@aztec/p2p 0.0.0-test.1 → 0.0.1-commit.5476d83

package/dest/services/libp2p/libp2p_service.js

@@ -4,13 +4,19 @@ function _ts_decorate(decorators, target, key, desc) {
     else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
     return c > 3 && r && Object.defineProperty(target, key, r), r;
 }
+import { SlotNumber } from '@aztec/foundation/branded-types';
+import { randomInt } from '@aztec/foundation/crypto';
 import { Fr } from '@aztec/foundation/fields';
 import { createLibp2pComponentLogger, createLogger } from '@aztec/foundation/log';
-import { SerialQueue } from '@aztec/foundation/queue';
 import { RunningPromise } from '@aztec/foundation/running-promise';
-import { BlockAttestation, BlockProposal, P2PClientType, PeerErrorSeverity, TopicTypeMap, getTopicTypeForClientType, metricsTopicStrToLabels } from '@aztec/stdlib/p2p';
+import { Timer } from '@aztec/foundation/timer';
+import { getVKTreeRoot } from '@aztec/noir-protocol-circuits-types/vk-tree';
+import { protocolContractsHash } from '@aztec/protocol-contracts';
+import { GasFees } from '@aztec/stdlib/gas';
+import { BlockAttestation, BlockProposal, P2PClientType, P2PMessage, PeerErrorSeverity, TopicType, createTopicString, getTopicsForClientAndConfig, metricsTopicStrToLabels } from '@aztec/stdlib/p2p';
 import { MerkleTreeId } from '@aztec/stdlib/trees';
 import { Tx } from '@aztec/stdlib/tx';
+import { compressComponentVersions } from '@aztec/stdlib/versioning';
 import { Attributes, OtelMetricsAdapter, WithTracer, trackSpan } from '@aztec/telemetry-client';
 import { gossipsub } from '@chainsafe/libp2p-gossipsub';
 import { createPeerScoreParams, createTopicScoreParams } from '@chainsafe/libp2p-gossipsub/score';
@@ -20,23 +26,31 @@ import { yamux } from '@chainsafe/libp2p-yamux';
 import { bootstrap } from '@libp2p/bootstrap';
 import { identify } from '@libp2p/identify';
 import { TopicValidatorResult } from '@libp2p/interface';
-import '@libp2p/kad-dht';
 import { mplex } from '@libp2p/mplex';
 import { tcp } from '@libp2p/tcp';
+import { ENR } from '@nethermindeth/enr';
 import { createLibp2p } from 'libp2p';
-import { AttestationValidator, BlockProposalValidator } from '../../msg_validators/index.js';
-import { DataTxValidator, DoubleSpendTxValidator, MetadataTxValidator, TxProofValidator } from '../../msg_validators/tx_validator/index.js';
+import { ProposalSlotCapExceededError } from '../../errors/attestation-pool.error.js';
+import { AttestationValidator, BlockProposalValidator, FishermanAttestationValidator } from '../../msg_validators/index.js';
+import { MessageSeenValidator } from '../../msg_validators/msg_seen_validator/msg_seen_validator.js';
+import { getDefaultAllowedSetupFunctions } from '../../msg_validators/tx_validator/allowed_public_setup.js';
+import { createTxMessageValidators } from '../../msg_validators/tx_validator/factory.js';
+import { AggregateTxValidator, DataTxValidator, DoubleSpendTxValidator, MetadataTxValidator, TxProofValidator } from '../../msg_validators/tx_validator/index.js';
 import { GossipSubEvent } from '../../types/index.js';
 import { convertToMultiaddr } from '../../util.js';
+import { getVersions } from '../../versioning.js';
 import { AztecDatastore } from '../data_store.js';
+import { DiscV5Service } from '../discv5/discV5_service.js';
 import { SnappyTransform, fastMsgIdFn, getMsgIdFn, msgIdToStrFn } from '../encoding.js';
 import { gossipScoreThresholds } from '../gossipsub/scoring.js';
 import { PeerManager } from '../peer-manager/peer_manager.js';
 import { PeerScoring } from '../peer-manager/peer_scoring.js';
-import { DEFAULT_SUB_PROTOCOL_VALIDATORS, ReqRespSubProtocol } from '../reqresp/interface.js';
+import { DEFAULT_SUB_PROTOCOL_VALIDATORS, ReqRespSubProtocol, ValidationError } from '../reqresp/interface.js';
+import { reqRespBlockTxsHandler } from '../reqresp/protocols/block_txs/block_txs_handler.js';
 import { reqGoodbyeHandler } from '../reqresp/protocols/goodbye.js';
-import { pingHandler, reqRespBlockHandler, reqRespTxHandler, statusHandler } from '../reqresp/protocols/index.js';
+import { pingHandler, reqRespBlockHandler, reqRespStatusHandler, reqRespTxHandler } from '../reqresp/protocols/index.js';
 import { ReqResp } from '../reqresp/reqresp.js';
+import { P2PInstrumentation } from './instrumentation.js';
 /**
  * Lib P2P implementation of the P2PService interface.
  */ export class LibP2PService extends WithTracer {
@@ -44,62 +58,104 @@ import { ReqResp } from '../reqresp/reqresp.js';
     config;
     node;
     peerDiscoveryService;
+    reqresp;
+    peerManager;
     mempools;
-    l2BlockSource;
+    archiver;
+    epochCache;
     proofVerifier;
     worldStateSynchronizer;
-    logger;
-    jobQueue;
-    peerManager;
     discoveryRunningPromise;
+    msgIdSeenValidators;
     // Message validators
     attestationValidator;
     blockProposalValidator;
-    // Request and response sub service
-    reqresp;
+    protocolVersion;
+    topicStrings;
+    feesCache;
     /**
    * Callback for when a block is received from a peer.
    * @param block - The block received from the peer.
    * @returns The attestation for the block, if any.
    */ blockReceivedCallback;
-    constructor(clientType, config, node, peerDiscoveryService, mempools, l2BlockSource, epochCache, proofVerifier, worldStateSynchronizer, telemetry, logger = createLogger('p2p:libp2p_service')){
-        super(telemetry, 'LibP2PService'), this.clientType = clientType, this.config = config, this.node = node, this.peerDiscoveryService = peerDiscoveryService, this.mempools = mempools, this.l2BlockSource = l2BlockSource, this.proofVerifier = proofVerifier, this.worldStateSynchronizer = worldStateSynchronizer, this.logger = logger, this.jobQueue = new SerialQueue();
-        const peerScoring = new PeerScoring(config);
-        this.reqresp = new ReqResp(config, node, peerScoring);
-        this.peerManager = new PeerManager(node, peerDiscoveryService, config, telemetry, createLogger(`${logger.module}:peer_manager`), peerScoring, this.reqresp);
-        // Update gossipsub score params
-        this.node.services.pubsub.score.params.appSpecificScore = (peerId)=>{
-            return this.peerManager.getPeerScore(peerId);
-        };
-        this.node.services.pubsub.score.params.appSpecificWeight = 10;
-        this.attestationValidator = new AttestationValidator(epochCache);
-        this.blockProposalValidator = new BlockProposalValidator(epochCache);
+    gossipSubEventHandler;
+    instrumentation;
+    logger;
+    constructor(clientType, config, node, peerDiscoveryService, reqresp, peerManager, mempools, archiver, epochCache, proofVerifier, worldStateSynchronizer, telemetry, logger = createLogger('p2p:libp2p_service')){
+        super(telemetry, 'LibP2PService'), this.clientType = clientType, this.config = config, this.node = node, this.peerDiscoveryService = peerDiscoveryService, this.reqresp = reqresp, this.peerManager = peerManager, this.mempools = mempools, this.archiver = archiver, this.epochCache = epochCache, this.proofVerifier = proofVerifier, this.worldStateSynchronizer = worldStateSynchronizer, this.msgIdSeenValidators = {}, this.protocolVersion = '', this.topicStrings = {};
+        // Create child logger with fisherman prefix if in fisherman mode
+        this.logger = config.fishermanMode ? logger.createChild('[FISHERMAN]') : logger;
+        this.instrumentation = new P2PInstrumentation(telemetry, 'LibP2PService');
+        this.msgIdSeenValidators[TopicType.tx] = new MessageSeenValidator(config.seenMessageCacheSize);
+        this.msgIdSeenValidators[TopicType.block_proposal] = new MessageSeenValidator(config.seenMessageCacheSize);
+        this.msgIdSeenValidators[TopicType.block_attestation] = new MessageSeenValidator(config.seenMessageCacheSize);
+        const versions = getVersions(config);
+        this.protocolVersion = compressComponentVersions(versions);
+        logger.info(`Started libp2p service with protocol version ${this.protocolVersion}`);
+        this.topicStrings[TopicType.tx] = createTopicString(TopicType.tx, this.protocolVersion);
+        this.topicStrings[TopicType.block_proposal] = createTopicString(TopicType.block_proposal, this.protocolVersion);
+        this.topicStrings[TopicType.block_attestation] = createTopicString(TopicType.block_attestation, this.protocolVersion);
+        // Use FishermanAttestationValidator in fisherman mode to validate attestation payloads against proposals
+        this.attestationValidator = config.fishermanMode ? new FishermanAttestationValidator(epochCache, mempools.attestationPool, telemetry) : new AttestationValidator(epochCache);
+        this.blockProposalValidator = new BlockProposalValidator(epochCache, {
+            txsPermitted: !config.disableTransactions
+        });
+        this.gossipSubEventHandler = this.handleGossipSubEvent.bind(this);
         this.blockReceivedCallback = async (block)=>{
-            this.logger.debug(`Handler not yet registered: Block received callback not set. Received block for slot ${block.slotNumber.toNumber()} from peer.`, {
-                p2pMessageIdentifier: await block.p2pMessageIdentifier()
+            this.logger.debug(`Handler not yet registered: Block received callback not set. Received block for slot ${block.slotNumber} from peer.`, {
+                p2pMessageIdentifier: await block.p2pMessageLoggingIdentifier()
             });
             return undefined;
         };
     }
+    updateConfig(config) {
+        this.reqresp.updateConfig(config);
+    }
     /**
    * Creates an instance of the LibP2P service.
    * @param config - The configuration to use when creating the service.
    * @param txPool - The transaction pool to be accessed by the service.
    * @returns The new service.
-   */ static async new(clientType, config, peerDiscoveryService, peerId, mempools, l2BlockSource, epochCache, proofVerifier, worldStateSynchronizer, store, telemetry, logger = createLogger('p2p:libp2p_service')) {
-        const { tcpListenAddress, tcpAnnounceAddress, maxPeerCount } = config;
-        const bindAddrTcp = convertToMultiaddr(tcpListenAddress, 'tcp');
-        // We know tcpAnnounceAddress cannot be null here because we set it or throw when setting up the service.
-        const announceAddrTcp = convertToMultiaddr(tcpAnnounceAddress, 'tcp');
-        const datastore = new AztecDatastore(store);
+   */ static async new(clientType, config, peerId, deps) {
+        const { worldStateSynchronizer, epochCache, l2BlockSource, mempools, proofVerifier, peerStore, telemetry, logger, packageVersion } = deps;
+        const { p2pPort, maxPeerCount, listenAddress } = config;
+        const bindAddrTcp = convertToMultiaddr(listenAddress, p2pPort, 'tcp');
+        const datastore = new AztecDatastore(peerStore);
         const otelMetricsAdapter = new OtelMetricsAdapter(telemetry);
-        // If bootstrap nodes are provided, also provide them to the p2p service
+        const peerDiscoveryService = new DiscV5Service(peerId, config, packageVersion, telemetry, createLogger(`${logger.module}:discv5_service`));
+        // Seed libp2p's bootstrap discovery with private and trusted peers
+        const bootstrapNodes = [
+            ...config.privatePeers,
+            ...config.trustedPeers
+        ];
         const peerDiscovery = [];
-        if (peerDiscoveryService.bootstrapNodes.length > 0) {
+        if (bootstrapNodes.length > 0) {
             peerDiscovery.push(bootstrap({
-                list: peerDiscoveryService.bootstrapNodes
+                list: bootstrapNodes
             }));
         }
+        const versions = getVersions(config);
+        const protocolVersion = compressComponentVersions(versions);
+        const txTopic = createTopicString(TopicType.tx, protocolVersion);
+        const blockProposalTopic = createTopicString(TopicType.block_proposal, protocolVersion);
+        const blockAttestationTopic = createTopicString(TopicType.block_attestation, protocolVersion);
+        const preferredPeersEnrs = config.preferredPeers.map((enr)=>ENR.decodeTxt(enr));
+        const directPeers = (await Promise.all(preferredPeersEnrs.map(async (enr)=>{
+            const peerId = await enr.peerId();
+            const address = enr.getLocationMultiaddr('tcp');
+            if (address === undefined) {
+                throw new Error(`Direct peer ${peerId.toString()} has no TCP address, ENR: ${enr.encodeTxt()}`);
+            }
+            return {
+                id: peerId,
+                addrs: [
+                    address
+                ]
+            };
+        }))).filter((peer)=>peer !== undefined);
+        const announceTcpMultiaddr = config.p2pIp ? [
+            convertToMultiaddr(config.p2pIp, p2pPort, 'tcp')
+        ] : [];
         const node = await createLibp2p({
             start: false,
             peerId,
@@ -107,44 +163,76 @@ import { ReqResp } from '../reqresp/reqresp.js';
                 listen: [
                     bindAddrTcp
                 ],
-                announce: [
-                    announceAddrTcp
-                ]
+                announce: announceTcpMultiaddr
             },
             transports: [
                 tcp({
-                    maxConnections: config.maxPeerCount,
+                    // It's better to have this number a bit higher than our maxPeerCount because it's sets the limit on transport (TCP) layer
+                    // The connection attempts to the node on TCP layer are not necessarily valid Aztec peers so we want to have a bit of leeway here
+                    // If we hit the limit, the connection will be temporarily accepted and immediately dropped.
+                    // Docs: https://nodejs.org/api/net.html#servermaxconnections
+                    maxConnections: maxPeerCount * 2,
                     // socket option: the maximum length of the queue of pending connections
-                    // https://nodejs.org/dist/latest-v18.x/docs/api/net.html#serverlisten
+                    // https://nodejs.org/dist/latest-v22.x/docs/api/net.html#serverlisten
                     // it's not safe if we increase this number
                     backlog: 5,
                     closeServerOnMaxConnections: {
-                        closeAbove: maxPeerCount ?? Infinity,
-                        listenBelow: maxPeerCount ?? Infinity
+                        // The property `maxConnections` will protect us against the most DDOS attack
+                        // This property protects us in case of burst of new connections where server is not able to close them quickly enough
+                        // In case closeAbove is reached, the server stops listening altogether
+                        // It's important that there is enough difference between closeAbove and listenAbove,
+                        // otherwise the server.listener will flap between being closed and open potentially degrading perf even more
+                        closeAbove: maxPeerCount * 3,
+                        listenBelow: Math.floor(maxPeerCount * 0.9)
                     }
                 })
             ],
             datastore,
             peerDiscovery,
             streamMuxers: [
-                mplex(),
-                yamux()
+                yamux(),
+                mplex()
             ],
             connectionEncryption: [
                 noise()
             ],
             connectionManager: {
                 minConnections: 0,
+                // We set maxConnections above maxPeerCount because if we hit limit of maxPeerCount
+                // libp2p will start aggressively rejecting all new connections, preventing network discovery and crawling.
+                maxConnections: maxPeerCount * 2,
                 maxParallelDials: 100,
                 dialTimeout: 30_000,
                 maxPeerAddrsToDial: 5,
                 maxIncomingPendingConnections: 5
             },
+            connectionGater: {
+                denyInboundConnection: (maConn)=>{
+                    const allowed = peerManager.isNodeAllowedToConnect(maConn.remoteAddr.nodeAddress().address);
+                    if (allowed) {
+                        return false;
+                    }
+                    logger.debug(`Connection gater: Denying inbound connection from ${maConn.remoteAddr.toString()}`);
+                    return true;
+                },
+                denyInboundEncryptedConnection: (peerId, _maConn)=>{
+                    //NOTE: it is not necessary to check address here because this was already done by
+                    // denyInboundConnection
+                    const allowed = peerManager.isNodeAllowedToConnect(peerId);
+                    if (allowed) {
+                        return false;
+                    }
+                    logger.debug(`Connection gater: Denying inbound encrypted connection from ${peerId.toString()}`);
+                    return true;
+                }
+            },
             services: {
                 identify: identify({
-                    protocolPrefix: 'aztec'
+                    protocolPrefix: 'aztec',
+                    runOnConnectionOpen: true
                 }),
                 pubsub: gossipsub({
+                    directPeers,
                     debugName: 'gossipsub',
                     globalSignaturePolicy: SignaturePolicy.StrictNoSign,
                     allowPublishToZeroTopicPeers: true,
@@ -156,29 +244,30 @@ import { ReqResp } from '../reqresp/reqresp.js';
                     heartbeatInterval: config.gossipsubInterval,
                     mcacheLength: config.gossipsubMcacheLength,
                     mcacheGossip: config.gossipsubMcacheGossip,
+                    seenTTL: config.gossipsubSeenTTL,
                     msgIdFn: getMsgIdFn,
                     msgIdToStrFn: msgIdToStrFn,
                     fastMsgIdFn: fastMsgIdFn,
                     dataTransform: new SnappyTransform(),
                     metricsRegister: otelMetricsAdapter,
-                    metricsTopicStrToLabel: metricsTopicStrToLabels(),
+                    metricsTopicStrToLabel: metricsTopicStrToLabels(protocolVersion),
                     asyncValidation: true,
                     scoreThresholds: gossipScoreThresholds,
                     scoreParams: createPeerScoreParams({
                         // IPColocation factor can be disabled for local testing - default to -5
                         IPColocationFactorWeight: config.debugDisableColocationPenalty ? 0 : -5.0,
                         topics: {
-                            [Tx.p2pTopic]: createTopicScoreParams({
+                            [txTopic]: createTopicScoreParams({
                                 topicWeight: 1,
                                 invalidMessageDeliveriesWeight: -20,
                                 invalidMessageDeliveriesDecay: 0.5
                             }),
-                            [BlockAttestation.p2pTopic]: createTopicScoreParams({
+                            [blockAttestationTopic]: createTopicScoreParams({
                                 topicWeight: 1,
                                 invalidMessageDeliveriesWeight: -20,
                                 invalidMessageDeliveriesDecay: 0.5
                             }),
-                            [BlockProposal.p2pTopic]: createTopicScoreParams({
+                            [blockProposalTopic]: createTopicScoreParams({
                                 topicWeight: 1,
                                 invalidMessageDeliveriesWeight: -20,
                                 invalidMessageDeliveriesDecay: 0.5
@@ -192,7 +281,13 @@ import { ReqResp } from '../reqresp/reqresp.js';
             },
             logger: createLibp2pComponentLogger(logger.module)
         });
-        return new LibP2PService(clientType, config, node, peerDiscoveryService, mempools, l2BlockSource, epochCache, proofVerifier, worldStateSynchronizer, telemetry, logger);
+        const peerScoring = new PeerScoring(config, telemetry);
+        const reqresp = new ReqResp(config, node, peerScoring, createLogger(`${logger.module}:reqresp`));
+        const peerManager = new PeerManager(node, peerDiscoveryService, config, telemetry, createLogger(`${logger.module}:peer_manager`), peerScoring, reqresp, worldStateSynchronizer, protocolVersion, epochCache);
+        // Update gossipsub score params
+        node.services.pubsub.score.params.appSpecificWeight = 10;
+        node.services.pubsub.score.params.appSpecificScore = (peerId)=>peerManager.shouldDisableP2PGossip(peerId) ? -Infinity : peerManager.getPeerScore(peerId);
+        return new LibP2PService(clientType, config, node, peerDiscoveryService, reqresp, peerManager, mempools, l2BlockSource, epochCache, proofVerifier, worldStateSynchronizer, telemetry, logger);
     }
     /**
    * Starts the LibP2P service.
@@ -203,44 +298,57 @@ import { ReqResp } from '../reqresp/reqresp.js';
             throw new Error('P2P service already started');
         }
         // Get listen & announce addresses for logging
-        const { tcpListenAddress, tcpAnnounceAddress } = this.config;
-        if (!tcpAnnounceAddress) {
+        const { p2pIp, p2pPort } = this.config;
+        if (!p2pIp) {
             throw new Error('Announce address not provided.');
         }
-        const announceTcpMultiaddr = convertToMultiaddr(tcpAnnounceAddress, 'tcp');
-        // Start job queue, peer discovery service and libp2p node
-        this.jobQueue.start();
-        await this.peerDiscoveryService.start();
+        const announceTcpMultiaddr = convertToMultiaddr(p2pIp, p2pPort, 'tcp');
+        await this.peerManager.initializePeers();
+        if (!this.config.p2pDiscoveryDisabled) {
+            await this.peerDiscoveryService.start();
+        }
         await this.node.start();
         // Subscribe to standard GossipSub topics by default
-        for (const topic of getTopicTypeForClientType(this.clientType)){
-            this.subscribeToTopic(TopicTypeMap[topic].p2pTopic);
+        for (const topic of getTopicsForClientAndConfig(this.clientType, this.config.disableTransactions)){
+            this.subscribeToTopic(this.topicStrings[topic]);
         }
         // Create request response protocol handlers
         const txHandler = reqRespTxHandler(this.mempools);
         const goodbyeHandler = reqGoodbyeHandler(this.peerManager);
-        const blockHandler = reqRespBlockHandler(this.l2BlockSource);
+        const blockHandler = reqRespBlockHandler(this.archiver);
+        const statusHandler = reqRespStatusHandler(this.protocolVersion, this.worldStateSynchronizer, this.logger);
         const requestResponseHandlers = {
             [ReqRespSubProtocol.PING]: pingHandler,
-            [ReqRespSubProtocol.STATUS]: statusHandler,
-            [ReqRespSubProtocol.TX]: txHandler.bind(this),
+            [ReqRespSubProtocol.STATUS]: statusHandler.bind(this),
             [ReqRespSubProtocol.GOODBYE]: goodbyeHandler.bind(this),
             [ReqRespSubProtocol.BLOCK]: blockHandler.bind(this)
         };
+        // Only handle block transactions request if attestation pool is available to the client
+        if (this.mempools.attestationPool && !this.config.disableTransactions) {
+            const blockTxsHandler = reqRespBlockTxsHandler(this.mempools.attestationPool, this.mempools.txPool);
+            requestResponseHandlers[ReqRespSubProtocol.BLOCK_TXS] = blockTxsHandler.bind(this);
+        }
+        if (!this.config.disableTransactions) {
+            requestResponseHandlers[ReqRespSubProtocol.TX] = txHandler.bind(this);
+        }
         // add GossipSub listener
-        this.node.services.pubsub.addEventListener(GossipSubEvent.MESSAGE, this.handleGossipSubEvent.bind(this));
-        // Start running promise for peer discovery
-        this.discoveryRunningPromise = new RunningPromise(()=>this.peerManager.heartbeat(), this.logger, this.config.peerCheckIntervalMS);
+        this.node.services.pubsub.addEventListener(GossipSubEvent.MESSAGE, this.gossipSubEventHandler);
+        // Start running promise for peer discovery and metrics collection
+        this.discoveryRunningPromise = new RunningPromise(async ()=>{
+            await this.peerManager.heartbeat();
+        }, this.logger, this.config.peerCheckIntervalMS);
         this.discoveryRunningPromise.start();
         // Define the sub protocol validators - This is done within this start() method to gain a callback to the existing validateTx function
         const reqrespSubProtocolValidators = {
             ...DEFAULT_SUB_PROTOCOL_VALIDATORS,
-            // TODO(#11336): A request validator for blocks
-            [ReqRespSubProtocol.TX]: this.validateRequestedTx.bind(this)
+            [ReqRespSubProtocol.TX]: this.validateRequestedTxs.bind(this),
+            [ReqRespSubProtocol.BLOCK_TXS]: this.validateRequestedBlockTxs.bind(this),
+            [ReqRespSubProtocol.BLOCK]: this.validateRequestedBlock.bind(this)
         };
         await this.reqresp.start(requestResponseHandlers, reqrespSubProtocolValidators);
         this.logger.info(`Started P2P service`, {
-            listen: tcpListenAddress,
+            listen: this.config.listenAddress,
+            port: this.config.p2pPort,
             announce: announceTcpMultiaddr,
             peerId: this.node.peerId.toString()
         });
@@ -250,12 +358,10 @@ import { ReqResp } from '../reqresp/reqresp.js';
    * @returns An empty promise.
    */ async stop() {
         // Remove gossip sub listener
-        this.node.services.pubsub.removeEventListener(GossipSubEvent.MESSAGE, this.handleGossipSubEvent.bind(this));
+        this.node.services.pubsub.removeEventListener(GossipSubEvent.MESSAGE, this.gossipSubEventHandler);
         // Stop peer manager
         this.logger.debug('Stopping peer manager...');
         await this.peerManager.stop();
-        this.logger.debug('Stopping job queue...');
-        await this.jobQueue.end();
         this.logger.debug('Stopping running promise...');
         await this.discoveryRunningPromise?.stop();
         this.logger.debug('Stopping peer discovery service...');
@@ -266,6 +372,12 @@ import { ReqResp } from '../reqresp/reqresp.js';
         await this.stopLibP2P();
         this.logger.info('LibP2P service stopped');
     }
+    addReqRespSubProtocol(subProtocol, handler, validator) {
+        return this.reqresp.addSubProtocol(subProtocol, handler, validator);
+    }
+    registerThisValidatorAddresses(address) {
+        this.peerManager.registerThisValidatorAddresses(address);
+    }
     getPeers(includePending) {
         return this.peerManager.getPeers(includePending);
     }
@@ -281,24 +393,12 @@ import { ReqResp } from '../reqresp/reqresp.js';
         setImmediate(()=>void safeJob());
     }
     /**
-   * Send Request via the ReqResp service
-   * The subprotocol defined will determine the request and response types
-   *
-   * See the subProtocolMap for the mapping of subprotocols to request/response types in `interface.ts`
-   *
-   * @param protocol The request response protocol to use
-   * @param request The request type to send
-   * @returns
-   */ sendRequest(protocol, request) {
-        return this.reqresp.sendRequest(protocol, request);
-    }
-    /**
    * Send a batch of requests to peers, and return the responses
    * @param protocol - The request response protocol to use
    * @param requests - The requests to send to the peers
    * @returns The responses to the requests
-   */ sendBatchRequest(protocol, requests) {
-        return this.reqresp.sendBatchRequest(protocol, requests);
+   */ sendBatchRequest(protocol, requests, pinnedPeerId) {
+        return this.reqresp.sendBatchRequest(protocol, requests, pinnedPeerId);
     }
     /**
    * Get the ENR of the node
@@ -308,7 +408,6 @@ import { ReqResp } from '../reqresp/reqresp.js';
     }
     registerBlockReceivedCallback(callback) {
         this.blockReceivedCallback = callback;
-        this.logger.verbose('Block received callback registered');
     }
     /**
    * Subscribes to a topic.
@@ -322,133 +421,326 @@ import { ReqResp } from '../reqresp/reqresp.js';
     /**
    * Publishes data to a topic.
    * @param topic - The topic to publish to.
-   * @param data - The data to publish.
+   * @param data - The message to publish.
    * @returns The number of recipients the data was sent to.
-   */ async publishToTopic(topic, data) {
+   */ async publishToTopic(topic, message) {
         if (!this.node.services.pubsub) {
             throw new Error('Pubsub service not available.');
         }
-        const result = await this.node.services.pubsub.publish(topic, data);
+        const p2pMessage = P2PMessage.fromGossipable(message, this.config.debugP2PInstrumentMessages);
+        const result = await this.node.services.pubsub.publish(topic, p2pMessage.toMessageData());
         return result.recipients.length;
     }
     /**
+   * Checks if this message has already been seen, based on its msgId computed from hashing the message data.
+   * Note that we do not rely on the seenCache from gossipsub since we want to keep a longer history of seen
+   * messages to avoid tx echoes across the network.
+   */ preValidateReceivedMessage(msg, msgId, source) {
+        let topicType;
+        switch(msg.topic){
+            case this.topicStrings[TopicType.tx]:
+                topicType = TopicType.tx;
+                break;
+            case this.topicStrings[TopicType.block_attestation]:
+                topicType = TopicType.block_attestation;
+                break;
+            case this.topicStrings[TopicType.block_proposal]:
+                topicType = TopicType.block_proposal;
+                break;
+            default:
+                this.logger.error(`Received message on unknown topic: ${msg.topic}`);
+                break;
+        }
+        const validator = topicType ? this.msgIdSeenValidators[topicType] : undefined;
+        if (!validator || !validator.addMessage(msgId)) {
+            this.instrumentation.incMessagePrevalidationStatus(false, topicType);
+            this.node.services.pubsub.reportMessageValidationResult(msgId, source.toString(), TopicValidatorResult.Ignore);
+            return {
+                result: false,
+                topicType
+            };
+        }
+        this.instrumentation.incMessagePrevalidationStatus(true, topicType);
+        return {
+            result: true,
+            topicType
+        };
+    }
+    /**
+   * Safely deserializes a P2PMessage from raw message data.
+   * @param msgId - The message ID.
+   * @param source - The peer ID of the message source.
+   * @param data - The raw message data.
+   * @returns The deserialized P2PMessage or undefined if deserialization fails.
+   */ safelyDeserializeP2PMessage(msgId, source, data) {
+        try {
+            return P2PMessage.fromMessageData(Buffer.from(data), this.config.debugP2PInstrumentMessages);
+        } catch (err) {
+            this.logger.error(`Error deserializing P2PMessage`, err, {
+                msgId,
+                source: source.toString()
+            });
+            this.node.services.pubsub.reportMessageValidationResult(msgId, source.toString(), TopicValidatorResult.Reject);
+            this.peerManager.penalizePeer(source, PeerErrorSeverity.LowToleranceError);
+            return undefined;
+        }
+    }
+    /**
    * Handles a new gossip message that was received by the client.
    * @param topic - The message's topic.
    * @param data - The message data
    */ async handleNewGossipMessage(msg, msgId, source) {
-        if (msg.topic === Tx.p2pTopic) {
-            await this.handleGossipedTx(msg, msgId, source);
+        const msgReceivedTime = Date.now();
+        let topicType;
+        const p2pMessage = this.safelyDeserializeP2PMessage(msgId, source, msg.data);
+        if (!p2pMessage) {
+            return;
         }
-        if (msg.topic === BlockAttestation.p2pTopic && this.clientType === P2PClientType.Full) {
-            await this.processAttestationFromPeer(msg, msgId, source);
+        const preValidationResult = this.preValidateReceivedMessage(msg, msgId, source);
+        if (!preValidationResult.result) {
+            return;
+        }
+        if (msg.topic === this.topicStrings[TopicType.tx]) {
+            topicType = TopicType.tx;
+            await this.handleGossipedTx(p2pMessage.payload, msgId, source);
+        }
+        if (msg.topic === this.topicStrings[TopicType.block_attestation]) {
+            topicType = TopicType.block_attestation;
+            if (this.clientType === P2PClientType.Full) {
+                await this.processAttestationFromPeer(p2pMessage.payload, msgId, source);
+            }
         }
-        if (msg.topic == BlockProposal.p2pTopic) {
-            await this.processBlockFromPeer(msg, msgId, source);
+        if (msg.topic === this.topicStrings[TopicType.block_proposal]) {
+            topicType = TopicType.block_proposal;
+            await this.processBlockFromPeer(p2pMessage.payload, msgId, source);
+        }
+        if (p2pMessage.timestamp !== undefined && topicType !== undefined) {
+            const latency = msgReceivedTime - p2pMessage.timestamp.getTime();
+            this.instrumentation.recordMessageLatency(topicType, latency);
         }
         return;
     }
-    async validateReceivedMessage(validationFunc, msgId, source) {
+    async validateReceivedMessage(validationFunc, msgId, source, topicType) {
         let resultAndObj = {
-            result: false,
-            obj: undefined
+            result: TopicValidatorResult.Reject
         };
+        const timer = new Timer();
         try {
             resultAndObj = await validationFunc();
         } catch (err) {
-            this.logger.error(`Error deserialising and validating message `, err);
+            this.peerManager.penalizePeer(source, PeerErrorSeverity.LowToleranceError);
+            this.logger.error(`Error deserializing and validating gossipsub message`, err, {
+                msgId,
+                source: source.toString(),
+                topicType
+            });
         }
-        this.node.services.pubsub.reportMessageValidationResult(msgId, source.toString(), resultAndObj.result && resultAndObj.obj ? TopicValidatorResult.Accept : TopicValidatorResult.Reject);
+        if (resultAndObj.result === TopicValidatorResult.Accept) {
+            this.instrumentation.recordMessageValidation(topicType, timer);
+        }
+        this.node.services.pubsub.reportMessageValidationResult(msgId, source.toString(), resultAndObj.result);
         return resultAndObj;
     }
-    async handleGossipedTx(msg, msgId, source) {
+    async handleGossipedTx(payloadData, msgId, source) {
         const validationFunc = async ()=>{
-            const tx = Tx.fromBuffer(Buffer.from(msg.data));
-            const result = await this.validatePropagatedTx(tx, source);
-            return {
-                result,
-                obj: tx
-            };
+            const tx = Tx.fromBuffer(payloadData);
+            const isValid = await this.validatePropagatedTx(tx, source);
+            const exists = isValid && await this.mempools.txPool.hasTx(tx.getTxHash());
+            this.logger.trace(`Validate propagated tx`, {
+                isValid,
+                exists,
+                [Attributes.P2P_ID]: source.toString()
+            });
+            if (!isValid) {
+                return {
+                    result: TopicValidatorResult.Reject
+                };
+            } else if (exists) {
+                return {
+                    result: TopicValidatorResult.Ignore,
+                    obj: tx
+                };
+            } else {
+                return {
+                    result: TopicValidatorResult.Accept,
+                    obj: tx
+                };
+            }
         };
-        const { result, obj: tx } = await this.validateReceivedMessage(validationFunc, msgId, source);
-        if (!result || !tx) {
+        const { result, obj: tx } = await this.validateReceivedMessage(validationFunc, msgId, source, TopicType.tx);
+        if (result !== TopicValidatorResult.Accept || !tx) {
             return;
         }
-        const txHash = await tx.getTxHash();
+        const txHash = tx.getTxHash();
         const txHashString = txHash.toString();
-        this.logger.verbose(`Received tx ${txHashString} from external peer ${source.toString()}.`);
+        this.logger.verbose(`Received tx ${txHashString} from external peer ${source.toString()} via gossip`, {
+            source: source.toString(),
+            txHash: txHashString
+        });
+        if (this.config.dropTransactions && randomInt(1000) < this.config.dropTransactionsProbability * 1000) {
+            this.logger.warn(`Intentionally dropping tx ${txHashString} (probability rule)`);
+            return;
+        }
+        this.instrumentation.incrementTxReceived(1);
         await this.mempools.txPool.addTxs([
             tx
         ]);
     }
-    /**Process Attestation From Peer
+    /**
+   * Process Attestation From Peer
    * When a proposal is received from a peer, we add it to the attestation pool, so it can be accessed by other services.
    *
    * @param attestation - The attestation to process.
-   */ async processAttestationFromPeer(msg, msgId, source) {
+   */ async processAttestationFromPeer(payloadData, msgId, source) {
         const validationFunc = async ()=>{
-            const attestation = BlockAttestation.fromBuffer(Buffer.from(msg.data));
-            const result = await this.validateAttestation(source, attestation);
-            this.logger.trace(`validatePropagatedAttestation: ${result}`, {
-                [Attributes.SLOT_NUMBER]: attestation.payload.header.globalVariables.slotNumber.toString(),
+            const attestation = BlockAttestation.fromBuffer(payloadData);
+            const pool = this.mempools.attestationPool;
+            const isValid = await this.validateAttestation(source, attestation);
+            const exists = isValid && await pool.hasAttestation(attestation);
+            let canAdd = true;
+            if (isValid && !exists) {
+                const slot = attestation.payload.header.slotNumber;
+                const { committee } = await this.epochCache.getCommittee(slot);
+                const committeeSize = committee?.length ?? 0;
+                canAdd = await pool.canAddAttestation(attestation, committeeSize);
+            }
+            this.logger.trace(`Validate propagated block attestation`, {
+                isValid,
+                exists,
+                canAdd,
+                [Attributes.SLOT_NUMBER]: attestation.payload.header.slotNumber.toString(),
                 [Attributes.P2P_ID]: source.toString()
             });
-            return {
-                result,
-                obj: attestation
-            };
+            if (!isValid) {
+                return {
+                    result: TopicValidatorResult.Reject
+                };
+            } else if (exists) {
+                return {
+                    result: TopicValidatorResult.Ignore,
+                    obj: attestation
+                };
+            } else if (!canAdd) {
+                this.logger.warn(`Dropping block attestation due to per-(slot, proposalId) attestation cap`, {
+                    slot: attestation.payload.header.slotNumber.toString(),
+                    archive: attestation.archive.toString(),
+                    source: source.toString()
+                });
+                return {
+                    result: TopicValidatorResult.Ignore,
+                    obj: attestation
+                };
+            } else {
+                return {
+                    result: TopicValidatorResult.Accept,
+                    obj: attestation
+                };
+            }
         };
-        const { result, obj: attestation } = await this.validateReceivedMessage(validationFunc, msgId, source);
-        if (!result || !attestation) {
+        const { result, obj: attestation } = await this.validateReceivedMessage(validationFunc, msgId, source, TopicType.block_attestation);
+        if (result !== TopicValidatorResult.Accept || !attestation) {
             return;
         }
-        this.logger.debug(`Received attestation for block ${attestation.blockNumber.toNumber()} slot ${attestation.slotNumber.toNumber()} from external peer.`, {
-            p2pMessageIdentifier: await attestation.p2pMessageIdentifier(),
-            slot: attestation.slotNumber.toNumber(),
+        this.logger.debug(`Received attestation for slot ${attestation.slotNumber} from external peer ${source.toString()}`, {
+            p2pMessageIdentifier: await attestation.p2pMessageLoggingIdentifier(),
+            slot: attestation.slotNumber,
             archive: attestation.archive.toString(),
-            block: attestation.blockNumber.toNumber()
+            source: source.toString()
         });
         await this.mempools.attestationPool.addAttestations([
             attestation
         ]);
     }
-    async processBlockFromPeer(msg, msgId, source) {
+    async processBlockFromPeer(payloadData, msgId, source) {
         const validationFunc = async ()=>{
-            const block = BlockProposal.fromBuffer(Buffer.from(msg.data));
-            const result = await this.validateBlockProposal(source, block);
-            this.logger.trace(`validatePropagatedBlock: ${result}`, {
-                [Attributes.SLOT_NUMBER]: block.payload.header.globalVariables.slotNumber.toString(),
+            const block = BlockProposal.fromBuffer(payloadData);
+            const isValid = await this.validateBlockProposal(source, block);
+            const pool = this.mempools.attestationPool;
+            // Note that we dont have an attestation pool if we're a prover node, but we still
+            // subscribe to block proposal topics in order to prevent their txs from being cleared.
+            const exists = isValid && await pool?.hasBlockProposal(block);
+            const canAdd = isValid && await pool?.canAddProposal(block);
+            this.logger.trace(`Validate propagated block proposal`, {
+                isValid,
+                exists,
+                canAdd,
+                [Attributes.SLOT_NUMBER]: block.payload.header.slotNumber.toString(),
                 [Attributes.P2P_ID]: source.toString()
             });
-            return {
-                result,
-                obj: block
-            };
+            if (!isValid) {
+                return {
+                    result: TopicValidatorResult.Reject
+                };
+            } else if (exists) {
+                return {
+                    result: TopicValidatorResult.Ignore,
+                    obj: block
+                };
+            } else if (!canAdd) {
+                this.peerManager.penalizePeer(source, PeerErrorSeverity.MidToleranceError);
+                this.logger.warn(`Penalizing peer for block proposal exceeding per-slot cap`, {
+                    slot: block.slotNumber.toString(),
+                    archive: block.archive.toString(),
+                    source: source.toString()
+                });
+                return {
+                    result: TopicValidatorResult.Reject
+                };
+            } else {
+                return {
+                    result: TopicValidatorResult.Accept,
+                    obj: block
+                };
+            }
         };
-        const { result, obj: block } = await this.validateReceivedMessage(validationFunc, msgId, source);
+        const { result, obj: block } = await this.validateReceivedMessage(validationFunc, msgId, source, TopicType.block_proposal);
         if (!result || !block) {
             return;
         }
-        await this.processValidBlockProposal(block);
+        await this.processValidBlockProposal(block, source);
     }
     // REVIEW: callback pattern https://github.com/AztecProtocol/aztec-packages/issues/7963
-    async processValidBlockProposal(block) {
-        this.logger.verbose(`Received block ${block.blockNumber.toNumber()} for slot ${block.slotNumber.toNumber()} from external peer.`, {
-            p2pMessageIdentifier: await block.p2pMessageIdentifier(),
-            slot: block.slotNumber.toNumber(),
+    async processValidBlockProposal(block, sender) {
+        const slot = block.slotNumber;
+        const previousSlot = SlotNumber(slot - 1);
+        this.logger.verbose(`Received block proposal for slot ${slot} from external peer ${sender.toString()}.`, {
+            p2pMessageIdentifier: await block.p2pMessageLoggingIdentifier(),
+            slot: block.slotNumber,
             archive: block.archive.toString(),
-            block: block.blockNumber.toNumber()
+            source: sender.toString()
         });
-        const attestation = await this.blockReceivedCallback(block);
+        const attestationsForPreviousSlot = await this.mempools.attestationPool?.getAttestationsForSlot(previousSlot);
+        if (attestationsForPreviousSlot !== undefined) {
+            this.logger.verbose(`Received ${attestationsForPreviousSlot.length} attestations for slot ${previousSlot}`);
+        }
+        // Attempt to add proposal, then mark the txs in this proposal as non-evictable
+        try {
+            await this.mempools.attestationPool?.addBlockProposal(block);
+        } catch (err) {
+            // Drop proposals if we hit per-slot cap in the attestation pool; rethrow unknown errors
+            if (err instanceof ProposalSlotCapExceededError) {
+                this.logger.warn(`Dropping block proposal due to per-slot proposal cap`, {
+                    slot: String(slot),
+                    archive: block.archive.toString(),
+                    error: err.message
+                });
+                return;
+            }
+            throw err;
+        }
+        await this.mempools.txPool.markTxsAsNonEvictable(block.txHashes);
+        const attestations = await this.blockReceivedCallback(block, sender);
         // TODO: fix up this pattern - the abstraction is not nice
-        // The attestation can be undefined if no handler is registered / the validator deems the block invalid
-        if (attestation != undefined) {
-            this.logger.verbose(`Broadcasting attestation for block ${attestation.blockNumber.toNumber()} slot ${attestation.slotNumber.toNumber()}`, {
-                p2pMessageIdentifier: await attestation.p2pMessageIdentifier(),
-                slot: attestation.slotNumber.toNumber(),
-                archive: attestation.archive.toString(),
-                block: attestation.blockNumber.toNumber()
-            });
-            await this.broadcastAttestation(attestation);
+        // The attestation can be undefined if no handler is registered / the validator deems the block invalid / in fisherman mode
+        if (attestations?.length) {
+            for (const attestation of attestations){
+                this.logger.verbose(`Broadcasting attestation for slot ${attestation.slotNumber}`, {
+                    p2pMessageIdentifier: await attestation.p2pMessageLoggingIdentifier(),
+                    slot: attestation.slotNumber,
+                    archive: attestation.archive.toString()
+                });
+                await this.broadcastAttestation(attestation);
+            }
         }
     }
     /**
@@ -461,96 +753,242 @@ import { ReqResp } from '../reqresp/reqresp.js';
    * Propagates provided message to peers.
    * @param message - The message to propagate.
    */ async propagate(message) {
-        const p2pMessageIdentifier = await message.p2pMessageIdentifier();
+        const p2pMessageIdentifier = await message.p2pMessageLoggingIdentifier();
         this.logger.trace(`Message ${p2pMessageIdentifier} queued`, {
             p2pMessageIdentifier
         });
-        void this.jobQueue.put(async ()=>{
-            await this.sendToPeers(message);
-        }).catch((error)=>{
+        void this.sendToPeers(message).catch((error)=>{
             this.logger.error(`Error propagating message ${p2pMessageIdentifier}`, {
                 error
             });
         });
     }
     /**
-   * Validate a tx that has been requested from a peer.
+   * Validate the requested block transactions. Allow partial returns.
+   * @param request - The block transactions request.
+   * @param response - The block transactions response.
+   * @param peerId - The ID of the peer that made the request.
+   * @returns True if the requested block transactions are valid, false otherwise.
+   */ async validateRequestedBlockTxs(request, response, peerId) {
+        const requestedTxValidator = this.createRequestedTxValidator();
+        try {
+            if (!response.blockHash.equals(request.blockHash)) {
+                this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
+                throw new ValidationError(`Received block txs for unexpected block: expected ${request.blockHash.toString()}, got ${response.blockHash.toString()}`);
+            }
+            if (response.txIndices.getLength() !== request.txIndices.getLength()) {
+                this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
+                throw new ValidationError(`Received block txs with mismatched bitvector length: expected ${request.txIndices.getLength()}, got ${response.txIndices.getLength()}`);
+            }
+            // Check no duplicates and not exceeding returnable count
+            const requestedIndices = new Set(request.txIndices.getTrueIndices());
+            const availableIndices = new Set(response.txIndices.getTrueIndices());
+            const maxReturnable = [
+                ...requestedIndices
+            ].filter((i)=>availableIndices.has(i)).length;
+            const returnedHashes = await Promise.all(response.txs.map((tx)=>tx.getTxHash().toString()));
+            const uniqueReturned = new Set(returnedHashes.map((h)=>h.toString()));
+            if (uniqueReturned.size !== returnedHashes.length) {
+                this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
+                throw new ValidationError(`Received duplicate txs in block txs response`);
+            }
+            if (response.txs.length > maxReturnable) {
+                this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
+                throw new ValidationError(`Received more txs (${response.txs.length}) than requested-and-available (${maxReturnable})`);
+            }
+            // Given proposal (should have locally), ensure returned txs are valid subset and match request indices
+            const proposal = await this.mempools.attestationPool?.getBlockProposal(request.blockHash.toString());
+            if (proposal) {
+                // Build intersected indices
+                const intersectIdx = request.txIndices.getTrueIndices().filter((i)=>response.txIndices.isSet(i));
+                // Enforce subset membership and preserve increasing order by index.
+                const hashToIndexInProposal = new Map(proposal.txHashes.map((h, i)=>[
+                        h.toString(),
+                        i
+                    ]));
+                const allowedIndexSet = new Set(intersectIdx);
+                const indices = returnedHashes.map((h)=>hashToIndexInProposal.get(h));
+                const allAllowed = indices.every((idx)=>idx !== undefined && allowedIndexSet.has(idx));
+                const strictlyIncreasing = indices.every((idx, i)=>i === 0 ? idx !== undefined : idx > indices[i - 1]);
+                if (!allAllowed || !strictlyIncreasing) {
+                    this.peerManager.penalizePeer(peerId, PeerErrorSeverity.LowToleranceError);
+                    throw new ValidationError('Returned txs do not match expected subset/order for requested indices');
+                }
+            } else {
+                // No local proposal, cannot check the membership/order of the returned txs
+                this.logger.warn(`Block proposal not found for block hash ${request.blockHash.toString()}; cannot validate membership/order of returned txs`);
+                return false;
+            }
+            await Promise.all(response.txs.map((tx)=>this.validateRequestedTx(tx, peerId, requestedTxValidator)));
+            return true;
+        } catch (e) {
+            if (e instanceof ValidationError) {
+                this.logger.warn(`Failed validation for requested block txs from peer ${peerId.toString()}`);
+            } else {
+                this.logger.error(`Error during validation of requested block txs`, e);
+            }
+            return false;
+        }
+    }
+    /**
+   * Validate a collection of txs that has been requested from a peer.
    *
-   * The core component of this validator is that the tx hash MUST match the requested tx hash,
+   * The core component of this validator is that each tx hash MUST match the requested tx hash,
    * In order to perform this check, the tx proof must be verified.
    *
    * Note: This function is called from within `ReqResp.sendRequest` as part of the
    * ReqRespSubProtocol.TX subprotocol validation.
    *
-   * @param requestedTxHash - The hash of the tx that was requested.
-   * @param responseTx - The tx that was received as a response to the request.
+   * @param requestedTxHash - The collection of the txs that was requested.
+   * @param responseTx - The collection of txs that was received as a response to the request.
    * @param peerId - The peer ID of the peer that sent the tx.
-   * @returns True if the tx is valid, false otherwise.
-   */ async validateRequestedTx(requestedTxHash, responseTx, peerId) {
-        const proofValidator = new TxProofValidator(this.proofVerifier);
-        const validProof = await proofValidator.validateTx(responseTx);
-        // If the node returns the wrong data, we penalize it
-        if (!requestedTxHash.equals(await responseTx.getTxHash())) {
-            // Returning the wrong data is a low tolerance error
-            this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
+   * @returns True if the whole collection of txs is valid, false otherwise.
+   */ async validateRequestedTxs(requestedTxHash, responseTx, peerId) {
+        const requested = new Set(requestedTxHash.map((h)=>h.toString()));
+        const requestedTxValidator = this.createRequestedTxValidator();
+        //TODO: (mralj) - this is somewhat naive implementation, if single tx is invlid we consider the whole response invalid.
+        // I think we should still extract the valid txs and return them, so that we can still use the response.
+        try {
+            await Promise.all(responseTx.map((tx)=>this.validateRequestedTx(tx, peerId, requestedTxValidator, requested)));
+            return true;
+        } catch (e) {
+            if (e instanceof ValidationError) {
+                this.logger.warn(`Failed to validate requested txs from peer ${peerId.toString()}, reason ${e.message}`);
+            } else {
+                this.logger.error(`Error during validation of requested txs`, e);
+            }
             return false;
         }
-        if (validProof.result === 'invalid') {
-            // If the proof is invalid, but the txHash is correct, then this is an active attack and we severly punish
-            this.peerManager.penalizePeer(peerId, PeerErrorSeverity.LowToleranceError);
+    }
+    /**
+   * Validates a BLOCK response.
+   *
+   * If a local copy exists, enforces hash equality. If missing, rejects (no penalty) since the hash cannot be verified.
+   * Penalizes on block number mismatch or hash mismatch.
+   *
+   * @param requestedBlockNumber - The requested block number.
+   * @param responseBlock - The block returned by the peer.
+   * @param peerId - The peer that returned the block.
+   * @returns True if the response is valid, false otherwise.
+   */ async validateRequestedBlock(requestedBlockNumber, responseBlock, peerId) {
+        try {
+            const reqNum = Number(requestedBlockNumber.toString());
+            if (responseBlock.number !== reqNum) {
+                this.peerManager.penalizePeer(peerId, PeerErrorSeverity.LowToleranceError);
+                return false;
+            }
+            const local = await this.archiver.getBlock(reqNum);
+            if (!local) {
+                // We are missing the local block; we cannot verify the hash yet. Reject without penalizing.
+                // TODO: Consider extending this validator to accept an expected hash or
+                // performing quorum-based checks when using P2P syncing prior to L1 sync.
+                this.logger.warn(`Local block ${reqNum} not found; rejecting BLOCK response without hash verification`);
+                return false;
+            }
+            const [localHash, respHash] = await Promise.all([
+                local.hash(),
+                responseBlock.hash()
+            ]);
+            if (!localHash.equals(respHash)) {
+                this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
+                return false;
+            }
+            return true;
+        } catch (e) {
+            this.logger.warn(`Error validating requested block`, e);
             return false;
         }
-        return true;
+    }
+    createRequestedTxValidator() {
+        return new AggregateTxValidator(new DataTxValidator(), new MetadataTxValidator({
+            l1ChainId: new Fr(this.config.l1ChainId),
+            rollupVersion: new Fr(this.config.rollupVersion),
+            protocolContractsHash,
+            vkTreeRoot: getVKTreeRoot()
+        }), new TxProofValidator(this.proofVerifier));
+    }
+    async validateRequestedTx(tx, peerId, txValidator, requested) {
+        const penalize = (severity)=>this.peerManager.penalizePeer(peerId, severity);
+        if (!await tx.validateTxHash()) {
+            penalize(PeerErrorSeverity.MidToleranceError);
+            throw new ValidationError(`Received tx with invalid hash ${tx.getTxHash().toString()}.`);
+        }
+        if (requested && !requested.has(tx.getTxHash().toString())) {
+            penalize(PeerErrorSeverity.MidToleranceError);
+            throw new ValidationError(`Received tx with hash ${tx.getTxHash().toString()} that was not requested.`);
+        }
+        const { result } = await txValidator.validateTx(tx);
+        if (result === 'invalid') {
+            penalize(PeerErrorSeverity.LowToleranceError);
+            throw new ValidationError(`Received tx with hash ${tx.getTxHash().toString()} that is invalid.`);
+        }
     }
     async validatePropagatedTx(tx, peerId) {
-        const blockNumber = await this.l2BlockSource.getBlockNumber() + 1;
-        const messageValidators = this.createMessageValidators(blockNumber);
-        const outcome = await this.runValidations(tx, messageValidators);
-        if (outcome.allPassed) {
-            return true;
+        const currentBlockNumber = await this.archiver.getBlockNumber();
+        // We accept transactions if they are not expired by the next slot (checked based on the IncludeByTimestamp field)
+        const { ts: nextSlotTimestamp } = this.epochCache.getEpochAndSlotInNextL1Slot();
+        const messageValidators = await this.createMessageValidators(currentBlockNumber, nextSlotTimestamp);
+        for (const validator of messageValidators){
+            const outcome = await this.runValidations(tx, validator);
+            if (outcome.allPassed) {
+                continue;
+            }
+            const { name } = outcome.failure;
+            let { severity } = outcome.failure;
+            // Double spend validator has a special case handler
+            if (name === 'doubleSpendValidator') {
+                const txBlockNumber = currentBlockNumber + 1; // tx is expected to be in the next block
+                severity = await this.handleDoubleSpendFailure(tx, txBlockNumber);
+            }
+            this.peerManager.penalizePeer(peerId, severity);
+            return false;
         }
-        const { name } = outcome.failure;
-        let { severity } = outcome.failure;
-        // Double spend validator has a special case handler
-        if (name === 'doubleSpendValidator') {
-            severity = await this.handleDoubleSpendFailure(tx, blockNumber);
+        return true;
+    }
+    async getGasFees(blockNumber) {
+        if (blockNumber === this.feesCache?.blockNumber) {
+            return this.feesCache.gasFees;
         }
-        this.peerManager.penalizePeer(peerId, severity);
-        return false;
+        const header = await this.archiver.getBlockHeader(blockNumber);
+        const gasFees = header?.globalVariables.gasFees ?? GasFees.empty();
+        this.feesCache = {
+            blockNumber,
+            gasFees
+        };
+        return gasFees;
+    }
+    async validate(txs) {
+        const currentBlockNumber = await this.archiver.getBlockNumber();
+        // We accept transactions if they are not expired by the next slot (checked based on the IncludeByTimestamp field)
+        const { ts: nextSlotTimestamp } = this.epochCache.getEpochAndSlotInNextL1Slot();
+        const messageValidators = await this.createMessageValidators(currentBlockNumber, nextSlotTimestamp);
+        await Promise.all(txs.map(async (tx)=>{
+            for (const validator of messageValidators){
+                const outcome = await this.runValidations(tx, validator);
+                if (!outcome.allPassed) {
+                    throw new Error('Invalid tx detected', {
+                        cause: {
+                            outcome
+                        }
+                    });
+                }
+            }
+        }));
     }
     /**
-   * Create message validators for the given block number.
+   * Create message validators for the given block number and timestamp.
    *
    * Each validator is a pair of a validator and a severity.
    * If a validator fails, the peer is penalized with the severity of the validator.
    *
-   * @param blockNumber - The block number to create validators for.
+   * @param currentBlockNumber - The current synced block number.
+   * @param nextSlotTimestamp - The timestamp of the next slot (used to validate txs are not expired).
    * @returns The message validators.
-   */ createMessageValidators(blockNumber) {
-        return {
-            dataValidator: {
-                validator: new DataTxValidator(),
-                severity: PeerErrorSeverity.HighToleranceError
-            },
-            metadataValidator: {
-                validator: new MetadataTxValidator(new Fr(this.config.l1ChainId), new Fr(blockNumber)),
-                severity: PeerErrorSeverity.HighToleranceError
-            },
-            proofValidator: {
-                validator: new TxProofValidator(this.proofVerifier),
-                severity: PeerErrorSeverity.MidToleranceError
-            },
-            doubleSpendValidator: {
-                validator: new DoubleSpendTxValidator({
-                    nullifiersExist: async (nullifiers)=>{
-                        const merkleTree = this.worldStateSynchronizer.getCommitted();
-                        const indices = await merkleTree.findLeafIndices(MerkleTreeId.NULLIFIER_TREE, nullifiers);
-                        return indices.map((index)=>index !== undefined);
-                    }
-                }),
-                severity: PeerErrorSeverity.HighToleranceError
-            }
-        };
+   */ async createMessageValidators(currentBlockNumber, nextSlotTimestamp) {
+        const gasFees = await this.getGasFees(currentBlockNumber);
+        const allowedInSetup = this.config.txPublicSetupAllowList ?? await getDefaultAllowedSetupFunctions();
+        const blockNumberInWhichTheTxIsConsideredToBeIncluded = currentBlockNumber + 1;
+        return createTxMessageValidators(nextSlotTimestamp, blockNumberInWhichTheTxIsConsideredToBeIncluded, this.worldStateSynchronizer, gasFees, this.config.l1ChainId, this.config.rollupVersion, protocolContractsHash, this.archiver, this.proofVerifier, !this.config.disableTransactions, allowedInSetup);
     }
     /**
    * Run validations on a tx.
@@ -562,29 +1000,32 @@ import { ReqResp } from '../reqresp/reqresp.js';
             const { result } = await validator.validateTx(tx);
             return {
                 name,
-                isValid: result === 'valid',
+                isValid: result !== 'invalid',
                 severity
             };
         });
         // A promise that resolves when all validations have been run
-        const allValidations = Promise.all(validationPromises);
-        // A promise that resolves when the first validation fails
-        const firstFailure = Promise.race(validationPromises.map(async (promise)=>{
-            const result = await promise;
-            return result.isValid ? new Promise(()=>{}) : result;
-        }));
-        // Wait for the first validation to fail or all validations to pass
-        const result = await Promise.race([
-            allValidations.then(()=>({
-                    allPassed: true
-                })),
-            firstFailure.then((failure)=>({
-                    allPassed: false,
-                    failure: failure
-                }))
-        ]);
-        // If all validations pass, allPassed will be true, if failed, then the failure will be the first validation to fail
-        return result;
+        const allValidations = await Promise.all(validationPromises);
+        const failed = allValidations.find((x)=>!x.isValid);
+        if (failed) {
+            return {
+                allPassed: false,
+                failure: {
+                    isValid: {
+                        result: 'invalid',
+                        reason: [
+                            'Failed validation'
+                        ]
+                    },
+                    name: failed.name,
+                    severity: failed.severity
+                }
+            };
+        } else {
+            return {
+                allPassed: true
+            };
+        }
     }
     /**
    * Handle a double spend failure.
@@ -634,6 +1075,7 @@ import { ReqResp } from '../reqresp/reqresp.js';
    */ async validateBlockProposal(peerId, block) {
         const severity = await this.blockProposalValidator.validate(block);
         if (severity) {
+            this.logger.debug(`Penalizing peer ${peerId} for block proposal validation failure`);
             this.peerManager.penalizePeer(peerId, severity);
             return false;
         }
@@ -642,13 +1084,16 @@ import { ReqResp } from '../reqresp/reqresp.js';
     getPeerScore(peerId) {
         return this.node.services.pubsub.score.score(peerId.toString());
     }
+    handleAuthRequestFromPeer(authRequest, peerId) {
+        return this.peerManager.handleAuthRequestFromPeer(authRequest, peerId);
+    }
     async sendToPeers(message) {
         const parent = message.constructor;
-        const identifier = await message.p2pMessageIdentifier().then((i)=>i.toString());
+        const identifier = await message.p2pMessageLoggingIdentifier().then((i)=>i.toString());
         this.logger.trace(`Sending message ${identifier}`, {
             p2pMessageIdentifier: identifier
         });
-        const recipientsNum = await this.publishToTopic(parent.p2pTopic, message.toBuffer());
+        const recipientsNum = await this.publishToTopic(this.topicStrings[parent.p2pTopic], message);
         this.logger.debug(`Sent message ${identifier} to ${recipientsNum} peers`, {
             p2pMessageIdentifier: identifier,
             sourcePeer: this.node.peerId.toString()
@@ -673,40 +1118,47 @@ import { ReqResp } from '../reqresp/reqresp.js';
 }
 _ts_decorate([
     trackSpan('Libp2pService.processValidBlockProposal', async (block)=>({
-            [Attributes.BLOCK_NUMBER]: block.blockNumber.toNumber(),
-            [Attributes.SLOT_NUMBER]: block.slotNumber.toNumber(),
+            [Attributes.SLOT_NUMBER]: block.slotNumber,
             [Attributes.BLOCK_ARCHIVE]: block.archive.toString(),
-            [Attributes.P2P_ID]: await block.p2pMessageIdentifier().then((i)=>i.toString())
+            [Attributes.P2P_ID]: await block.p2pMessageLoggingIdentifier().then((i)=>i.toString())
         }))
 ], LibP2PService.prototype, "processValidBlockProposal", null);
 _ts_decorate([
     trackSpan('Libp2pService.broadcastAttestation', async (attestation)=>({
-            [Attributes.BLOCK_NUMBER]: attestation.payload.header.globalVariables.blockNumber.toNumber(),
-            [Attributes.SLOT_NUMBER]: attestation.payload.header.globalVariables.slotNumber.toNumber(),
+            [Attributes.SLOT_NUMBER]: attestation.payload.header.slotNumber,
             [Attributes.BLOCK_ARCHIVE]: attestation.archive.toString(),
-            [Attributes.P2P_ID]: await attestation.p2pMessageIdentifier().then((i)=>i.toString())
+            [Attributes.P2P_ID]: await attestation.p2pMessageLoggingIdentifier().then((i)=>i.toString())
         }))
 ], LibP2PService.prototype, "broadcastAttestation", null);
+_ts_decorate([
+    trackSpan('Libp2pService.validateRequestedBlockTxs', (request)=>({
+            [Attributes.BLOCK_HASH]: request.blockHash.toString()
+        }))
+], LibP2PService.prototype, "validateRequestedBlockTxs", null);
 _ts_decorate([
     trackSpan('Libp2pService.validateRequestedTx', (requestedTxHash, _responseTx)=>({
             [Attributes.TX_HASH]: requestedTxHash.toString()
         }))
-], LibP2PService.prototype, "validateRequestedTx", null);
+], LibP2PService.prototype, "validateRequestedTxs", null);
+_ts_decorate([
+    trackSpan('Libp2pService.validateRequestedBlock', (requestedBlockNumber, _responseBlock)=>({
+            [Attributes.BLOCK_NUMBER]: requestedBlockNumber.toString()
+        }))
+], LibP2PService.prototype, "validateRequestedBlock", null);
 _ts_decorate([
-    trackSpan('Libp2pService.validatePropagatedTx', async (tx)=>({
-            [Attributes.TX_HASH]: (await tx.getTxHash()).toString()
+    trackSpan('Libp2pService.validatePropagatedTx', (tx)=>({
+            [Attributes.TX_HASH]: tx.getTxHash().toString()
         }))
 ], LibP2PService.prototype, "validatePropagatedTx", null);
 _ts_decorate([
     trackSpan('Libp2pService.validateAttestation', async (_, attestation)=>({
-            [Attributes.BLOCK_NUMBER]: attestation.payload.header.globalVariables.blockNumber.toNumber(),
-            [Attributes.SLOT_NUMBER]: attestation.payload.header.globalVariables.slotNumber.toNumber(),
+            [Attributes.SLOT_NUMBER]: attestation.payload.header.slotNumber,
             [Attributes.BLOCK_ARCHIVE]: attestation.archive.toString(),
-            [Attributes.P2P_ID]: await attestation.p2pMessageIdentifier().then((i)=>i.toString())
+            [Attributes.P2P_ID]: await attestation.p2pMessageLoggingIdentifier().then((i)=>i.toString())
         }))
 ], LibP2PService.prototype, "validateAttestation", null);
 _ts_decorate([
     trackSpan('Libp2pService.validateBlockProposal', (_peerId, block)=>({
-            [Attributes.SLOT_NUMBER]: block.payload.header.globalVariables.slotNumber.toString()
+            [Attributes.SLOT_NUMBER]: block.payload.header.slotNumber.toString()
         }))
 ], LibP2PService.prototype, "validateBlockProposal", null);