@aztec/p2p 0.0.1-commit.3895657bc → 0.0.1-commit.3e3d0c9cd

package/src/msg_validators/tx_validator/gas_validator.ts

@@ -1,4 +1,5 @@
 import {
+  MAX_PROCESSABLE_DA_GAS_PER_CHECKPOINT,
   MAX_PROCESSABLE_L2_GAS,
   PRIVATE_TX_L2_GAS_OVERHEAD,
   PUBLIC_TX_L2_GAS_OVERHEAD,
@@ -49,16 +50,31 @@ export interface HasGasLimitData {
  */
 export class GasLimitsValidator<T extends HasGasLimitData> implements TxValidator<T> {
   #log: Logger;
-
-  constructor(bindings?: LoggerBindings) {
-    this.#log = createLogger('sequencer:tx_validator:tx_gas', bindings);
+  #effectiveMaxL2Gas: number;
+  #effectiveMaxDAGas: number;
+  #rollupManaLimit: number;
+  #maxBlockL2Gas: number;
+  #maxBlockDAGas: number;
+
+  constructor(opts?: {
+    rollupManaLimit?: number;
+    maxBlockL2Gas?: number;
+    maxBlockDAGas?: number;
+    bindings?: LoggerBindings;
+  }) {
+    this.#log = createLogger('sequencer:tx_validator:tx_gas', opts?.bindings);
+    this.#rollupManaLimit = opts?.rollupManaLimit ?? Infinity;
+    this.#maxBlockL2Gas = opts?.maxBlockL2Gas ?? Infinity;
+    this.#maxBlockDAGas = opts?.maxBlockDAGas ?? Infinity;
+    this.#effectiveMaxL2Gas = Math.min(MAX_PROCESSABLE_L2_GAS, this.#rollupManaLimit, this.#maxBlockL2Gas);
+    this.#effectiveMaxDAGas = Math.min(MAX_PROCESSABLE_DA_GAS_PER_CHECKPOINT, this.#maxBlockDAGas);
   }
 
   validateTx(tx: T): Promise<TxValidationResult> {
     return Promise.resolve(this.validateGasLimit(tx));
   }
 
-  /** Checks gas limits are >= fixed minimums and <= AVM max processable L2 gas. */
+  /** Checks gas limits are >= fixed minimums and <= effective max gas (L2 and DA). */
   validateGasLimit(tx: T): TxValidationResult {
     const gasLimits = tx.data.constants.txContext.gasSettings.gasLimits;
     const minGasLimits = new Gas(
@@ -74,10 +90,21 @@ export class GasLimitsValidator<T extends HasGasLimitData> implements TxValidato
       return { result: 'invalid', reason: [TX_ERROR_INSUFFICIENT_GAS_LIMIT] };
     }
 
-    if (gasLimits.l2Gas > MAX_PROCESSABLE_L2_GAS) {
-      this.#log.verbose(`Rejecting transaction due to the gas limit(s) being higher than the maximum processable gas`, {
+    if (gasLimits.l2Gas > this.#effectiveMaxL2Gas) {
+      this.#log.verbose(`Rejecting transaction due to the L2 gas limit being higher than the effective maximum`, {
         gasLimits,
-        minGasLimits,
+        effectiveMaxL2Gas: this.#effectiveMaxL2Gas,
+        rollupManaLimit: this.#rollupManaLimit,
+        maxBlockL2Gas: this.#maxBlockL2Gas,
+      });
+      return { result: 'invalid', reason: [TX_ERROR_GAS_LIMIT_TOO_HIGH] };
+    }
+
+    if (gasLimits.daGas > this.#effectiveMaxDAGas) {
+      this.#log.verbose(`Rejecting transaction due to the DA gas limit being higher than the effective maximum`, {
+        gasLimits,
+        effectiveMaxDAGas: this.#effectiveMaxDAGas,
+        maxBlockDAGas: this.#maxBlockDAGas,
       });
       return { result: 'invalid', reason: [TX_ERROR_GAS_LIMIT_TOO_HIGH] };
     }
@@ -106,21 +133,27 @@ export class GasTxValidator implements TxValidator<Tx> {
   #publicDataSource: PublicStateSource;
   #feeJuiceAddress: AztecAddress;
   #gasFees: GasFees;
+  #gasLimitOpts?: { rollupManaLimit?: number; maxBlockL2Gas?: number; maxBlockDAGas?: number };
 
   constructor(
     publicDataSource: PublicStateSource,
     feeJuiceAddress: AztecAddress,
     gasFees: GasFees,
     private bindings?: LoggerBindings,
+    opts?: { rollupManaLimit?: number; maxBlockL2Gas?: number; maxBlockDAGas?: number },
   ) {
     this.#log = createLogger('sequencer:tx_validator:tx_gas', bindings);
     this.#publicDataSource = publicDataSource;
     this.#feeJuiceAddress = feeJuiceAddress;
     this.#gasFees = gasFees;
+    this.#gasLimitOpts = opts;
   }
 
   async validateTx(tx: Tx): Promise<TxValidationResult> {
-    const gasLimitValidation = new GasLimitsValidator(this.bindings).validateGasLimit(tx);
+    const gasLimitValidation = new GasLimitsValidator({
+      ...this.#gasLimitOpts,
+      bindings: this.bindings,
+    }).validateGasLimit(tx);
     if (gasLimitValidation.result === 'invalid') {
       return Promise.resolve(gasLimitValidation);
     }

package/src/msg_validators/tx_validator/phases_validator.ts

@@ -141,3 +141,33 @@ export class PhasesTxValidator implements TxValidator<Tx> {
     return TX_ERROR_SETUP_FUNCTION_NOT_ALLOWED;
   }
 }
+
+/** Structural interface for the allowed-setup-calls flag check. */
+export interface HasAllowedSetupCallsData {
+  txHash: { toString(): string };
+  allowedSetupCalls: boolean;
+}
+
+/**
+ * Validates that a transaction's setup-phase calls were allowed at receipt time.
+ *
+ * Checks the precomputed `allowedSetupCalls` flag on TxMetaData. The flag is
+ * computed by running the PhasesTxValidator on the full Tx when it first enters
+ * the pool. This lightweight validator is used during pending pool migration to
+ * reject txs whose setup calls are not on the allow list.
+ */
+export class AllowedSetupCallsMetaValidator<T extends HasAllowedSetupCallsData> implements TxValidator<T> {
+  #log: Logger;
+
+  constructor(bindings?: LoggerBindings) {
+    this.#log = createLogger('sequencer:tx_validator:tx_phases_meta', bindings);
+  }
+
+  validateTx(tx: T): Promise<TxValidationResult> {
+    if (!tx.allowedSetupCalls) {
+      this.#log.verbose(`Rejecting tx ${tx.txHash} because its setup calls are not on the allow list`);
+      return Promise.resolve({ result: 'invalid', reason: [TX_ERROR_SETUP_FUNCTION_NOT_ALLOWED] });
+    }
+    return Promise.resolve({ result: 'valid' });
+  }
+}

package/src/services/libp2p/libp2p_service.ts

@@ -237,11 +237,11 @@ export class LibP2PService extends WithTracer implements P2PService {
     this.gossipSubEventHandler = this.handleGossipSubEvent.bind(this);
 
     this.blockReceivedCallback = async (block: BlockProposal): Promise<boolean> => {
-      this.logger.debug(
-        `Handler not yet registered: Block received callback not set. Received block for slot ${block.slotNumber} from peer.`,
+      this.logger.warn(
+        `Handler for block received not yet registered on P2P service. Received block ${block.blockNumber} for slot ${block.slotNumber} from peer.`,
         { p2pMessageIdentifier: await block.p2pMessageLoggingIdentifier() },
       );
-      return false;
+      return true;
     };
 
     this.checkpointReceivedCallback = (
@@ -754,6 +754,9 @@ export class LibP2PService extends WithTracer implements P2PService {
     if (!validator || !validator.addMessage(msgId)) {
       this.instrumentation.incMessagePrevalidationStatus(false, topicType);
       this.node.services.pubsub.reportMessageValidationResult(msgId, source.toString(), TopicValidatorResult.Ignore);
+      if (topicType === TopicType.tx) {
+        this.logger.verbose(`Ignoring already-seen tx gossip message`, { msgId, source: source.toString() });
+      }
       return { result: false, topicType };
     }
 
@@ -923,6 +926,11 @@ export class LibP2PService extends WithTracer implements P2PService {
           severity = await this.handleDoubleSpendFailure(tx, txBlockNumber);
         }
 
+        this.logger.verbose(`Rejecting gossiped tx ${tx.getTxHash().toString()}: stage 1 validation failed`, {
+          validator: name,
+          severity,
+          source: source.toString(),
+        });
         this.peerManager.penalizePeer(source, severity);
         return { result: TopicValidatorResult.Reject };
       }
@@ -930,6 +938,9 @@ export class LibP2PService extends WithTracer implements P2PService {
       // Pool pre-check: see if the pool would accept this tx before doing expensive proof verification
       const canAdd = await this.mempools.txPool.canAddPendingTx(tx);
       if (canAdd === 'ignored') {
+        this.logger.verbose(`Ignoring gossiped tx ${tx.getTxHash().toString()}: pool pre-check returned ignored`, {
+          source: source.toString(),
+        });
         return { result: TopicValidatorResult.Ignore, obj: tx };
       }
 
@@ -937,7 +948,12 @@ export class LibP2PService extends WithTracer implements P2PService {
       const secondStageValidators = this.createSecondStageMessageValidators();
       const secondStageOutcome = await this.runValidations(tx, secondStageValidators);
       if (!secondStageOutcome.allPassed) {
-        const { severity } = secondStageOutcome.failure;
+        const { severity, name } = secondStageOutcome.failure;
+        this.logger.verbose(`Rejecting gossiped tx ${tx.getTxHash().toString()}: stage 2 validation failed`, {
+          validator: name,
+          severity,
+          source: source.toString(),
+        });
         this.peerManager.penalizePeer(source, severity);
         return { result: TopicValidatorResult.Reject };
       }
@@ -949,7 +965,7 @@ export class LibP2PService extends WithTracer implements P2PService {
       const wasAccepted = addResult.accepted.some(h => h.equals(txHash));
       const wasIgnored = addResult.ignored.some(h => h.equals(txHash));
 
-      this.logger.trace(`Validate propagated tx`, {
+      this.logger.verbose(`Validate propagated tx ${txHash.toString()}`, {
         wasAccepted,
         wasIgnored,
         [Attributes.P2P_ID]: source.toString(),
@@ -1192,7 +1208,7 @@ export class LibP2PService extends WithTracer implements P2PService {
     // Note: Validators do NOT attest to individual blocks, only to checkpoint proposals.
     const isValid = await this.blockReceivedCallback(block, sender);
     if (!isValid) {
-      this.logger.warn(`Block proposal validation failed for block ${block.blockNumber}`, block.toBlockInfo());
+      this.logger.info(`Block proposal validation failed for block ${block.blockNumber}`, block.toBlockInfo());
     }
   }
 
@@ -1626,6 +1642,7 @@ export class LibP2PService extends WithTracer implements P2PService {
       ...(this.config.txPublicSetupAllowListExtend ?? []),
     ];
     const blockNumber = BlockNumber(currentBlockNumber + 1);
+    const l1Constants = await this.archiver.getL1Constants();
 
     return createFirstStageTxValidationsForGossipedTransactions(
       nextSlotTimestamp,
@@ -1639,6 +1656,11 @@ export class LibP2PService extends WithTracer implements P2PService {
       !this.config.disableTransactions,
       allowedInSetup,
       this.logger.getBindings(),
+      {
+        rollupManaLimit: l1Constants.rollupManaLimit,
+        maxBlockL2Gas: this.config.validateMaxL2BlockGas,
+        maxBlockDAGas: this.config.validateMaxDABlockGas,
+      },
     );
   }
 

package/src/services/reqresp/README.md

@@ -0,0 +1,229 @@
+# ReqResp Protocols
+
+This module implements libp2p request-response protocols for the Aztec P2P network. All protocols share common transport-level validation (rate limiting, timeouts, Snappy decompression, error penalties) with protocol-specific logic layered on top.
+
+## Common Transport Validation
+
+### Rate Limiting (Responder Side)
+
+Applied before the protocol handler runs.
+
+| Protocol | Peer Limit | Global Limit | File |
+|----------|-----------|-------------|------|
+| PING | 5/s | 10/s | `rate-limiter/rate_limits.ts` |
+| STATUS | 5/s | 10/s | same |
+| AUTH | 5/s | 10/s | same |
+| GOODBYE | 5/s | 10/s | same |
+| BLOCK | 2/s | 5/s | same |
+| BLOCK_TXS | 10/s | 200/s | same |
+| TX | (see rate limits file) | (see rate limits file) | same |
+
+- Per-peer limit exceeded: `HighToleranceError` penalty + `RATE_LIMIT_EXCEEDED` status. Penalty fires inside `RequestResponseRateLimiter.allow()`, not the stream handler.
+- Global limit exceeded: `RATE_LIMIT_EXCEEDED` status only (no peer penalty).
+
+### Response Status Byte (Requester Side)
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| First chunk must be exactly 1 byte | `ReqRespStatusError(UNKNOWN)` | `status.ts` |
+| Byte must be valid `ReqRespStatus` enum (0-4, 126, 127) | `ReqRespStatusError(UNKNOWN)` | same |
+
+Note: `prettyPrintReqRespStatus` is missing a `NOT_FOUND` case (minor logging bug).
+
+### Snappy Decompression (Requester Side)
+
+Per-protocol size limits checked via preamble before decompression.
+
+### Timeouts (Requester Side)
+
+| Timeout | Default | Penalty |
+|---------|---------|---------|
+| Individual request | 10s | HighToleranceError |
+| Dial | 5s | HighToleranceError |
+
+### Error Penalty Categorization (Requester Side)
+
+| Error Type | Severity |
+|------------|----------|
+| GOODBYE subprotocol errors | None |
+| `CollectiveReqRespTimeoutError` / `InvalidResponseError` | None |
+| `AbortError` / connection close / muxer closed | None |
+| `ECONNRESET` / `EPIPE` / `ECONNREFUSED` / `ERR_UNEXPECTED_EOF` | HighToleranceError |
+| `ERR_UNSUPPORTED_PROTOCOL` | HighToleranceError |
+| `IndividualReqRespTimeoutError` / `TimeoutError` | HighToleranceError |
+| Catch-all | HighToleranceError |
+
+### Request Error Penalty (Responder Side)
+
+| Error Type | Severity |
+|------------|----------|
+| `BADLY_FORMED_REQUEST` | LowToleranceError |
+| All others | None |
+
+### Notes
+
+- Request payloads are NOT snappy-compressed (asymmetric: only responses use snappy).
+
+---
+
+## Handshake Protocols
+
+### Connection-Level Gating (Before Any Handshake)
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Deny inbound connection from IP/peerId with too many failed auth handshakes | Connection denied | `libp2p_service.ts` |
+| Threshold: `p2pMaxFailedAuthAttemptsAllowed` (default 3) | Tracked per peerId AND per IP | `peer_manager.ts` |
+| Failed auth entries expire after 1 hour | Peer can reconnect; no escalating penalty for repeat offenders | same |
+
+### Handshake Trigger Logic (`peer:connect`)
+
+1. `p2pDisableStatusHandshake` = true: no handshake
+2. `p2pAllowOnlyValidators` = false: STATUS handshake
+3. Peer is protected (trusted/private/preferred): STATUS handshake
+4. Otherwise: AUTH handshake (superset of STATUS)
+
+Config constraint: `p2pDisableStatusHandshake && p2pAllowOnlyValidators` is disallowed.
+
+### STATUS Protocol (`/aztec/req/status/1.0.0`)
+
+**Requester side** (`peer_manager.ts`):
+
+| Rule | Consequence |
+|------|-------------|
+| Response status must be SUCCESS | Peer scheduled for disconnect |
+| `compressedComponentsVersion` must match | Peer scheduled for disconnect |
+| Any exception | Peer scheduled for disconnect |
+
+`StatusMessage.validate()` currently only checks `compressedComponentsVersion`. Fields `latestBlockNumber`, `latestBlockHash`, `finalizedBlockNumber` are NOT validated (TODO in code).
+
+**Responder side**: no validation of incoming request content (always responds with own status). This means the requester leaks its blockchain state to any peer before validation.
+
+**Deserialization bounds**: `MAX_VERSION_STRING_LENGTH` = 64 bytes, `MAX_BLOCK_HASH_STRING_LENGTH` = 128 bytes. Expected response size: 1 KB.
+
+### AUTH Protocol (`/aztec/req/auth/1.0.0`)
+
+**Requester side** (`peer_manager.ts`):
+
+| # | Rule | Consequence |
+|---|------|-------------|
+| 1 | Response status is SUCCESS | `markAuthHandshakeFailed` + disconnect |
+| 2 | `compressedComponentsVersion` match | `markAuthHandshakeFailed` + disconnect |
+| 3 | Valid ECDSA signature recovery from challenge response | `markAuthHandshakeFailed` + disconnect |
+| 4 | Recovered address is a registered validator | `markAuthHandshakeFailed` + disconnect |
+| 5 | Validator address not already authenticated to different peerId | Silent return (no disconnect, no failure marking -- peer stays connected but unauthenticated) |
+| 6 | Any exception | `markAuthHandshakeFailed` + disconnect |
+
+Challenge: random `Fr`, payload = `keccak256("Aztec Validator Challenge:" + challenge)`, signed with `eth_sign` style. Challenge is NOT bound to peer identity (transport encryption via Noise is the binding layer).
+
+On success: peer added to authenticated maps, prior failures cleared (including IP-based ones -- shared-IP peers benefit from a legitimate validator's success).
+
+**Responder side** (`validator-client/src/validator.ts` + `peer_manager.ts`):
+
+| # | Rule | Consequence |
+|---|------|-------------|
+| 1 | Peer must be protected (`shouldTrustWithIdentity` in `peer_manager.ts`) | Returns empty buffer (SUCCESS status + empty payload -> requester gets parse error -> `markAuthHandshakeFailed`) |
+| 2 | Node must have registered validator address | Returns empty buffer (same consequence) |
+
+**Unauthenticated peer gossip**: when `p2pAllowOnlyValidators` is true, unauthenticated peers get `appSpecificScore = -Infinity`, completely excluding them from all gossip.
+
+### PING Protocol (`/aztec/req/ping/1.0.0`)
+
+No validation on either side. Responder returns `Buffer.from('pong')`. Expected response: 1 KB.
+
+### GOODBYE Protocol (`/aztec/req/goodbye/1.0.0`)
+
+**Responder**: buffer must be 1 byte (defaults to `UNKNOWN` on invalid length). Goodbye reason byte is NOT validated against the enum -- any byte 0-255 accepted. Peer scheduled for disconnect regardless of reason.
+
+**Requester**: response errors are never penalized (GOODBYE subprotocol exempt from error categorization).
+
+### Periodic Re-validation
+
+| Rule | Interval | File |
+|------|----------|------|
+| Authenticated validators re-checked against current validator set | Every heartbeat (`peerCheckIntervalMS`) | `peer_manager.ts` |
+| If validator address no longer registered, auth entry removed | Same | same |
+
+Protected peers (private/trusted/preferred) are always considered "authenticated" without AUTH handshake.
+
+---
+
+## Block Data Protocols
+
+### BLOCK Protocol (`/aztec/req/block/1.0.0`)
+
+**Server side**:
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Request must parse as `Fr` | `BADLY_FORMED_REQUEST` + LowToleranceError | `protocols/block.ts` |
+| Block lookup throws | `INTERNAL_ERROR` status | same |
+| Block not found | SUCCESS + empty buffer (design choice; no `NOT_FOUND` status used) | same |
+
+**Requester side** (Snappy limit: 3 MB):
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Response block number must match requested | LowToleranceError; rejected | `libp2p_service.ts` (`validateRequestedBlock`) |
+| Local block must exist for hash verification | Rejected (no penalty) | same |
+| Response block hash must equal local block hash | MidToleranceError; rejected | same |
+
+**Limitation**: the local-block requirement means BLOCK req/resp is unusable for initial P2P-only sync (before L1 sync provides local copies for verification). A TODO in the code acknowledges this.
+
+### BLOCK_TXS Protocol (`/aztec/req/block_txs/1.0.0`)
+
+**Server side**:
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Request must parse as `BlockTxsRequest` (Fr + TxHashArray + BitVector) | `BADLY_FORMED_REQUEST` + LowToleranceError | `protocols/block_txs/block_txs_handler.ts` |
+| BitVector length: non-negative and <= `MAX_TXS_PER_BLOCK` (65536) | Deserialization throws -> `BADLY_FORMED_REQUEST` | `protocols/block_txs/bitvector.ts` |
+| Archive root not found and no explicit txHashes | `NOT_FOUND` status | handler |
+| Internal error during lookup | Unhandled exception -> stream abort (no `INTERNAL_ERROR` status, unlike BLOCK) | handler |
+
+Conditional registration: BLOCK_TXS handler only registered when `config.disableTransactions` is false. Otherwise peers get `ERR_UNSUPPORTED_PROTOCOL`.
+
+**Requester side via `sendBatchRequest`** (Snappy limit: `max(N, 1) * 512 + 1` KB):
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Archive root must match request | MidToleranceError | `libp2p_service.ts` (`validateRequestedBlockTxs`) |
+| BitVector length must match request | MidToleranceError | same |
+| No duplicate tx hashes | MidToleranceError | same |
+| Tx count within bounds | MidToleranceError | same |
+| Local block proposal must exist for archive root | Rejected (no penalty) | same |
+| All tx hashes must be in proposal's tx list at allowed indices | LowToleranceError | same |
+| Txs in strictly increasing index order | LowToleranceError | same |
+| Each tx passes well-formedness (Metadata [4 fields], Size, Data, Proof) | LowToleranceError | same |
+
+**Requester side via `BatchTxRequester`** (separate validation path):
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Non-SUCCESS status: `FAILURE`/`UNKNOWN` | HighToleranceError + "bad peer" tracking | `batch-tx-requester/batch_tx_requester.ts` |
+| `RATE_LIMIT_EXCEEDED` | Peer marked rate-limited (cooldown) | same |
+| `NOT_FOUND` / `BADLY_FORMED_REQUEST` / `INTERNAL_ERROR` | Falls through silently (no penalty) | same |
+| Each tx validated (Metadata + Size + Data + Proof) | LowToleranceError per invalid tx; valid txs from same response still accepted | same |
+| Archive root match + non-empty txIndices | No penalty on mismatch; peer not promoted to "smart" | same |
+
+**Double penalty on transport errors**: when `BatchTxRequester` encounters a transport error (e.g., ECONNRESET), both `sendRequestToPeer`'s internal handler and the `BatchTxRequester`'s catch block penalize the peer, resulting in double HighToleranceError.
+
+See [BatchTxRequester README](batch-tx-requester/README.md) for the full architecture (peer classification, worker model, wire protocol).
+
+### TX Protocol (`/aztec/req/tx/1.0.0`)
+
+**Server side**:
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Request must parse as `TxHashArray` | `BADLY_FORMED_REQUEST` + LowToleranceError | `protocols/tx.ts` |
+
+**Requester side** (validator registered at startup, not the default noop):
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Each returned tx hash must be in the requested set | MidToleranceError | `libp2p_service.ts` (`validateRequestedTxs`) |
+| Each tx passes well-formedness (Metadata + Size + Data + Proof) | LowToleranceError | same |
+
+Snappy limit: `max(N, 1) * 512 + 1` KB.
+

package/src/services/reqresp/batch-tx-requester/batch_tx_requester.ts

@@ -463,9 +463,18 @@ export class BatchTxRequester {
    *   this implies we will query these peers couple of more times and give them a chance to "redeem" themselves before completely ignoring them
    */
   private handleFailResponseFromPeer(peerId: PeerId, responseStatus: ReqRespStatus) {
-    //TODO: Should we ban these peers?
     if (responseStatus === ReqRespStatus.FAILURE || responseStatus === ReqRespStatus.UNKNOWN) {
       this.peers.penalisePeer(peerId, PeerErrorSeverity.HighToleranceError);
+      this.peers.markPeerDumb(peerId);
+      this.txsMetadata.clearPeerData(peerId);
+      return;
+    }
+
+    // NOT_FOUND means the peer pruned its block proposal — it can no longer serve
+    // index-based requests, but this is a legitimate state so we don't penalize.
+    if (responseStatus === ReqRespStatus.NOT_FOUND) {
+      this.peers.markPeerDumb(peerId);
+      this.txsMetadata.clearPeerData(peerId);
       return;
     }
 
@@ -555,10 +564,9 @@ export class BatchTxRequester {
       return;
     }
 
-    // If block response is invalid we still want to query this peer in the future
-    // Because they sent successful response, so they might become smart peer in the future
-    // Or send us needed txs
-    if (!this.isBlockResponseValid(response)) {
+    const hasArchiveRootMismatch = this.blockTxsSource.archive.toString() !== response.archiveRoot.toString();
+    if (hasArchiveRootMismatch) {
+      this.handleArchiveRootMismatch(peerId, response);
       return;
     }
 
@@ -576,13 +584,25 @@ export class BatchTxRequester {
     this.smartRequesterSemaphore.release();
   }
 
-  private isBlockResponseValid(response: BlockTxsResponse): boolean {
-    const archiveRootsMatch = this.blockTxsSource.archive.toString() === response.archiveRoot.toString();
-    const peerHasSomeTxsFromProposal = !response.txIndices.isEmpty();
-    return archiveRootsMatch && peerHasSomeTxsFromProposal;
+  /**
+   * Handles an archive root mismatch between local state and peer response.
+   *
+   * - Response archive is Fr.ZERO (peer pruned proposal, legitimate): marks peer dumb.
+   * - Non-zero archive mismatch (malicious response): penalises + marks dumb.
+   */
+  private handleArchiveRootMismatch(peerId: PeerId, response: BlockTxsResponse): void {
+    if (!response.archiveRoot.isZero()) {
+      this.peers.penalisePeer(peerId, PeerErrorSeverity.LowToleranceError);
+    }
+
+    this.peers.markPeerDumb(peerId);
+    this.txsMetadata.clearPeerData(peerId);
   }
 
   private peerHasSomeTxsWeAreMissing(_peerId: PeerId, response: BlockTxsResponse): boolean {
+    if (response.txIndices.isEmpty()) {
+      return false;
+    }
     const txsPeerHas = new Set(this.extractHashesPeerHasFromResponse(response).map(h => h.toString()));
     return this.txsMetadata.getMissingTxHashes().intersection(txsPeerHas).size > 0;
   }

package/src/services/reqresp/batch-tx-requester/interface.ts

@@ -23,6 +23,8 @@ export interface ITxMetadataCollection {
   alreadyFetched(txHash: TxHash): boolean;
   // Returns true if tx was marked as fetched, false if it was already marked as fetched
   markPeerHas(peerId: PeerId, txHashes: TxHash[]): void;
+  /** Remove all tx metadata associations for a peer (e.g. on demotion from smart to dumb). */
+  clearPeerData(peerId: PeerId): void;
 }
 
 /**

package/src/services/reqresp/batch-tx-requester/missing_txs.ts

@@ -158,4 +158,11 @@ export class MissingTxMetadataCollection implements ITxMetadataCollection {
         }
       });
   }
+
+  public clearPeerData(peerId: PeerId) {
+    const peerIdStr = peerId.toString();
+    for (const txMeta of this.txMetadata.values()) {
+      txMeta.peers.delete(peerIdStr);
+    }
+  }
 }

package/src/services/reqresp/batch-tx-requester/peer_collection.ts

@@ -12,6 +12,7 @@ export const RATE_LIMIT_EXCEEDED_PEER_CACHE_TTL = 1000; // 1s
 
 export interface IPeerCollection {
   markPeerSmart(peerId: PeerId): void;
+  markPeerDumb(peerId: PeerId): void;
 
   /** Sample next peer in round-robin fashion. No smart peers if returns undefined */
   nextSmartPeerToQuery(): PeerId | undefined;
@@ -57,6 +58,10 @@ export class PeerCollection implements IPeerCollection {
     this.smartPeers.add(peerId.toString());
   }
 
+  public markPeerDumb(peerId: PeerId): void {
+    this.smartPeers.delete(peerId.toString());
+  }
+
   // We keep track of all peers that are queried for peer sampling algorithm
   private queriedSmartPeers: Set<string> = new Set<string>();
   private queriedDumbPeers: Set<string> = new Set<string>();

package/src/services/reqresp/reqresp.ts

@@ -320,7 +320,7 @@ export class ReqResp implements ReqRespInterface {
               };
 
               for (const index of indices) {
-                this.logger.info(`Sending request ${index} to peer ${peerAsString}`);
+                this.logger.trace(`Sending request ${index} to peer ${peerAsString}`);
                 const response = await this.sendRequestToPeer(peer, subProtocol, requestBuffers[index]);
 
                 // Check the status of the response buffer

package/src/test-helpers/testbench-utils.ts

@@ -292,6 +292,7 @@ export function createMockEpochCache(): EpochCacheInterface {
       ethereumSlotDuration: 1,
       proofSubmissionEpochs: 1,
       targetCommitteeSize: 48,
+      rollupManaLimit: Number.MAX_SAFE_INTEGER,
     }),
   };
 }