@aztec/p2p 0.0.1-commit.858058eac → 0.0.1-commit.85d7d01

package/src/msg_validators/tx_validator/README.md

@@ -0,0 +1,115 @@
+# Transaction Validation
+
+This module defines the transaction validators and the factory functions that assemble them for each entry point into the system.
+
+## Validation Strategy
+
+Transactions enter the system through different paths. **Unsolicited** transactions (gossip and RPC) are fully validated before acceptance. **Solicited** transactions (req/resp and block proposals) are only checked for well-formedness because we must store them for block re-execution — they may ultimately be invalid, which is caught during block building and reported as part of block validation/attestation.
+
+When solicited transactions fail to be mined, they may be migrated to the pending pool. At that point, the pool runs the state-dependent checks that were skipped on initial receipt.
+
+## Entry Points
+
+### 1. Gossip (libp2p pubsub)
+
+**Factory**: `createFirstStageTxValidationsForGossipedTransactions` + `createSecondStageTxValidationsForGossipedTransactions`
+**Called from**: `LibP2PService.handleGossipedTx()` in `libp2p_service.ts`
+
+Unsolicited transactions from any peer. Fully validated in two stages with a pool pre-check in between to avoid wasting CPU on proof verification for transactions the pool would reject:
+
+| Step | What runs | On failure |
+|------|-----------|------------|
+| **Stage 1** (fast) | TxPermitted, Data, Metadata, Timestamp, DoubleSpend, Gas, Phases, BlockHeader | Penalize peer, reject tx |
+| **Pool pre-check** | `canAddPendingTx` — checks for duplicates, pool capacity | Ignore tx (no penalty) |
+| **Stage 2** (slow) | Proof verification | Penalize peer, reject tx |
+| **Pool add** | `addPendingTxs` | Accept, ignore, or reject |
+
+Each stage-1 and stage-2 validator is paired with a `PeerErrorSeverity`. If a validator fails, the sending peer is penalized with that severity. The `doubleSpendValidator` has special handling: its severity is determined by how recently the nullifier appeared (recent = high tolerance, old = low tolerance).
+
+### 2. JSON-RPC
+
+**Factory**: `createTxValidatorForAcceptingTxsOverRPC`
+**Called from**: `AztecNodeService.isValidTx()` in `aztec-node/server.ts`
+
+Unsolicited transactions from a local wallet/PXE. Runs the full set of checks as a single aggregate validator:
+
+- TxPermitted, Size, Data, Metadata, Timestamp, DoubleSpend, Phases, BlockHeader
+- Gas (optional — skipped when `skipFeeEnforcement` is set)
+- Proof verification (optional — skipped for simulations when no verifier is provided)
+
+### 3. Req/resp and block proposals
+
+**Factories**: `createTxValidatorForReqResponseReceivedTxs`, `createTxValidatorForBlockProposalReceivedTxs`
+**Called from**: `LibP2PService.validateRequestedTx()`, `LibP2PService.validateTxsReceivedInBlockProposal()`, and `BatchRequestTxValidator` in `batch-tx-requester/tx_validator.ts`
+
+Solicited transactions — we requested these from peers or received them as part of a block proposal we need to validate. We must accept them for re-execution even if they are invalid against the current state. Only well-formedness is checked:
+
+- Metadata, Size, Data, Proof
+
+State-dependent checks are deferred to either the block building validator (for txs included in blocks) or the pending pool migration validator (for unmined txs migrating to pending).
+
+### 4. Block building
+
+**Factory**: `createTxValidatorForBlockBuilding`
+**Called from**: `CheckpointBuilder.makeBlockBuilderDeps()` in `validator-client/checkpoint_builder.ts`
+
+Transactions already in the pool, about to be sequenced into a block. Re-validates against the current state of the block being built. **This is where invalid txs that entered via req/resp or block proposals are caught** — their invalidity is reported as part of block validation/attestation.
+
+Runs:
+- Timestamp, DoubleSpend, Phases, Gas, BlockHeader
+
+Does **not** run:
+- Proof, Data — already verified on entry (by gossip, RPC, or req/resp validators)
+
+### 5. Pending pool migration
+
+**Factory**: `createTxValidatorForTransactionsEnteringPendingTxPool`
+**Called from**: `TxPoolV2Impl` (injected as the `createTxValidator` factory via `TxPoolV2Dependencies`)
+
+When transactions that arrived via req/resp or block proposals fail to be mined, they may need to be included in our pending pool. These txs only had well-formedness checks on receipt, so the pool runs the state-dependent checks they missed before accepting them.
+
+This validator is invoked on **every** transaction potentially entering the pending pool:
+- `addPendingTxs` — validating each tx before adding
+- `prepareForSlot` — unprotecting txs back to pending after a slot ends
+- `handlePrunedBlocks` — unmining txs from pruned blocks back to pending
+- Startup hydration — revalidating persisted non-mined txs on node restart
+
+Runs:
+- DoubleSpend, BlockHeader, GasLimits, Timestamp
+
+Operates on `TxMetaData` (pre-built by the pool) rather than full `Tx` objects.
+
+## Individual Validators
+
+| Validator | What it checks | Benchmarked verification duration |
+|-----------|---------------|---------------|
+| `TxPermittedValidator` | Whether the system is accepting transactions (controlled by config flag) | 1.56 us |
+| `DataTxValidator` | Transaction data integrity — correct structure, non-empty fields | 4.10–18.18 ms |
+| `SizeTxValidator` | Transaction does not exceed maximum size limits | 2.28 us |
+| `MetadataTxValidator` | Chain ID, rollup version, protocol contracts hash, VK tree root | 4.18 us |
+| `TimestampTxValidator` | Transaction has not expired (expiration timestamp vs next slot) | 1.56 us |
+| `DoubleSpendTxValidator` | Nullifiers do not already exist in the nullifier tree | 106.08 us |
+| `GasTxValidator` | Gas limits are within bounds (delegates to `GasLimitsValidator`), max fee per gas meets current block fees, and fee payer has sufficient FeeJuice balance | 1.02 ms |
+| `GasLimitsValidator` | Gas limits are >= fixed minimums and <= AVM max processable L2 gas. Used standalone in pool migration; also called internally by `GasTxValidator` | 3–10 us |
+| `PhasesTxValidator` | Public function calls in setup phase are on the allow list | 10.12–13.12 us |
+| `BlockHeaderTxValidator` | Transaction's anchor block hash exists in the archive tree | 98.88 us |
+| `TxProofValidator` | Client proof verifies correctly | ~250ms |
+
+## Validator Coverage by Entry Point
+
+| Validator | Gossip | RPC | Req/resp | Block building | Pool migration |
+|-----------|--------|-----|----------|----------------|----------------|
+| TxPermitted | Stage 1 | Yes | — | — | — |
+| Data | Stage 1 | Yes | Yes | — | — |
+| Size | — | Yes | Yes | — | — |
+| Metadata | Stage 1 | Yes | Yes | — | — |
+| Timestamp | Stage 1 | Yes | — | Yes | Yes |
+| DoubleSpend | Stage 1 | Yes | — | Yes | Yes |
+| Gas (balance + limits) | Stage 1 | Optional* | — | Yes | — |
+| GasLimits (standalone) | — | — | — | — | Yes |
+| Phases | Stage 1 | Yes | — | Yes | — |
+| BlockHeader | Stage 1 | Yes | — | Yes | Yes |
+| Proof | Stage 2 | Optional** | Yes | — | — |
+
+\* Gas balance check is skipped when `skipFeeEnforcement` is set (testing/dev). `GasTxValidator` internally delegates to `GasLimitsValidator` as its first step, so gas limits are checked wherever `GasTxValidator` runs. Pool migration uses `GasLimitsValidator` standalone because it doesn't need the balance or fee-per-gas checks.
+\** Proof verification is skipped for simulations (no verifier provided).

package/src/msg_validators/tx_validator/aggregate_tx_validator.ts

@@ -1,18 +1,18 @@
 import type { TxValidationResult, TxValidator } from '@aztec/stdlib/tx';
 
 export class AggregateTxValidator<T> implements TxValidator<T> {
-  #validators: TxValidator<T>[];
+  readonly validators: TxValidator<T>[];
   constructor(...validators: TxValidator<T>[]) {
     if (validators.length === 0) {
       throw new Error('At least one validator must be provided');
     }
 
-    this.#validators = validators;
+    this.validators = validators;
   }
 
   async validateTx(tx: T): Promise<TxValidationResult> {
     const aggregate: { result: string; reason?: string[] } = { result: 'valid', reason: [] };
-    for (const validator of this.#validators) {
+    for (const validator of this.validators) {
       const result = await validator.validateTx(tx);
       if (result.result === 'invalid') {
         aggregate.result = 'invalid';

package/src/msg_validators/tx_validator/factory.ts

@@ -1,41 +1,91 @@
+/**
+ * Transaction validator factories for each tx entry point.
+ *
+ * Unsolicited transactions (gossip and RPC) are fully validated before acceptance.
+ * Transactions received via req/resp or block proposals are only checked for
+ * well-formedness because we must include them for block re-execution — they may
+ * ultimately be invalid, which is caught during block building and reported as
+ * part of block validation/attestation. See the README in this directory for the
+ * full validation strategy.
+ *
+ * 1. **Gossip** — full validation in two stages with a pool pre-check in between.
+ *    Stage 1 (fast): metadata, data, timestamps, double-spend, gas, phases, block header.
+ *    Pool pre-check: `canAddPendingTx` — skips proof verification if pool would reject.
+ *    Stage 2 (slow): proof verification.
+ *    Orchestrated by `handleGossipedTx` in `libp2p_service.ts`.
+ *
+ * 2. **JSON-RPC** — full validation including all state-dependent checks.
+ *    Proof verification and fee enforcement are configurable for testing purposes.
+ *
+ * 3. **Req/resp & block proposals** — well-formedness checks only (metadata, size,
+ *    data, proof). Stored for re-execution; validity against state is not checked here.
+ *
+ * 4. **Block building** — re-validates against current state immediately before
+ *    sequencing. Catches invalid txs that entered via req/resp or block proposals.
+ *    Proof and data checks are skipped since they were verified on entry.
+ *
+ * 5. **Pending pool migration** — when unmined txs (e.g. from req/resp or block
+ *    proposals) are migrated to the pending pool, the pool runs the state-dependent
+ *    checks they missed: double-spend, block header, gas limits, and timestamps.
+ *    This runs on every tx potentially entering the pending pool.
+ */
 import { BlockNumber } from '@aztec/foundation/branded-types';
 import { Fr } from '@aztec/foundation/curves/bn254';
 import type { LoggerBindings } from '@aztec/foundation/log';
 import { getVKTreeRoot } from '@aztec/noir-protocol-circuits-types/vk-tree';
 import { ProtocolContractAddress, protocolContractsHash } from '@aztec/protocol-contracts';
+import type { BlockHash } from '@aztec/stdlib/block';
 import type { ContractDataSource } from '@aztec/stdlib/contract';
 import type { GasFees } from '@aztec/stdlib/gas';
 import type {
   AllowedElement,
   ClientProtocolCircuitVerifier,
+  MerkleTreeReadOperations,
+  PublicProcessorValidator,
   WorldStateSynchronizer,
 } from '@aztec/stdlib/interfaces/server';
 import { PeerErrorSeverity } from '@aztec/stdlib/p2p';
-import { DatabasePublicStateSource, MerkleTreeId } from '@aztec/stdlib/trees';
-import type { Tx, TxValidationResult, TxValidator } from '@aztec/stdlib/tx';
+import { DatabasePublicStateSource, MerkleTreeId, type PublicStateSource } from '@aztec/stdlib/trees';
+import type { GlobalVariables, Tx, TxValidationResult, TxValidator } from '@aztec/stdlib/tx';
 import type { UInt64 } from '@aztec/stdlib/types';
 
+import type { TxMetaData } from '../../mem_pools/tx_pool_v2/tx_metadata.js';
 import { AggregateTxValidator } from './aggregate_tx_validator.js';
 import { ArchiveCache } from './archive_cache.js';
-import { BlockHeaderTxValidator } from './block_header_validator.js';
+import { type ArchiveSource, BlockHeaderTxValidator } from './block_header_validator.js';
 import { DataTxValidator } from './data_validator.js';
-import { DoubleSpendTxValidator } from './double_spend_validator.js';
-import { GasTxValidator } from './gas_validator.js';
+import { DoubleSpendTxValidator, type NullifierSource } from './double_spend_validator.js';
+import { GasLimitsValidator, GasTxValidator } from './gas_validator.js';
 import { MetadataTxValidator } from './metadata_validator.js';
+import { NullifierCache } from './nullifier_cache.js';
 import { PhasesTxValidator } from './phases_validator.js';
 import { SizeTxValidator } from './size_validator.js';
 import { TimestampTxValidator } from './timestamp_validator.js';
 import { TxPermittedValidator } from './tx_permitted_validator.js';
 import { TxProofValidator } from './tx_proof_validator.js';
 
-export interface MessageValidator {
+/**
+ * A validator paired with a peer penalty severity.
+ * Used for gossip validation where each validator's failure triggers a peer penalization
+ * with the associated severity level.
+ */
+export interface TransactionValidator {
   validator: {
     validateTx(tx: Tx): Promise<TxValidationResult>;
   };
   severity: PeerErrorSeverity;
 }
 
-export function createTxMessageValidators(
+/**
+ * First stage of gossip validation — fast checks run before the pool pre-check.
+ *
+ * If any validator fails, the peer is penalized and the tx is rejected immediately,
+ * without consulting the pool or running proof verification.
+ *
+ * The `doubleSpendValidator` failure is special-cased by the caller (`handleGossipedTx`)
+ * to determine severity based on how recently the nullifier appeared.
+ */
+export function createFirstStageTxValidationsForGossipedTransactions(
   timestamp: UInt64,
   blockNumber: BlockNumber,
   worldStateSynchronizer: WorldStateSynchronizer,
@@ -44,86 +94,106 @@ export function createTxMessageValidators(
   rollupVersion: number,
   protocolContractsHash: Fr,
   contractDataSource: ContractDataSource,
-  proofVerifier: ClientProtocolCircuitVerifier,
   txsPermitted: boolean,
   allowedInSetup: AllowedElement[] = [],
   bindings?: LoggerBindings,
-): Record<string, MessageValidator>[] {
+): Record<string, TransactionValidator> {
   const merkleTree = worldStateSynchronizer.getCommitted();
 
-  return [
-    {
-      txsPermittedValidator: {
-        validator: new TxPermittedValidator(txsPermitted, bindings),
-        severity: PeerErrorSeverity.MidToleranceError,
-      },
-      dataValidator: {
-        validator: new DataTxValidator(bindings),
-        severity: PeerErrorSeverity.HighToleranceError,
-      },
-      metadataValidator: {
-        validator: new MetadataTxValidator(
-          {
-            l1ChainId: new Fr(l1ChainId),
-            rollupVersion: new Fr(rollupVersion),
-            protocolContractsHash,
-            vkTreeRoot: getVKTreeRoot(),
-          },
-          bindings,
-        ),
-        severity: PeerErrorSeverity.HighToleranceError,
-      },
-      timestampValidator: {
-        validator: new TimestampTxValidator<Tx>(
-          {
-            timestamp,
-            blockNumber,
-          },
-          bindings,
-        ),
-        severity: PeerErrorSeverity.MidToleranceError,
-      },
-      doubleSpendValidator: {
-        validator: new DoubleSpendTxValidator(
-          {
-            nullifiersExist: async (nullifiers: Buffer[]) => {
-              const merkleTree = worldStateSynchronizer.getCommitted();
-              const indices = await merkleTree.findLeafIndices(MerkleTreeId.NULLIFIER_TREE, nullifiers);
-              return indices.map(index => index !== undefined);
-            },
+  return {
+    timestampValidator: {
+      validator: new TimestampTxValidator<Tx>(
+        {
+          timestamp,
+          blockNumber,
+        },
+        bindings,
+      ),
+      severity: PeerErrorSeverity.HighToleranceError,
+    },
+    txsPermittedValidator: {
+      validator: new TxPermittedValidator(txsPermitted, bindings),
+      severity: PeerErrorSeverity.MidToleranceError,
+    },
+    txSizeValidator: {
+      validator: new SizeTxValidator(bindings),
+      severity: PeerErrorSeverity.MidToleranceError,
+    },
+    metadataValidator: {
+      validator: new MetadataTxValidator(
+        {
+          l1ChainId: new Fr(l1ChainId),
+          rollupVersion: new Fr(rollupVersion),
+          protocolContractsHash,
+          vkTreeRoot: getVKTreeRoot(),
+        },
+        bindings,
+      ),
+      severity: PeerErrorSeverity.MidToleranceError,
+    },
+    phasesValidator: {
+      validator: new PhasesTxValidator(contractDataSource, allowedInSetup, timestamp, bindings),
+      severity: PeerErrorSeverity.MidToleranceError,
+    },
+    blockHeaderValidator: {
+      validator: new BlockHeaderTxValidator(new ArchiveCache(merkleTree), bindings),
+      severity: PeerErrorSeverity.HighToleranceError,
+    },
+    doubleSpendValidator: {
+      validator: new DoubleSpendTxValidator(
+        {
+          nullifiersExist: async (nullifiers: Buffer[]) => {
+            const merkleTree = worldStateSynchronizer.getCommitted();
+            const indices = await merkleTree.findLeafIndices(MerkleTreeId.NULLIFIER_TREE, nullifiers);
+            return indices.map(index => index !== undefined);
           },
-          bindings,
-        ),
-        severity: PeerErrorSeverity.HighToleranceError,
-      },
-      gasValidator: {
-        validator: new GasTxValidator(
-          new DatabasePublicStateSource(merkleTree),
-          ProtocolContractAddress.FeeJuice,
-          gasFees,
-          bindings,
-        ),
-        severity: PeerErrorSeverity.HighToleranceError,
-      },
-      phasesValidator: {
-        validator: new PhasesTxValidator(contractDataSource, allowedInSetup, timestamp, bindings),
-        severity: PeerErrorSeverity.MidToleranceError,
-      },
-      blockHeaderValidator: {
-        validator: new BlockHeaderTxValidator(new ArchiveCache(merkleTree), bindings),
-        severity: PeerErrorSeverity.HighToleranceError,
-      },
+        },
+        bindings,
+      ),
+      severity: PeerErrorSeverity.MidToleranceError, // This is handled specifically at the point of rejection by considering a recent window where it may have been valid
     },
-    {
-      proofValidator: {
-        validator: new TxProofValidator(proofVerifier, bindings),
-        severity: PeerErrorSeverity.MidToleranceError,
-      },
+    gasValidator: {
+      validator: new GasTxValidator(
+        new DatabasePublicStateSource(merkleTree),
+        ProtocolContractAddress.FeeJuice,
+        gasFees,
+        bindings,
+      ),
+      severity: PeerErrorSeverity.MidToleranceError,
     },
-  ];
+    dataValidator: {
+      validator: new DataTxValidator(bindings),
+      severity: PeerErrorSeverity.MidToleranceError,
+    },
+  };
 }
 
-export function createTxReqRespValidator(
+/**
+ * Second stage of gossip validation — expensive proof verification.
+ *
+ * Only runs after the first stage passes AND `canAddPendingTx` confirms the pool would
+ * accept the tx. This avoids wasting CPU on proof verification for txs the pool would reject
+ * (e.g., duplicates, insufficient balance, pool full).
+ */
+export function createSecondStageTxValidationsForGossipedTransactions(
+  proofVerifier: ClientProtocolCircuitVerifier,
+  bindings?: LoggerBindings,
+): Record<string, TransactionValidator> {
+  return {
+    proofValidator: {
+      validator: new TxProofValidator(proofVerifier, bindings),
+      severity: PeerErrorSeverity.LowToleranceError,
+    },
+  };
+}
+
+/**
+ * Well-formedness checks only: metadata, size, data, and proof.
+ * Used for req/resp and block proposal txs. These txs must be accepted for block
+ * re-execution even though they may be invalid against current state — that is
+ * caught later by the block building validator.
+ */
+function createTxValidatorForMinimumTxIntegrityChecks(
   verifier: ClientProtocolCircuitVerifier,
   {
     l1ChainId,
@@ -149,3 +219,209 @@ export function createTxReqRespValidator(
     new TxProofValidator(verifier, bindings),
   );
 }
+
+/**
+ * Validators for txs received via req/resp or filestores.
+ * Checks well-formedness only — we must accept these for re-execution even if they
+ * are invalid against current state. State-dependent checks happen when the tx
+ * enters the pending pool or during block building.
+ */
+export function createTxValidatorForReqResponseReceivedTxs(
+  verifier: ClientProtocolCircuitVerifier,
+  {
+    l1ChainId,
+    rollupVersion,
+  }: {
+    l1ChainId: number;
+    rollupVersion: number;
+  },
+  bindings?: LoggerBindings,
+): TxValidator {
+  return createTxValidatorForMinimumTxIntegrityChecks(verifier, { l1ChainId, rollupVersion }, bindings);
+}
+
+/**
+ * Validators for txs received in block proposals.
+ * Same as req/resp — well-formedness only. We must store these for block
+ * re-execution; their validity against state is checked during block building.
+ */
+export function createTxValidatorForBlockProposalReceivedTxs(
+  verifier: ClientProtocolCircuitVerifier,
+  {
+    l1ChainId,
+    rollupVersion,
+  }: {
+    l1ChainId: number;
+    rollupVersion: number;
+  },
+  bindings?: LoggerBindings,
+): TxValidator {
+  return createTxValidatorForMinimumTxIntegrityChecks(verifier, { l1ChainId, rollupVersion }, bindings);
+}
+
+/**
+ * Validators for unsolicited txs received over JSON-RPC (from a local wallet/PXE).
+ * Full validation — all state-dependent checks are run. Proof verification is optional
+ * (can be skipped for testing purposes). Fee enforcement is also optional (skipped for testing/dev).
+ * Called from `AztecNodeService.isValidTx()`.
+ */
+export function createTxValidatorForAcceptingTxsOverRPC(
+  db: MerkleTreeReadOperations,
+  contractDataSource: ContractDataSource,
+  verifier: ClientProtocolCircuitVerifier | undefined,
+  {
+    l1ChainId,
+    rollupVersion,
+    setupAllowList,
+    gasFees,
+    skipFeeEnforcement,
+    timestamp,
+    blockNumber,
+    txsPermitted,
+  }: {
+    l1ChainId: number;
+    rollupVersion: number;
+    setupAllowList: AllowedElement[];
+    gasFees: GasFees;
+    skipFeeEnforcement?: boolean;
+    timestamp: UInt64;
+    blockNumber: BlockNumber;
+    txsPermitted: boolean;
+  },
+  bindings?: LoggerBindings,
+): TxValidator<Tx> {
+  const validators: TxValidator<Tx>[] = [
+    new TxPermittedValidator(txsPermitted, bindings),
+    new TimestampTxValidator(
+      {
+        timestamp,
+        blockNumber,
+      },
+      bindings,
+    ),
+    new SizeTxValidator(bindings),
+    new MetadataTxValidator(
+      {
+        l1ChainId: new Fr(l1ChainId),
+        rollupVersion: new Fr(rollupVersion),
+        protocolContractsHash,
+        vkTreeRoot: getVKTreeRoot(),
+      },
+      bindings,
+    ),
+    new PhasesTxValidator(contractDataSource, setupAllowList, timestamp, bindings),
+    new BlockHeaderTxValidator(new ArchiveCache(db), bindings),
+    new DoubleSpendTxValidator(new NullifierCache(db), bindings),
+    new DataTxValidator(bindings),
+  ];
+
+  if (!skipFeeEnforcement) {
+    validators.push(
+      new GasTxValidator(new DatabasePublicStateSource(db), ProtocolContractAddress.FeeJuice, gasFees, bindings),
+    );
+  }
+
+  if (verifier) {
+    validators.push(new TxProofValidator(verifier, bindings));
+  }
+
+  return new AggregateTxValidator(...validators);
+}
+
+/**
+ * Validators for txs about to be included in a block by the sequencer.
+ * Re-validates against current state. This is where invalid txs that entered via
+ * req/resp or block proposals are caught — their invalidity is reported as part
+ * of block validation/attestation. Proof and data checks are omitted since they
+ * were already verified on entry.
+ * Called from `CheckpointBuilder.makeBlockBuilderDeps()`.
+ */
+export function createTxValidatorForBlockBuilding(
+  db: MerkleTreeReadOperations,
+  contractDataSource: ContractDataSource,
+  globalVariables: GlobalVariables,
+  setupAllowList: AllowedElement[],
+  bindings?: LoggerBindings,
+): PublicProcessorValidator {
+  const nullifierCache = new NullifierCache(db);
+  const archiveCache = new ArchiveCache(db);
+  const publicStateSource = new DatabasePublicStateSource(db);
+
+  return {
+    preprocessValidator: createTxValidatorForValidatingAgainstCurrentState(
+      nullifierCache,
+      archiveCache,
+      publicStateSource,
+      contractDataSource,
+      globalVariables,
+      setupAllowList,
+      bindings,
+    ),
+    nullifierCache,
+  };
+}
+
+function createTxValidatorForValidatingAgainstCurrentState(
+  nullifierSource: NullifierSource,
+  archiveSource: ArchiveSource,
+  publicStateSource: PublicStateSource,
+  contractDataSource: ContractDataSource,
+  globalVariables: GlobalVariables,
+  setupAllowList: AllowedElement[],
+  bindings?: LoggerBindings,
+): TxValidator<Tx> {
+  // We don't include the TxProofValidator nor the DataTxValidator here because they are already checked by the time we get to block building.
+  return new AggregateTxValidator(
+    new TimestampTxValidator(
+      {
+        timestamp: globalVariables.timestamp,
+        blockNumber: globalVariables.blockNumber,
+      },
+      bindings,
+    ),
+    new PhasesTxValidator(contractDataSource, setupAllowList, globalVariables.timestamp, bindings),
+    new BlockHeaderTxValidator(archiveSource, bindings),
+    new DoubleSpendTxValidator(nullifierSource, bindings),
+    new GasTxValidator(publicStateSource, ProtocolContractAddress.FeeJuice, globalVariables.gasFees, bindings),
+  );
+}
+
+/**
+ * Validators for txs migrating to the pending pool.
+ *
+ * Txs that arrived via req/resp or block proposals only had well-formedness checks
+ * on receipt. When they fail to be mined and are migrated to the pending pool, we
+ * run the state-dependent checks they missed: double-spend, block header, gas limits,
+ * and timestamp expiry. This is run on EVERY tx potentially entering the pending pool
+ * — called inside `TxPoolV2Impl` during `addPendingTxs`, `prepareForSlot` (unprotect),
+ * `handlePrunedBlocks` (unmine), and startup hydration.
+ *
+ * Operates on `TxMetaData` rather than full `Tx` since metadata is pre-built by the pool.
+ * Injected into `TxPoolV2` as the `createTxValidator` factory in `TxPoolV2Dependencies`.
+ */
+export async function createTxValidatorForTransactionsEnteringPendingTxPool(
+  worldStateSynchronizer: WorldStateSynchronizer,
+  timestamp: bigint,
+  blockNumber: BlockNumber,
+  bindings?: LoggerBindings,
+): Promise<TxValidator<TxMetaData>> {
+  await worldStateSynchronizer.syncImmediate();
+  const merkleTree = worldStateSynchronizer.getCommitted();
+  const nullifierSource: NullifierSource = {
+    nullifiersExist: async (nullifiers: Buffer[]) => {
+      const indices = await merkleTree.findLeafIndices(MerkleTreeId.NULLIFIER_TREE, nullifiers);
+      return indices.map(index => index !== undefined);
+    },
+  };
+  const archiveSource: ArchiveSource = {
+    getArchiveIndices: (archives: BlockHash[]) => {
+      return merkleTree.findLeafIndices(MerkleTreeId.ARCHIVE, archives);
+    },
+  };
+  return new AggregateTxValidator<TxMetaData>(
+    new GasLimitsValidator<TxMetaData>(bindings),
+    new TimestampTxValidator<TxMetaData>({ timestamp, blockNumber }, bindings),
+    new DoubleSpendTxValidator<TxMetaData>(nullifierSource, bindings),
+    new BlockHeaderTxValidator<TxMetaData>(archiveSource, bindings),
+  );
+}