@aztec/p2p 0.0.1-commit.6b113946b → 0.0.1-commit.6bd18f1aa

package/src/services/libp2p/libp2p_service.ts

@@ -51,9 +51,10 @@ import { yamux } from '@chainsafe/libp2p-yamux';
 import { bootstrap } from '@libp2p/bootstrap';
 import { identify } from '@libp2p/identify';
 import { type Message, type MultiaddrConnection, type PeerId, TopicValidatorResult } from '@libp2p/interface';
-import type { ConnectionManager } from '@libp2p/interface-internal';
+import type { AddressManager, ConnectionManager } from '@libp2p/interface-internal';
 import { mplex } from '@libp2p/mplex';
 import { tcp } from '@libp2p/tcp';
+import { multiaddr } from '@multiformats/multiaddr';
 import { ENR } from '@nethermindeth/enr';
 import { createLibp2p } from 'libp2p';
 
@@ -130,7 +131,7 @@ type ValidationOutcome = { allPassed: true } | { allPassed: false; failure: Vali
 // REFACTOR: Unify with the type above
 type ReceivedMessageValidationResult<T, M = undefined> =
   | { obj: T; result: Exclude<TopicValidatorResult, TopicValidatorResult.Reject>; metadata?: M }
-  | { obj?: T; result: TopicValidatorResult.Reject; metadata?: M };
+  | { obj?: T; result: TopicValidatorResult.Reject; metadata?: M; severity: PeerErrorSeverity };
 
 /**
  * Lib P2P implementation of the P2PService interface.
@@ -174,6 +175,10 @@ export class LibP2PService extends WithTracer implements P2PService {
   private checkpointReceivedCallback: P2PCheckpointReceivedCallback;
 
   private gossipSubEventHandler: (e: CustomEvent<GossipsubMessage>) => void;
+  private ipChangedHandler?: (ip: string) => void;
+
+  /** Discovered public IP address (set when queryForIp is enabled and no static IP was configured). */
+  private discoveredP2pIp?: string;
 
   private instrumentation: P2PInstrumentation;
 
@@ -442,8 +447,9 @@ export class LibP2PService extends WithTracer implements P2PService {
             topics: topicScoreParams,
           }),
         }) as (components: GossipSubComponents) => GossipSub,
-        components: (components: { connectionManager: ConnectionManager }) => ({
+        components: (components: { connectionManager: ConnectionManager; addressManager: AddressManager }) => ({
           connectionManager: components.connectionManager,
+          addressManager: components.addressManager,
         }),
       },
       logger: createLibp2pComponentLogger(logger.module, logger.getBindings()),
@@ -502,10 +508,10 @@ export class LibP2PService extends WithTracer implements P2PService {
 
     // Get listen & announce addresses for logging
     const { p2pIp, p2pPort } = this.config;
-    if (!p2pIp) {
+    if (!p2pIp && !this.config.queryForIp) {
       throw new Error('Announce address not provided.');
     }
-    const announceTcpMultiaddr = convertToMultiaddr(p2pIp, p2pPort, 'tcp');
+    const announceTcpMultiaddr = p2pIp ? convertToMultiaddr(p2pIp, p2pPort, 'tcp') : undefined;
 
     // Create request response protocol handlers
     const txHandler = reqRespTxHandler(this.mempools);
@@ -559,6 +565,31 @@ export class LibP2PService extends WithTracer implements P2PService {
     if (!this.config.p2pDiscoveryDisabled) {
       await this.peerDiscoveryService.start();
     }
+
+    // When queryForIp is enabled and no static IP was configured, bridge discv5 IP discovery to libp2p.
+    // Discv5 discovers our public IP via peer WHOAREYOU exchanges (enrUpdate=true) and emits 'ip:changed'.
+    // We confirm the discovered address in the libp2p AddressManager so it appears in getMultiaddrs()
+    // and is pushed to all connected peers via the identify protocol.
+    if (this.config.queryForIp && !p2pIp) {
+      this.ipChangedHandler = (ip: string) => {
+        const addressManager = this.node.services.components.addressManager;
+        const newAddr = multiaddr(convertToMultiaddr(ip, this.config.p2pPort, 'tcp'));
+
+        // Remove old discovered IP if one exists
+        if (this.discoveredP2pIp) {
+          const oldAddr = multiaddr(convertToMultiaddr(this.discoveredP2pIp, this.config.p2pPort, 'tcp'));
+          addressManager.removeObservedAddr(oldAddr);
+        }
+
+        addressManager.addObservedAddr(newAddr);
+        addressManager.confirmObservedAddr(newAddr);
+        // Store discovered IP
+        this.discoveredP2pIp = ip;
+        this.logger.info('Public IP discovered via discv5', { ip });
+      };
+      this.peerDiscoveryService.on('ip:changed', this.ipChangedHandler);
+    }
+
     this.discoveryRunningPromise = new RunningPromise(
       async () => {
         await this.peerManager.heartbeat();
@@ -571,7 +602,7 @@ export class LibP2PService extends WithTracer implements P2PService {
     this.logger.info(`Started P2P service`, {
       listen: this.config.listenAddress,
       port: this.config.p2pPort,
-      announce: announceTcpMultiaddr,
+      announce: announceTcpMultiaddr ?? 'pending (queryForIp=true)',
       peerId: this.node.peerId.toString(),
     });
   }
@@ -584,6 +615,12 @@ export class LibP2PService extends WithTracer implements P2PService {
     // Remove gossip sub listener
     this.node.services.pubsub.removeEventListener(GossipSubEvent.MESSAGE, this.gossipSubEventHandler);
 
+    // Remove ip:changed listener if registered
+    if (this.ipChangedHandler) {
+      this.peerDiscoveryService.off('ip:changed', this.ipChangedHandler);
+      this.ipChangedHandler = undefined;
+    }
+
     // Stop peer manager
     this.logger.debug('Stopping peer manager...');
     await this.peerManager.stop();
@@ -882,30 +919,56 @@ export class LibP2PService extends WithTracer implements P2PService {
     source: PeerId,
     topicType: TopicType,
   ): Promise<ReceivedMessageValidationResult<T, M>> {
-    let resultAndObj: ReceivedMessageValidationResult<T, M> = { result: TopicValidatorResult.Reject };
+    // Default to reject result with a penalty if validation function throws an error
+    let resultAndObj: ReceivedMessageValidationResult<T, M> = {
+      result: TopicValidatorResult.Reject,
+      severity: PeerErrorSeverity.MidToleranceError,
+    };
     const timer = new Timer();
     try {
       resultAndObj = await validationFunc();
     } catch (err) {
-      this.peerManager.penalizePeer(source, PeerErrorSeverity.LowToleranceError);
-      this.logger.error(`Error deserializing and validating gossipsub message`, err, {
-        msgId,
-        source: source.toString(),
-        topicType,
-      });
+      this.logger.error(`Error validating gossipsub message`, err, { msgId, source: source.toString(), topicType });
     }
 
     if (resultAndObj.result === TopicValidatorResult.Accept) {
+      this.logger.debug(`Message ${topicType} accepted by validator`, { msgId, source: source.toString(), topicType });
       this.instrumentation.recordMessageValidation(topicType, timer);
+    } else if (resultAndObj.result === TopicValidatorResult.Reject) {
+      this.logger.warn(`Message ${topicType} rejected by validator with severity ${resultAndObj.severity}`, {
+        msgId,
+        source: source.toString(),
+        topicType,
+        severity: resultAndObj.severity,
+      });
+      this.peerManager.penalizePeer(source, resultAndObj.severity);
+    } else {
+      this.logger.trace(`Message ${topicType} ignored by validator`, { msgId, source: source.toString(), topicType });
     }
 
     this.node.services.pubsub.reportMessageValidationResult(msgId, source.toString(), resultAndObj.result);
     return resultAndObj;
   }
 
+  private tryDeserialize<T>(deserializeFunc: () => T, msgId: string, source: PeerId): T | undefined {
+    try {
+      return deserializeFunc();
+    } catch (err) {
+      this.logger.warn(`Failed to deserialize gossipsub message from buffer`, {
+        err,
+        msgId,
+        source: source.toString(),
+      });
+      return undefined;
+    }
+  }
+
   protected async handleGossipedTx(payloadData: Buffer, msgId: string, source: PeerId) {
     const validationFunc: () => Promise<ReceivedMessageValidationResult<Tx>> = async () => {
-      const tx = Tx.fromBuffer(payloadData);
+      const tx = this.tryDeserialize(() => Tx.fromBuffer(payloadData), msgId, source);
+      if (!tx) {
+        return { result: TopicValidatorResult.Reject, severity: PeerErrorSeverity.LowToleranceError };
+      }
 
       const currentBlockNumber = await this.archiver.getBlockNumber();
       const { ts: nextSlotTimestamp } = this.epochCache.getEpochAndSlotInNextL1Slot();
@@ -930,8 +993,7 @@ export class LibP2PService extends WithTracer implements P2PService {
           severity,
           source: source.toString(),
         });
-        this.peerManager.penalizePeer(source, severity);
-        return { result: TopicValidatorResult.Reject };
+        return { result: TopicValidatorResult.Reject, severity };
       }
 
       // Pool pre-check: see if the pool would accept this tx before doing expensive proof verification
@@ -953,8 +1015,7 @@ export class LibP2PService extends WithTracer implements P2PService {
           severity,
           source: source.toString(),
         });
-        this.peerManager.penalizePeer(source, severity);
-        return { result: TopicValidatorResult.Reject };
+        return { result: TopicValidatorResult.Reject, severity };
       }
 
       // Pool add: persist the tx
@@ -979,8 +1040,7 @@ export class LibP2PService extends WithTracer implements P2PService {
           source: source.toString(),
           txHash: txHash.toString(),
         });
-        this.peerManager.penalizePeer(source, PeerErrorSeverity.HighToleranceError);
-        return { result: TopicValidatorResult.Reject };
+        return { result: TopicValidatorResult.Reject, severity: PeerErrorSeverity.HighToleranceError };
       }
     };
 
@@ -1010,7 +1070,16 @@ export class LibP2PService extends WithTracer implements P2PService {
     source: PeerId,
   ): Promise<void> {
     const { result, obj: attestation } = await this.validateReceivedMessage<CheckpointAttestation>(
-      () => this.validateAndStoreCheckpointAttestation(source, CheckpointAttestation.fromBuffer(payloadData)),
+      () => {
+        const attestation = this.tryDeserialize(() => CheckpointAttestation.fromBuffer(payloadData), msgId, source);
+        if (!attestation) {
+          return Promise.resolve({
+            result: TopicValidatorResult.Reject,
+            severity: PeerErrorSeverity.LowToleranceError,
+          });
+        }
+        return this.validateAndStoreCheckpointAttestation(source, attestation);
+      },
       msgId,
       source,
       TopicType.checkpoint_attestation,
@@ -1043,8 +1112,7 @@ export class LibP2PService extends WithTracer implements P2PService {
 
     if (validationResult.result === 'reject') {
       this.logger.warn(`Penalizing peer ${peerId} for checkpoint attestation validation failure`);
-      this.peerManager.penalizePeer(peerId, validationResult.severity);
-      return { result: TopicValidatorResult.Reject };
+      return { result: TopicValidatorResult.Reject, severity: validationResult.severity };
     }
 
     if (validationResult.result === 'ignore') {
@@ -1070,16 +1138,16 @@ export class LibP2PService extends WithTracer implements P2PService {
       return { result: TopicValidatorResult.Ignore, obj: attestation };
     }
 
-    // Could not add (cap reached for signer), no need to re-broadcast
+    // Could not add (cap reached for signer), penalize and do not re-broadcast
     if (!added) {
-      this.logger.warn(`Dropping checkpoint attestation due to cap`, {
+      this.logger.warn(`Rejecting checkpoint attestation due to cap`, {
         slot: slot.toString(),
         archive: attestation.archive.toString(),
         source: peerId.toString(),
         attester: attestation.getSender()?.toString(),
         count,
       });
-      return { result: TopicValidatorResult.Ignore, obj: attestation };
+      return { result: TopicValidatorResult.Reject, severity: PeerErrorSeverity.HighToleranceError };
     }
 
     // Check if this is a duplicate attestation (signer attested to a different proposal at the same slot)
@@ -1134,8 +1202,7 @@ export class LibP2PService extends WithTracer implements P2PService {
 
     if (validationResult.result === 'reject') {
       this.logger.warn(`Penalizing peer ${peerId} for block proposal validation failure`);
-      this.peerManager.penalizePeer(peerId, validationResult.severity);
-      return { result: TopicValidatorResult.Reject };
+      return { result: TopicValidatorResult.Reject, severity: validationResult.severity };
     }
 
     if (validationResult.result === 'ignore') {
@@ -1159,7 +1226,6 @@ export class LibP2PService extends WithTracer implements P2PService {
 
     // Too many blocks received for this slot and index, penalize peer and do not re-broadcast
     if (!added) {
-      this.peerManager.penalizePeer(peerId, PeerErrorSeverity.HighToleranceError);
       this.logger.warn(`Penalizing peer for block proposal exceeding per-position cap`, {
         ...block.toBlockInfo(),
         indexWithinCheckpoint: block.indexWithinCheckpoint,
@@ -1167,7 +1233,11 @@ export class LibP2PService extends WithTracer implements P2PService {
         proposer: block.getSender()?.toString(),
         source: peerId.toString(),
       });
-      return { result: TopicValidatorResult.Reject, metadata: { isEquivocated } };
+      return {
+        result: TopicValidatorResult.Reject,
+        metadata: { isEquivocated },
+        severity: PeerErrorSeverity.HighToleranceError,
+      };
     }
 
     // If this was a duplicate proposal, do not process it, but do invoke the duplicate callback,
@@ -1260,8 +1330,7 @@ export class LibP2PService extends WithTracer implements P2PService {
 
     if (validationResult.result === 'reject') {
       this.logger.warn(`Penalizing peer ${peerId} for checkpoint proposal validation failure`);
-      this.peerManager.penalizePeer(peerId, validationResult.severity);
-      return { result: TopicValidatorResult.Reject };
+      return { result: TopicValidatorResult.Reject, severity: validationResult.severity };
     }
 
     if (validationResult.result === 'ignore') {
@@ -1276,20 +1345,21 @@ export class LibP2PService extends WithTracer implements P2PService {
         [Attributes.SLOT_NUMBER]: checkpoint.slotNumber.toString(),
         [Attributes.P2P_ID]: peerId.toString(),
       });
-      const {
-        result,
-        obj,
-        metadata: { isEquivocated } = {},
-      } = await this.validateAndStoreBlockProposal(peerId, blockProposal);
-      if (result === TopicValidatorResult.Reject || !obj || isEquivocated) {
+      const blockProposalResult = await this.validateAndStoreBlockProposal(peerId, blockProposal);
+      const { obj, metadata: { isEquivocated } = {} } = blockProposalResult;
+      if (blockProposalResult.result === TopicValidatorResult.Reject || !obj || isEquivocated) {
         this.logger.debug(`Rejecting checkpoint due to invalid last block proposal`, {
           [Attributes.SLOT_NUMBER]: checkpoint.slotNumber.toString(),
           [Attributes.P2P_ID]: peerId.toString(),
           isEquivocated,
-          result,
+          result: blockProposalResult.result,
         });
-        return { result: TopicValidatorResult.Reject };
-      } else if (result === TopicValidatorResult.Accept && obj && !isEquivocated) {
+        return {
+          result: TopicValidatorResult.Reject,
+          severity:
+            'severity' in blockProposalResult ? blockProposalResult.severity : PeerErrorSeverity.MidToleranceError,
+        };
+      } else if (blockProposalResult.result === TopicValidatorResult.Accept && obj && !isEquivocated) {
         processBlock = true;
       }
     }
@@ -1316,13 +1386,17 @@ export class LibP2PService extends WithTracer implements P2PService {
     // Too many checkpoint proposals received for this slot, penalize peer and do not re-broadcast
     // Note: We still return the checkpoint obj so the lastBlock can be processed if valid
     if (!added) {
-      this.peerManager.penalizePeer(peerId, PeerErrorSeverity.HighToleranceError);
       this.logger.warn(`Penalizing peer for checkpoint proposal exceeding per-slot cap`, {
         ...checkpoint.toCheckpointInfo(),
         count,
         source: peerId.toString(),
       });
-      return { result: TopicValidatorResult.Reject, obj: checkpoint, metadata: { isEquivocated, processBlock } };
+      return {
+        result: TopicValidatorResult.Reject,
+        obj: checkpoint,
+        metadata: { isEquivocated, processBlock },
+        severity: PeerErrorSeverity.HighToleranceError,
+      };
     }
 
     // If this was a duplicate proposal, do not process it, but do invoke the duplicate callback,

package/src/services/peer-manager/peer_manager.ts

@@ -226,20 +226,30 @@ export class PeerManager implements PeerManagerInterface {
   }
 
   /**
-   * Cleans up expired timeouts.
+   * Cleans up expired timeouts and stale failed-auth-handshake entries.
    *
    * When peers fail to dial after a number of retries, they are temporarily timed out.
    * This function removes any peers that have been in the timed out state for too long.
    * To give them a chance to reconnect.
+   *
+   * Also evicts entries from the failed-auth-handshake map whose expiry window has passed.
+   * Without this, peers that probe once and never reconnect would leave their entries in the
+   * map forever, causing an unbounded memory leak.
    */
   private cleanupExpiredTimeouts() {
-    // Clean up expired timeouts
     const now = this.dateProvider.now();
+
     for (const [peerId, timedOutPeer] of this.timedOutPeers.entries()) {
       if (now >= timedOutPeer.timeoutUntilMs) {
         this.timedOutPeers.delete(peerId);
       }
     }
+
+    for (const [id, entry] of this.failedAuthHandshakes.entries()) {
+      if (now - entry.lastFailureTimestamp > FAILED_AUTH_HANDSHAKE_EXPIRY_MS) {
+        this.failedAuthHandshakes.delete(id);
+      }
+    }
   }
 
   /**
@@ -303,15 +313,20 @@ export class PeerManager implements PeerManagerInterface {
    */
   private handleDisconnectedPeerEvent(e: CustomEvent<PeerId>) {
     const peerId = e.detail;
+    const peerIdStr = peerId.toString();
     this.metrics.peerDisconnected(peerId);
-    this.logger.verbose(`Disconnected from peer ${peerId.toString()}`);
-    const validatorAddress = this.authenticatedPeerIdToValidatorAddress.get(peerId.toString());
+    this.logger.verbose(`Disconnected from peer ${peerIdStr}`);
+    const validatorAddress = this.authenticatedPeerIdToValidatorAddress.get(peerIdStr);
     if (validatorAddress !== undefined) {
       this.logger.info(
-        `Removing authentication for validator ${validatorAddress} at peer id ${peerId.toString()} due to disconnection`,
+        `Removing authentication for validator ${validatorAddress} at peer id ${peerIdStr} due to disconnection`,
       );
       this.authenticatedValidatorAddressToPeerId.delete(validatorAddress.toString());
-      this.authenticatedPeerIdToValidatorAddress.delete(peerId.toString());
+      this.authenticatedPeerIdToValidatorAddress.delete(peerIdStr);
+    }
+
+    if (this.peerScoring.getScoreState(peerIdStr) === PeerScoreState.Healthy) {
+      this.peerScoring.removePeer(peerIdStr);
     }
   }
 

package/src/services/peer-manager/peer_scoring.ts

@@ -1,5 +1,6 @@
 import { median } from '@aztec/foundation/collection';
 import { createLogger } from '@aztec/foundation/log';
+import { DateProvider } from '@aztec/foundation/timer';
 import { PeerErrorSeverity } from '@aztec/stdlib/p2p';
 import {
   Attributes,
@@ -54,6 +55,7 @@ export enum PeerScoreState {
 // TODO: move into config / constants
 const MIN_SCORE_BEFORE_BAN = -100;
 const MIN_SCORE_BEFORE_DISCONNECT = -50;
+const SCORE_CLEANUP_THRESHOLD = 0.1;
 
 export class PeerScoring {
   private logger = createLogger('p2p:peer-scoring');
@@ -65,7 +67,11 @@ export class PeerScoring {
 
   private peerStateCounter: UpDownCounter;
 
-  constructor(config: P2PConfig, telemetry: TelemetryClient = getTelemetryClient()) {
+  constructor(
+    config: P2PConfig,
+    telemetry: TelemetryClient = getTelemetryClient(),
+    private readonly dateProvider: DateProvider = new DateProvider(),
+  ) {
     const orderedValues = config.peerPenaltyValues?.sort((a, b) => a - b);
     this.peerPenalties = {
       [PeerErrorSeverity.HighToleranceError]:
@@ -92,7 +98,7 @@ export class PeerScoring {
   }
 
   updateScore(peerId: string, scoreDelta: number): number {
-    const currentTime = Date.now();
+    const currentTime = this.dateProvider.now();
     const lastUpdate = this.lastUpdateTime.get(peerId) || currentTime;
     const timePassed = currentTime - lastUpdate;
     const decayPeriods = Math.floor(timePassed / this.decayInterval);
@@ -111,19 +117,29 @@ export class PeerScoring {
   }
 
   decayAllScores(): void {
-    const currentTime = Date.now();
+    const currentTime = this.dateProvider.now();
     for (const [peerId, lastUpdate] of this.lastUpdateTime.entries()) {
       const timePassed = currentTime - lastUpdate;
       const decayPeriods = Math.floor(timePassed / this.decayInterval);
       if (decayPeriods > 0) {
         let score = this.scores.get(peerId) || 0;
         score *= Math.pow(this.decayFactor, decayPeriods);
-        this.scores.set(peerId, score);
-        this.lastUpdateTime.set(peerId, currentTime);
+        if (Math.abs(score) < SCORE_CLEANUP_THRESHOLD) {
+          this.scores.delete(peerId);
+          this.lastUpdateTime.delete(peerId);
+        } else {
+          this.scores.set(peerId, score);
+          this.lastUpdateTime.set(peerId, currentTime);
+        }
       }
     }
   }
 
+  removePeer(peerId: string): void {
+    this.scores.delete(peerId);
+    this.lastUpdateTime.delete(peerId);
+  }
+
   getScore(peerId: string): number {
     return this.scores.get(peerId) || 0;
   }

package/src/services/reqresp/batch-tx-requester/batch_tx_requester.ts

@@ -514,6 +514,9 @@ export class BatchTxRequester {
     });
 
     if (hasInvalidTx) {
+      this.logger.warn(`Penalizing peer ${peerId.toString()} for sending invalid transactions in batch response`, {
+        peerId,
+      });
       this.peers.penalisePeer(peerId, PeerErrorSeverity.LowToleranceError);
     } else {
       // If we have received successful response from the peer, they have "redeemed" themselves and not considered bad anymore

package/src/services/reqresp/rate-limiter/rate_limiter.ts

@@ -97,9 +97,10 @@ export function prettyPrintRateLimitStatus(status: RateLimitStatus) {
  * 2. Individual rate limits for each peer.
  *
  * How it works:
- * - When a request comes in, it first checks against the global rate limit.
- * - If the global limit allows, it then checks against the specific peer's rate limit.
- * - The request is only allowed if both the global and peer-specific limits allow it.
+ * - When a request comes in, it first checks against the peer's individual rate limit.
+ * - If the peer limit allows, it then checks against the global rate limit.
+ * - The request is only allowed if both the peer-specific and global limits allow it.
+ * - Checking peer limit first ensures a rate-limited peer cannot exhaust the global quota.
  * - It automatically creates and manages rate limiters for new peers as they make requests.
  * - It periodically cleans up rate limiters for inactive peers to conserve memory.
  *
@@ -119,10 +120,6 @@ export class SubProtocolRateLimiter {
   }
 
   allow(peerId: PeerId): RateLimitStatus {
-    if (!this.globalLimiter.allow()) {
-      return RateLimitStatus.DeniedGlobal;
-    }
-
     const peerIdStr = peerId.toString();
     let peerLimiter: PeerRateLimiter | undefined = this.peerLimiters.get(peerIdStr);
     if (!peerLimiter) {
@@ -135,10 +132,17 @@ export class SubProtocolRateLimiter {
     } else {
       peerLimiter.lastAccess = Date.now();
     }
-    const peerLimitAllowed = peerLimiter.limiter.allow();
-    if (!peerLimitAllowed) {
+
+    // Check peer limit first: a rate-limited peer must not consume global quota,
+    // otherwise one spamming peer can starve all others by exhausting the global bucket.
+    if (!peerLimiter.limiter.allow()) {
       return RateLimitStatus.DeniedPeer;
     }
+
+    if (!this.globalLimiter.allow()) {
+      return RateLimitStatus.DeniedGlobal;
+    }
+
     return RateLimitStatus.Allowed;
   }
 

package/src/services/service.ts

@@ -196,6 +196,13 @@ export interface PeerDiscoveryService extends EventEmitter {
   on(event: 'peer:discovered', listener: (enr: ENR) => void): this;
   emit(event: 'peer:discovered', enr: ENR): boolean;
 
+  /**
+   * Event emitted when our public IP is discovered or changes via discv5 peer interactions.
+   * Only emitted when enrUpdate is enabled (i.e. queryForIp=true and no static p2pIp).
+   */
+  on(event: 'ip:changed', listener: (ip: string) => void): this;
+  emit(event: 'ip:changed', ip: string): boolean;
+
   getStatus(): PeerDiscoveryState;
 
   getEnr(): ENR | undefined;

package/src/services/tx_collection/file_store_tx_source.ts

@@ -1,7 +1,8 @@
+import { partitionAsync } from '@aztec/foundation/collection';
 import { type Logger, createLogger } from '@aztec/foundation/log';
 import { Timer } from '@aztec/foundation/timer';
 import { type ReadOnlyFileStore, createReadOnlyFileStore } from '@aztec/stdlib/file-store';
-import { Tx, type TxHash } from '@aztec/stdlib/tx';
+import { Tx, type TxHash, type TxValidator } from '@aztec/stdlib/tx';
 import {
   type Histogram,
   Metrics,
@@ -23,6 +24,7 @@ export class FileStoreTxSource implements TxSource {
     private readonly fileStore: ReadOnlyFileStore,
     private readonly baseUrl: string,
     private readonly basePath: string,
+    private readonly txValidator: TxValidator,
     private readonly log: Logger,
     telemetry: TelemetryClient,
   ) {
@@ -44,6 +46,7 @@ export class FileStoreTxSource implements TxSource {
   public static async create(
     url: string,
     basePath: string,
+    txValidator: TxValidator,
     log: Logger = createLogger('p2p:file_store_tx_source'),
     telemetry: TelemetryClient = getTelemetryClient(),
   ): Promise<FileStoreTxSource | undefined> {
@@ -53,7 +56,7 @@ export class FileStoreTxSource implements TxSource {
         log.warn(`Failed to create file store for URL: ${url}`);
         return undefined;
       }
-      return new FileStoreTxSource(fileStore, url, basePath, log, telemetry);
+      return new FileStoreTxSource(fileStore, url, basePath, txValidator, log, telemetry);
     } catch (err) {
       log.warn(`Error creating file store for URL: ${url}`, { error: err });
       return undefined;
@@ -65,35 +68,41 @@ export class FileStoreTxSource implements TxSource {
   }
 
   public async getTxsByHash(txHashes: TxHash[]): Promise<TxSourceCollectionResult> {
-    const invalidTxHashes: string[] = [];
+    const results = await Promise.all(
+      txHashes.map(async txHash => {
+        const path = `${this.basePath}/txs/${txHash.toString()}.bin`;
+        const timer = new Timer();
+        try {
+          const buffer = await this.fileStore.read(path);
+          const tx = Tx.fromBuffer(buffer);
+          return { tx, downloadDuration: timer.ms(), downloadSize: buffer.length };
+        } catch {
+          this.downloadsFailed.add(1);
+          return undefined;
+        }
+      }),
+    );
+
+    const txs = results.filter(tx => tx !== undefined);
+    const [validTxs, invalidTxs] = await partitionAsync(
+      txs,
+      async ({ tx, downloadDuration, downloadSize }): Promise<boolean> => {
+        const valid = await this.txValidator.validateTx(tx);
+        if (valid.result === 'valid') {
+          this.downloadsSuccess.add(1);
+          this.downloadDuration.record(Math.ceil(downloadDuration));
+          this.downloadSize.record(downloadSize);
+          return true;
+        } else {
+          this.downloadsFailed.add(1);
+          return false;
+        }
+      },
+    );
+
     return {
-      validTxs: (
-        await Promise.all(
-          txHashes.map(async txHash => {
-            const path = `${this.basePath}/txs/${txHash.toString()}.bin`;
-            const timer = new Timer();
-            try {
-              const buffer = await this.fileStore.read(path);
-              const tx = Tx.fromBuffer(buffer);
-              if ((await tx.validateTxHash()) && txHash.equals(tx.txHash)) {
-                this.downloadsSuccess.add(1);
-                this.downloadDuration.record(Math.ceil(timer.ms()));
-                this.downloadSize.record(buffer.length);
-                return tx;
-              } else {
-                invalidTxHashes.push(tx.txHash.toString());
-                this.downloadsFailed.add(1);
-                return undefined;
-              }
-            } catch {
-              // Tx not found or error reading - return undefined
-              this.downloadsFailed.add(1);
-              return undefined;
-            }
-          }),
-        )
-      ).filter(tx => tx !== undefined),
-      invalidTxHashes: invalidTxHashes,
+      validTxs: validTxs.map(({ tx }) => tx),
+      invalidTxHashes: invalidTxs.map(({ tx }) => tx.getTxHash().toString()),
     };
   }
 }
@@ -109,9 +118,12 @@ export class FileStoreTxSource implements TxSource {
 export async function createFileStoreTxSources(
   urls: string[],
   basePath: string,
+  txValidator: TxValidator,
   log: Logger = createLogger('p2p:file_store_tx_source'),
   telemetry: TelemetryClient = getTelemetryClient(),
 ): Promise<FileStoreTxSource[]> {
-  const sources = await Promise.all(urls.map(url => FileStoreTxSource.create(url, basePath, log, telemetry)));
+  const sources = await Promise.all(
+    urls.map(url => FileStoreTxSource.create(url, basePath, txValidator, log, telemetry)),
+  );
   return sources.filter((s): s is FileStoreTxSource => s !== undefined);
 }