@aztec/p2p 0.0.1-commit.684755437 → 0.0.1-commit.6b113946b

package/src/msg_validators/proposal_validator/README.md

@@ -0,0 +1,123 @@
+# Proposal Validation
+
+This module validates `BlockProposal` and `CheckpointProposal` gossipsub messages. Both share the same base `ProposalValidator` (neither subclass overrides `validate()`), with checkpoint-specific logic layered on top in the gossipsub handler.
+
+## BlockProposal
+
+**Topic**: `block_proposal` | **Snappy size limit**: 10 MB
+
+### Stage 1: Gossipsub Validation (ProposalValidator)
+
+File: `proposal_validator.ts`
+
+| # | Rule | Consequence | Severity |
+|---|------|-------------|----------|
+| 1 | **Slot check**: must be `currentSlot` or `nextSlot`. Previous slot within 500ms tolerance: IGNORE. | REJECT | HighToleranceError |
+| 2 | **Signature**: `getSender()` must recover a valid address. If `signedTxs` present, its recovered sender must match. | REJECT | MidToleranceError |
+| 3 | **Txs permitted**: if `disableTransactions`, must have 0 txHashes and 0 embedded txs | REJECT | MidToleranceError |
+| 4 | **Max txs**: `txHashes.length <= maxTxsPerBlock` | REJECT | MidToleranceError |
+| 5 | **Embedded txs in txHashes**: every embedded tx's hash must appear in `txHashes` | REJECT | MidToleranceError |
+| 6 | **Proposer check**: signer must match expected proposer for slot (skipped if committee size = 0) | REJECT | MidToleranceError |
+| 7 | **Tx hash integrity**: each embedded tx's recomputed hash must match declared hash | REJECT | LowToleranceError |
+| 8 | **NoCommitteeError**: epoch cache cannot determine committee | REJECT | LowToleranceError |
+
+Deserialization guards: `BlockProposal.fromBuffer` and `SignedTxs.fromBuffer` both enforce `txCount <= MAX_TXS_PER_BLOCK` (65536). Violation -> REJECT + LowToleranceError.
+
+### Stage 2: Mempool (Attestation Pool)
+
+| # | Rule | Consequence |
+|---|------|-------------|
+| 9 | **Duplicate**: same archive root already stored | IGNORE (no penalty) |
+| 10 | **Per-position cap**: max 2 proposals per (slot, indexWithinCheckpoint) | REJECT + HighToleranceError |
+| 11 | **Equivocation**: >1 distinct proposal for same (slot, index) | ACCEPT (rebroadcast for detection). At count=2: `duplicateProposalCallback` fires -> slash event (`OffenseType.DUPLICATE_PROPOSAL`, configured via `slashDuplicateProposalPenalty`) |
+
+### Stage 3: Validator-Client Processing (BlockProposalHandler)
+
+Only runs on validator nodes. Non-validator nodes use a default handler that triggers tx collection without deep validation.
+
+| # | Rule | Failure Reason |
+|---|------|----------------|
+| 12 | Signature re-check | `invalid_proposal` |
+| 13 | ProposalValidator re-run | `invalid_proposal` |
+| 14 | Self-proposal filter | Ignored silently |
+| 15 | Parent block exists (`lastArchive.root` matches known block or genesis) | `parent_block_not_found` |
+| 16 | Parent block slot <= proposal slot | `parent_block_wrong_slot` |
+| 17 | Block number not already in archiver | `block_number_already_exists` |
+| 18 | Checkpoint number consistency (multiple sub-rules for first/non-first blocks) | `invalid_proposal` |
+| 19 | Global variables consistency (non-first block: chainId, version, slot, timestamp, coinbase, feeRecipient, gasFees match parent) | `global_variables_mismatch` |
+| 20 | L1-to-L2 message hash matches `proposal.inHash` | `in_hash_mismatch` |
+| 21 | All txs referenced by `txHashes` obtainable | `txs_not_available` |
+| 22 | **Re-execution**: processed tx count matches `txHashes.length` | `timeout` (ReExTimeoutError) |
+| 23 | **Re-execution**: no failed txs | `failed_txs` (ReExFailedTxsError) -- **SLASHABLE** |
+| 24 | **Re-execution**: archive root and header match proposal | `state_mismatch` (ReExStateMismatchError) -- **SLASHABLE** |
+
+**Escape hatch**: during escape hatch periods (`isEscapeHatchOpenAtSlot`), re-execution and slashing are both disabled, and the proposal is rejected locally.
+
+**Conditional re-execution**: rules 22-24 only run when at least one condition is true: `fishermanMode` enabled, `slashBroadcastedInvalidBlockPenalty > 0` with `validatorReexecute`, committee membership with `validatorReexecute`, `alwaysReexecuteBlockProposals`, or `blobClient.canUpload()`.
+
+**Slashing**: only `state_mismatch` and `failed_txs` trigger on-chain slashing (`OffenseType.BROADCASTED_INVALID_BLOCK_PROPOSAL`, gated by `slashBroadcastedInvalidBlockPenalty > 0`). Unknown errors during re-execution do NOT slash.
+
+**Embedded tx validation**: txs in `signedTxs` are validated via `createTxValidatorForBlockProposalReceivedTxs` (well-formedness only) when stored in the tx pool. Invalid embedded txs are rejected from the pool but do not cause the block proposal itself to be rejected at gossipsub level.
+
+### Gossipsub Topic Scoring
+
+| Parameter | Effect |
+|-----------|--------|
+| P4 (invalidMessageDeliveries) | weight = -20, decay over 4 slots |
+| P3 (meshMessageDeliveries) | Enabled only when `expectedBlockProposalsPerSlot > 0` (MBPS mode) |
+| P1/P2 | Only active when P3 is enabled |
+
+---
+
+## CheckpointProposal
+
+**Topic**: `checkpoint_proposal` | **Snappy size limit**: 10 MB
+
+### Stage 1: Gossipsub Validation (ProposalValidator)
+
+Same `ProposalValidator.validate()` as BlockProposal (shared implementation, neither subclass overrides it). See BlockProposal Stage 1 rules 1-8.
+
+### Stage 2: Embedded Block Proposal Validation (if `lastBlock` present)
+
+The checkpoint's embedded `lastBlock` is extracted via `getBlockProposal()` and validated through `BlockProposalValidator.validate()` plus block mempool checks.
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Block proposal must pass `BlockProposalValidator.validate()` | If REJECT: entire checkpoint REJECTED | `libp2p_service.ts` |
+| Block proposal must not exceed per-position cap (2) | Checkpoint REJECTED + HighToleranceError | same |
+| Block equivocation detected (>1 proposals for same slot+index) | Checkpoint REJECTED (block itself is ACCEPT for re-broadcast) | same |
+
+### Stage 3: Mempool (Attestation Pool)
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Duplicate (same archive ID) | IGNORE (no penalty). Embedded block still processed if valid. | `attestation_pool.ts` |
+| Per-slot cap: `MAX_CHECKPOINT_PROPOSALS_PER_SLOT` = 2 | REJECT + HighToleranceError. Embedded block still processed. | same |
+
+### Stage 4: Equivocation Detection
+
+When >1 checkpoint proposals exist for same slot (count > 1): ACCEPT (re-broadcast). At count == 2 (exactly): `duplicateProposalCallback` fires. Proposal NOT further processed. Callback fires only once per equivocation pair.
+
+### Stage 5: Validator-Client Consensus Validation
+
+Determines whether the validator signs an attestation.
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Escape hatch open | No attestation | `validator-client/src/validator.ts` |
+| Signature invalid (re-check) | No attestation | same |
+| Self-proposal | No attestation (ignored) | same |
+| `feeAssetPriceModifier` outside [-100, +100] bps | No attestation | same |
+| Not in committee (unless fisherman mode) | No attestation | same |
+| Checkpoint header mismatch (computed vs proposal) | No attestation | same |
+| Archive root mismatch | No attestation | same |
+| Epoch out hash mismatch | No attestation | same |
+| Last block not found / not matching | No attestation | same |
+| Already attested to this or earlier slot | No attestation (unless `attestToEquivocatedProposals`) | same |
+
+**`skipCheckpointProposalValidation` config**: when true, the re-execution checks (header/archive/epoch hash) are all skipped. Signature, fee modifier, committee, escape hatch, and equivocation checks still apply.
+
+### Gossipsub Topic Scoring
+
+P3 enabled with expected rate of 1 message per slot. P4 weight = -20, max P3 penalty = -34 per topic.
+

package/src/msg_validators/proposal_validator/proposal_validator.ts

@@ -31,13 +31,14 @@ export class ProposalValidator {
   /** Validates header-level fields: slot, signature, and proposer. */
   public async validate(proposal: BlockProposal | CheckpointProposalCore): Promise<ValidationResult> {
     try {
-      // Slot check
-      const { currentSlot, nextSlot } = this.epochCache.getCurrentAndNextSlot();
+      // Slot check: use target slots since proposals target pipeline slots (slot + 1 when pipelining)
+      const { targetSlot, nextSlot } = this.epochCache.getTargetAndNextSlot();
+
       const slotNumber = proposal.slotNumber;
-      if (slotNumber !== currentSlot && slotNumber !== nextSlot) {
+      if (slotNumber !== targetSlot && slotNumber !== nextSlot) {
         // Check if message is for previous slot and within clock tolerance
-        if (!isWithinClockTolerance(slotNumber, currentSlot, this.epochCache)) {
-          this.logger.warn(`Penalizing peer for invalid slot number ${slotNumber}`, { currentSlot, nextSlot });
+        if (!isWithinClockTolerance(slotNumber, targetSlot, this.epochCache)) {
+          this.logger.warn(`Penalizing peer for invalid slot number ${slotNumber}`, { targetSlot, nextSlot });
           return { result: 'reject', severity: PeerErrorSeverity.HighToleranceError };
         }
         this.logger.verbose(`Ignoring proposal for previous slot ${slotNumber} within clock tolerance`);

package/src/msg_validators/tx_validator/README.md

@@ -75,10 +75,12 @@ This validator is invoked on **every** transaction potentially entering the pend
 - Startup hydration — revalidating persisted non-mined txs on node restart
 
 Runs:
-- DoubleSpend, BlockHeader, GasLimits, Timestamp
+- DoubleSpend, BlockHeader, GasLimits, Timestamp, AllowedSetupCalls
 
 Operates on `TxMetaData` (pre-built by the pool) rather than full `Tx` objects.
 
+The `AllowedSetupCallsMetaValidator` checks a precomputed boolean flag (`TxMetaData.allowedSetupCalls`) rather than re-running the full `PhasesTxValidator`. This flag is computed by `createCheckAllowedSetupCalls` when the tx first enters the pool (via `addProtectedTxs` or startup hydration), so the pool migration validator can reject txs with disallowed setup calls without needing the full `Tx` object or its dependencies.
+
 ## Individual Validators
 
 | Validator | What it checks | Benchmarked verification duration |
@@ -92,6 +94,7 @@ Operates on `TxMetaData` (pre-built by the pool) rather than full `Tx` objects.
 | `GasTxValidator` | Gas limits are within bounds (delegates to `GasLimitsValidator`), max fee per gas meets current block fees, and fee payer has sufficient FeeJuice balance | 1.02 ms |
 | `GasLimitsValidator` | Gas limits are >= fixed minimums and <= AVM max processable L2 gas. Used standalone in pool migration; also called internally by `GasTxValidator` | 3–10 us |
 | `PhasesTxValidator` | Public function calls in setup phase are on the allow list | 10.12–13.12 us |
+| `AllowedSetupCallsMetaValidator` | Checks the precomputed `allowedSetupCalls` flag on `TxMetaData`. Used in pool migration instead of the full `PhasesTxValidator` | — |
 | `BlockHeaderTxValidator` | Transaction's anchor block hash exists in the archive tree | 98.88 us |
 | `TxProofValidator` | Client proof verifies correctly | ~250ms |
 
@@ -108,6 +111,7 @@ Operates on `TxMetaData` (pre-built by the pool) rather than full `Tx` objects.
 | Gas (balance + limits) | Stage 1 | Optional* | — | Yes | — |
 | GasLimits (standalone) | — | — | — | — | Yes |
 | Phases | Stage 1 | Yes | — | Yes | — |
+| AllowedSetupCalls | — | — | — | — | Yes |
 | BlockHeader | Stage 1 | Yes | — | Yes | Yes |
 | Proof | Stage 2 | Optional** | Yes | — | — |
 

package/src/msg_validators/tx_validator/factory.ts

@@ -58,7 +58,7 @@ import { DoubleSpendTxValidator, type NullifierSource } from './double_spend_val
 import { GasLimitsValidator, GasTxValidator } from './gas_validator.js';
 import { MetadataTxValidator } from './metadata_validator.js';
 import { NullifierCache } from './nullifier_cache.js';
-import { PhasesTxValidator } from './phases_validator.js';
+import { AllowedSetupCallsMetaValidator, PhasesTxValidator } from './phases_validator.js';
 import { SizeTxValidator } from './size_validator.js';
 import { TimestampTxValidator } from './timestamp_validator.js';
 import { TxPermittedValidator } from './tx_permitted_validator.js';
@@ -97,6 +97,7 @@ export function createFirstStageTxValidationsForGossipedTransactions(
   txsPermitted: boolean,
   allowedInSetup: AllowedElement[] = [],
   bindings?: LoggerBindings,
+  gasLimitOpts?: { rollupManaLimit?: number; maxBlockL2Gas?: number; maxBlockDAGas?: number },
 ): Record<string, TransactionValidator> {
   const merkleTree = worldStateSynchronizer.getCommitted();
 
@@ -158,6 +159,7 @@ export function createFirstStageTxValidationsForGossipedTransactions(
         ProtocolContractAddress.FeeJuice,
         gasFees,
         bindings,
+        gasLimitOpts,
       ),
       severity: PeerErrorSeverity.MidToleranceError,
     },
@@ -278,6 +280,9 @@ export function createTxValidatorForAcceptingTxsOverRPC(
     timestamp,
     blockNumber,
     txsPermitted,
+    rollupManaLimit,
+    maxBlockL2Gas,
+    maxBlockDAGas,
   }: {
     l1ChainId: number;
     rollupVersion: number;
@@ -287,6 +292,9 @@ export function createTxValidatorForAcceptingTxsOverRPC(
     timestamp: UInt64;
     blockNumber: BlockNumber;
     txsPermitted: boolean;
+    rollupManaLimit: number;
+    maxBlockL2Gas?: number;
+    maxBlockDAGas?: number;
   },
   bindings?: LoggerBindings,
 ): TxValidator<Tx> {
@@ -317,7 +325,11 @@ export function createTxValidatorForAcceptingTxsOverRPC(
 
   if (!skipFeeEnforcement) {
     validators.push(
-      new GasTxValidator(new DatabasePublicStateSource(db), ProtocolContractAddress.FeeJuice, gasFees, bindings),
+      new GasTxValidator(new DatabasePublicStateSource(db), ProtocolContractAddress.FeeJuice, gasFees, bindings, {
+        rollupManaLimit,
+        maxBlockL2Gas,
+        maxBlockDAGas,
+      }),
     );
   }
 
@@ -403,6 +415,7 @@ export async function createTxValidatorForTransactionsEnteringPendingTxPool(
   worldStateSynchronizer: WorldStateSynchronizer,
   timestamp: bigint,
   blockNumber: BlockNumber,
+  gasLimitOpts: { rollupManaLimit?: number; maxBlockL2Gas?: number; maxBlockDAGas?: number },
   bindings?: LoggerBindings,
 ): Promise<TxValidator<TxMetaData>> {
   await worldStateSynchronizer.syncImmediate();
@@ -419,9 +432,29 @@ export async function createTxValidatorForTransactionsEnteringPendingTxPool(
     },
   };
   return new AggregateTxValidator<TxMetaData>(
-    new GasLimitsValidator<TxMetaData>(bindings),
+    new GasLimitsValidator<TxMetaData>({ ...gasLimitOpts, bindings }),
     new TimestampTxValidator<TxMetaData>({ timestamp, blockNumber }, bindings),
     new DoubleSpendTxValidator<TxMetaData>(nullifierSource, bindings),
     new BlockHeaderTxValidator<TxMetaData>(archiveSource, bindings),
+    new AllowedSetupCallsMetaValidator<TxMetaData>(bindings),
   );
 }
+
+/**
+ * Creates a function that checks whether a tx's setup-phase calls are on the allow list.
+ *
+ * Uses the `PhasesTxValidator` on the full Tx. The result is stored as a boolean
+ * flag in `TxMetaData.allowedSetupCalls` at receipt time, so the pending pool
+ * migration validator can check it without needing the full Tx or its dependencies.
+ */
+export function createCheckAllowedSetupCalls(
+  contractDataSource: ContractDataSource,
+  setupAllowList: AllowedElement[],
+  getTimestamp: () => UInt64,
+): (tx: Tx) => Promise<boolean> {
+  return async (tx: Tx) => {
+    const validator = new PhasesTxValidator(contractDataSource, setupAllowList, getTimestamp());
+    const result = await validator.validateTx(tx);
+    return result.result === 'valid';
+  };
+}

package/src/msg_validators/tx_validator/gas_validator.ts

@@ -1,4 +1,5 @@
 import {
+  MAX_PROCESSABLE_DA_GAS_PER_CHECKPOINT,
   MAX_PROCESSABLE_L2_GAS,
   PRIVATE_TX_L2_GAS_OVERHEAD,
   PUBLIC_TX_L2_GAS_OVERHEAD,
@@ -49,16 +50,31 @@ export interface HasGasLimitData {
  */
 export class GasLimitsValidator<T extends HasGasLimitData> implements TxValidator<T> {
   #log: Logger;
-
-  constructor(bindings?: LoggerBindings) {
-    this.#log = createLogger('sequencer:tx_validator:tx_gas', bindings);
+  #effectiveMaxL2Gas: number;
+  #effectiveMaxDAGas: number;
+  #rollupManaLimit: number;
+  #maxBlockL2Gas: number;
+  #maxBlockDAGas: number;
+
+  constructor(opts?: {
+    rollupManaLimit?: number;
+    maxBlockL2Gas?: number;
+    maxBlockDAGas?: number;
+    bindings?: LoggerBindings;
+  }) {
+    this.#log = createLogger('sequencer:tx_validator:tx_gas', opts?.bindings);
+    this.#rollupManaLimit = opts?.rollupManaLimit ?? Infinity;
+    this.#maxBlockL2Gas = opts?.maxBlockL2Gas ?? Infinity;
+    this.#maxBlockDAGas = opts?.maxBlockDAGas ?? Infinity;
+    this.#effectiveMaxL2Gas = Math.min(MAX_PROCESSABLE_L2_GAS, this.#rollupManaLimit, this.#maxBlockL2Gas);
+    this.#effectiveMaxDAGas = Math.min(MAX_PROCESSABLE_DA_GAS_PER_CHECKPOINT, this.#maxBlockDAGas);
   }
 
   validateTx(tx: T): Promise<TxValidationResult> {
     return Promise.resolve(this.validateGasLimit(tx));
   }
 
-  /** Checks gas limits are >= fixed minimums and <= AVM max processable L2 gas. */
+  /** Checks gas limits are >= fixed minimums and <= effective max gas (L2 and DA). */
   validateGasLimit(tx: T): TxValidationResult {
     const gasLimits = tx.data.constants.txContext.gasSettings.gasLimits;
     const minGasLimits = new Gas(
@@ -74,10 +90,21 @@ export class GasLimitsValidator<T extends HasGasLimitData> implements TxValidato
       return { result: 'invalid', reason: [TX_ERROR_INSUFFICIENT_GAS_LIMIT] };
     }
 
-    if (gasLimits.l2Gas > MAX_PROCESSABLE_L2_GAS) {
-      this.#log.verbose(`Rejecting transaction due to the gas limit(s) being higher than the maximum processable gas`, {
+    if (gasLimits.l2Gas > this.#effectiveMaxL2Gas) {
+      this.#log.verbose(`Rejecting transaction due to the L2 gas limit being higher than the effective maximum`, {
         gasLimits,
-        minGasLimits,
+        effectiveMaxL2Gas: this.#effectiveMaxL2Gas,
+        rollupManaLimit: this.#rollupManaLimit,
+        maxBlockL2Gas: this.#maxBlockL2Gas,
+      });
+      return { result: 'invalid', reason: [TX_ERROR_GAS_LIMIT_TOO_HIGH] };
+    }
+
+    if (gasLimits.daGas > this.#effectiveMaxDAGas) {
+      this.#log.verbose(`Rejecting transaction due to the DA gas limit being higher than the effective maximum`, {
+        gasLimits,
+        effectiveMaxDAGas: this.#effectiveMaxDAGas,
+        maxBlockDAGas: this.#maxBlockDAGas,
       });
       return { result: 'invalid', reason: [TX_ERROR_GAS_LIMIT_TOO_HIGH] };
     }
@@ -106,21 +133,27 @@ export class GasTxValidator implements TxValidator<Tx> {
   #publicDataSource: PublicStateSource;
   #feeJuiceAddress: AztecAddress;
   #gasFees: GasFees;
+  #gasLimitOpts?: { rollupManaLimit?: number; maxBlockL2Gas?: number; maxBlockDAGas?: number };
 
   constructor(
     publicDataSource: PublicStateSource,
     feeJuiceAddress: AztecAddress,
     gasFees: GasFees,
     private bindings?: LoggerBindings,
+    opts?: { rollupManaLimit?: number; maxBlockL2Gas?: number; maxBlockDAGas?: number },
   ) {
     this.#log = createLogger('sequencer:tx_validator:tx_gas', bindings);
     this.#publicDataSource = publicDataSource;
     this.#feeJuiceAddress = feeJuiceAddress;
     this.#gasFees = gasFees;
+    this.#gasLimitOpts = opts;
   }
 
   async validateTx(tx: Tx): Promise<TxValidationResult> {
-    const gasLimitValidation = new GasLimitsValidator(this.bindings).validateGasLimit(tx);
+    const gasLimitValidation = new GasLimitsValidator({
+      ...this.#gasLimitOpts,
+      bindings: this.bindings,
+    }).validateGasLimit(tx);
     if (gasLimitValidation.result === 'invalid') {
       return Promise.resolve(gasLimitValidation);
     }

package/src/msg_validators/tx_validator/phases_validator.ts

@@ -141,3 +141,33 @@ export class PhasesTxValidator implements TxValidator<Tx> {
     return TX_ERROR_SETUP_FUNCTION_NOT_ALLOWED;
   }
 }
+
+/** Structural interface for the allowed-setup-calls flag check. */
+export interface HasAllowedSetupCallsData {
+  txHash: { toString(): string };
+  allowedSetupCalls: boolean;
+}
+
+/**
+ * Validates that a transaction's setup-phase calls were allowed at receipt time.
+ *
+ * Checks the precomputed `allowedSetupCalls` flag on TxMetaData. The flag is
+ * computed by running the PhasesTxValidator on the full Tx when it first enters
+ * the pool. This lightweight validator is used during pending pool migration to
+ * reject txs whose setup calls are not on the allow list.
+ */
+export class AllowedSetupCallsMetaValidator<T extends HasAllowedSetupCallsData> implements TxValidator<T> {
+  #log: Logger;
+
+  constructor(bindings?: LoggerBindings) {
+    this.#log = createLogger('sequencer:tx_validator:tx_phases_meta', bindings);
+  }
+
+  validateTx(tx: T): Promise<TxValidationResult> {
+    if (!tx.allowedSetupCalls) {
+      this.#log.verbose(`Rejecting tx ${tx.txHash} because its setup calls are not on the allow list`);
+      return Promise.resolve({ result: 'invalid', reason: [TX_ERROR_SETUP_FUNCTION_NOT_ALLOWED] });
+    }
+    return Promise.resolve({ result: 'valid' });
+  }
+}

package/src/services/encoding.ts

@@ -9,6 +9,14 @@ import { webcrypto } from 'node:crypto';
 import { compressSync, uncompressSync } from 'snappy';
 import xxhashFactory from 'xxhash-wasm';
 
+/** Thrown when a Snappy-compressed response exceeds the allowed decompressed size. */
+export class OversizedSnappyResponseError extends Error {
+  constructor(decompressedSize: number, maxSizeKb: number) {
+    super(`Decompressed size ${decompressedSize} exceeds maximum allowed size of ${maxSizeKb}kb`);
+    this.name = 'OversizedSnappyResponseError';
+  }
+}
+
 // Load WASM
 const xxhash = await xxhashFactory();
 
@@ -86,7 +94,7 @@ export class SnappyTransform implements DataTransform {
     const { decompressedSize } = readSnappyPreamble(data);
     if (decompressedSize > maxSizeKb * 1024) {
       this.logger.warn(`Decompressed size ${decompressedSize} exceeds maximum allowed size of ${maxSizeKb}kb`);
-      throw new Error(`Decompressed size ${decompressedSize} exceeds maximum allowed size of ${maxSizeKb}kb`);
+      throw new OversizedSnappyResponseError(decompressedSize, maxSizeKb);
     }
 
     return Buffer.from(uncompressSync(data, { asBuffer: true }));

package/src/services/libp2p/libp2p_service.ts

@@ -18,7 +18,6 @@ import {
   type CheckpointProposalCore,
   type Gossipable,
   P2PMessage,
-  type ValidationResult as P2PValidationResult,
   PeerErrorSeverity,
   PeerErrorSeverityByHarshness,
   TopicType,
@@ -226,7 +225,7 @@ export class LibP2PService extends WithTracer implements P2PService {
 
     const proposalValidatorOpts = {
       txsPermitted: !config.disableTransactions,
-      maxTxsPerBlock: config.validateMaxTxsPerBlock,
+      maxTxsPerBlock: config.validateMaxTxsPerBlock ?? config.validateMaxTxsPerCheckpoint,
     };
     this.blockProposalValidator = new BlockProposalValidator(epochCache, proposalValidatorOpts);
     this.checkpointProposalValidator = new CheckpointProposalValidator(epochCache, proposalValidatorOpts);
@@ -237,11 +236,11 @@ export class LibP2PService extends WithTracer implements P2PService {
     this.gossipSubEventHandler = this.handleGossipSubEvent.bind(this);
 
     this.blockReceivedCallback = async (block: BlockProposal): Promise<boolean> => {
-      this.logger.debug(
-        `Handler not yet registered: Block received callback not set. Received block for slot ${block.slotNumber} from peer.`,
+      this.logger.warn(
+        `Handler for block received not yet registered on P2P service. Received block ${block.blockNumber} for slot ${block.slotNumber} from peer.`,
         { p2pMessageIdentifier: await block.p2pMessageLoggingIdentifier() },
       );
-      return false;
+      return true;
     };
 
     this.checkpointReceivedCallback = (
@@ -754,6 +753,9 @@ export class LibP2PService extends WithTracer implements P2PService {
     if (!validator || !validator.addMessage(msgId)) {
       this.instrumentation.incMessagePrevalidationStatus(false, topicType);
       this.node.services.pubsub.reportMessageValidationResult(msgId, source.toString(), TopicValidatorResult.Ignore);
+      if (topicType === TopicType.tx) {
+        this.logger.verbose(`Ignoring already-seen tx gossip message`, { msgId, source: source.toString() });
+      }
       return { result: false, topicType };
     }
 
@@ -923,6 +925,11 @@ export class LibP2PService extends WithTracer implements P2PService {
           severity = await this.handleDoubleSpendFailure(tx, txBlockNumber);
         }
 
+        this.logger.verbose(`Rejecting gossiped tx ${tx.getTxHash().toString()}: stage 1 validation failed`, {
+          validator: name,
+          severity,
+          source: source.toString(),
+        });
         this.peerManager.penalizePeer(source, severity);
         return { result: TopicValidatorResult.Reject };
       }
@@ -930,6 +937,9 @@ export class LibP2PService extends WithTracer implements P2PService {
       // Pool pre-check: see if the pool would accept this tx before doing expensive proof verification
       const canAdd = await this.mempools.txPool.canAddPendingTx(tx);
       if (canAdd === 'ignored') {
+        this.logger.verbose(`Ignoring gossiped tx ${tx.getTxHash().toString()}: pool pre-check returned ignored`, {
+          source: source.toString(),
+        });
         return { result: TopicValidatorResult.Ignore, obj: tx };
       }
 
@@ -937,7 +947,12 @@ export class LibP2PService extends WithTracer implements P2PService {
       const secondStageValidators = this.createSecondStageMessageValidators();
       const secondStageOutcome = await this.runValidations(tx, secondStageValidators);
       if (!secondStageOutcome.allPassed) {
-        const { severity } = secondStageOutcome.failure;
+        const { severity, name } = secondStageOutcome.failure;
+        this.logger.verbose(`Rejecting gossiped tx ${tx.getTxHash().toString()}: stage 2 validation failed`, {
+          validator: name,
+          severity,
+          source: source.toString(),
+        });
         this.peerManager.penalizePeer(source, severity);
         return { result: TopicValidatorResult.Reject };
       }
@@ -949,7 +964,7 @@ export class LibP2PService extends WithTracer implements P2PService {
       const wasAccepted = addResult.accepted.some(h => h.equals(txHash));
       const wasIgnored = addResult.ignored.some(h => h.equals(txHash));
 
-      this.logger.trace(`Validate propagated tx`, {
+      this.logger.verbose(`Validate propagated tx ${txHash.toString()}`, {
         wasAccepted,
         wasIgnored,
         [Attributes.P2P_ID]: source.toString(),
@@ -960,6 +975,11 @@ export class LibP2PService extends WithTracer implements P2PService {
       } else if (wasIgnored) {
         return { result: TopicValidatorResult.Ignore, obj: tx };
       } else {
+        this.logger.warn(`Gossiped tx ${txHash.toString()} unexpectedly rejected by pool`, {
+          source: source.toString(),
+          txHash: txHash.toString(),
+        });
+        this.peerManager.penalizePeer(source, PeerErrorSeverity.HighToleranceError);
         return { result: TopicValidatorResult.Reject };
       }
     };
@@ -1192,7 +1212,7 @@ export class LibP2PService extends WithTracer implements P2PService {
     // Note: Validators do NOT attest to individual blocks, only to checkpoint proposals.
     const isValid = await this.blockReceivedCallback(block, sender);
     if (!isValid) {
-      this.logger.warn(`Block proposal validation failed for block ${block.blockNumber}`, block.toBlockInfo());
+      this.logger.info(`Block proposal validation failed for block ${block.blockNumber}`, block.toBlockInfo());
     }
   }
 
@@ -1626,6 +1646,7 @@ export class LibP2PService extends WithTracer implements P2PService {
       ...(this.config.txPublicSetupAllowListExtend ?? []),
     ];
     const blockNumber = BlockNumber(currentBlockNumber + 1);
+    const l1Constants = await this.archiver.getL1Constants();
 
     return createFirstStageTxValidationsForGossipedTransactions(
       nextSlotTimestamp,
@@ -1639,6 +1660,11 @@ export class LibP2PService extends WithTracer implements P2PService {
       !this.config.disableTransactions,
       allowedInSetup,
       this.logger.getBindings(),
+      {
+        rollupManaLimit: l1Constants.rollupManaLimit,
+        maxBlockL2Gas: this.config.validateMaxL2BlockGas,
+        maxBlockDAGas: this.config.validateMaxDABlockGas,
+      },
     );
   }
 
@@ -1720,31 +1746,6 @@ export class LibP2PService extends WithTracer implements P2PService {
     return PeerErrorSeverity.HighToleranceError;
   }
 
-  /**
-   * Validate a checkpoint attestation.
-   *
-   * @param attestation - The checkpoint attestation to validate.
-   * @returns True if the checkpoint attestation is valid, false otherwise.
-   */
-  @trackSpan('Libp2pService.validateCheckpointAttestation', async (_, attestation) => ({
-    [Attributes.SLOT_NUMBER]: attestation.payload.header.slotNumber,
-    [Attributes.BLOCK_ARCHIVE]: attestation.archive.toString(),
-    [Attributes.P2P_ID]: await attestation.p2pMessageLoggingIdentifier().then(i => i.toString()),
-  }))
-  public async validateCheckpointAttestation(
-    peerId: PeerId,
-    attestation: CheckpointAttestation,
-  ): Promise<P2PValidationResult> {
-    const result = await this.checkpointAttestationValidator.validate(attestation);
-
-    if (result.result === 'reject') {
-      this.logger.warn(`Penalizing peer ${peerId} for checkpoint attestation validation failure`);
-      this.peerManager.penalizePeer(peerId, result.severity);
-    }
-
-    return result;
-  }
-
   public getPeerScore(peerId: PeerId): number {
     return this.node.services.pubsub.score.score(peerId.toString());
   }

package/src/services/peer-manager/peer_manager.ts

@@ -32,7 +32,7 @@ import { PeerScoreState, type PeerScoring } from './peer_scoring.js';
 const MAX_DIAL_ATTEMPTS = 3;
 const MAX_CACHED_PEERS = 100;
 const MAX_CACHED_PEER_AGE_MS = 5 * 60 * 1000; // 5 minutes
-const FAILED_PEER_BAN_TIME_MS = 5 * 60 * 1000; // 5 minutes timeout after failing MAX_DIAL_ATTEMPTS
+const DEFAULT_FAILED_PEER_BAN_TIME_MS = 5 * 60 * 1000; // 5 minutes timeout after failing MAX_DIAL_ATTEMPTS
 const GOODBYE_DIAL_TIMEOUT_MS = 1000;
 const FAILED_AUTH_HANDSHAKE_EXPIRY_MS = 60 * 60 * 1000; // 1 hour
 
@@ -776,7 +776,8 @@ export class PeerManager implements PeerManagerInterface {
         // Add to timed out peers
         this.timedOutPeers.set(id, {
           peerId: id,
-          timeoutUntilMs: this.dateProvider.now() + FAILED_PEER_BAN_TIME_MS,
+          timeoutUntilMs:
+            this.dateProvider.now() + (this.config.peerFailedBanTimeMs ?? DEFAULT_FAILED_PEER_BAN_TIME_MS),
         });
       }
     }
@@ -938,6 +939,8 @@ export class PeerManager implements PeerManagerInterface {
           `Received auth for validator ${sender.toString()} from peer ${peerIdString}, but this validator is already authenticated to peer ${peerForAddress.toString()}`,
           { ...logData, address: sender.toString() },
         );
+        this.markAuthHandshakeFailed(peerId);
+        this.markPeerForDisconnect(peerId);
         return;
       }