@aztec/p2p 0.0.1-commit.ec5f612 → 0.0.1-commit.ef17749e1

package/src/mem_pools/tx_pool_v2/tx_pool_indices.ts

@@ -1,7 +1,8 @@
+import { insertIntoSortedArray, removeFromSortedArray } from '@aztec/foundation/array';
 import { SlotNumber } from '@aztec/foundation/branded-types';
 import type { L2BlockId } from '@aztec/stdlib/block';
 
-import { type TxMetaData, type TxState, compareFee, compareTxHash, txHashFromBigInt } from './tx_metadata.js';
+import { type PriorityComparable, type TxMetaData, type TxState, comparePriority } from './tx_metadata.js';
 
 /**
  * Manages in-memory indices for the transaction pool.
@@ -22,8 +23,8 @@ export class TxPoolIndices {
   #nullifierToTxHash: Map<string, string> = new Map();
   /** Fee payer to txHashes index (pending txs only) */
   #feePayerToTxHashes: Map<string, Set<string>> = new Map();
-  /** Pending txHash bigints grouped by priority fee */
-  #pendingByPriority: Map<bigint, Set<bigint>> = new Map();
+  /** Pending transactions sorted ascending by priority fee, ties broken by txHash */
+  #pendingByPriority: PriorityComparable[] = [];
   /** Protected transactions: txHash -> slotNumber */
   #protectedTransactions: Map<string, SlotNumber> = new Map();
 
@@ -73,20 +74,14 @@ export class TxPoolIndices {
    * @param order - 'desc' for highest priority first, 'asc' for lowest priority first
    */
   *iteratePendingByPriority(order: 'asc' | 'desc', filter?: (hash: string) => boolean): Generator<string> {
-    const feeCompareFn = order === 'desc' ? (a: bigint, b: bigint) => compareFee(b, a) : compareFee;
-    const hashCompareFn =
-      order === 'desc' ? (a: bigint, b: bigint) => compareTxHash(b, a) : (a: bigint, b: bigint) => compareTxHash(a, b);
-
-    const sortedFees = [...this.#pendingByPriority.keys()].sort(feeCompareFn);
-
-    for (const fee of sortedFees) {
-      const hashesAtFee = this.#pendingByPriority.get(fee)!;
-      const sortedHashes = [...hashesAtFee].sort(hashCompareFn);
-      for (const hashBigInt of sortedHashes) {
-        const hash = txHashFromBigInt(hashBigInt);
-        if (filter === undefined || filter(hash)) {
-          yield hash;
-        }
+    const arr = this.#pendingByPriority;
+    const start = order === 'asc' ? 0 : arr.length - 1;
+    const step = order === 'asc' ? 1 : -1;
+    const inBounds = order === 'asc' ? (i: number) => i < arr.length : (i: number) => i >= 0;
+
+    for (let i = start; inBounds(i); i += step) {
+      if (filter === undefined || filter(arr[i].txHash)) {
+        yield arr[i].txHash;
       }
     }
   }
@@ -227,11 +222,7 @@ export class TxPoolIndices {
 
   /** Gets the count of pending transactions */
   getPendingTxCount(): number {
-    let count = 0;
-    for (const hashes of this.#pendingByPriority.values()) {
-      count += hashes.size;
-    }
-    return count;
+    return this.#pendingByPriority.length;
   }
 
   /** Gets the lowest priority pending transaction hashes (up to limit) */
@@ -264,12 +255,10 @@ export class TxPoolIndices {
   /** Gets all pending transactions */
   getPendingTxs(): TxMetaData[] {
     const result: TxMetaData[] = [];
-    for (const hashSet of this.#pendingByPriority.values()) {
-      for (const txHashBigInt of hashSet) {
-        const meta = this.#metadata.get(txHashFromBigInt(txHashBigInt));
-        if (meta) {
-          result.push(meta);
-        }
+    for (const entry of this.#pendingByPriority) {
+      const meta = this.#metadata.get(entry.txHash);
+      if (meta) {
+        result.push(meta);
       }
     }
     return result;
@@ -408,13 +397,12 @@ export class TxPoolIndices {
     }
     feePayerSet.add(meta.txHash);
 
-    // Add to priority bucket
-    let prioritySet = this.#pendingByPriority.get(meta.priorityFee);
-    if (!prioritySet) {
-      prioritySet = new Set();
-      this.#pendingByPriority.set(meta.priorityFee, prioritySet);
-    }
-    prioritySet.add(meta.txHashBigInt);
+    insertIntoSortedArray(
+      this.#pendingByPriority,
+      { txHash: meta.txHash, priorityFee: meta.priorityFee, txHashBigInt: meta.txHashBigInt },
+      comparePriority,
+      false,
+    );
   }
 
   #removeFromPendingIndices(meta: TxMetaData): void {
@@ -432,13 +420,11 @@ export class TxPoolIndices {
       }
     }
 
-    // Remove from priority map
-    const hashSet = this.#pendingByPriority.get(meta.priorityFee);
-    if (hashSet) {
-      hashSet.delete(meta.txHashBigInt);
-      if (hashSet.size === 0) {
-        this.#pendingByPriority.delete(meta.priorityFee);
-      }
-    }
+    // Remove from priority array
+    removeFromSortedArray(
+      this.#pendingByPriority,
+      { txHash: meta.txHash, priorityFee: meta.priorityFee, txHashBigInt: meta.txHashBigInt },
+      comparePriority,
+    );
   }
 }

package/src/mem_pools/tx_pool_v2/tx_pool_v2.ts

@@ -58,6 +58,9 @@ export class AztecKVTxPoolV2 extends (EventEmitter as new () => TypedEventEmitte
         const hashes = txHashes.map(h => (typeof h === 'string' ? TxHash.fromString(h) : TxHash.fromBigInt(h)));
         this.emit('txs-removed', { txHashes: hashes });
       },
+      onTxsMined: (txHashes: string[]) => {
+        this.#metrics?.transactionsRemoved(txHashes);
+      },
     };
 
     // Create the implementation

package/src/mem_pools/tx_pool_v2/tx_pool_v2_impl.ts

@@ -45,6 +45,7 @@ import { TxPoolIndices } from './tx_pool_indices.js';
 export interface TxPoolV2Callbacks {
   onTxsAdded: (txs: Tx[], opts: { source?: string }) => void;
   onTxsRemoved: (txHashes: string[] | bigint[]) => void;
+  onTxsMined: (txHashes: string[]) => void;
 }
 
 /**
@@ -213,7 +214,9 @@ export class TxPoolV2Impl {
     // in-memory reads, and buffered DB writes. Nothing here can throw an unhandled exception.
     const poolAccess = this.#createPreAddPoolAccess();
     const preAddContext: PreAddContext | undefined =
-      opts.feeComparisonOnly !== undefined ? { feeComparisonOnly: opts.feeComparisonOnly } : undefined;
+      opts.feeComparisonOnly !== undefined
+        ? { feeComparisonOnly: opts.feeComparisonOnly, priceBumpPercentage: this.#config.priceBumpPercentage }
+        : undefined;
 
     await this.#store.transactionAsync(async () => {
       for (const tx of txs) {
@@ -498,6 +501,10 @@ export class TxPoolV2Impl {
       await this.#evictionManager.evictAfterNewBlock(block.header, nullifiers, feePayers);
     });
 
+    if (found.length > 0) {
+      this.#callbacks.onTxsMined(found.map(m => m.txHash));
+    }
+
     this.#log.info(`Marked ${found.length} txs as mined in block ${blockId.number}`);
   }
 

package/src/msg_validators/proposal_validator/block_proposal_validator.ts

@@ -1,10 +1,20 @@
 import type { EpochCacheInterface } from '@aztec/epoch-cache';
-import type { BlockProposal, P2PValidator } from '@aztec/stdlib/p2p';
+import type { BlockProposal, P2PValidator, ValidationResult } from '@aztec/stdlib/p2p';
 
 import { ProposalValidator } from '../proposal_validator/proposal_validator.js';
 
-export class BlockProposalValidator extends ProposalValidator<BlockProposal> implements P2PValidator<BlockProposal> {
-  constructor(epochCache: EpochCacheInterface, opts: { txsPermitted: boolean }) {
-    super(epochCache, opts, 'p2p:block_proposal_validator');
+export class BlockProposalValidator implements P2PValidator<BlockProposal> {
+  private proposalValidator: ProposalValidator;
+
+  constructor(epochCache: EpochCacheInterface, opts: { txsPermitted: boolean; maxTxsPerBlock?: number }) {
+    this.proposalValidator = new ProposalValidator(epochCache, opts, 'p2p:block_proposal_validator');
+  }
+
+  async validate(proposal: BlockProposal): Promise<ValidationResult> {
+    const headerResult = await this.proposalValidator.validate(proposal);
+    if (headerResult.result !== 'accept') {
+      return headerResult;
+    }
+    return this.proposalValidator.validateTxs(proposal);
   }
 }

package/src/msg_validators/proposal_validator/checkpoint_proposal_validator.ts

@@ -1,13 +1,26 @@
 import type { EpochCacheInterface } from '@aztec/epoch-cache';
-import type { CheckpointProposal, P2PValidator } from '@aztec/stdlib/p2p';
+import type { CheckpointProposal, P2PValidator, ValidationResult } from '@aztec/stdlib/p2p';
 
 import { ProposalValidator } from '../proposal_validator/proposal_validator.js';
 
-export class CheckpointProposalValidator
-  extends ProposalValidator<CheckpointProposal>
-  implements P2PValidator<CheckpointProposal>
-{
-  constructor(epochCache: EpochCacheInterface, opts: { txsPermitted: boolean }) {
-    super(epochCache, opts, 'p2p:checkpoint_proposal_validator');
+export class CheckpointProposalValidator implements P2PValidator<CheckpointProposal> {
+  private proposalValidator: ProposalValidator;
+
+  constructor(epochCache: EpochCacheInterface, opts: { txsPermitted: boolean; maxTxsPerBlock?: number }) {
+    this.proposalValidator = new ProposalValidator(epochCache, opts, 'p2p:checkpoint_proposal_validator');
+  }
+
+  async validate(proposal: CheckpointProposal): Promise<ValidationResult> {
+    const headerResult = await this.proposalValidator.validate(proposal);
+    if (headerResult.result !== 'accept') {
+      return headerResult;
+    }
+
+    const blockProposal = proposal.getBlockProposal();
+    if (blockProposal) {
+      return this.proposalValidator.validateTxs(blockProposal);
+    }
+
+    return { result: 'accept' };
   }
 }

package/src/msg_validators/proposal_validator/proposal_validator.ts

@@ -1,22 +1,35 @@
 import type { EpochCacheInterface } from '@aztec/epoch-cache';
 import { NoCommitteeError } from '@aztec/ethereum/contracts';
 import { type Logger, createLogger } from '@aztec/foundation/log';
-import { BlockProposal, CheckpointProposal, PeerErrorSeverity, type ValidationResult } from '@aztec/stdlib/p2p';
+import {
+  type BlockProposal,
+  type CheckpointProposalCore,
+  PeerErrorSeverity,
+  type ValidationResult,
+} from '@aztec/stdlib/p2p';
 
 import { isWithinClockTolerance } from '../clock_tolerance.js';
 
-export abstract class ProposalValidator<TProposal extends BlockProposal | CheckpointProposal> {
-  protected epochCache: EpochCacheInterface;
-  protected logger: Logger;
-  protected txsPermitted: boolean;
+/** Validates header-level and tx-level fields of block and checkpoint proposals. */
+export class ProposalValidator {
+  private epochCache: EpochCacheInterface;
+  private logger: Logger;
+  private txsPermitted: boolean;
+  private maxTxsPerBlock?: number;
 
-  constructor(epochCache: EpochCacheInterface, opts: { txsPermitted: boolean }, loggerName: string) {
+  constructor(
+    epochCache: EpochCacheInterface,
+    opts: { txsPermitted: boolean; maxTxsPerBlock?: number },
+    loggerName: string,
+  ) {
     this.epochCache = epochCache;
     this.txsPermitted = opts.txsPermitted;
+    this.maxTxsPerBlock = opts.maxTxsPerBlock;
     this.logger = createLogger(loggerName);
   }
 
-  public async validate(proposal: TProposal): Promise<ValidationResult> {
+  /** Validates header-level fields: slot, signature, and proposer. */
+  public async validate(proposal: BlockProposal | CheckpointProposalCore): Promise<ValidationResult> {
     try {
       // Slot check
       const { currentSlot, nextSlot } = this.epochCache.getCurrentAndNextSlot();
@@ -38,30 +51,6 @@ export abstract class ProposalValidator<TProposal extends BlockProposal | Checkp
         return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
       }
 
-      // Transactions permitted check
-      const embeddedTxCount = proposal.txs?.length ?? 0;
-      if (!this.txsPermitted && (proposal.txHashes.length > 0 || embeddedTxCount > 0)) {
-        this.logger.warn(
-          `Penalizing peer for proposal with ${proposal.txHashes.length} transaction(s) when transactions are not permitted`,
-        );
-        return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
-      }
-
-      // Embedded txs must be listed in txHashes
-      const hashSet = new Set(proposal.txHashes.map(h => h.toString()));
-      const missingTxHashes =
-        embeddedTxCount > 0
-          ? proposal.txs!.filter(tx => !hashSet.has(tx.getTxHash().toString())).map(tx => tx.getTxHash().toString())
-          : [];
-      if (embeddedTxCount > 0 && missingTxHashes.length > 0) {
-        this.logger.warn('Penalizing peer for embedded transaction(s) not included in txHashes', {
-          embeddedTxCount,
-          txHashesLength: proposal.txHashes.length,
-          missingTxHashes,
-        });
-        return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
-      }
-
       // Proposer check
       const expectedProposer = await this.epochCache.getProposerAttesterAddressInSlot(slotNumber);
       if (expectedProposer !== undefined && !proposer.equals(expectedProposer)) {
@@ -72,15 +61,6 @@ export abstract class ProposalValidator<TProposal extends BlockProposal | Checkp
         return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
       }
 
-      // Validate tx hashes for all txs embedded in the proposal
-      if (!(await Promise.all(proposal.txs?.map(tx => tx.validateTxHash()) ?? [])).every(v => v)) {
-        this.logger.warn(`Penalizing peer for invalid tx hashes in proposal`, {
-          proposer,
-          slotNumber,
-        });
-        return { result: 'reject', severity: PeerErrorSeverity.LowToleranceError };
-      }
-
       return { result: 'accept' };
     } catch (e) {
       if (e instanceof NoCommitteeError) {
@@ -89,4 +69,47 @@ export abstract class ProposalValidator<TProposal extends BlockProposal | Checkp
       throw e;
     }
   }
+
+  /** Validates transaction-related fields of a block proposal. */
+  public async validateTxs(proposal: BlockProposal): Promise<ValidationResult> {
+    // Transactions permitted check
+    const embeddedTxCount = proposal.txs?.length ?? 0;
+    if (!this.txsPermitted && (proposal.txHashes.length > 0 || embeddedTxCount > 0)) {
+      this.logger.warn(
+        `Penalizing peer for proposal with ${proposal.txHashes.length} transaction(s) when transactions are not permitted`,
+      );
+      return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
+    }
+
+    // Max txs per block check
+    if (this.maxTxsPerBlock !== undefined && proposal.txHashes.length > this.maxTxsPerBlock) {
+      this.logger.warn(
+        `Penalizing peer for proposal with ${proposal.txHashes.length} transaction(s) when max is ${this.maxTxsPerBlock}`,
+      );
+      return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
+    }
+
+    // Embedded txs must be listed in txHashes
+    const hashSet = new Set(proposal.txHashes.map(h => h.toString()));
+    const missingTxHashes =
+      embeddedTxCount > 0
+        ? proposal.txs!.filter(tx => !hashSet.has(tx.getTxHash().toString())).map(tx => tx.getTxHash().toString())
+        : [];
+    if (embeddedTxCount > 0 && missingTxHashes.length > 0) {
+      this.logger.warn('Penalizing peer for embedded transaction(s) not included in txHashes', {
+        embeddedTxCount,
+        txHashesLength: proposal.txHashes.length,
+        missingTxHashes,
+      });
+      return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
+    }
+
+    // Validate tx hashes for all txs embedded in the proposal
+    if (!(await Promise.all(proposal.txs?.map(tx => tx.validateTxHash()) ?? [])).every(v => v)) {
+      this.logger.warn(`Penalizing peer for invalid tx hashes in proposal`);
+      return { result: 'reject', severity: PeerErrorSeverity.LowToleranceError };
+    }
+
+    return { result: 'accept' };
+  }
 }

package/src/msg_validators/tx_validator/allowed_public_setup.ts

@@ -1,35 +1,30 @@
-import { FPCContract } from '@aztec/noir-contracts.js/FPC';
-import { TokenContractArtifact } from '@aztec/noir-contracts.js/Token';
 import { ProtocolContractAddress } from '@aztec/protocol-contracts';
-import { getContractClassFromArtifact } from '@aztec/stdlib/contract';
+import { AuthRegistryArtifact } from '@aztec/protocol-contracts/auth-registry';
+import { FeeJuiceArtifact } from '@aztec/protocol-contracts/fee-juice';
 import type { AllowedElement } from '@aztec/stdlib/interfaces/server';
 
-let defaultAllowedSetupFunctions: AllowedElement[] | undefined = undefined;
+import { buildAllowedElement } from './allowed_setup_helpers.js';
+
+let defaultAllowedSetupFunctions: AllowedElement[] | undefined;
+
+/** Returns the default list of functions allowed to run in the setup phase of a transaction. */
 export async function getDefaultAllowedSetupFunctions(): Promise<AllowedElement[]> {
   if (defaultAllowedSetupFunctions === undefined) {
-    defaultAllowedSetupFunctions = [
-      // needed for authwit support
-      {
-        address: ProtocolContractAddress.AuthRegistry,
-      },
-      // needed for claiming on the same tx as a spend
-      {
-        address: ProtocolContractAddress.FeeJuice,
-        // We can't restrict the selector because public functions get routed via dispatch.
-        // selector: FunctionSelector.fromSignature('_increase_public_balance((Field),u128)'),
-      },
-      // needed for private transfers via FPC
-      {
-        classId: (await getContractClassFromArtifact(TokenContractArtifact)).id,
-        // We can't restrict the selector because public functions get routed via dispatch.
-        // selector: FunctionSelector.fromSignature('_increase_public_balance((Field),u128)'),
-      },
-      {
-        classId: (await getContractClassFromArtifact(FPCContract.artifact)).id,
-        // We can't restrict the selector because public functions get routed via dispatch.
-        // selector: FunctionSelector.fromSignature('prepare_fee((Field),Field,(Field),Field)'),
-      },
-    ];
+    defaultAllowedSetupFunctions = await Promise.all([
+      // AuthRegistry: needed for authwit support via private path (set_authorized_private enqueues _set_authorized)
+      buildAllowedElement(AuthRegistryArtifact, { address: ProtocolContractAddress.AuthRegistry }, '_set_authorized', {
+        onlySelf: true,
+        rejectNullMsgSender: true,
+      }),
+      // AuthRegistry: needed for authwit support via public path (PublicFeePaymentMethod calls set_authorized directly)
+      buildAllowedElement(AuthRegistryArtifact, { address: ProtocolContractAddress.AuthRegistry }, 'set_authorized', {
+        rejectNullMsgSender: true,
+      }),
+      // FeeJuice: needed for claiming on the same tx as a spend (claim_and_end_setup enqueues this)
+      buildAllowedElement(FeeJuiceArtifact, { address: ProtocolContractAddress.FeeJuice }, '_increase_public_balance', {
+        onlySelf: true,
+      }),
+    ]);
   }
   return defaultAllowedSetupFunctions;
 }

package/src/msg_validators/tx_validator/allowed_setup_helpers.ts

@@ -0,0 +1,31 @@
+import type { Fr } from '@aztec/foundation/curves/bn254';
+import { FunctionSelector, countArgumentsSize, getAllFunctionAbis } from '@aztec/stdlib/abi';
+import type { ContractArtifact } from '@aztec/stdlib/abi';
+import type { AztecAddress } from '@aztec/stdlib/aztec-address';
+import type { AllowedElement } from '@aztec/stdlib/interfaces/server';
+
+/**
+ * Builds an AllowedElement from a contract artifact, deriving both the function selector
+ * and calldata length from the artifact instead of hardcoding signature strings.
+ */
+export async function buildAllowedElement(
+  artifact: ContractArtifact,
+  target: { address: AztecAddress } | { classId: Fr },
+  functionName: string,
+  opts?: { onlySelf?: boolean; rejectNullMsgSender?: boolean },
+): Promise<AllowedElement> {
+  const allFunctions = getAllFunctionAbis(artifact);
+  const fn = allFunctions.find(f => f.name === functionName);
+  if (!fn) {
+    throw new Error(`Unknown function ${functionName} in artifact ${artifact.name}`);
+  }
+  const selector = await FunctionSelector.fromNameAndParameters(fn.name, fn.parameters);
+  const calldataLength = 1 + countArgumentsSize(fn);
+  return {
+    ...target,
+    selector,
+    calldataLength,
+    ...(opts?.onlySelf ? { onlySelf: true } : {}),
+    ...(opts?.rejectNullMsgSender ? { rejectNullMsgSender: true } : {}),
+  } as AllowedElement;
+}

package/src/msg_validators/tx_validator/fee_payer_balance.ts

@@ -1,5 +1,6 @@
+import { FeeJuiceArtifact } from '@aztec/protocol-contracts/fee-juice';
 import { getCallRequestsWithCalldataByPhase } from '@aztec/simulator/server';
-import { FunctionSelector } from '@aztec/stdlib/abi';
+import { FunctionSelector, getAllFunctionAbis } from '@aztec/stdlib/abi';
 import type { AztecAddress } from '@aztec/stdlib/aztec-address';
 import { type Tx, TxExecutionPhase } from '@aztec/stdlib/tx';
 
@@ -8,7 +9,10 @@ export type FeePayerBalanceDelta = {
   claimAmount: bigint;
 };
 
-const increasePublicBalanceSelectorPromise = FunctionSelector.fromSignature('_increase_public_balance((Field),u128)');
+const increasePublicBalanceSelectorPromise = (() => {
+  const fn = getAllFunctionAbis(FeeJuiceArtifact).find(f => f.name === '_increase_public_balance')!;
+  return FunctionSelector.fromNameAndParameters(fn.name, fn.parameters);
+})();
 
 export function getTxFeeLimit(tx: Tx): bigint {
   return tx.data.constants.txContext.gasSettings.getFeeLimit().toBigInt();

package/src/msg_validators/tx_validator/index.ts

@@ -8,6 +8,7 @@ export * from './gas_validator.js';
 export * from './phases_validator.js';
 export * from './test_utils.js';
 export * from './allowed_public_setup.js';
+export * from './allowed_setup_helpers.js';
 export * from './archive_cache.js';
 export * from './tx_permitted_validator.js';
 export * from './timestamp_validator.js';

package/src/msg_validators/tx_validator/metadata_validator.ts

@@ -28,16 +28,24 @@ export class MetadataTxValidator<T extends AnyTx> implements TxValidator<T> {
   validateTx(tx: T): Promise<TxValidationResult> {
     const errors = [];
     if (!this.#hasCorrectL1ChainId(tx)) {
-      errors.push(TX_ERROR_INCORRECT_L1_CHAIN_ID);
+      errors.push(
+        `${TX_ERROR_INCORRECT_L1_CHAIN_ID} (tx: ${tx.data.constants.txContext.chainId.toNumber()}, expected: ${this.values.l1ChainId.toNumber()})`,
+      );
     }
     if (!this.#hasCorrectRollupVersion(tx)) {
-      errors.push(TX_ERROR_INCORRECT_ROLLUP_VERSION);
+      errors.push(
+        `${TX_ERROR_INCORRECT_ROLLUP_VERSION} (tx: ${tx.data.constants.txContext.version.toNumber()}, expected: ${this.values.rollupVersion.toNumber()})`,
+      );
     }
     if (!this.#hasCorrectVkTreeRoot(tx)) {
-      errors.push(TX_ERROR_INCORRECT_VK_TREE_ROOT);
+      errors.push(
+        `${TX_ERROR_INCORRECT_VK_TREE_ROOT} (tx: ${tx.data.constants.vkTreeRoot.toString()}, expected: ${this.values.vkTreeRoot.toString()})`,
+      );
     }
     if (!this.#hasCorrectprotocolContractsHash(tx)) {
-      errors.push(TX_ERROR_INCORRECT_PROTOCOL_CONTRACTS_HASH);
+      errors.push(
+        `${TX_ERROR_INCORRECT_PROTOCOL_CONTRACTS_HASH} (tx: ${tx.data.constants.protocolContractsHash.toString()}, expected: ${this.values.protocolContractsHash.toString()})`,
+      );
     }
     return Promise.resolve(errors.length > 0 ? { result: 'invalid', reason: errors } : { result: 'valid' });
   }

package/src/msg_validators/tx_validator/phases_validator.ts

@@ -1,11 +1,17 @@
+import { NULL_MSG_SENDER_CONTRACT_ADDRESS } from '@aztec/constants';
 import { type Logger, type LoggerBindings, createLogger } from '@aztec/foundation/log';
 import { PublicContractsDB, getCallRequestsWithCalldataByPhase } from '@aztec/simulator/server';
+import { AztecAddress } from '@aztec/stdlib/aztec-address';
 import type { ContractDataSource } from '@aztec/stdlib/contract';
 import type { AllowedElement } from '@aztec/stdlib/interfaces/server';
 import {
   type PublicCallRequestWithCalldata,
   TX_ERROR_DURING_VALIDATION,
   TX_ERROR_SETUP_FUNCTION_NOT_ALLOWED,
+  TX_ERROR_SETUP_FUNCTION_UNKNOWN_CONTRACT,
+  TX_ERROR_SETUP_NULL_MSG_SENDER,
+  TX_ERROR_SETUP_ONLY_SELF_WRONG_SENDER,
+  TX_ERROR_SETUP_WRONG_CALLDATA_LENGTH,
   Tx,
   TxExecutionPhase,
   type TxValidationResult,
@@ -45,7 +51,8 @@ export class PhasesTxValidator implements TxValidator<Tx> {
 
       const setupFns = getCallRequestsWithCalldataByPhase(tx, TxExecutionPhase.SETUP);
       for (const setupFn of setupFns) {
-        if (!(await this.isOnAllowList(setupFn, this.setupAllowList))) {
+        const rejectionReason = await this.checkAllowList(setupFn, this.setupAllowList);
+        if (rejectionReason) {
           this.#log.verbose(
             `Rejecting tx ${tx.getTxHash().toString()} because it calls setup function not on allow list: ${
               setupFn.request.contractAddress
@@ -53,7 +60,7 @@ export class PhasesTxValidator implements TxValidator<Tx> {
             { allowList: this.setupAllowList },
           );
 
-          return { result: 'invalid', reason: [TX_ERROR_SETUP_FUNCTION_NOT_ALLOWED] };
+          return { result: 'invalid', reason: [rejectionReason] };
         }
       }
 
@@ -66,53 +73,71 @@ export class PhasesTxValidator implements TxValidator<Tx> {
     }
   }
 
-  private async isOnAllowList(
+  /** Returns a rejection reason if the call is not on the allow list, or undefined if it is allowed. */
+  private async checkAllowList(
     publicCall: PublicCallRequestWithCalldata,
     allowList: AllowedElement[],
-  ): Promise<boolean> {
+  ): Promise<string | undefined> {
     if (publicCall.isEmpty()) {
-      return true;
+      return undefined;
     }
 
     const contractAddress = publicCall.request.contractAddress;
     const functionSelector = publicCall.functionSelector;
 
-    // do these checks first since they don't require the contract class
+    // Check address-based entries first since they don't require the contract class.
     for (const entry of allowList) {
-      if ('address' in entry && !('selector' in entry)) {
-        if (contractAddress.equals(entry.address)) {
-          return true;
-        }
-      }
-
-      if ('address' in entry && 'selector' in entry) {
+      if ('address' in entry) {
         if (contractAddress.equals(entry.address) && entry.selector.equals(functionSelector)) {
-          return true;
+          if (entry.calldataLength !== undefined && publicCall.calldata.length !== entry.calldataLength) {
+            return TX_ERROR_SETUP_WRONG_CALLDATA_LENGTH;
+          }
+          if (entry.onlySelf && !publicCall.request.msgSender.equals(contractAddress)) {
+            return TX_ERROR_SETUP_ONLY_SELF_WRONG_SENDER;
+          }
+          if (
+            entry.rejectNullMsgSender &&
+            publicCall.request.msgSender.equals(AztecAddress.fromBigInt(NULL_MSG_SENDER_CONTRACT_ADDRESS))
+          ) {
+            return TX_ERROR_SETUP_NULL_MSG_SENDER;
+          }
+          return undefined;
         }
       }
+    }
 
-      const contractClass = await this.contractsDB.getContractInstance(contractAddress, this.timestamp);
-
-      if (!contractClass) {
-        throw new Error(`Contract not found: ${contractAddress}`);
+    // Check class-based entries. Fetch the contract instance lazily (only once).
+    let contractClassId: undefined | { value: string | undefined };
+    for (const entry of allowList) {
+      if (!('classId' in entry)) {
+        continue;
       }
 
-      if ('classId' in entry && !('selector' in entry)) {
-        if (contractClass.currentContractClassId.equals(entry.classId)) {
-          return true;
+      if (contractClassId === undefined) {
+        const instance = await this.contractsDB.getContractInstance(contractAddress, this.timestamp);
+        contractClassId = { value: instance?.currentContractClassId.toString() };
+        if (!contractClassId.value) {
+          return TX_ERROR_SETUP_FUNCTION_UNKNOWN_CONTRACT;
         }
       }
 
-      if ('classId' in entry && 'selector' in entry) {
+      if (contractClassId.value === entry.classId.toString() && entry.selector.equals(functionSelector)) {
+        if (entry.calldataLength !== undefined && publicCall.calldata.length !== entry.calldataLength) {
+          return TX_ERROR_SETUP_WRONG_CALLDATA_LENGTH;
+        }
+        if (entry.onlySelf && !publicCall.request.msgSender.equals(contractAddress)) {
+          return TX_ERROR_SETUP_ONLY_SELF_WRONG_SENDER;
+        }
         if (
-          contractClass.currentContractClassId.equals(entry.classId) &&
-          (entry.selector === undefined || entry.selector.equals(functionSelector))
+          entry.rejectNullMsgSender &&
+          publicCall.request.msgSender.equals(AztecAddress.fromBigInt(NULL_MSG_SENDER_CONTRACT_ADDRESS))
         ) {
-          return true;
+          return TX_ERROR_SETUP_NULL_MSG_SENDER;
         }
+        return undefined;
       }
     }
 
-    return false;
+    return TX_ERROR_SETUP_FUNCTION_NOT_ALLOWED;
   }
 }