npm - @aztec/p2p - Versions diffs - 0.0.1-commit.9ee6fcc6 → 0.0.1-commit.9ef841308 - Mend

@aztec/p2p 0.0.1-commit.9ee6fcc6 → 0.0.1-commit.9ef841308

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (117) hide show

package/dest/util.js CHANGED Viewed

@@ -58,22 +58,15 @@ function addressToMultiAddressType(address) {
         return 'dns';
     }
 }
-export async function configureP2PClientAddresses(_config) {
+export function configureP2PClientAddresses(_config) {
     const config = {
         ..._config
     };
-    const { p2pIp, queryForIp, p2pBroadcastPort, p2pPort } = config;
+    const { p2pBroadcastPort, p2pPort } = config;
     // If no broadcast port is provided, use the given p2p port as the broadcast port
     if (!p2pBroadcastPort) {
         config.p2pBroadcastPort = p2pPort;
     }
-    // check if no announce IP was provided
-    if (!p2pIp) {
-        if (queryForIp) {
-            const publicIp = await getPublicIp();
-            config.p2pIp = publicIp;
-        }
-    }
     // TODO(md): guard against setting a local ip address as the announce ip
     return config;
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aztec/p2p",
-  "version": "0.0.1-commit.9ee6fcc6",
+  "version": "0.0.1-commit.9ef841308",
   "type": "module",
   "exports": {
     ".": "./dest/index.js",
@@ -67,17 +67,17 @@
     ]
   },
   "dependencies": {
-    "@aztec/constants": "0.0.1-commit.9ee6fcc6",
-    "@aztec/epoch-cache": "0.0.1-commit.9ee6fcc6",
-    "@aztec/ethereum": "0.0.1-commit.9ee6fcc6",
-    "@aztec/foundation": "0.0.1-commit.9ee6fcc6",
-    "@aztec/kv-store": "0.0.1-commit.9ee6fcc6",
-    "@aztec/noir-contracts.js": "0.0.1-commit.9ee6fcc6",
-    "@aztec/noir-protocol-circuits-types": "0.0.1-commit.9ee6fcc6",
-    "@aztec/protocol-contracts": "0.0.1-commit.9ee6fcc6",
-    "@aztec/simulator": "0.0.1-commit.9ee6fcc6",
-    "@aztec/stdlib": "0.0.1-commit.9ee6fcc6",
-    "@aztec/telemetry-client": "0.0.1-commit.9ee6fcc6",
+    "@aztec/constants": "0.0.1-commit.9ef841308",
+    "@aztec/epoch-cache": "0.0.1-commit.9ef841308",
+    "@aztec/ethereum": "0.0.1-commit.9ef841308",
+    "@aztec/foundation": "0.0.1-commit.9ef841308",
+    "@aztec/kv-store": "0.0.1-commit.9ef841308",
+    "@aztec/noir-contracts.js": "0.0.1-commit.9ef841308",
+    "@aztec/noir-protocol-circuits-types": "0.0.1-commit.9ef841308",
+    "@aztec/protocol-contracts": "0.0.1-commit.9ef841308",
+    "@aztec/simulator": "0.0.1-commit.9ef841308",
+    "@aztec/stdlib": "0.0.1-commit.9ef841308",
+    "@aztec/telemetry-client": "0.0.1-commit.9ef841308",
     "@chainsafe/libp2p-gossipsub": "13.0.0",
     "@chainsafe/libp2p-noise": "^15.0.0",
     "@chainsafe/libp2p-yamux": "^6.0.2",
@@ -104,8 +104,8 @@
     "xxhash-wasm": "^1.1.0"
   },
   "devDependencies": {
-    "@aztec/archiver": "0.0.1-commit.9ee6fcc6",
-    "@aztec/world-state": "0.0.1-commit.9ee6fcc6",
+    "@aztec/archiver": "0.0.1-commit.9ef841308",
+    "@aztec/world-state": "0.0.1-commit.9ef841308",
     "@jest/globals": "^30.0.0",
     "@types/jest": "^30.0.0",
     "@types/node": "^22.15.17",

package/src/client/factory.ts CHANGED Viewed

@@ -19,6 +19,7 @@ import type { TxPoolV2 } from '../mem_pools/tx_pool_v2/interfaces.js';
 import { AztecKVTxPoolV2 } from '../mem_pools/tx_pool_v2/tx_pool_v2.js';
 import {
   createCheckAllowedSetupCalls,
+  createTxValidatorForReqResponseReceivedTxs,
   createTxValidatorForTransactionsEnteringPendingTxPool,
   getDefaultAllowedSetupFunctions,
 } from '../msg_validators/index.js';
@@ -56,7 +57,7 @@ export async function createP2PClient(
   telemetry: TelemetryClient = getTelemetryClient(),
   deps: P2PClientDeps = {},
 ) {
-  const config = await configureP2PClientAddresses({
+  const config = configureP2PClientAddresses({
     ...inputConfig,
     dataStoreMapSizeKb: inputConfig.p2pStoreMapSizeKb ?? inputConfig.dataStoreMapSizeKb,
   });
@@ -148,9 +149,12 @@ export async function createP2PClient(
     telemetry,
   );
+  const txValidatorForTxCollection = createTxValidatorForReqResponseReceivedTxs(proofVerifier, config);
   const nodeSources = [
-    ...createNodeRpcTxSources(config.txCollectionNodeRpcUrls, config),
-    ...(deps.rpcTxProviders ?? []).map((node, i) => new NodeRpcTxSource(node, `node-rpc-provider-${i}`)),
+    ...createNodeRpcTxSources(config.txCollectionNodeRpcUrls, txValidatorForTxCollection, config),
+    ...(deps.rpcTxProviders ?? []).map(
+      (node, i) => new NodeRpcTxSource(node, txValidatorForTxCollection, `node-rpc-provider-${i}`),
+    ),
     ...(deps.txCollectionNodeSources ?? []),
   ];
   if (nodeSources.length > 0) {
@@ -162,6 +166,7 @@ export async function createP2PClient(
   const fileStoreSources = await createFileStoreTxSources(
     config.txCollectionFileStoreUrls,
     txFileStoreBasePath,
+    txValidatorForTxCollection,
     logger.createChild('file-store-tx-source'),
     telemetry,
   );

package/src/client/test/tx_proposal_collector/proposal_tx_collector_worker.ts CHANGED Viewed

@@ -259,9 +259,20 @@ async function stopClient() {
   attestationPool = undefined;
 }
+function gracefulExit(code: number = 0) {
+  try {
+    if (process.connected) {
+      process.disconnect();
+    }
+  } catch {
+    // IPC channel already closed
+  }
+  setTimeout(() => process.exit(code), 5000).unref();
+}
 process.on('disconnect', () => {
   ipcDisconnected = true;
-  void stopClient().finally(() => process.exit(0));
+  void stopClient();
 });
 process.on('error', err => {
@@ -325,7 +336,7 @@ process.on('message', (msg: WorkerCommand) => {
         case 'STOP': {
           await stopClient();
           await sendMessage({ type: 'STOPPED', requestId });
-          process.exit(0);
+          gracefulExit(0);
           break;
         }
         default: {
@@ -336,7 +347,8 @@ process.on('message', (msg: WorkerCommand) => {
     } catch (err: any) {
       await sendMessage({ type: 'ERROR', requestId, error: err?.message ?? String(err) });
       if (msg.type === 'START') {
-        process.exit(1);
+        await stopClient();
+        gracefulExit(1);
       }
     }
   })();

package/src/index.ts CHANGED Viewed

@@ -6,7 +6,6 @@ export * from './client/index.js';
 export * from './enr/index.js';
 export * from './config.js';
 export * from './mem_pools/attestation_pool/index.js';
-export * from './mem_pools/tx_pool/index.js';
 export * from './mem_pools/tx_pool_v2/index.js';
 export * from './msg_validators/index.js';
 export * from './services/index.js';

package/src/mem_pools/index.ts CHANGED Viewed

@@ -1,6 +1,3 @@
 export { AttestationPool, type AttestationPoolApi } from './attestation_pool/attestation_pool.js';
 export { type MemPools } from './interface.js';
-// Old TxPool exports - kept temporarily for external consumers
-export { type TxPool } from './tx_pool/tx_pool.js';
-// New TxPoolV2 exports
 export { type TxPoolV2, type TxPoolV2Config, type TxPoolV2Events, type AddTxsResult } from './tx_pool_v2/index.js';

package/src/mem_pools/tx_pool_v2/tx_metadata.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+import { minBigint } from '@aztec/foundation/bigint';
 import { BlockNumber } from '@aztec/foundation/branded-types';
 import { Fr } from '@aztec/foundation/curves/bn254';
 import { ProtocolContractAddress } from '@aztec/protocol-contracts';
@@ -6,7 +7,6 @@ import { Gas } from '@aztec/stdlib/gas';
 import { type Tx, TxHash } from '@aztec/stdlib/tx';
 import { getFeePayerBalanceDelta } from '../../msg_validators/tx_validator/fee_payer_balance.js';
-import { getTxPriorityFee } from '../tx_pool/priority.js';
 import { type PreAddResult, TxPoolRejectionCode } from './eviction/interfaces.js';
 /** Validator-compatible data interface, mirroring the subset of PrivateKernelTailCircuitPublicInputs used by validators. */
@@ -335,3 +335,9 @@ export function stubTxMetaData(
     data: stubTxMetaValidationData({ expirationTimestamp }),
   };
 }
+/** Returns the priority fee for a tx, based on the L2 priority fee capped by the max fee per gas. */
+function getTxPriorityFee(tx: Tx): bigint {
+  const { maxPriorityFeesPerGas: priorityFees, maxFeesPerGas } = tx.getGasSettings();
+  return minBigint(maxFeesPerGas.feePerL2Gas, priorityFees.feePerL2Gas);
+}

package/src/msg_validators/proposal_validator/README.md CHANGED Viewed

@@ -53,7 +53,7 @@ Only runs on validator nodes. Non-validator nodes use a default handler that tri
 **Escape hatch**: during escape hatch periods (`isEscapeHatchOpenAtSlot`), re-execution and slashing are both disabled, and the proposal is rejected locally.
-**Conditional re-execution**: rules 22-24 only run when at least one condition is true: `fishermanMode` enabled, `slashBroadcastedInvalidBlockPenalty > 0` with `validatorReexecute`, committee membership with `validatorReexecute`, `alwaysReexecuteBlockProposals`, or `blobClient.canUpload()`.
+**Conditional re-execution**: rules 22-24 only run when at least one condition is true: `fishermanMode` enabled, `slashBroadcastedInvalidBlockPenalty > 0`, committee membership, `alwaysReexecuteBlockProposals`, or `blobClient.canUpload()`.
 **Slashing**: only `state_mismatch` and `failed_txs` trigger on-chain slashing (`OffenseType.BROADCASTED_INVALID_BLOCK_PROPOSAL`, gated by `slashBroadcastedInvalidBlockPenalty > 0`). Unknown errors during re-execution do NOT slash.

package/src/services/discv5/discV5_service.ts CHANGED Viewed

@@ -96,7 +96,7 @@ export class DiscV5Service extends EventEmitter implements PeerDiscoveryService
         lookupTimeout: 2000,
         requestTimeout: 2000,
         allowUnverifiedSessions: true,
-        enrUpdate: !p2pIp ? true : false, // If no p2p IP is set, enrUpdate can automatically resolve it
+        enrUpdate: config.queryForIp && !p2pIp, // Enable native ENR IP discovery when no static IP is configured
         ...configOverrides.config,
       },
       metricsRegistry,
@@ -129,9 +129,11 @@ export class DiscV5Service extends EventEmitter implements PeerDiscoveryService
   private onMultiaddrUpdated(m: Multiaddr) {
     // We want to update our tcp port to match the udp port
     // p2pBroadcastPort is optional on config, however it is set to default within the p2p client factory
-    const multiAddrTcp = multiaddr(convertToMultiaddr(m.nodeAddress().address, this.config.p2pBroadcastPort!, 'tcp'));
+    const address = m.nodeAddress().address;
+    const multiAddrTcp = multiaddr(convertToMultiaddr(address, this.config.p2pBroadcastPort!, 'tcp'));
     this.enr.setLocationMultiaddr(multiAddrTcp);
     this.logger.info('Multiaddr updated', { multiaddr: multiAddrTcp.toString() });
+    this.emit('ip:changed', address);
   }
   public async start(): Promise<void> {

package/src/services/libp2p/libp2p_service.ts CHANGED Viewed

@@ -51,9 +51,10 @@ import { yamux } from '@chainsafe/libp2p-yamux';
 import { bootstrap } from '@libp2p/bootstrap';
 import { identify } from '@libp2p/identify';
 import { type Message, type MultiaddrConnection, type PeerId, TopicValidatorResult } from '@libp2p/interface';
-import type { ConnectionManager } from '@libp2p/interface-internal';
+import type { AddressManager, ConnectionManager } from '@libp2p/interface-internal';
 import { mplex } from '@libp2p/mplex';
 import { tcp } from '@libp2p/tcp';
+import { multiaddr } from '@multiformats/multiaddr';
 import { ENR } from '@nethermindeth/enr';
 import { createLibp2p } from 'libp2p';
@@ -130,7 +131,7 @@ type ValidationOutcome = { allPassed: true } | { allPassed: false; failure: Vali
 // REFACTOR: Unify with the type above
 type ReceivedMessageValidationResult<T, M = undefined> =
   | { obj: T; result: Exclude<TopicValidatorResult, TopicValidatorResult.Reject>; metadata?: M }
-  | { obj?: T; result: TopicValidatorResult.Reject; metadata?: M };
+  | { obj?: T; result: TopicValidatorResult.Reject; metadata?: M; severity: PeerErrorSeverity };
 /**
  * Lib P2P implementation of the P2PService interface.
@@ -174,6 +175,10 @@ export class LibP2PService extends WithTracer implements P2PService {
   private checkpointReceivedCallback: P2PCheckpointReceivedCallback;
   private gossipSubEventHandler: (e: CustomEvent<GossipsubMessage>) => void;
+  private ipChangedHandler?: (ip: string) => void;
+  /** Discovered public IP address (set when queryForIp is enabled and no static IP was configured). */
+  private discoveredP2pIp?: string;
   private instrumentation: P2PInstrumentation;
@@ -442,8 +447,9 @@ export class LibP2PService extends WithTracer implements P2PService {
             topics: topicScoreParams,
           }),
         }) as (components: GossipSubComponents) => GossipSub,
-        components: (components: { connectionManager: ConnectionManager }) => ({
+        components: (components: { connectionManager: ConnectionManager; addressManager: AddressManager }) => ({
           connectionManager: components.connectionManager,
+          addressManager: components.addressManager,
         }),
       },
       logger: createLibp2pComponentLogger(logger.module, logger.getBindings()),
@@ -502,10 +508,10 @@ export class LibP2PService extends WithTracer implements P2PService {
     // Get listen & announce addresses for logging
     const { p2pIp, p2pPort } = this.config;
-    if (!p2pIp) {
+    if (!p2pIp && !this.config.queryForIp) {
       throw new Error('Announce address not provided.');
     }
-    const announceTcpMultiaddr = convertToMultiaddr(p2pIp, p2pPort, 'tcp');
+    const announceTcpMultiaddr = p2pIp ? convertToMultiaddr(p2pIp, p2pPort, 'tcp') : undefined;
     // Create request response protocol handlers
     const txHandler = reqRespTxHandler(this.mempools);
@@ -559,6 +565,31 @@ export class LibP2PService extends WithTracer implements P2PService {
     if (!this.config.p2pDiscoveryDisabled) {
       await this.peerDiscoveryService.start();
     }
+    // When queryForIp is enabled and no static IP was configured, bridge discv5 IP discovery to libp2p.
+    // Discv5 discovers our public IP via peer WHOAREYOU exchanges (enrUpdate=true) and emits 'ip:changed'.
+    // We confirm the discovered address in the libp2p AddressManager so it appears in getMultiaddrs()
+    // and is pushed to all connected peers via the identify protocol.
+    if (this.config.queryForIp && !p2pIp) {
+      this.ipChangedHandler = (ip: string) => {
+        const addressManager = this.node.services.components.addressManager;
+        const newAddr = multiaddr(convertToMultiaddr(ip, this.config.p2pPort, 'tcp'));
+        // Remove old discovered IP if one exists
+        if (this.discoveredP2pIp) {
+          const oldAddr = multiaddr(convertToMultiaddr(this.discoveredP2pIp, this.config.p2pPort, 'tcp'));
+          addressManager.removeObservedAddr(oldAddr);
+        }
+        addressManager.addObservedAddr(newAddr);
+        addressManager.confirmObservedAddr(newAddr);
+        // Store discovered IP
+        this.discoveredP2pIp = ip;
+        this.logger.info('Public IP discovered via discv5', { ip });
+      };
+      this.peerDiscoveryService.on('ip:changed', this.ipChangedHandler);
+    }
     this.discoveryRunningPromise = new RunningPromise(
       async () => {
         await this.peerManager.heartbeat();
@@ -571,7 +602,7 @@ export class LibP2PService extends WithTracer implements P2PService {
     this.logger.info(`Started P2P service`, {
       listen: this.config.listenAddress,
       port: this.config.p2pPort,
-      announce: announceTcpMultiaddr,
+      announce: announceTcpMultiaddr ?? 'pending (queryForIp=true)',
       peerId: this.node.peerId.toString(),
     });
   }
@@ -584,6 +615,12 @@ export class LibP2PService extends WithTracer implements P2PService {
     // Remove gossip sub listener
     this.node.services.pubsub.removeEventListener(GossipSubEvent.MESSAGE, this.gossipSubEventHandler);
+    // Remove ip:changed listener if registered
+    if (this.ipChangedHandler) {
+      this.peerDiscoveryService.off('ip:changed', this.ipChangedHandler);
+      this.ipChangedHandler = undefined;
+    }
     // Stop peer manager
     this.logger.debug('Stopping peer manager...');
     await this.peerManager.stop();
@@ -882,30 +919,56 @@ export class LibP2PService extends WithTracer implements P2PService {
     source: PeerId,
     topicType: TopicType,
   ): Promise<ReceivedMessageValidationResult<T, M>> {
-    let resultAndObj: ReceivedMessageValidationResult<T, M> = { result: TopicValidatorResult.Reject };
+    // Default to reject result with a penalty if validation function throws an error
+    let resultAndObj: ReceivedMessageValidationResult<T, M> = {
+      result: TopicValidatorResult.Reject,
+      severity: PeerErrorSeverity.MidToleranceError,
+    };
     const timer = new Timer();
     try {
       resultAndObj = await validationFunc();
     } catch (err) {
-      this.peerManager.penalizePeer(source, PeerErrorSeverity.LowToleranceError);
-      this.logger.error(`Error deserializing and validating gossipsub message`, err, {
-        msgId,
-        source: source.toString(),
-        topicType,
-      });
+      this.logger.error(`Error validating gossipsub message`, err, { msgId, source: source.toString(), topicType });
     }
     if (resultAndObj.result === TopicValidatorResult.Accept) {
+      this.logger.debug(`Message ${topicType} accepted by validator`, { msgId, source: source.toString(), topicType });
       this.instrumentation.recordMessageValidation(topicType, timer);
+    } else if (resultAndObj.result === TopicValidatorResult.Reject) {
+      this.logger.warn(`Message ${topicType} rejected by validator with severity ${resultAndObj.severity}`, {
+        msgId,
+        source: source.toString(),
+        topicType,
+        severity: resultAndObj.severity,
+      });
+      this.peerManager.penalizePeer(source, resultAndObj.severity);
+    } else {
+      this.logger.trace(`Message ${topicType} ignored by validator`, { msgId, source: source.toString(), topicType });
     }
     this.node.services.pubsub.reportMessageValidationResult(msgId, source.toString(), resultAndObj.result);
     return resultAndObj;
   }
+  private tryDeserialize<T>(deserializeFunc: () => T, msgId: string, source: PeerId): T | undefined {
+    try {
+      return deserializeFunc();
+    } catch (err) {
+      this.logger.warn(`Failed to deserialize gossipsub message from buffer`, {
+        err,
+        msgId,
+        source: source.toString(),
+      });
+      return undefined;
+    }
+  }
   protected async handleGossipedTx(payloadData: Buffer, msgId: string, source: PeerId) {
     const validationFunc: () => Promise<ReceivedMessageValidationResult<Tx>> = async () => {
-      const tx = Tx.fromBuffer(payloadData);
+      const tx = this.tryDeserialize(() => Tx.fromBuffer(payloadData), msgId, source);
+      if (!tx) {
+        return { result: TopicValidatorResult.Reject, severity: PeerErrorSeverity.LowToleranceError };
+      }
       const currentBlockNumber = await this.archiver.getBlockNumber();
       const { ts: nextSlotTimestamp } = this.epochCache.getEpochAndSlotInNextL1Slot();
@@ -930,8 +993,7 @@ export class LibP2PService extends WithTracer implements P2PService {
           severity,
           source: source.toString(),
         });
-        this.peerManager.penalizePeer(source, severity);
-        return { result: TopicValidatorResult.Reject };
+        return { result: TopicValidatorResult.Reject, severity };
       }
       // Pool pre-check: see if the pool would accept this tx before doing expensive proof verification
@@ -953,8 +1015,7 @@ export class LibP2PService extends WithTracer implements P2PService {
           severity,
           source: source.toString(),
         });
-        this.peerManager.penalizePeer(source, severity);
-        return { result: TopicValidatorResult.Reject };
+        return { result: TopicValidatorResult.Reject, severity };
       }
       // Pool add: persist the tx
@@ -979,8 +1040,7 @@ export class LibP2PService extends WithTracer implements P2PService {
           source: source.toString(),
           txHash: txHash.toString(),
         });
-        this.peerManager.penalizePeer(source, PeerErrorSeverity.HighToleranceError);
-        return { result: TopicValidatorResult.Reject };
+        return { result: TopicValidatorResult.Reject, severity: PeerErrorSeverity.HighToleranceError };
       }
     };
@@ -1010,7 +1070,16 @@ export class LibP2PService extends WithTracer implements P2PService {
     source: PeerId,
   ): Promise<void> {
     const { result, obj: attestation } = await this.validateReceivedMessage<CheckpointAttestation>(
-      () => this.validateAndStoreCheckpointAttestation(source, CheckpointAttestation.fromBuffer(payloadData)),
+      () => {
+        const attestation = this.tryDeserialize(() => CheckpointAttestation.fromBuffer(payloadData), msgId, source);
+        if (!attestation) {
+          return Promise.resolve({
+            result: TopicValidatorResult.Reject,
+            severity: PeerErrorSeverity.LowToleranceError,
+          });
+        }
+        return this.validateAndStoreCheckpointAttestation(source, attestation);
+      },
       msgId,
       source,
       TopicType.checkpoint_attestation,
@@ -1043,8 +1112,7 @@ export class LibP2PService extends WithTracer implements P2PService {
     if (validationResult.result === 'reject') {
       this.logger.warn(`Penalizing peer ${peerId} for checkpoint attestation validation failure`);
-      this.peerManager.penalizePeer(peerId, validationResult.severity);
-      return { result: TopicValidatorResult.Reject };
+      return { result: TopicValidatorResult.Reject, severity: validationResult.severity };
     }
     if (validationResult.result === 'ignore') {
@@ -1070,16 +1138,16 @@ export class LibP2PService extends WithTracer implements P2PService {
       return { result: TopicValidatorResult.Ignore, obj: attestation };
     }
-    // Could not add (cap reached for signer), no need to re-broadcast
+    // Could not add (cap reached for signer), penalize and do not re-broadcast
     if (!added) {
-      this.logger.warn(`Dropping checkpoint attestation due to cap`, {
+      this.logger.warn(`Rejecting checkpoint attestation due to cap`, {
         slot: slot.toString(),
         archive: attestation.archive.toString(),
         source: peerId.toString(),
         attester: attestation.getSender()?.toString(),
         count,
       });
-      return { result: TopicValidatorResult.Ignore, obj: attestation };
+      return { result: TopicValidatorResult.Reject, severity: PeerErrorSeverity.HighToleranceError };
     }
     // Check if this is a duplicate attestation (signer attested to a different proposal at the same slot)
@@ -1134,8 +1202,7 @@ export class LibP2PService extends WithTracer implements P2PService {
     if (validationResult.result === 'reject') {
       this.logger.warn(`Penalizing peer ${peerId} for block proposal validation failure`);
-      this.peerManager.penalizePeer(peerId, validationResult.severity);
-      return { result: TopicValidatorResult.Reject };
+      return { result: TopicValidatorResult.Reject, severity: validationResult.severity };
     }
     if (validationResult.result === 'ignore') {
@@ -1159,7 +1226,6 @@ export class LibP2PService extends WithTracer implements P2PService {
     // Too many blocks received for this slot and index, penalize peer and do not re-broadcast
     if (!added) {
-      this.peerManager.penalizePeer(peerId, PeerErrorSeverity.HighToleranceError);
       this.logger.warn(`Penalizing peer for block proposal exceeding per-position cap`, {
         ...block.toBlockInfo(),
         indexWithinCheckpoint: block.indexWithinCheckpoint,
@@ -1167,7 +1233,11 @@ export class LibP2PService extends WithTracer implements P2PService {
         proposer: block.getSender()?.toString(),
         source: peerId.toString(),
       });
-      return { result: TopicValidatorResult.Reject, metadata: { isEquivocated } };
+      return {
+        result: TopicValidatorResult.Reject,
+        metadata: { isEquivocated },
+        severity: PeerErrorSeverity.HighToleranceError,
+      };
     }
     // If this was a duplicate proposal, do not process it, but do invoke the duplicate callback,
@@ -1260,8 +1330,7 @@ export class LibP2PService extends WithTracer implements P2PService {
     if (validationResult.result === 'reject') {
       this.logger.warn(`Penalizing peer ${peerId} for checkpoint proposal validation failure`);
-      this.peerManager.penalizePeer(peerId, validationResult.severity);
-      return { result: TopicValidatorResult.Reject };
+      return { result: TopicValidatorResult.Reject, severity: validationResult.severity };
     }
     if (validationResult.result === 'ignore') {
@@ -1276,20 +1345,21 @@ export class LibP2PService extends WithTracer implements P2PService {
         [Attributes.SLOT_NUMBER]: checkpoint.slotNumber.toString(),
         [Attributes.P2P_ID]: peerId.toString(),
       });
-      const {
-        result,
-        obj,
-        metadata: { isEquivocated } = {},
-      } = await this.validateAndStoreBlockProposal(peerId, blockProposal);
-      if (result === TopicValidatorResult.Reject || !obj || isEquivocated) {
+      const blockProposalResult = await this.validateAndStoreBlockProposal(peerId, blockProposal);
+      const { obj, metadata: { isEquivocated } = {} } = blockProposalResult;
+      if (blockProposalResult.result === TopicValidatorResult.Reject || !obj || isEquivocated) {
         this.logger.debug(`Rejecting checkpoint due to invalid last block proposal`, {
           [Attributes.SLOT_NUMBER]: checkpoint.slotNumber.toString(),
           [Attributes.P2P_ID]: peerId.toString(),
           isEquivocated,
-          result,
+          result: blockProposalResult.result,
         });
-        return { result: TopicValidatorResult.Reject };
-      } else if (result === TopicValidatorResult.Accept && obj && !isEquivocated) {
+        return {
+          result: TopicValidatorResult.Reject,
+          severity:
+            'severity' in blockProposalResult ? blockProposalResult.severity : PeerErrorSeverity.MidToleranceError,
+        };
+      } else if (blockProposalResult.result === TopicValidatorResult.Accept && obj && !isEquivocated) {
         processBlock = true;
       }
     }
@@ -1316,13 +1386,17 @@ export class LibP2PService extends WithTracer implements P2PService {
     // Too many checkpoint proposals received for this slot, penalize peer and do not re-broadcast
     // Note: We still return the checkpoint obj so the lastBlock can be processed if valid
     if (!added) {
-      this.peerManager.penalizePeer(peerId, PeerErrorSeverity.HighToleranceError);
       this.logger.warn(`Penalizing peer for checkpoint proposal exceeding per-slot cap`, {
         ...checkpoint.toCheckpointInfo(),
         count,
         source: peerId.toString(),
       });
-      return { result: TopicValidatorResult.Reject, obj: checkpoint, metadata: { isEquivocated, processBlock } };
+      return {
+        result: TopicValidatorResult.Reject,
+        obj: checkpoint,
+        metadata: { isEquivocated, processBlock },
+        severity: PeerErrorSeverity.HighToleranceError,
+      };
     }
     // If this was a duplicate proposal, do not process it, but do invoke the duplicate callback,

package/src/services/peer-manager/peer_manager.ts CHANGED Viewed

@@ -226,20 +226,30 @@ export class PeerManager implements PeerManagerInterface {
   }
   /**
-   * Cleans up expired timeouts.
+   * Cleans up expired timeouts and stale failed-auth-handshake entries.
    *
    * When peers fail to dial after a number of retries, they are temporarily timed out.
    * This function removes any peers that have been in the timed out state for too long.
    * To give them a chance to reconnect.
+   *
+   * Also evicts entries from the failed-auth-handshake map whose expiry window has passed.
+   * Without this, peers that probe once and never reconnect would leave their entries in the
+   * map forever, causing an unbounded memory leak.
    */
   private cleanupExpiredTimeouts() {
-    // Clean up expired timeouts
     const now = this.dateProvider.now();
     for (const [peerId, timedOutPeer] of this.timedOutPeers.entries()) {
       if (now >= timedOutPeer.timeoutUntilMs) {
         this.timedOutPeers.delete(peerId);
       }
     }
+    for (const [id, entry] of this.failedAuthHandshakes.entries()) {
+      if (now - entry.lastFailureTimestamp > FAILED_AUTH_HANDSHAKE_EXPIRY_MS) {
+        this.failedAuthHandshakes.delete(id);
+      }
+    }
   }
   /**
@@ -303,15 +313,20 @@ export class PeerManager implements PeerManagerInterface {
    */
   private handleDisconnectedPeerEvent(e: CustomEvent<PeerId>) {
     const peerId = e.detail;
+    const peerIdStr = peerId.toString();
     this.metrics.peerDisconnected(peerId);
-    this.logger.verbose(`Disconnected from peer ${peerId.toString()}`);
-    const validatorAddress = this.authenticatedPeerIdToValidatorAddress.get(peerId.toString());
+    this.logger.verbose(`Disconnected from peer ${peerIdStr}`);
+    const validatorAddress = this.authenticatedPeerIdToValidatorAddress.get(peerIdStr);
     if (validatorAddress !== undefined) {
       this.logger.info(
-        `Removing authentication for validator ${validatorAddress} at peer id ${peerId.toString()} due to disconnection`,
+        `Removing authentication for validator ${validatorAddress} at peer id ${peerIdStr} due to disconnection`,
       );
       this.authenticatedValidatorAddressToPeerId.delete(validatorAddress.toString());
-      this.authenticatedPeerIdToValidatorAddress.delete(peerId.toString());
+      this.authenticatedPeerIdToValidatorAddress.delete(peerIdStr);
+    }
+    if (this.peerScoring.getScoreState(peerIdStr) === PeerScoreState.Healthy) {
+      this.peerScoring.removePeer(peerIdStr);
     }
   }