@aztec/p2p 0.0.1-commit.684755437 → 0.0.1-commit.6b113946b

package/src/client/p2p_client.ts

@@ -669,31 +669,41 @@ export class P2PClient extends WithTracer implements P2P {
   }
 
   /**
-   * Returns true if the prune crossed a checkpoint boundary.
-   * If the old and new checkpoint numbers are the same, the prune is within a single checkpoint.
-   * If they differ, the prune spans across checkpoints (epoch prune).
+   * Returns true if the prune is an epoch prune (new checkpoint number is less than old).
+   * If the checkpoint number stays the same or increases, the prune is within a checkpoint.
    */
   private async isEpochPrune(newCheckpoint: CheckpointId): Promise<boolean> {
     const tips = await this.l2Tips.getL2Tips();
     const oldCheckpointNumber = tips.checkpointed.checkpoint.number;
-    if (oldCheckpointNumber <= CheckpointNumber.ZERO) {
+    if (oldCheckpointNumber <= CheckpointNumber.INITIAL) {
       return false;
     }
-    const isEpochPrune = oldCheckpointNumber !== newCheckpoint.number;
-    this.log.info(
-      `Detected epoch prune: ${isEpochPrune}. Old checkpoint: ${oldCheckpointNumber}, new checkpoint: ${newCheckpoint.number}`,
-    );
+    const newCheckpointNumber = newCheckpoint.number;
+    // We check that the new checkpoint number is less than the old checkpoint number in order to consider it an epoch prune.
+    // To be more certain that it is an epoch prune, we will check that at least 2 checkpoints were removed.
+    // This means we should avoid thinking checkpoints removed by L1 re-orgs are epoch prunes
+    const thresholdForEpochPrune = CheckpointNumber(oldCheckpointNumber - 2);
+    const isEpochPrune = newCheckpointNumber <= thresholdForEpochPrune;
+    if (isEpochPrune) {
+      this.log.info(`Detected epoch prune to ${newCheckpointNumber}`, {
+        oldCheckpointNumber,
+        newCheckpointNumber,
+        thresholdForEpochPrune,
+      });
+    }
     return isEpochPrune;
   }
 
   /** Checks if the slot has changed and calls prepareForSlot if so. */
   private async maybeCallPrepareForSlot(): Promise<void> {
-    const { currentSlot } = this.epochCache.getCurrentAndNextSlot();
-    if (currentSlot <= this.lastSlotProcessed) {
+    // If we have a pending checkpoint available, we want to prepare the target slot - otherwise we prepare the current slot
+    // Knowledege of pending checkpoints is in the PR above
+    const { targetSlot } = this.epochCache.getTargetAndNextSlot();
+    if (targetSlot <= this.lastSlotProcessed) {
       return;
     }
-    this.lastSlotProcessed = currentSlot;
-    await this.txPool.prepareForSlot(currentSlot);
+    this.lastSlotProcessed = targetSlot;
+    await this.txPool.prepareForSlot(targetSlot);
   }
 
   private async startServiceIfSynched() {

package/src/client/test/tx_proposal_collector/proposal_tx_collector_worker.ts

@@ -1,4 +1,5 @@
 import { MockL2BlockSource } from '@aztec/archiver/test';
+import type { EpochCache } from '@aztec/epoch-cache';
 import { SecretValue } from '@aztec/foundation/config';
 import { createLogger } from '@aztec/foundation/log';
 import { sleep } from '@aztec/foundation/sleep';
@@ -14,12 +15,13 @@ import { type TelemetryClient, getTelemetryClient } from '@aztec/telemetry-clien
 
 import type { PeerId } from '@libp2p/interface';
 import { peerIdFromString } from '@libp2p/peer-id';
+import { mock } from 'jest-mock-extended';
 
 import type { P2PConfig } from '../../../config.js';
 import { BatchTxRequesterCollector, SendBatchRequestCollector } from '../../../services/index.js';
 import type { IBatchRequestTxValidator } from '../../../services/reqresp/batch-tx-requester/tx_validator.js';
 import { RateLimitStatus } from '../../../services/reqresp/rate-limiter/rate_limiter.js';
-import { MissingTxsTracker } from '../../../services/tx_collection/missing_txs_tracker.js';
+import { RequestTracker } from '../../../services/tx_collection/request_tracker.js';
 import {
   AlwaysTrueCircuitVerifier,
   BENCHMARK_CONSTANTS,
@@ -27,7 +29,6 @@ import {
   InMemoryTxPool,
   UNLIMITED_RATE_LIMIT_QUOTA,
   calculateInternalTimeout,
-  createMockEpochCache,
   createMockWorldStateSynchronizer,
 } from '../../../test-helpers/index.js';
 import { createP2PClient } from '../../index.js';
@@ -98,7 +99,7 @@ function sendMessage(message: WorkerResponse): Promise<void> {
 async function startClient(config: P2PConfig, clientIndex: number) {
   txPool = new InMemoryTxPool();
   attestationPool = new InMemoryAttestationPool();
-  const epochCache = createMockEpochCache();
+  const epochCache = mock<EpochCache>();
   const worldState = createMockWorldStateSynchronizer();
   const l2BlockSource = new MockL2BlockSource();
   const proofVerifier = new AlwaysTrueCircuitVerifier();
@@ -213,10 +214,9 @@ async function runCollector(cmd: Extract<WorkerCommand, { type: 'RUN_COLLECTOR'
       const fetched = await executeTimeout(
         (_signal: AbortSignal) =>
           collector.collectTxs(
-            MissingTxsTracker.fromArray(parsedTxHashes),
+            RequestTracker.create(parsedTxHashes, new Date(Date.now() + internalTimeoutMs)),
             parsedProposal,
             pinnedPeer,
-            internalTimeoutMs,
           ),
         timeoutMs,
         () => new Error(`Collector timed out after ${timeoutMs}ms`),
@@ -231,10 +231,9 @@ async function runCollector(cmd: Extract<WorkerCommand, { type: 'RUN_COLLECTOR'
       const fetched = await executeTimeout(
         (_signal: AbortSignal) =>
           collector.collectTxs(
-            MissingTxsTracker.fromArray(parsedTxHashes),
+            RequestTracker.create(parsedTxHashes, new Date(Date.now() + internalTimeoutMs)),
             parsedProposal,
             pinnedPeer,
-            internalTimeoutMs,
           ),
         timeoutMs,
         () => new Error(`Collector timed out after ${timeoutMs}ms`),

package/src/config.ts

@@ -43,6 +43,15 @@ export interface P2PConfig
   /** Maximum transactions per block for validation. Overrides maxTxsPerBlock for gossip validation when set. */
   validateMaxTxsPerBlock?: number;
 
+  /** Maximum transactions per checkpoint for validation. Used as fallback for maxTxsPerBlock when that is not set. */
+  validateMaxTxsPerCheckpoint?: number;
+
+  /** Maximum L2 gas per block for validation. When set, txs exceeding this limit are rejected. */
+  validateMaxL2BlockGas?: number;
+
+  /** Maximum DA gas per block for validation. When set, txs exceeding this limit are rejected. */
+  validateMaxDABlockGas?: number;
+
   /** A flag dictating whether the P2P subsystem should be enabled. */
   p2pEnabled: boolean;
 
@@ -61,6 +70,9 @@ export interface P2PConfig
   /** The frequency in which to check for new peers. */
   peerCheckIntervalMS: number;
 
+  /** How long to ban a peer after it fails MAX_DIAL_ATTEMPTS dials. */
+  peerFailedBanTimeMs: number;
+
   /** Size of queue of L2 blocks to store. */
   l2QueueSize: number;
 
@@ -208,6 +220,22 @@ export const p2pConfigMappings: ConfigMappingsType<P2PConfig> = {
       'Maximum transactions per block for validation. Overrides maxTxsPerBlock for gossip validation when set.',
     parseEnv: (val: string) => (val ? parseInt(val, 10) : undefined),
   },
+  validateMaxTxsPerCheckpoint: {
+    env: 'VALIDATOR_MAX_TX_PER_CHECKPOINT',
+    description:
+      'Maximum transactions per checkpoint for validation. Used as fallback for maxTxsPerBlock when that is not set.',
+    parseEnv: (val: string) => (val ? parseInt(val, 10) : undefined),
+  },
+  validateMaxL2BlockGas: {
+    env: 'VALIDATOR_MAX_L2_BLOCK_GAS',
+    description: 'Maximum L2 gas per block for validation. When set, txs exceeding this limit are rejected.',
+    parseEnv: (val: string) => (val ? parseInt(val, 10) : undefined),
+  },
+  validateMaxDABlockGas: {
+    env: 'VALIDATOR_MAX_DA_BLOCK_GAS',
+    description: 'Maximum DA gas per block for validation. When set, txs exceeding this limit are rejected.',
+    parseEnv: (val: string) => (val ? parseInt(val, 10) : undefined),
+  },
   p2pEnabled: {
     env: 'P2P_ENABLED',
     description: 'A flag dictating whether the P2P subsystem should be enabled.',
@@ -238,6 +266,11 @@ export const p2pConfigMappings: ConfigMappingsType<P2PConfig> = {
     description: 'The frequency in which to check for new peers.',
     ...numberConfigHelper(30_000),
   },
+  peerFailedBanTimeMs: {
+    env: 'P2P_PEER_FAILED_BAN_TIME_MS',
+    description: 'How long to ban a peer after it fails maximum dial attempts.',
+    ...numberConfigHelper(5 * 60 * 1000),
+  },
   l2QueueSize: {
     env: 'P2P_L2_QUEUE_SIZE',
     description: 'Size of queue of L2 blocks to store.',

package/src/mem_pools/attestation_pool/attestation_pool.ts

@@ -26,10 +26,10 @@ export type TryAddResult = {
   count: number;
 };
 
-export const MAX_CHECKPOINT_PROPOSALS_PER_SLOT = 5;
-export const MAX_BLOCK_PROPOSALS_PER_POSITION = 3;
+export const MAX_CHECKPOINT_PROPOSALS_PER_SLOT = 2;
+export const MAX_BLOCK_PROPOSALS_PER_POSITION = 2;
 /** Maximum attestations a single signer can make per slot before being rejected. */
-export const MAX_ATTESTATIONS_PER_SLOT_AND_SIGNER = 3;
+export const MAX_ATTESTATIONS_PER_SLOT_AND_SIGNER = 2;
 
 /** Public API interface for attestation pools. Used for typing mocks and test implementations. */
 export type AttestationPoolApi = Pick<

package/src/mem_pools/attestation_pool/attestation_pool_test_suite.ts

@@ -446,12 +446,12 @@ export function describeAttestationPool(getAttestationPool: () => AttestationPoo
         const result2 = await ap.tryAddBlockProposal(proposal2);
         expect(result2.count).toBe(2);
 
-        // Add a third proposal for same position
+        // Third proposal for same position should be rejected (cap is 2)
         const proposal3 = await mockBlockProposalWithIndex(signers[2], slotNumber, indexWithinCheckpoint);
         const result3 = await ap.tryAddBlockProposal(proposal3);
 
-        expect(result3.added).toBe(true);
-        expect(result3.count).toBe(3);
+        expect(result3.added).toBe(false);
+        expect(result3.count).toBe(2);
       });
 
       it('should return added=false when exceeding capacity', async () => {
@@ -666,12 +666,12 @@ export function describeAttestationPool(getAttestationPool: () => AttestationPoo
         const result2 = await ap.tryAddCheckpointProposal(proposal2);
         expect(result2.count).toBe(2);
 
-        // Add a third proposal for same slot
+        // Third proposal for same slot should be rejected (cap is 2)
         const proposal3 = await mockCheckpointProposalCoreForPool(signers[2], slotNumber);
         const result3 = await ap.tryAddCheckpointProposal(proposal3);
 
-        expect(result3.added).toBe(true);
-        expect(result3.count).toBe(3);
+        expect(result3.added).toBe(false);
+        expect(result3.count).toBe(2);
       });
 
       it('should not count attestations as proposals for duplicate detection', async () => {

package/src/mem_pools/tx_pool/eviction/fee_payer_balance_eviction_rule.ts

@@ -32,10 +32,11 @@ export class FeePayerBalanceEvictionRule implements EvictionRule {
 
       if (context.event === EvictionEvent.BLOCK_MINED) {
         const blockNumber = context.block.getBlockNumber();
+        const blockHash = await context.block.hash();
         // Ensure world state is synced to this block before accessing the snapshot.
         // This handles the race where a block is added to the archiver
         // but the world state hasn't synced it yet.
-        await this.worldState.syncImmediate(blockNumber);
+        await this.worldState.syncImmediate(blockNumber, blockHash);
         return await this.evictForFeePayers(context.feePayers, this.worldState.getSnapshot(blockNumber), txPool);
       }
 

package/src/mem_pools/tx_pool/priority.ts

@@ -1,3 +1,4 @@
+import { minBigint } from '@aztec/foundation/bigint';
 import { Buffer32 } from '@aztec/foundation/buffer';
 import type { Tx } from '@aztec/stdlib/tx';
 
@@ -11,10 +12,9 @@ export function getPendingTxPriority(tx: Tx): string {
 }
 
 /**
- * Returns the priority of a tx.
+ * Returns the priority of a tx based on the L2 priority fee only, capped by the max fees per gas.
  */
 export function getTxPriorityFee(tx: Tx): bigint {
-  const priorityFees = tx.getGasSettings().maxPriorityFeesPerGas;
-  const totalFees = priorityFees.feePerDaGas + priorityFees.feePerL2Gas;
-  return totalFees;
+  const { maxPriorityFeesPerGas: priorityFees, maxFeesPerGas } = tx.getGasSettings();
+  return minBigint(maxFeesPerGas.feePerL2Gas, priorityFees.feePerL2Gas);
 }

package/src/mem_pools/tx_pool/tx_pool_test_suite.ts

@@ -204,7 +204,9 @@ export function describeTxPool(getTxPool: () => TxPool) {
 
   it('returns pending tx hashes sorted by priority', async () => {
     const withPriorityFee = (tx: Tx, fee: number) => {
-      unfreeze(tx.data.constants.txContext.gasSettings).maxPriorityFeesPerGas = new GasFees(fee, fee);
+      const gs = unfreeze(tx.data.constants.txContext.gasSettings);
+      gs.maxPriorityFeesPerGas = new GasFees(fee, fee);
+      gs.maxFeesPerGas = new GasFees(fee, fee);
       return tx;
     };
 

package/src/mem_pools/tx_pool_v2/eviction/fee_payer_balance_eviction_rule.ts

@@ -29,7 +29,8 @@ export class FeePayerBalanceEvictionRule implements EvictionRule {
 
       if (context.event === EvictionEvent.BLOCK_MINED) {
         const blockNumber = context.block.getBlockNumber();
-        await this.worldState.syncImmediate(blockNumber);
+        const blockHash = await context.block.hash();
+        await this.worldState.syncImmediate(blockNumber, blockHash);
         return await this.evictForFeePayers(context.feePayers, this.worldState.getSnapshot(blockNumber), pool);
       }
 

package/src/mem_pools/tx_pool_v2/interfaces.ts

@@ -72,6 +72,8 @@ export type TxPoolV2Dependencies = {
   worldStateSynchronizer: WorldStateSynchronizer;
   /** Factory that creates a validator for re-validating pool transactions using metadata */
   createTxValidator: () => Promise<TxValidator<TxMetaData>>;
+  /** Checks whether a tx's setup-phase calls are on the allow list. Precomputed at receipt time. */
+  checkAllowedSetupCalls: (tx: Tx) => Promise<boolean>;
 };
 
 /**
@@ -158,10 +160,10 @@ export interface TxPoolV2 extends TypedEventEmitter<TxPoolV2Events> {
   handleMinedBlock(block: L2Block): Promise<void>;
 
   /**
-   * Prepares the pool for a new slot.
-   * Unprotects transactions from earlier slots and validates them before
-   * returning to pending state.
-   * @param slotNumber - The slot number to prepare for
+   * Prepares the pool for a new slot by unprotecting transactions from earlier
+   * slots and re-validating them before returning to pending state.
+   * @param slotNumber - The pipeline slot we are building for (i.e. the slot
+   *   the resulting blocks will target on L1).
    */
   prepareForSlot(slotNumber: SlotNumber): Promise<void>;
 

package/src/mem_pools/tx_pool_v2/tx_metadata.ts

@@ -67,6 +67,9 @@ export type TxMetaData = {
   /** Timestamp by which the transaction must be included (for expiration checks) */
   readonly expirationTimestamp: bigint;
 
+  /** Whether the tx's setup-phase calls pass the allow list check. Computed at receipt time. */
+  readonly allowedSetupCalls: boolean;
+
   /** Validator-compatible data, providing the same access patterns as Tx.data */
   readonly data: TxMetaValidationData;
 
@@ -84,8 +87,12 @@ export type TxState = 'pending' | 'protected' | 'mined' | 'deleted';
  * Builds TxMetaData from a full Tx object.
  * Extracts all relevant fields for efficient in-memory storage and querying.
  * Fr values are captured in closures for zero-cost re-validation.
+ *
+ * @param allowedSetupCalls - Whether the tx's setup-phase calls pass the allow list.
+ *   For gossip/RPC txs this is always `true` (already validated by PhasesTxValidator).
+ *   For req/resp txs this should be computed by the caller using the phases validator.
  */
-export async function buildTxMetaData(tx: Tx): Promise<TxMetaData> {
+export async function buildTxMetaData(tx: Tx, allowedSetupCalls: boolean = true): Promise<TxMetaData> {
   const txHashObj = tx.getTxHash();
   const txHash = txHashObj.toString();
   const txHashBigInt = txHashObj.toBigInt();
@@ -112,6 +119,7 @@ export async function buildTxMetaData(tx: Tx): Promise<TxMetaData> {
     feeLimit,
     nullifiers,
     expirationTimestamp,
+    allowedSetupCalls,
     receivedAt: 0,
     estimatedSizeBytes,
     data: {
@@ -304,6 +312,7 @@ export function stubTxMetaData(
     nullifiers?: string[];
     expirationTimestamp?: bigint;
     anchorBlockHeaderHash?: string;
+    allowedSetupCalls?: boolean;
   } = {},
 ): TxMetaData {
   const txHashBigInt = Fr.fromHexString(txHash).toBigInt();
@@ -320,6 +329,7 @@ export function stubTxMetaData(
     feeLimit: overrides.feeLimit ?? 100n,
     nullifiers: overrides.nullifiers ?? [`0x${normalizedTxHash.slice(2)}null1`],
     expirationTimestamp,
+    allowedSetupCalls: overrides.allowedSetupCalls ?? true,
     receivedAt: 0,
     estimatedSizeBytes: 0,
     data: stubTxMetaValidationData({ expirationTimestamp }),

package/src/mem_pools/tx_pool_v2/tx_pool_v2.ts

@@ -11,7 +11,14 @@ import { type TelemetryClient, getTelemetryClient } from '@aztec/telemetry-clien
 import EventEmitter from 'node:events';
 
 import { PoolInstrumentation, PoolName } from '../instrumentation.js';
-import type { AddTxsResult, TxPoolV2, TxPoolV2Config, TxPoolV2Dependencies, TxPoolV2Events } from './interfaces.js';
+import type {
+  AddTxsResult,
+  PoolReadAccess,
+  TxPoolV2,
+  TxPoolV2Config,
+  TxPoolV2Dependencies,
+  TxPoolV2Events,
+} from './interfaces.js';
 import type { TxState } from './tx_metadata.js';
 import { TxPoolV2Impl } from './tx_pool_v2_impl.js';
 
@@ -165,6 +172,11 @@ export class AztecKVTxPoolV2 extends (EventEmitter as new () => TypedEventEmitte
     return this.#queue.put(() => Promise.resolve(this.#impl.getLowestPriorityPending(limit)));
   }
 
+  /** Returns read-only access to the pool. Used for testing. */
+  getPoolReadAccess(): PoolReadAccess {
+    return this.#impl.getPoolReadAccess();
+  }
+
   // === Configuration ===
 
   updateConfig(config: Partial<TxPoolV2Config>): Promise<void> {

package/src/mem_pools/tx_pool_v2/tx_pool_v2_impl.ts

@@ -62,6 +62,7 @@ export class TxPoolV2Impl {
   #l2BlockSource: L2BlockSource;
   #worldStateSynchronizer: WorldStateSynchronizer;
   #createTxValidator: TxPoolV2Dependencies['createTxValidator'];
+  #checkAllowedSetupCalls: TxPoolV2Dependencies['checkAllowedSetupCalls'];
 
   // === In-Memory Indices ===
   #indices: TxPoolIndices = new TxPoolIndices();
@@ -93,6 +94,7 @@ export class TxPoolV2Impl {
     this.#l2BlockSource = deps.l2BlockSource;
     this.#worldStateSynchronizer = deps.worldStateSynchronizer;
     this.#createTxValidator = deps.createTxValidator;
+    this.#checkAllowedSetupCalls = deps.checkAllowedSetupCalls;
 
     this.#config = { ...DEFAULT_TX_POOL_V2_CONFIG, ...config };
     this.#archive = new TxArchive(archiveStore, this.#config.archivedTxLimit, log);
@@ -354,6 +356,7 @@ export class TxPoolV2Impl {
 
     // Check if already in pool
     if (this.#indices.has(txHashStr)) {
+      this.#log.verbose(`canAddPendingTx: tx ${txHashStr} already in pool`);
       return 'ignored';
     }
 
@@ -362,26 +365,37 @@ export class TxPoolV2Impl {
     const poolAccess = this.#createPreAddPoolAccess();
     const preAddResult = await this.#evictionManager.runPreAddRules(meta, poolAccess);
 
-    return preAddResult.shouldIgnore ? 'ignored' : 'accepted';
+    if (preAddResult.shouldIgnore) {
+      this.#log.verbose(`canAddPendingTx: tx ${txHashStr} ignored by pre-add rule`, {
+        reason: preAddResult.reason?.message ?? 'no reason provided',
+      });
+      return 'ignored';
+    }
+    return 'accepted';
   }
 
   async addProtectedTxs(txs: Tx[], block: BlockHeader, opts: { source?: string }): Promise<void> {
     const slotNumber = block.globalVariables.slotNumber;
 
+    // Precompute setup-call allow-list flags outside the store transaction
+    const allowedFlags = await Promise.all(txs.map(tx => this.#checkAllowedSetupCalls(tx)));
+
     await this.#store.transactionAsync(async () => {
-      for (const tx of txs) {
+      for (let i = 0; i < txs.length; i++) {
+        const tx = txs[i];
         const txHash = tx.getTxHash();
         const txHashStr = txHash.toString();
         const isNew = !this.#indices.has(txHashStr);
         const minedBlockId = await this.#getMinedBlockId(txHash);
 
         if (isNew) {
+          const meta = await buildTxMetaData(tx, allowedFlags[i]);
           // New tx - add as mined or protected (callback emitted by #addTx)
           if (minedBlockId) {
-            await this.#addTx(tx, { mined: minedBlockId }, opts);
+            await this.#addTx(tx, { mined: minedBlockId }, opts, meta);
             this.#indices.setProtection(txHashStr, slotNumber);
           } else {
-            await this.#addTx(tx, { protected: slotNumber }, opts);
+            await this.#addTx(tx, { protected: slotNumber }, opts, meta);
           }
         } else {
           // Existing tx - update protection and mined status
@@ -976,7 +990,8 @@ export class TxPoolV2Impl {
 
       try {
         const tx = Tx.fromBuffer(buffer);
-        const meta = await buildTxMetaData(tx);
+        const allowedSetupCalls = await this.#checkAllowedSetupCalls(tx);
+        const meta = await buildTxMetaData(tx, allowedSetupCalls);
         loaded.push({ tx, meta });
       } catch (err) {
         this.#log.warn(`Failed to deserialize tx ${txHashStr}, deleting`, { err });

package/src/msg_validators/attestation_validator/README.md

@@ -0,0 +1,49 @@
+# Attestation Validation
+
+This module validates `CheckpointAttestation` gossipsub messages. Attestations are signatures from committee members endorsing a checkpoint proposal.
+
+**Topic**: `checkpoint_attestation` | **Snappy size limit**: 5 KB
+
+## Stage 1: AttestationValidator (Gossipsub Validation)
+
+| # | Rule | Consequence | Severity | File |
+|---|------|-------------|----------|------|
+| 1 | **Slot timeliness**: `currentSlot` or `nextSlot`. Previous slot within 500ms: IGNORE. Older: REJECT. | REJECT or IGNORE | HighToleranceError | `attestation_validator.ts` |
+| 2 | **Attester signature**: `getSender()` must recover valid address | REJECT | LowToleranceError | same |
+| 3 | **Attester in committee**: recovered address in committee for slot | REJECT | HighToleranceError | same |
+| 4 | **Proposer exists**: `getProposerAttesterAddressInSlot` must return defined | REJECT | HighToleranceError | same |
+| 5 | **Proposer signature**: `getProposer()` must recover valid address | REJECT | LowToleranceError | same |
+| 6 | **Proposer matches expected**: recovered proposer = expected for slot | REJECT | HighToleranceError | same |
+| 7 | **NoCommitteeError**: committee unavailable | REJECT | LowToleranceError | same |
+
+**Fisherman mode extension** (`FishermanAttestationValidator`): if a checkpoint proposal for the same archive exists in pool, the attestation's `ConsensusPayload` must `.equals()` the stored proposal's payload. On mismatch: REJECT + LowToleranceError.
+
+## Stage 2: Pool Admission
+
+| # | Rule | Consequence |
+|---|------|-------------|
+| 8 | Sender recoverable (pool-side) | Silent drop |
+| 9 | Not a duplicate (same slot + proposalId + signer) | IGNORE |
+| 10 | Per-signer cap: `MAX_ATTESTATIONS_PER_SLOT_AND_SIGNER` = 2 | IGNORE |
+
+Own attestations added via `addOwnCheckpointAttestations` bypass the per-signer cap.
+
+## Stage 3: Equivocation Detection
+
+When a signer's attestation count for a slot reaches exactly 2 (different proposals): `duplicateAttestationCallback` fires -> `WANT_TO_SLASH_EVENT` with `OffenseType.DUPLICATE_ATTESTATION`. Attestation still ACCEPTED and rebroadcast. Callback fires once (not again at count 3+).
+
+## Validation at L1 Checkpoint Submission (Archiver)
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Each attestation must have recoverable signature (or address-only is allowed but does not count toward quorum) | Checkpoint rejected as invalid | `archiver/src/modules/validation.ts` |
+| Attestation at index `i` must correspond to committee member at index `i` | Checkpoint rejected as invalid | same |
+| Valid attestation count >= floor(committee * 2/3) + 1 | Checkpoint rejected as invalid | same |
+| No committee / escape hatch open | Accepted unconditionally | same |
+
+Note: `skipValidateCheckpointAttestations` config flag bypasses all archiver attestation validation.
+
+## Gossipsub Topic Scoring
+
+P3 enabled with expected messages per slot = `targetCommitteeSize`. Conservative threshold (30% of convergence value). Max P3 penalty = -34 per topic.
+

package/src/msg_validators/attestation_validator/attestation_validator.ts

@@ -23,13 +23,14 @@ export class CheckpointAttestationValidator implements P2PValidator<CheckpointAt
     const slotNumber = message.payload.header.slotNumber;
 
     try {
-      const { currentSlot, nextSlot } = this.epochCache.getCurrentAndNextSlot();
+      // Use target slots since proposals target pipeline slots (slot + 1 when pipelining)
+      const { targetSlot, nextSlot } = this.epochCache.getTargetAndNextSlot();
 
-      if (slotNumber !== currentSlot && slotNumber !== nextSlot) {
+      if (slotNumber !== targetSlot && slotNumber !== nextSlot) {
         // Check if message is for previous slot and within clock tolerance
-        if (!isWithinClockTolerance(slotNumber, currentSlot, this.epochCache)) {
+        if (!isWithinClockTolerance(slotNumber, targetSlot, this.epochCache)) {
           this.logger.warn(
-            `Checkpoint attestation slot ${slotNumber} is not current (${currentSlot}) or next (${nextSlot}) slot`,
+            `Checkpoint attestation slot ${slotNumber} is not current (${targetSlot}) or next (${nextSlot}) slot`,
           );
           return { result: 'reject', severity: PeerErrorSeverity.HighToleranceError };
         }

package/src/msg_validators/clock_tolerance.ts

@@ -36,10 +36,11 @@ export function isWithinClockTolerance(
   }
 
   // Check how far we are into the current slot (in milliseconds)
-  const { ts: slotStartTs, nowMs, slot } = epochCache.getEpochAndSlotNow();
+  const { ts: slotStartTs, nowMs } = epochCache.getEpochAndSlotNow();
+  const targetSlot = epochCache.getTargetSlot();
 
-  // Sanity check: ensure the epoch cache's current slot matches the expected current slot
-  if (slot !== currentSlot) {
+  // Sanity check: ensure the epoch cache's target slot matches the expected current slot
+  if (targetSlot !== currentSlot) {
     return false;
   }