@aztec/p2p 0.0.1-commit.3f296a7d2 → 0.0.1-commit.3f5453c7b

package/src/services/libp2p/libp2p_service.ts

@@ -1,13 +1,12 @@
 import type { EpochCacheInterface } from '@aztec/epoch-cache';
 import { BlockNumber, type SlotNumber } from '@aztec/foundation/branded-types';
 import { maxBy } from '@aztec/foundation/collection';
-import { Fr } from '@aztec/foundation/curves/bn254';
 import { type Logger, createLibp2pComponentLogger, createLogger } from '@aztec/foundation/log';
 import { RunningPromise } from '@aztec/foundation/running-promise';
 import { Timer } from '@aztec/foundation/timer';
 import type { AztecAsyncKVStore } from '@aztec/kv-store';
 import { protocolContractsHash } from '@aztec/protocol-contracts';
-import type { EthAddress, L2Block, L2BlockSource } from '@aztec/stdlib/block';
+import type { EthAddress, L2BlockSource } from '@aztec/stdlib/block';
 import type { ContractDataSource } from '@aztec/stdlib/contract';
 import { GasFees } from '@aztec/stdlib/gas';
 import type { ClientProtocolCircuitVerifier, PeerInfo, WorldStateSynchronizer } from '@aztec/stdlib/interfaces/server';
@@ -58,6 +57,7 @@ import { ENR } from '@nethermindeth/enr';
 import { createLibp2p } from 'libp2p';
 
 import type { P2PConfig } from '../../config.js';
+import { CheckpointProposalReceivedCallbackNotRegisteredError } from '../../errors/p2p-service.error.js';
 import type { MemPools } from '../../mem_pools/interface.js';
 import {
   BlockProposalValidator,
@@ -104,7 +104,6 @@ import {
   ValidationError,
   pingHandler,
   reqGoodbyeHandler,
-  reqRespBlockHandler,
   reqRespBlockTxsHandler,
   reqRespStatusHandler,
   reqRespTxHandler,
@@ -171,7 +170,13 @@ export class LibP2PService extends WithTracer implements P2PService {
    * @param checkpoint - The checkpoint proposal received from the peer.
    * @returns The attestations for the checkpoint, if any.
    */
-  private checkpointReceivedCallback: P2PCheckpointReceivedCallback;
+  private allNodesCheckpointReceivedCallback: P2PCheckpointReceivedCallback;
+  /**
+   * Callback for when a checkpoint proposal is received - specifically for validators - from a peer.
+   * @param checkpoint - The checkpoint proposal received from the peer.
+   * @returns The attestations for the checkpoint, if any.
+   */
+  private validatorCheckpointReceivedCallback: P2PCheckpointReceivedCallback;
 
   private gossipSubEventHandler: (e: CustomEvent<GossipsubMessage>) => void;
 
@@ -223,15 +228,19 @@ export class LibP2PService extends WithTracer implements P2PService {
       this.protocolVersion,
     );
 
+    const p2pPropagationTime = config.attestationPropagationTime;
     const proposalValidatorOpts = {
       txsPermitted: !config.disableTransactions,
       maxTxsPerBlock: config.validateMaxTxsPerBlock ?? config.validateMaxTxsPerCheckpoint,
+      p2pPropagationTime,
     };
     this.blockProposalValidator = new BlockProposalValidator(epochCache, proposalValidatorOpts);
     this.checkpointProposalValidator = new CheckpointProposalValidator(epochCache, proposalValidatorOpts);
     this.checkpointAttestationValidator = config.fishermanMode
-      ? new FishermanAttestationValidator(epochCache, mempools.attestationPool, telemetry)
-      : new CheckpointAttestationValidator(epochCache);
+      ? new FishermanAttestationValidator(epochCache, mempools.attestationPool, telemetry, {
+          l1PublishingTime: config.l1PublishingTime,
+        })
+      : new CheckpointAttestationValidator(epochCache, { l1PublishingTime: config.l1PublishingTime });
 
     this.gossipSubEventHandler = this.handleGossipSubEvent.bind(this);
 
@@ -243,12 +252,15 @@ export class LibP2PService extends WithTracer implements P2PService {
       return true;
     };
 
-    this.checkpointReceivedCallback = (
-      checkpoint: CheckpointProposalCore,
+    this.allNodesCheckpointReceivedCallback = (
+      _checkpoint: CheckpointProposalCore,
+    ): Promise<CheckpointAttestation[] | undefined> => {
+      throw new CheckpointProposalReceivedCallbackNotRegisteredError();
+    };
+
+    this.validatorCheckpointReceivedCallback = (
+      _checkpoint: CheckpointProposalCore,
     ): Promise<CheckpointAttestation[] | undefined> => {
-      this.logger.debug(
-        `Handler not yet registered: Checkpoint received callback not set. Received checkpoint for slot ${checkpoint.slotNumber} from peer.`,
-      );
       return Promise.resolve(undefined);
     };
   }
@@ -338,9 +350,12 @@ export class LibP2PService extends WithTracer implements P2PService {
     const l1Constants = epochCache.getL1Constants();
     const topicScoreParams = createAllTopicScoreParams(protocolVersion, {
       slotDurationMs: l1Constants.slotDuration * 1000,
+      ethereumSlotDuration: l1Constants.ethereumSlotDuration,
       heartbeatIntervalMs: config.gossipsubInterval,
       targetCommitteeSize: l1Constants.targetCommitteeSize,
       blockDurationMs: config.blockDurationMs,
+      l1PublishingTime: config.l1PublishingTime,
+      p2pPropagationTime: config.attestationPropagationTime,
       expectedBlockProposalsPerSlot: config.expectedBlockProposalsPerSlot,
     });
 
@@ -465,6 +480,9 @@ export class LibP2PService extends WithTracer implements P2PService {
       epochCache,
     );
 
+    // Gate req/resp data protocols for unauthenticated peers when p2pAllowOnlyValidators is enabled
+    reqresp.setShouldRejectPeer(peerId => peerManager.shouldDisableP2PGossip(peerId));
+
     // Configure application-specific scoring for gossipsub.
     // The weight scales app score to align with gossipsub thresholds:
     // - Disconnect (-50) × 10 = -500 = gossipThreshold (stops receiving gossip)
@@ -510,14 +528,12 @@ export class LibP2PService extends WithTracer implements P2PService {
     // Create request response protocol handlers
     const txHandler = reqRespTxHandler(this.mempools);
     const goodbyeHandler = reqGoodbyeHandler(this.peerManager);
-    const blockHandler = reqRespBlockHandler(this.archiver);
     const statusHandler = reqRespStatusHandler(this.protocolVersion, this.worldStateSynchronizer, this.logger);
 
     const requestResponseHandlers: Partial<ReqRespSubProtocolHandlers> = {
       [ReqRespSubProtocol.PING]: pingHandler,
       [ReqRespSubProtocol.STATUS]: statusHandler.bind(this),
       [ReqRespSubProtocol.GOODBYE]: goodbyeHandler.bind(this),
-      [ReqRespSubProtocol.BLOCK]: blockHandler.bind(this),
     };
 
     if (!this.config.disableTransactions) {
@@ -538,7 +554,6 @@ export class LibP2PService extends WithTracer implements P2PService {
       ...DEFAULT_SUB_PROTOCOL_VALIDATORS,
       [ReqRespSubProtocol.TX]: this.validateRequestedTxs.bind(this),
       [ReqRespSubProtocol.BLOCK_TXS]: this.validateRequestedBlockTxs.bind(this),
-      [ReqRespSubProtocol.BLOCK]: this.validateRequestedBlock.bind(this),
     };
 
     await this.peerManager.initializePeers();
@@ -666,8 +681,16 @@ export class LibP2PService extends WithTracer implements P2PService {
     this.blockReceivedCallback = callback;
   }
 
-  public registerCheckpointReceivedCallback(callback: P2PCheckpointReceivedCallback) {
-    this.checkpointReceivedCallback = callback;
+  public registerValidatorCheckpointReceivedCallback(callback: P2PCheckpointReceivedCallback) {
+    this.validatorCheckpointReceivedCallback = callback;
+  }
+
+  public registerAllNodesCheckpointReceivedCallback(callback: P2PCheckpointReceivedCallback) {
+    this.allNodesCheckpointReceivedCallback = callback;
+  }
+
+  public async notifyOwnCheckpointProposal(checkpoint: CheckpointProposalCore): Promise<void> {
+    await this.allNodesCheckpointReceivedCallback(checkpoint, this.node.peerId);
   }
 
   /**
@@ -1404,9 +1427,11 @@ export class LibP2PService extends WithTracer implements P2PService {
       source: sender.toString(),
     });
 
+    await this.allNodesCheckpointReceivedCallback(checkpoint, sender);
+
     // Call the checkpoint received callback with the core version (without lastBlock)
     // to validate and potentially generate attestations
-    const attestations = await this.checkpointReceivedCallback(checkpoint, sender);
+    const attestations = await this.validatorCheckpointReceivedCallback(checkpoint, sender);
     if (attestations && attestations.length > 0) {
       // If the callback returned attestations, add them to the pool and propagate them
       await this.mempools.attestationPool.addOwnCheckpointAttestations(attestations);
@@ -1554,53 +1579,6 @@ export class LibP2PService extends WithTracer implements P2PService {
     }
   }
 
-  /**
-   * Validates a BLOCK response.
-   *
-   * If a local copy exists, enforces hash equality. If missing, rejects (no penalty) since the hash cannot be verified.
-   * Penalizes on block number mismatch or hash mismatch.
-   *
-   * @param requestedBlockNumber - The requested block number.
-   * @param responseBlock - The block returned by the peer.
-   * @param peerId - The peer that returned the block.
-   * @returns True if the response is valid, false otherwise.
-   */
-  @trackSpan('Libp2pService.validateRequestedBlock', (requestedBlockNumber, _responseBlock) => ({
-    [Attributes.BLOCK_NUMBER]: requestedBlockNumber.toString(),
-  }))
-  protected async validateRequestedBlock(
-    requestedBlockNumber: Fr,
-    responseBlock: L2Block,
-    peerId: PeerId,
-  ): Promise<boolean> {
-    try {
-      const reqNum = Number(requestedBlockNumber.toString());
-      if (responseBlock.number !== reqNum) {
-        this.peerManager.penalizePeer(peerId, PeerErrorSeverity.LowToleranceError);
-        return false;
-      }
-
-      const local = await this.archiver.getBlock(BlockNumber(reqNum));
-      if (!local) {
-        // We are missing the local block; we cannot verify the hash yet. Reject without penalizing.
-        // TODO: Consider extending this validator to accept an expected hash or
-        // performing quorum-based checks when using P2P syncing prior to L1 sync.
-        this.logger.warn(`Local block ${reqNum} not found; rejecting BLOCK response without hash verification`);
-        return false;
-      }
-      const [localHash, respHash] = await Promise.all([local.hash(), responseBlock.hash()]);
-      if (!localHash.equals(respHash)) {
-        this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
-        return false;
-      }
-
-      return true;
-    } catch (e) {
-      this.logger.warn(`Error validating requested block`, e);
-      return false;
-    }
-  }
-
   protected async validateRequestedTx(
     tx: Tx,
     peerId: PeerId,

package/src/services/peer-manager/peer_manager.ts

@@ -226,20 +226,30 @@ export class PeerManager implements PeerManagerInterface {
   }
 
   /**
-   * Cleans up expired timeouts.
+   * Cleans up expired timeouts and stale failed-auth-handshake entries.
    *
    * When peers fail to dial after a number of retries, they are temporarily timed out.
    * This function removes any peers that have been in the timed out state for too long.
    * To give them a chance to reconnect.
+   *
+   * Also evicts entries from the failed-auth-handshake map whose expiry window has passed.
+   * Without this, peers that probe once and never reconnect would leave their entries in the
+   * map forever, causing an unbounded memory leak.
    */
   private cleanupExpiredTimeouts() {
-    // Clean up expired timeouts
     const now = this.dateProvider.now();
+
     for (const [peerId, timedOutPeer] of this.timedOutPeers.entries()) {
       if (now >= timedOutPeer.timeoutUntilMs) {
         this.timedOutPeers.delete(peerId);
       }
     }
+
+    for (const [id, entry] of this.failedAuthHandshakes.entries()) {
+      if (now - entry.lastFailureTimestamp > FAILED_AUTH_HANDSHAKE_EXPIRY_MS) {
+        this.failedAuthHandshakes.delete(id);
+      }
+    }
   }
 
   /**
@@ -303,15 +313,20 @@ export class PeerManager implements PeerManagerInterface {
    */
   private handleDisconnectedPeerEvent(e: CustomEvent<PeerId>) {
     const peerId = e.detail;
+    const peerIdStr = peerId.toString();
     this.metrics.peerDisconnected(peerId);
-    this.logger.verbose(`Disconnected from peer ${peerId.toString()}`);
-    const validatorAddress = this.authenticatedPeerIdToValidatorAddress.get(peerId.toString());
+    this.logger.verbose(`Disconnected from peer ${peerIdStr}`);
+    const validatorAddress = this.authenticatedPeerIdToValidatorAddress.get(peerIdStr);
     if (validatorAddress !== undefined) {
       this.logger.info(
-        `Removing authentication for validator ${validatorAddress} at peer id ${peerId.toString()} due to disconnection`,
+        `Removing authentication for validator ${validatorAddress} at peer id ${peerIdStr} due to disconnection`,
       );
       this.authenticatedValidatorAddressToPeerId.delete(validatorAddress.toString());
-      this.authenticatedPeerIdToValidatorAddress.delete(peerId.toString());
+      this.authenticatedPeerIdToValidatorAddress.delete(peerIdStr);
+    }
+
+    if (this.peerScoring.getScoreState(peerIdStr) === PeerScoreState.Healthy) {
+      this.peerScoring.removePeer(peerIdStr);
     }
   }
 
@@ -713,6 +728,12 @@ export class PeerManager implements PeerManagerInterface {
       return;
     }
 
+    // Don't dial peers that have exceeded the auth failure threshold
+    if (!this.isNodeAllowedToConnect(peerId)) {
+      this.logger.trace(`Skipping peer ${peerId} due to failed auth handshake attempts`);
+      return;
+    }
+
     const [multiaddrTcp] = await Promise.all([enr.getFullMultiaddr('tcp')]);
 
     this.logger.trace(`Handling discovered peer ${peerId} at ${multiaddrTcp?.toString() ?? 'undefined address'}`);
@@ -970,14 +991,14 @@ export class PeerManager implements PeerManagerInterface {
     const peerIdStr = peerId.toString();
 
     const existingEntry = this.failedAuthHandshakes.get(peerIdStr);
+    const failureCount = (existingEntry?.count || 0) + 1;
     this.failedAuthHandshakes.set(peerIdStr, {
-      count: (existingEntry?.count || 0) + 1,
+      count: failureCount,
       lastFailureTimestamp: now,
     });
 
     const connections = this.libP2PNode.getConnections(peerId);
     connections.forEach(conn => {
-      // We mark the IP address
       const address = conn.remoteAddr.nodeAddress().address;
       const existingAddressEntry = this.failedAuthHandshakes.get(address);
       this.failedAuthHandshakes.set(address, {
@@ -985,6 +1006,15 @@ export class PeerManager implements PeerManagerInterface {
         lastFailureTimestamp: now,
       });
     });
+
+    // Ban the peer from being re-dialed for a cooldown period (exponential backoff)
+    const banTimeMs = this.config.peerFailedBanTimeMs ?? DEFAULT_FAILED_PEER_BAN_TIME_MS;
+    const backoffMs = banTimeMs * Math.pow(2, Math.min(failureCount - 1, 5));
+    this.timedOutPeers.set(peerIdStr, {
+      peerId: peerIdStr,
+      timeoutUntilMs: now + backoffMs,
+    });
+    this.cachedPeers.delete(peerIdStr);
   }
 
   /*

package/src/services/peer-manager/peer_scoring.ts

@@ -1,5 +1,6 @@
 import { median } from '@aztec/foundation/collection';
 import { createLogger } from '@aztec/foundation/log';
+import { DateProvider } from '@aztec/foundation/timer';
 import { PeerErrorSeverity } from '@aztec/stdlib/p2p';
 import {
   Attributes,
@@ -54,6 +55,7 @@ export enum PeerScoreState {
 // TODO: move into config / constants
 const MIN_SCORE_BEFORE_BAN = -100;
 const MIN_SCORE_BEFORE_DISCONNECT = -50;
+const SCORE_CLEANUP_THRESHOLD = 0.1;
 
 export class PeerScoring {
   private logger = createLogger('p2p:peer-scoring');
@@ -65,7 +67,11 @@ export class PeerScoring {
 
   private peerStateCounter: UpDownCounter;
 
-  constructor(config: P2PConfig, telemetry: TelemetryClient = getTelemetryClient()) {
+  constructor(
+    config: P2PConfig,
+    telemetry: TelemetryClient = getTelemetryClient(),
+    private readonly dateProvider: DateProvider = new DateProvider(),
+  ) {
     const orderedValues = config.peerPenaltyValues?.sort((a, b) => a - b);
     this.peerPenalties = {
       [PeerErrorSeverity.HighToleranceError]:
@@ -92,7 +98,7 @@ export class PeerScoring {
   }
 
   updateScore(peerId: string, scoreDelta: number): number {
-    const currentTime = Date.now();
+    const currentTime = this.dateProvider.now();
     const lastUpdate = this.lastUpdateTime.get(peerId) || currentTime;
     const timePassed = currentTime - lastUpdate;
     const decayPeriods = Math.floor(timePassed / this.decayInterval);
@@ -111,19 +117,35 @@ export class PeerScoring {
   }
 
   decayAllScores(): void {
-    const currentTime = Date.now();
+    const currentTime = this.dateProvider.now();
     for (const [peerId, lastUpdate] of this.lastUpdateTime.entries()) {
       const timePassed = currentTime - lastUpdate;
       const decayPeriods = Math.floor(timePassed / this.decayInterval);
       if (decayPeriods > 0) {
         let score = this.scores.get(peerId) || 0;
         score *= Math.pow(this.decayFactor, decayPeriods);
-        this.scores.set(peerId, score);
-        this.lastUpdateTime.set(peerId, currentTime);
+        if (Math.abs(score) < SCORE_CLEANUP_THRESHOLD) {
+          this.scores.delete(peerId);
+          this.lastUpdateTime.delete(peerId);
+        } else {
+          this.scores.set(peerId, score);
+          this.lastUpdateTime.set(peerId, currentTime);
+        }
       }
     }
   }
 
+  /** Resets all peer scores. Useful for benchmarks to prevent cross-case contamination. */
+  resetAllScores(): void {
+    this.scores.clear();
+    this.lastUpdateTime.clear();
+  }
+
+  removePeer(peerId: string): void {
+    this.scores.delete(peerId);
+    this.lastUpdateTime.delete(peerId);
+  }
+
   getScore(peerId: string): number {
     return this.scores.get(peerId) || 0;
   }

package/src/services/reqresp/interface.ts

@@ -1,6 +1,3 @@
-import { Fr } from '@aztec/foundation/curves/bn254';
-import { L2Block } from '@aztec/stdlib/block';
-import { MAX_L2_BLOCK_SIZE_KB } from '@aztec/stdlib/p2p';
 import { TxArray, TxHashArray } from '@aztec/stdlib/tx';
 
 import type { PeerId } from '@libp2p/interface';
@@ -24,7 +21,6 @@ export const PING_PROTOCOL = '/aztec/req/ping/1.0.0';
 export const STATUS_PROTOCOL = '/aztec/req/status/1.0.0';
 export const GOODBYE_PROTOCOL = '/aztec/req/goodbye/1.0.0';
 export const TX_REQ_PROTOCOL = '/aztec/req/tx/1.0.0';
-export const BLOCK_REQ_PROTOCOL = '/aztec/req/block/1.0.0';
 export const AUTH_PROTOCOL = '/aztec/req/auth/1.0.0';
 export const BLOCK_TXS_REQ_PROTOCOL = '/aztec/req/block_txs/1.0.0';
 
@@ -33,7 +29,6 @@ export enum ReqRespSubProtocol {
   STATUS = STATUS_PROTOCOL,
   GOODBYE = GOODBYE_PROTOCOL,
   TX = TX_REQ_PROTOCOL,
-  BLOCK = BLOCK_REQ_PROTOCOL,
   AUTH = AUTH_PROTOCOL,
   BLOCK_TXS = BLOCK_TXS_REQ_PROTOCOL,
 }
@@ -100,12 +95,29 @@ export type ReqRespSubProtocolValidators = {
   [S in ReqRespSubProtocol]: ResponseValidator<any, any>;
 };
 
+/**
+ * Protocols that are always allowed without authentication, even when p2pAllowOnlyValidators is enabled.
+ * These are needed for the handshake and connection management flow.
+ * All other protocols require the remote peer to be authenticated.
+ */
+export const UNAUTHENTICATED_ALLOWED_PROTOCOLS: ReadonlySet<ReqRespSubProtocol> = new Set([
+  ReqRespSubProtocol.PING,
+  ReqRespSubProtocol.STATUS,
+  ReqRespSubProtocol.AUTH,
+  ReqRespSubProtocol.GOODBYE,
+]);
+
+/**
+ * Callback that checks whether a peer should be rejected from req/resp data protocols.
+ * Returns true if the peer should be rejected (i.e. p2pAllowOnlyValidators is on and peer is unauthenticated).
+ */
+export type ShouldRejectPeer = (peerId: string) => boolean;
+
 export const DEFAULT_SUB_PROTOCOL_VALIDATORS: ReqRespSubProtocolValidators = {
   [ReqRespSubProtocol.PING]: noopValidator,
   [ReqRespSubProtocol.STATUS]: noopValidator,
   [ReqRespSubProtocol.TX]: noopValidator,
   [ReqRespSubProtocol.GOODBYE]: noopValidator,
-  [ReqRespSubProtocol.BLOCK]: noopValidator,
   [ReqRespSubProtocol.AUTH]: noopValidator,
   [ReqRespSubProtocol.BLOCK_TXS]: noopValidator,
 };
@@ -203,10 +215,6 @@ export const subProtocolMap = {
     request: RequestableBuffer,
     response: RequestableBuffer,
   },
-  [ReqRespSubProtocol.BLOCK]: {
-    request: Fr, // block number
-    response: L2Block,
-  },
   [ReqRespSubProtocol.AUTH]: {
     request: AuthRequest,
     response: AuthResponse,
@@ -229,7 +237,6 @@ export type ExpectedResponseSizeCalculator = (requestBuffer: Buffer) => number;
 export const subProtocolSizeCalculators: Record<ReqRespSubProtocol, ExpectedResponseSizeCalculator> = {
   [ReqRespSubProtocol.TX]: calculateTxResponseSize,
   [ReqRespSubProtocol.BLOCK_TXS]: calculateBlockTxsResponseSize,
-  [ReqRespSubProtocol.BLOCK]: () => MAX_L2_BLOCK_SIZE_KB,
   [ReqRespSubProtocol.STATUS]: () => 1,
   [ReqRespSubProtocol.PING]: () => 1,
   [ReqRespSubProtocol.AUTH]: () => 1,
@@ -264,5 +271,8 @@ export interface ReqRespInterface {
 
   updateConfig(config: Partial<P2PReqRespConfig>): void;
 
+  /** Sets the callback used to reject unauthenticated peers on gated req/resp protocols. */
+  setShouldRejectPeer(checker: ShouldRejectPeer): void;
+
   getConnectionSampler(): Pick<ConnectionSampler, 'getPeerListSortedByConnectionCountAsc'>;
 }

package/src/services/reqresp/metrics.ts

@@ -26,7 +26,6 @@ export class ReqRespMetrics {
         ReqRespSubProtocol.STATUS,
         ReqRespSubProtocol.GOODBYE,
         ReqRespSubProtocol.TX,
-        ReqRespSubProtocol.BLOCK,
         ReqRespSubProtocol.AUTH,
         ReqRespSubProtocol.BLOCK_TXS,
       ],

package/src/services/reqresp/protocols/index.ts

@@ -5,6 +5,5 @@ export * from './ping.js';
 export * from './status.js';
 export * from './tx.js';
 export * from './goodbye.js';
-export * from './block.js';
 export * from './auth.js';
 export * from './block_txs/index.js';

package/src/services/reqresp/protocols/tx.ts

@@ -51,9 +51,7 @@ export function reqRespTxHandler(mempools: MemPools): ReqRespSubProtocolHandler
  *  Per: https://github.com/AztecProtocol/aztec-packages/issues/15149#issuecomment-2999054485
  *  we define Q as max number of transactions per batch, the comment explains why we use 8.
  */
-//TODO: (mralj) chunk size should by default be 8, this is just temporary until the protocol is implemented correctly
-//more info:  https://github.com/AztecProtocol/aztec-packages/pull/15516#pullrequestreview-2995474321
-export function chunkTxHashesRequest(hashes: TxHash[], chunkSize = 1): Array<TxHashArray> {
+export function chunkTxHashesRequest(hashes: TxHash[], chunkSize = 8): Array<TxHashArray> {
   return chunk(hashes, chunkSize).map(chunk => new TxHashArray(...chunk));
 }
 

package/src/services/reqresp/rate-limiter/rate_limiter.ts

@@ -97,9 +97,10 @@ export function prettyPrintRateLimitStatus(status: RateLimitStatus) {
  * 2. Individual rate limits for each peer.
  *
  * How it works:
- * - When a request comes in, it first checks against the global rate limit.
- * - If the global limit allows, it then checks against the specific peer's rate limit.
- * - The request is only allowed if both the global and peer-specific limits allow it.
+ * - When a request comes in, it first checks against the peer's individual rate limit.
+ * - If the peer limit allows, it then checks against the global rate limit.
+ * - The request is only allowed if both the peer-specific and global limits allow it.
+ * - Checking peer limit first ensures a rate-limited peer cannot exhaust the global quota.
  * - It automatically creates and manages rate limiters for new peers as they make requests.
  * - It periodically cleans up rate limiters for inactive peers to conserve memory.
  *
@@ -119,10 +120,6 @@ export class SubProtocolRateLimiter {
   }
 
   allow(peerId: PeerId): RateLimitStatus {
-    if (!this.globalLimiter.allow()) {
-      return RateLimitStatus.DeniedGlobal;
-    }
-
     const peerIdStr = peerId.toString();
     let peerLimiter: PeerRateLimiter | undefined = this.peerLimiters.get(peerIdStr);
     if (!peerLimiter) {
@@ -135,10 +132,17 @@ export class SubProtocolRateLimiter {
     } else {
       peerLimiter.lastAccess = Date.now();
     }
-    const peerLimitAllowed = peerLimiter.limiter.allow();
-    if (!peerLimitAllowed) {
+
+    // Check peer limit first: a rate-limited peer must not consume global quota,
+    // otherwise one spamming peer can starve all others by exhausting the global bucket.
+    if (!peerLimiter.limiter.allow()) {
       return RateLimitStatus.DeniedPeer;
     }
+
+    if (!this.globalLimiter.allow()) {
+      return RateLimitStatus.DeniedGlobal;
+    }
+
     return RateLimitStatus.Allowed;
   }
 

package/src/services/reqresp/rate-limiter/rate_limits.ts

@@ -42,16 +42,6 @@ export const DEFAULT_RATE_LIMITS: ReqRespSubProtocolRateLimits = {
       quotaCount: 200,
     },
   },
-  [ReqRespSubProtocol.BLOCK]: {
-    peerLimit: {
-      quotaTimeMs: 1000,
-      quotaCount: 2,
-    },
-    globalLimit: {
-      quotaTimeMs: 1000,
-      quotaCount: 5,
-    },
-  },
   [ReqRespSubProtocol.GOODBYE]: {
     peerLimit: {
       quotaTimeMs: 1000,

package/src/services/reqresp/reqresp.ts

@@ -34,7 +34,9 @@ import {
   type ReqRespSubProtocolHandlers,
   type ReqRespSubProtocolRateLimits,
   type ReqRespSubProtocolValidators,
+  type ShouldRejectPeer,
   type SubProtocolMap,
+  UNAUTHENTICATED_ALLOWED_PROTOCOLS,
   responseFromBuffer,
   subProtocolSizeCalculators,
 } from './interface.js';
@@ -72,6 +74,8 @@ export class ReqResp implements ReqRespInterface {
 
   private snappyTransform: SnappyTransform;
 
+  private shouldRejectPeer: ShouldRejectPeer | undefined;
+
   private metrics: ReqRespMetrics;
 
   constructor(
@@ -108,6 +112,10 @@ export class ReqResp implements ReqRespInterface {
     }
   }
 
+  public setShouldRejectPeer(checker: ShouldRejectPeer): void {
+    this.shouldRejectPeer = checker;
+  }
+
   get tracer() {
     return this.metrics.tracer;
   }
@@ -462,7 +470,7 @@ export class ReqResp implements ReqRespInterface {
       );
       return resp;
     } catch (e: any) {
-      this.logger.warn(`SUBPROTOCOL: ${subProtocol}\n`, e);
+      this.logger.debug(`SUBPROTOCOL: ${subProtocol}\n`, e);
       // On error we immediately abort the stream, this is preferred way,
       // because it signals to the sender that error happened, whereas
       // closing the stream only closes our side and is much slower
@@ -596,6 +604,15 @@ export class ReqResp implements ReqRespInterface {
         throw new ReqRespStatusError(ReqRespStatus.RATE_LIMIT_EXCEEDED);
       }
 
+      // When p2pAllowOnlyValidators is enabled, reject unauthenticated peers on data protocols
+      if (
+        !UNAUTHENTICATED_ALLOWED_PROTOCOLS.has(protocol) &&
+        (this.shouldRejectPeer?.(connection.remotePeer.toString()) ?? false)
+      ) {
+        this.logger.debug(`Rejecting unauthenticated peer ${connection.remotePeer} on gated protocol ${protocol}`);
+        throw new ReqRespStatusError(ReqRespStatus.FAILURE);
+      }
+
       await this.processStream(protocol, incomingStream);
     } catch (err: any) {
       this.metrics.recordResponseError(protocol);

package/src/services/service.ts

@@ -117,7 +117,12 @@ export interface P2PService {
   // Leaky abstraction: fix https://github.com/AztecProtocol/aztec-packages/issues/7963
   registerBlockReceivedCallback(callback: P2PBlockReceivedCallback): void;
 
-  registerCheckpointReceivedCallback(callback: P2PCheckpointReceivedCallback): void;
+  registerValidatorCheckpointReceivedCallback(callback: P2PCheckpointReceivedCallback): void;
+
+  registerAllNodesCheckpointReceivedCallback(callback: P2PCheckpointReceivedCallback): void;
+
+  /** Fires the all-nodes checkpoint callback for our own proposal (gossipsub doesn't deliver own messages). */
+  notifyOwnCheckpointProposal(checkpoint: CheckpointProposalCore): Promise<void>;
 
   /**
    * Registers a callback invoked when a duplicate proposal is detected (equivocation).