan('Libp2pService.validateBlockProposal', (_peerId, block) => ({
-    [Attributes.SLOT_NUMBER]: block.payload.header.globalVariables.slotNumber.toString(),
+    [Attributes.SLOT_NUMBER]: block.slotNumber.toString(),
   }))
   public async validateBlockProposal(peerId: PeerId, block: BlockProposal): Promise<boolean> {
     const severity = await this.blockProposalValidator.validate(block);
     if (severity) {
+      this.logger.debug(`Penalizing peer ${peerId} for block proposal validation failure`);
+      this.peerManager.penalizePeer(peerId, severity);
+      return false;
+    }
+
+    return true;
+  }
+
+  /**
+   * Validate a checkpoint proposal.
+   *
+   * @param checkpoint - The checkpoint proposal to validate.
+   * @returns True if the checkpoint proposal is valid, false otherwise.
+   */
+  @trackSpan('Libp2pService.validateCheckpointProposal', (_peerId, checkpoint) => ({
+    [Attributes.SLOT_NUMBER]: checkpoint.slotNumber.toString(),
+  }))
+  public async validateCheckpointProposal(peerId: PeerId, checkpoint: CheckpointProposal): Promise<boolean> {
+    const severity = await this.checkpointProposalValidator.validate(checkpoint);
+    if (severity) {
+      this.logger.debug(`Penalizing peer ${peerId} for checkpoint proposal validation failure`);
       this.peerManager.penalizePeer(peerId, severity);
       return false;
     }
@@ -842,13 +1629,17 @@ export class LibP2PService<T extends P2PClientType> extends WithTracer implement
     return this.node.services.pubsub.score.score(peerId.toString());
   }
 
+  public handleAuthRequestFromPeer(authRequest: AuthRequest, peerId: PeerId): Promise<StatusMessage> {
+    return this.peerManager.handleAuthRequestFromPeer(authRequest, peerId);
+  }
+
   private async sendToPeers<T extends Gossipable>(message: T) {
     const parent = message.constructor as typeof Gossipable;
 
-    const identifier = await message.p2pMessageIdentifier().then(i => i.toString());
+    const identifier = await message.p2pMessageLoggingIdentifier().then(i => i.toString());
     this.logger.trace(`Sending message ${identifier}`, { p2pMessageIdentifier: identifier });
 
-    const recipientsNum = await this.publishToTopic(parent.p2pTopic, message.toBuffer());
+    const recipientsNum = await this.publishToTopic(this.topicStrings[parent.p2pTopic], message);
     this.logger.debug(`Sent message ${identifier} to ${recipientsNum} peers`, {
       p2pMessageIdentifier: identifier,
       sourcePeer: this.node.peerId.toString(),