@aztec/p2p 0.0.1-commit.3e3d0c9cd → 0.0.1-commit.3f5453c7b

package/src/mem_pools/attestation_pool/attestation_pool_test_suite.ts

@@ -446,12 +446,12 @@ export function describeAttestationPool(getAttestationPool: () => AttestationPoo
         const result2 = await ap.tryAddBlockProposal(proposal2);
         expect(result2.count).toBe(2);
 
-        // Add a third proposal for same position
+        // Third proposal for same position should be rejected (cap is 2)
         const proposal3 = await mockBlockProposalWithIndex(signers[2], slotNumber, indexWithinCheckpoint);
         const result3 = await ap.tryAddBlockProposal(proposal3);
 
-        expect(result3.added).toBe(true);
-        expect(result3.count).toBe(3);
+        expect(result3.added).toBe(false);
+        expect(result3.count).toBe(2);
       });
 
       it('should return added=false when exceeding capacity', async () => {
@@ -666,12 +666,12 @@ export function describeAttestationPool(getAttestationPool: () => AttestationPoo
         const result2 = await ap.tryAddCheckpointProposal(proposal2);
         expect(result2.count).toBe(2);
 
-        // Add a third proposal for same slot
+        // Third proposal for same slot should be rejected (cap is 2)
         const proposal3 = await mockCheckpointProposalCoreForPool(signers[2], slotNumber);
         const result3 = await ap.tryAddCheckpointProposal(proposal3);
 
-        expect(result3.added).toBe(true);
-        expect(result3.count).toBe(3);
+        expect(result3.added).toBe(false);
+        expect(result3.count).toBe(2);
       });
 
       it('should not count attestations as proposals for duplicate detection', async () => {

package/src/mem_pools/index.ts

@@ -1,6 +1,3 @@
 export { AttestationPool, type AttestationPoolApi } from './attestation_pool/attestation_pool.js';
 export { type MemPools } from './interface.js';
-// Old TxPool exports - kept temporarily for external consumers
-export { type TxPool } from './tx_pool/tx_pool.js';
-// New TxPoolV2 exports
 export { type TxPoolV2, type TxPoolV2Config, type TxPoolV2Events, type AddTxsResult } from './tx_pool_v2/index.js';

package/src/mem_pools/tx_pool_v2/interfaces.ts

@@ -160,10 +160,10 @@ export interface TxPoolV2 extends TypedEventEmitter<TxPoolV2Events> {
   handleMinedBlock(block: L2Block): Promise<void>;
 
   /**
-   * Prepares the pool for a new slot.
-   * Unprotects transactions from earlier slots and validates them before
-   * returning to pending state.
-   * @param slotNumber - The slot number to prepare for
+   * Prepares the pool for a new slot by unprotecting transactions from earlier
+   * slots and re-validating them before returning to pending state.
+   * @param slotNumber - The pipeline slot we are building for (i.e. the slot
+   *   the resulting blocks will target on L1).
    */
   prepareForSlot(slotNumber: SlotNumber): Promise<void>;
 

package/src/mem_pools/tx_pool_v2/tx_metadata.ts

@@ -1,3 +1,4 @@
+import { minBigint } from '@aztec/foundation/bigint';
 import { BlockNumber } from '@aztec/foundation/branded-types';
 import { Fr } from '@aztec/foundation/curves/bn254';
 import { ProtocolContractAddress } from '@aztec/protocol-contracts';
@@ -6,7 +7,6 @@ import { Gas } from '@aztec/stdlib/gas';
 import { type Tx, TxHash } from '@aztec/stdlib/tx';
 
 import { getFeePayerBalanceDelta } from '../../msg_validators/tx_validator/fee_payer_balance.js';
-import { getTxPriorityFee } from '../tx_pool/priority.js';
 import { type PreAddResult, TxPoolRejectionCode } from './eviction/interfaces.js';
 
 /** Validator-compatible data interface, mirroring the subset of PrivateKernelTailCircuitPublicInputs used by validators. */
@@ -335,3 +335,9 @@ export function stubTxMetaData(
     data: stubTxMetaValidationData({ expirationTimestamp }),
   };
 }
+
+/** Returns the priority fee for a tx, based on the L2 priority fee capped by the max fee per gas. */
+function getTxPriorityFee(tx: Tx): bigint {
+  const { maxPriorityFeesPerGas: priorityFees, maxFeesPerGas } = tx.getGasSettings();
+  return minBigint(maxFeesPerGas.feePerL2Gas, priorityFees.feePerL2Gas);
+}

package/src/msg_validators/attestation_validator/README.md

@@ -24,7 +24,7 @@ This module validates `CheckpointAttestation` gossipsub messages. Attestations a
 |---|------|-------------|
 | 8 | Sender recoverable (pool-side) | Silent drop |
 | 9 | Not a duplicate (same slot + proposalId + signer) | IGNORE |
-| 10 | Per-signer cap: `MAX_ATTESTATIONS_PER_SLOT_AND_SIGNER` = 3 | IGNORE |
+| 10 | Per-signer cap: `MAX_ATTESTATIONS_PER_SLOT_AND_SIGNER` = 2 | IGNORE |
 
 Own attestations added via `addOwnCheckpointAttestations` bypass the per-signer cap.
 

package/src/msg_validators/attestation_validator/attestation_validator.ts

@@ -8,14 +8,21 @@ import {
   type ValidationResult,
 } from '@aztec/stdlib/p2p';
 
-import { isWithinClockTolerance } from '../clock_tolerance.js';
+import { PipeliningWindow, isWithinClockTolerance } from '../clock_tolerance.js';
 
 export class CheckpointAttestationValidator implements P2PValidator<CheckpointAttestation> {
   protected epochCache: EpochCacheInterface;
   protected logger: Logger;
+  private readonly pipeliningWindow: PipeliningWindow;
 
-  constructor(epochCache: EpochCacheInterface) {
+  constructor(
+    epochCache: EpochCacheInterface,
+    opts: {
+      l1PublishingTime?: number;
+    },
+  ) {
     this.epochCache = epochCache;
+    this.pipeliningWindow = new PipeliningWindow(epochCache, { l1PublishingTime: opts.l1PublishingTime });
     this.logger = createLogger('p2p:checkpoint-attestation-validator');
   }
 
@@ -23,18 +30,23 @@ export class CheckpointAttestationValidator implements P2PValidator<CheckpointAt
     const slotNumber = message.payload.header.slotNumber;
 
     try {
-      const { currentSlot, nextSlot } = this.epochCache.getCurrentAndNextSlot();
+      // Use target slots since proposals target pipeline slots (slot + 1 when pipelining).
+      const { targetSlot, nextSlot } = this.epochCache.getTargetAndNextSlot();
 
-      if (slotNumber !== currentSlot && slotNumber !== nextSlot) {
-        // Check if message is for previous slot and within clock tolerance
-        if (!isWithinClockTolerance(slotNumber, currentSlot, this.epochCache)) {
+      if (slotNumber !== targetSlot && slotNumber !== nextSlot) {
+        // When pipelining, accept attestations for the current slot (built in the previous slot)
+        // until the target slot reaches its L1 publish cutoff.
+        if (this.pipeliningWindow.acceptsAttestation(slotNumber)) {
+          // Fall through to remaining validation (signature, committee, etc.)
+        } else if (!isWithinClockTolerance(slotNumber, targetSlot, this.epochCache)) {
           this.logger.warn(
-            `Checkpoint attestation slot ${slotNumber} is not current (${currentSlot}) or next (${nextSlot}) slot`,
+            `Checkpoint attestation slot ${slotNumber} is not current (${targetSlot}) or next (${nextSlot}) slot`,
           );
           return { result: 'reject', severity: PeerErrorSeverity.HighToleranceError };
+        } else {
+          this.logger.debug(`Ignoring checkpoint attestation for previous slot ${slotNumber} within clock tolerance`);
+          return { result: 'ignore' };
         }
-        this.logger.debug(`Ignoring checkpoint attestation for previous slot ${slotNumber} within clock tolerance`);
-        return { result: 'ignore' };
       }
 
       // Verify the signature is valid

package/src/msg_validators/attestation_validator/fisherman_attestation_validator.ts

@@ -20,8 +20,11 @@ export class FishermanAttestationValidator extends CheckpointAttestationValidato
     epochCache: EpochCacheInterface,
     private attestationPool: AttestationPoolApi,
     telemetryClient: TelemetryClient,
+    opts: {
+      l1PublishingTime?: number;
+    } = {},
   ) {
-    super(epochCache);
+    super(epochCache, opts);
     this.logger = this.logger.createChild('[FISHERMAN]');
 
     const meter = telemetryClient.getMeter('FishermanAttestationValidator');

package/src/msg_validators/clock_tolerance.ts

@@ -1,5 +1,6 @@
 import type { EpochCacheInterface } from '@aztec/epoch-cache';
 import { SlotNumber } from '@aztec/foundation/branded-types';
+import { DEFAULT_P2P_PROPAGATION_TIME, createPipelinedCheckpointTimingModel } from '@aztec/stdlib/timetable';
 
 /**
  * Maximum clock disparity tolerance for P2P message validation (in milliseconds).
@@ -36,10 +37,11 @@ export function isWithinClockTolerance(
   }
 
   // Check how far we are into the current slot (in milliseconds)
-  const { ts: slotStartTs, nowMs, slot } = epochCache.getEpochAndSlotNow();
+  const { ts: slotStartTs, nowMs } = epochCache.getEpochAndSlotNow();
+  const targetSlot = epochCache.getTargetSlot();
 
-  // Sanity check: ensure the epoch cache's current slot matches the expected current slot
-  if (slot !== currentSlot) {
+  // Sanity check: ensure the epoch cache's target slot matches the expected current slot
+  if (targetSlot !== currentSlot) {
     return false;
   }
 
@@ -49,3 +51,70 @@ export function isWithinClockTolerance(
 
   return elapsedMs < MAXIMUM_GOSSIP_CLOCK_DISPARITY_MS;
 }
+
+/**
+ * Checks if a message should be accepted under the pipelining grace period.
+ *
+ * When pipelining is enabled, `targetSlot = slotNow + 1`. A proposal built in slot N-1
+ * for slot N arrives when validators are in slot N, so their `targetSlot = N+1`.
+ * This function accepts proposals for the current wallclock slot if we're within the
+ * first `windowSeconds` seconds of the slot (the pipelining grace period). - see stdlib/timetable/index.ts
+ *
+ * @param messageSlot - The slot number from the received message
+ * @param epochCache - EpochCache to get timing and pipelining state
+ * @param windowSeconds - The window grace period allowed for attestations into the next slot
+ * @returns true if pipelining is enabled, the message is for the current slot, and we're within the grace period
+ */
+function isWithinPipeliningWindow(
+  messageSlot: SlotNumber,
+  epochCache: EpochCacheInterface,
+  windowSeconds: number,
+): boolean {
+  if (!epochCache.isProposerPipeliningEnabled()) {
+    return false;
+  }
+
+  const currentSlot = epochCache.getSlotNow();
+  if (messageSlot !== currentSlot) {
+    return false;
+  }
+
+  const { ts: slotStartTs, nowMs } = epochCache.getEpochAndSlotNow();
+  const slotStartMs = slotStartTs * 1000n;
+  const elapsedMs = Number(nowMs - slotStartMs);
+  const windowMs = windowSeconds * 1000 + MAXIMUM_GOSSIP_CLOCK_DISPARITY_MS;
+
+  return elapsedMs < windowMs;
+}
+
+export class PipeliningWindow {
+  private readonly proposalWindowIntoTargetSlot: number;
+  private readonly attestationWindowIntoTargetSlot: number;
+
+  constructor(
+    private readonly epochCache: EpochCacheInterface,
+    opts: {
+      p2pPropagationTime?: number;
+      l1PublishingTime?: number;
+    } = {},
+  ) {
+    const l1Constants = epochCache.getL1Constants();
+    const checkpointTiming = createPipelinedCheckpointTimingModel({
+      aztecSlotDuration: l1Constants.slotDuration,
+      ethereumSlotDuration: l1Constants.ethereumSlotDuration,
+      l1PublishingTime: opts.l1PublishingTime ?? l1Constants.ethereumSlotDuration,
+      p2pPropagationTime: opts.p2pPropagationTime ?? DEFAULT_P2P_PROPAGATION_TIME,
+    });
+
+    this.proposalWindowIntoTargetSlot = checkpointTiming.proposalWindowIntoTargetSlot;
+    this.attestationWindowIntoTargetSlot = checkpointTiming.attestationWindowIntoTargetSlot;
+  }
+
+  public acceptsProposal(messageSlot: SlotNumber): boolean {
+    return isWithinPipeliningWindow(messageSlot, this.epochCache, this.proposalWindowIntoTargetSlot);
+  }
+
+  public acceptsAttestation(messageSlot: SlotNumber): boolean {
+    return isWithinPipeliningWindow(messageSlot, this.epochCache, this.attestationWindowIntoTargetSlot);
+  }
+}

package/src/msg_validators/proposal_validator/README.md

@@ -28,7 +28,7 @@ Deserialization guards: `BlockProposal.fromBuffer` and `SignedTxs.fromBuffer` bo
 | # | Rule | Consequence |
 |---|------|-------------|
 | 9 | **Duplicate**: same archive root already stored | IGNORE (no penalty) |
-| 10 | **Per-position cap**: max 3 proposals per (slot, indexWithinCheckpoint) | REJECT + HighToleranceError |
+| 10 | **Per-position cap**: max 2 proposals per (slot, indexWithinCheckpoint) | REJECT + HighToleranceError |
 | 11 | **Equivocation**: >1 distinct proposal for same (slot, index) | ACCEPT (rebroadcast for detection). At count=2: `duplicateProposalCallback` fires -> slash event (`OffenseType.DUPLICATE_PROPOSAL`, configured via `slashDuplicateProposalPenalty`) |
 
 ### Stage 3: Validator-Client Processing (BlockProposalHandler)
@@ -53,7 +53,7 @@ Only runs on validator nodes. Non-validator nodes use a default handler that tri
 
 **Escape hatch**: during escape hatch periods (`isEscapeHatchOpenAtSlot`), re-execution and slashing are both disabled, and the proposal is rejected locally.
 
-**Conditional re-execution**: rules 22-24 only run when at least one condition is true: `fishermanMode` enabled, `slashBroadcastedInvalidBlockPenalty > 0` with `validatorReexecute`, committee membership with `validatorReexecute`, `alwaysReexecuteBlockProposals`, or `blobClient.canUpload()`.
+**Conditional re-execution**: rules 22-24 only run when at least one condition is true: `fishermanMode` enabled, `slashBroadcastedInvalidBlockPenalty > 0`, committee membership, `alwaysReexecuteBlockProposals`, or `blobClient.canUpload()`.
 
 **Slashing**: only `state_mismatch` and `failed_txs` trigger on-chain slashing (`OffenseType.BROADCASTED_INVALID_BLOCK_PROPOSAL`, gated by `slashBroadcastedInvalidBlockPenalty > 0`). Unknown errors during re-execution do NOT slash.
 
@@ -84,7 +84,7 @@ The checkpoint's embedded `lastBlock` is extracted via `getBlockProposal()` and
 | Rule | Consequence | File |
 |------|-------------|------|
 | Block proposal must pass `BlockProposalValidator.validate()` | If REJECT: entire checkpoint REJECTED | `libp2p_service.ts` |
-| Block proposal must not exceed per-position cap (3) | Checkpoint REJECTED + HighToleranceError | same |
+| Block proposal must not exceed per-position cap (2) | Checkpoint REJECTED + HighToleranceError | same |
 | Block equivocation detected (>1 proposals for same slot+index) | Checkpoint REJECTED (block itself is ACCEPT for re-broadcast) | same |
 
 ### Stage 3: Mempool (Attestation Pool)
@@ -92,7 +92,7 @@ The checkpoint's embedded `lastBlock` is extracted via `getBlockProposal()` and
 | Rule | Consequence | File |
 |------|-------------|------|
 | Duplicate (same archive ID) | IGNORE (no penalty). Embedded block still processed if valid. | `attestation_pool.ts` |
-| Per-slot cap: `MAX_CHECKPOINT_PROPOSALS_PER_SLOT` = 5 | REJECT + HighToleranceError. Embedded block still processed. | same |
+| Per-slot cap: `MAX_CHECKPOINT_PROPOSALS_PER_SLOT` = 2 | REJECT + HighToleranceError. Embedded block still processed. | same |
 
 ### Stage 4: Equivocation Detection
 

package/src/msg_validators/proposal_validator/block_proposal_validator.ts

@@ -6,7 +6,10 @@ import { ProposalValidator } from '../proposal_validator/proposal_validator.js';
 export class BlockProposalValidator implements P2PValidator<BlockProposal> {
   private proposalValidator: ProposalValidator;
 
-  constructor(epochCache: EpochCacheInterface, opts: { txsPermitted: boolean; maxTxsPerBlock?: number }) {
+  constructor(
+    epochCache: EpochCacheInterface,
+    opts: { txsPermitted: boolean; maxTxsPerBlock?: number; p2pPropagationTime?: number },
+  ) {
     this.proposalValidator = new ProposalValidator(epochCache, opts, 'p2p:block_proposal_validator');
   }
 

package/src/msg_validators/proposal_validator/checkpoint_proposal_validator.ts

@@ -6,7 +6,10 @@ import { ProposalValidator } from '../proposal_validator/proposal_validator.js';
 export class CheckpointProposalValidator implements P2PValidator<CheckpointProposal> {
   private proposalValidator: ProposalValidator;
 
-  constructor(epochCache: EpochCacheInterface, opts: { txsPermitted: boolean; maxTxsPerBlock?: number }) {
+  constructor(
+    epochCache: EpochCacheInterface,
+    opts: { txsPermitted: boolean; maxTxsPerBlock?: number; p2pPropagationTime?: number },
+  ) {
     this.proposalValidator = new ProposalValidator(epochCache, opts, 'p2p:checkpoint_proposal_validator');
   }
 

package/src/msg_validators/proposal_validator/proposal_validator.ts

@@ -8,7 +8,7 @@ import {
   type ValidationResult,
 } from '@aztec/stdlib/p2p';
 
-import { isWithinClockTolerance } from '../clock_tolerance.js';
+import { PipeliningWindow, isWithinClockTolerance } from '../clock_tolerance.js';
 
 /** Validates header-level and tx-level fields of block and checkpoint proposals. */
 export class ProposalValidator {
@@ -16,32 +16,39 @@ export class ProposalValidator {
   private logger: Logger;
   private txsPermitted: boolean;
   private maxTxsPerBlock?: number;
+  private pipeliningWindow: PipeliningWindow;
 
   constructor(
     epochCache: EpochCacheInterface,
-    opts: { txsPermitted: boolean; maxTxsPerBlock?: number },
+    opts: { txsPermitted: boolean; maxTxsPerBlock?: number; p2pPropagationTime?: number },
     loggerName: string,
   ) {
     this.epochCache = epochCache;
     this.txsPermitted = opts.txsPermitted;
     this.maxTxsPerBlock = opts.maxTxsPerBlock;
+    this.pipeliningWindow = new PipeliningWindow(epochCache, { p2pPropagationTime: opts.p2pPropagationTime });
     this.logger = createLogger(loggerName);
   }
 
   /** Validates header-level fields: slot, signature, and proposer. */
   public async validate(proposal: BlockProposal | CheckpointProposalCore): Promise<ValidationResult> {
     try {
-      // Slot check
-      const { currentSlot, nextSlot } = this.epochCache.getCurrentAndNextSlot();
+      // Slot check: use target slots since proposals target pipeline slots (slot + 1 when pipelining).
+      const { targetSlot, nextSlot } = this.epochCache.getTargetAndNextSlot();
+
       const slotNumber = proposal.slotNumber;
-      if (slotNumber !== currentSlot && slotNumber !== nextSlot) {
-        // Check if message is for previous slot and within clock tolerance
-        if (!isWithinClockTolerance(slotNumber, currentSlot, this.epochCache)) {
-          this.logger.warn(`Penalizing peer for invalid slot number ${slotNumber}`, { currentSlot, nextSlot });
+      if (slotNumber !== targetSlot && slotNumber !== nextSlot) {
+        // When pipelining, accept proposals for the current slot (built in the previous slot)
+        // if they're still within the shared proposal acceptance window.
+        if (this.pipeliningWindow.acceptsProposal(slotNumber)) {
+          // Fall through to remaining validation (signature, proposer, etc.)
+        } else if (!isWithinClockTolerance(slotNumber, targetSlot, this.epochCache)) {
+          this.logger.warn(`Penalizing peer for invalid slot number ${slotNumber}`, { targetSlot, nextSlot });
           return { result: 'reject', severity: PeerErrorSeverity.HighToleranceError };
+        } else {
+          this.logger.verbose(`Ignoring proposal for previous slot ${slotNumber} within clock tolerance`);
+          return { result: 'ignore' };
         }
-        this.logger.verbose(`Ignoring proposal for previous slot ${slotNumber} within clock tolerance`);
-        return { result: 'ignore' };
       }
 
       // Signature validity

package/src/msg_validators/tx_validator/contract_instance_validator.ts

@@ -0,0 +1,56 @@
+import { type Logger, type LoggerBindings, createLogger } from '@aztec/foundation/log';
+import { ContractInstancePublishedEvent } from '@aztec/protocol-contracts/instance-registry';
+import { computeContractAddressFromInstance } from '@aztec/stdlib/contract';
+import {
+  TX_ERROR_INCORRECT_CONTRACT_ADDRESS,
+  TX_ERROR_MALFORMED_CONTRACT_INSTANCE_LOG,
+  type Tx,
+  type TxValidationResult,
+  type TxValidator,
+} from '@aztec/stdlib/tx';
+
+/** Validates that contract instance deployment logs contain correct addresses. */
+export class ContractInstanceTxValidator implements TxValidator<Tx> {
+  #log: Logger;
+
+  constructor(bindings?: LoggerBindings) {
+    this.#log = createLogger('p2p:tx_validator:contract_instance', bindings);
+  }
+
+  async validateTx(tx: Tx): Promise<TxValidationResult> {
+    const reason = await this.#hasCorrectContractInstanceAddresses(tx);
+    return reason ? { result: 'invalid', reason: [reason] } : { result: 'valid' };
+  }
+
+  async #hasCorrectContractInstanceAddresses(tx: Tx): Promise<string | undefined> {
+    const privateLogs = tx.data.getNonEmptyPrivateLogs();
+    for (const log of privateLogs) {
+      if (!ContractInstancePublishedEvent.isContractInstancePublishedEvent(log)) {
+        continue;
+      }
+
+      let event;
+      try {
+        event = ContractInstancePublishedEvent.fromLog(log);
+      } catch (e) {
+        this.#log.warn(`Rejecting tx ${tx.getTxHash()}: failed to parse contract instance event: ${e}`);
+        return TX_ERROR_MALFORMED_CONTRACT_INSTANCE_LOG;
+      }
+
+      try {
+        const instance = event.toContractInstance();
+        const computedAddress = await computeContractAddressFromInstance(instance);
+        if (!computedAddress.equals(instance.address)) {
+          this.#log.warn(
+            `Rejecting tx ${tx.getTxHash()}: contract instance address mismatch. Claimed ${instance.address}, computed ${computedAddress}`,
+          );
+          return TX_ERROR_INCORRECT_CONTRACT_ADDRESS;
+        }
+      } catch (e) {
+        this.#log.warn(`Rejecting tx ${tx.getTxHash()}: failed to compute contract instance address: ${e}`);
+        return TX_ERROR_MALFORMED_CONTRACT_INSTANCE_LOG;
+      }
+    }
+    return undefined;
+  }
+}

package/src/msg_validators/tx_validator/data_validator.ts

@@ -1,5 +1,7 @@
 import { MAX_FR_CALLDATA_TO_ALL_ENQUEUED_CALLS } from '@aztec/constants';
 import { type Logger, type LoggerBindings, createLogger } from '@aztec/foundation/log';
+import { ContractClassPublishedEvent } from '@aztec/protocol-contracts/class-registry';
+import { computeContractClassId } from '@aztec/stdlib/contract';
 import { computeCalldataHash } from '@aztec/stdlib/hash';
 import {
   TX_ERROR_CALLDATA_COUNT_MISMATCH,
@@ -9,7 +11,9 @@ import {
   TX_ERROR_CONTRACT_CLASS_LOG_LENGTH,
   TX_ERROR_CONTRACT_CLASS_LOG_SORTING,
   TX_ERROR_INCORRECT_CALLDATA,
+  TX_ERROR_INCORRECT_CONTRACT_CLASS_ID,
   TX_ERROR_INCORRECT_HASH,
+  TX_ERROR_MALFORMED_CONTRACT_CLASS_LOG,
   Tx,
   type TxValidationResult,
   type TxValidator,
@@ -26,7 +30,8 @@ export class DataTxValidator implements TxValidator<Tx> {
     const reason =
       (await this.#hasCorrectHash(tx)) ??
       (await this.#hasCorrectCalldata(tx)) ??
-      (await this.#hasCorrectContractClassLogs(tx));
+      (await this.#hasCorrectContractClassLogs(tx)) ??
+      (await this.#hasCorrectContractClassIds(tx));
     return reason ? { result: 'invalid', reason: [reason] } : { result: 'valid' };
   }
 
@@ -127,4 +132,40 @@ export class DataTxValidator implements TxValidator<Tx> {
 
     return undefined;
   }
+
+  async #hasCorrectContractClassIds(tx: Tx): Promise<string | undefined> {
+    const contractClassLogs = tx.getContractClassLogs();
+    for (const log of contractClassLogs) {
+      if (!ContractClassPublishedEvent.isContractClassPublishedEvent(log)) {
+        continue;
+      }
+
+      let event;
+      try {
+        event = ContractClassPublishedEvent.fromLog(log);
+      } catch (e) {
+        this.#log.warn(`Rejecting tx ${tx.getTxHash()}: failed to parse contract class event: ${e}`);
+        return TX_ERROR_MALFORMED_CONTRACT_CLASS_LOG;
+      }
+
+      try {
+        const { publicBytecodeCommitment } = await event.toContractClassPublicWithBytecodeCommitment();
+        const computedClassId = await computeContractClassId({
+          artifactHash: event.artifactHash,
+          privateFunctionsRoot: event.privateFunctionsRoot,
+          publicBytecodeCommitment,
+        });
+        if (!computedClassId.equals(event.contractClassId)) {
+          this.#log.warn(
+            `Rejecting tx ${tx.getTxHash()}: contract class id mismatch. Claimed ${event.contractClassId}, computed ${computedClassId}`,
+          );
+          return TX_ERROR_INCORRECT_CONTRACT_CLASS_ID;
+        }
+      } catch (e) {
+        this.#log.warn(`Rejecting tx ${tx.getTxHash()}: failed to compute contract class id: ${e}`);
+        return TX_ERROR_MALFORMED_CONTRACT_CLASS_LOG;
+      }
+    }
+    return undefined;
+  }
 }

package/src/msg_validators/tx_validator/factory.ts

@@ -53,6 +53,7 @@ import type { TxMetaData } from '../../mem_pools/tx_pool_v2/tx_metadata.js';
 import { AggregateTxValidator } from './aggregate_tx_validator.js';
 import { ArchiveCache } from './archive_cache.js';
 import { type ArchiveSource, BlockHeaderTxValidator } from './block_header_validator.js';
+import { ContractInstanceTxValidator } from './contract_instance_validator.js';
 import { DataTxValidator } from './data_validator.js';
 import { DoubleSpendTxValidator, type NullifierSource } from './double_spend_validator.js';
 import { GasLimitsValidator, GasTxValidator } from './gas_validator.js';
@@ -167,6 +168,10 @@ export function createFirstStageTxValidationsForGossipedTransactions(
       validator: new DataTxValidator(bindings),
       severity: PeerErrorSeverity.MidToleranceError,
     },
+    contractInstanceValidator: {
+      validator: new ContractInstanceTxValidator(bindings),
+      severity: PeerErrorSeverity.MidToleranceError,
+    },
   };
 }
 
@@ -218,6 +223,7 @@ function createTxValidatorForMinimumTxIntegrityChecks(
     ),
     new SizeTxValidator(bindings),
     new DataTxValidator(bindings),
+    new ContractInstanceTxValidator(bindings),
     new TxProofValidator(verifier, bindings),
   );
 }
@@ -321,6 +327,7 @@ export function createTxValidatorForAcceptingTxsOverRPC(
     new BlockHeaderTxValidator(new ArchiveCache(db), bindings),
     new DoubleSpendTxValidator(new NullifierCache(db), bindings),
     new DataTxValidator(bindings),
+    new ContractInstanceTxValidator(bindings),
   ];
 
   if (!skipFeeEnforcement) {

package/src/msg_validators/tx_validator/gas_validator.ts

@@ -87,7 +87,12 @@ export class GasLimitsValidator<T extends HasGasLimitData> implements TxValidato
         gasLimits,
         minGasLimits,
       });
-      return { result: 'invalid', reason: [TX_ERROR_INSUFFICIENT_GAS_LIMIT] };
+      return {
+        result: 'invalid',
+        reason: [
+          `${TX_ERROR_INSUFFICIENT_GAS_LIMIT} (required=da:${minGasLimits.daGas},l2:${minGasLimits.l2Gas} got=da:${gasLimits.daGas},l2:${gasLimits.l2Gas})`,
+        ],
+      };
     }
 
     if (gasLimits.l2Gas > this.#effectiveMaxL2Gas) {
@@ -97,7 +102,10 @@ export class GasLimitsValidator<T extends HasGasLimitData> implements TxValidato
         rollupManaLimit: this.#rollupManaLimit,
         maxBlockL2Gas: this.#maxBlockL2Gas,
       });
-      return { result: 'invalid', reason: [TX_ERROR_GAS_LIMIT_TOO_HIGH] };
+      return {
+        result: 'invalid',
+        reason: [`${TX_ERROR_GAS_LIMIT_TOO_HIGH} (l2Gas=${gasLimits.l2Gas}, max=${this.#effectiveMaxL2Gas})`],
+      };
     }
 
     if (gasLimits.daGas > this.#effectiveMaxDAGas) {
@@ -106,7 +114,10 @@ export class GasLimitsValidator<T extends HasGasLimitData> implements TxValidato
         effectiveMaxDAGas: this.#effectiveMaxDAGas,
         maxBlockDAGas: this.#maxBlockDAGas,
       });
-      return { result: 'invalid', reason: [TX_ERROR_GAS_LIMIT_TOO_HIGH] };
+      return {
+        result: 'invalid',
+        reason: [`${TX_ERROR_GAS_LIMIT_TOO_HIGH} (daGas=${gasLimits.daGas}, max=${this.#effectiveMaxDAGas})`],
+      };
     }
 
     return { result: 'valid' };
@@ -157,19 +168,20 @@ export class GasTxValidator implements TxValidator<Tx> {
     if (gasLimitValidation.result === 'invalid') {
       return Promise.resolve(gasLimitValidation);
     }
-    if (this.#shouldSkip(tx)) {
-      return Promise.resolve({ result: 'skipped', reason: [TX_ERROR_INSUFFICIENT_FEE_PER_GAS] });
+    const skipReason = this.#getSkipReason(tx);
+    if (skipReason) {
+      return Promise.resolve({ result: 'skipped', reason: [skipReason] });
     }
     return await this.validateTxFee(tx);
   }
 
   /**
-   * Check whether the tx's max fees are valid for the current block, and skip if not.
+   * Check whether the tx's max fees are valid for the current block, and return a skip reason if not.
    * We skip instead of invalidating since the tx may become eligible later.
    * Note that circuits check max fees even if fee payer is unset, so we
    * keep this validation even if the tx does not pay fees.
    */
-  #shouldSkip(tx: Tx): boolean {
+  #getSkipReason(tx: Tx): string | undefined {
     const gasSettings = tx.data.constants.txContext.gasSettings;
 
     // Skip the tx if its max fees are not enough for the current block's gas fees.
@@ -182,8 +194,9 @@ export class GasTxValidator implements TxValidator<Tx> {
         txMaxFeesPerGas: maxFeesPerGas.toInspect(),
         currentGasFees: this.#gasFees.toInspect(),
       });
+      return `${TX_ERROR_INSUFFICIENT_FEE_PER_GAS} (maxFee=da:${maxFeesPerGas.feePerDaGas},l2:${maxFeesPerGas.feePerL2Gas} required=da:${this.#gasFees.feePerDaGas},l2:${this.#gasFees.feePerL2Gas})`;
     }
-    return notEnoughMaxFees;
+    return undefined;
   }
 
   /**
@@ -212,7 +225,10 @@ export class GasTxValidator implements TxValidator<Tx> {
         balance,
         feeLimit,
       });
-      return { result: 'invalid', reason: [TX_ERROR_INSUFFICIENT_FEE_PAYER_BALANCE] };
+      return {
+        result: 'invalid',
+        reason: [`${TX_ERROR_INSUFFICIENT_FEE_PAYER_BALANCE} (required=${feeLimit}, available=${balance})`],
+      };
     }
     return { result: 'valid' };
   }

package/src/msg_validators/tx_validator/phases_validator.ts

@@ -40,7 +40,7 @@ export class PhasesTxValidator implements TxValidator<Tx> {
       // which are needed for public FPC flows, but fail if the account contract hasnt been deployed yet,
       // which is what we're trying to do as part of the current txs.
       // We only need to create/revert checkpoint here because of this addNewContracts call.
-      await this.contractsDB.addNewContracts(tx);
+      this.contractsDB.addNewContracts(tx);
 
       if (!tx.data.forPublic) {
         this.#log.debug(