@aztec/p2p 0.0.1-commit.f504929 → 0.0.1-commit.f5d02921e

package/src/msg_validators/proposal_validator/checkpoint_proposal_validator.ts

@@ -1,13 +1,26 @@
 import type { EpochCacheInterface } from '@aztec/epoch-cache';
-import type { CheckpointProposal, P2PValidator } from '@aztec/stdlib/p2p';
+import type { CheckpointProposal, P2PValidator, ValidationResult } from '@aztec/stdlib/p2p';
 
 import { ProposalValidator } from '../proposal_validator/proposal_validator.js';
 
-export class CheckpointProposalValidator
-  extends ProposalValidator<CheckpointProposal>
-  implements P2PValidator<CheckpointProposal>
-{
+export class CheckpointProposalValidator implements P2PValidator<CheckpointProposal> {
+  private proposalValidator: ProposalValidator;
+
   constructor(epochCache: EpochCacheInterface, opts: { txsPermitted: boolean; maxTxsPerBlock?: number }) {
-    super(epochCache, opts, 'p2p:checkpoint_proposal_validator');
+    this.proposalValidator = new ProposalValidator(epochCache, opts, 'p2p:checkpoint_proposal_validator');
+  }
+
+  async validate(proposal: CheckpointProposal): Promise<ValidationResult> {
+    const headerResult = await this.proposalValidator.validate(proposal);
+    if (headerResult.result !== 'accept') {
+      return headerResult;
+    }
+
+    const blockProposal = proposal.getBlockProposal();
+    if (blockProposal) {
+      return this.proposalValidator.validateTxs(blockProposal);
+    }
+
+    return { result: 'accept' };
   }
 }

package/src/msg_validators/proposal_validator/proposal_validator.ts

@@ -1,15 +1,21 @@
 import type { EpochCacheInterface } from '@aztec/epoch-cache';
 import { NoCommitteeError } from '@aztec/ethereum/contracts';
 import { type Logger, createLogger } from '@aztec/foundation/log';
-import { BlockProposal, CheckpointProposal, PeerErrorSeverity, type ValidationResult } from '@aztec/stdlib/p2p';
+import {
+  type BlockProposal,
+  type CheckpointProposalCore,
+  PeerErrorSeverity,
+  type ValidationResult,
+} from '@aztec/stdlib/p2p';
 
 import { isWithinClockTolerance } from '../clock_tolerance.js';
 
-export abstract class ProposalValidator<TProposal extends BlockProposal | CheckpointProposal> {
-  protected epochCache: EpochCacheInterface;
-  protected logger: Logger;
-  protected txsPermitted: boolean;
-  protected maxTxsPerBlock?: number;
+/** Validates header-level and tx-level fields of block and checkpoint proposals. */
+export class ProposalValidator {
+  private epochCache: EpochCacheInterface;
+  private logger: Logger;
+  private txsPermitted: boolean;
+  private maxTxsPerBlock?: number;
 
   constructor(
     epochCache: EpochCacheInterface,
@@ -22,15 +28,17 @@ export abstract class ProposalValidator<TProposal extends BlockProposal | Checkp
     this.logger = createLogger(loggerName);
   }
 
-  public async validate(proposal: TProposal): Promise<ValidationResult> {
+  /** Validates header-level fields: slot, signature, and proposer. */
+  public async validate(proposal: BlockProposal | CheckpointProposalCore): Promise<ValidationResult> {
     try {
-      // Slot check
-      const { currentSlot, nextSlot } = this.epochCache.getCurrentAndNextSlot();
+      // Slot check: use target slots since proposals target pipeline slots (slot + 1 when pipelining)
+      const { targetSlot, nextSlot } = this.epochCache.getTargetAndNextSlot();
+
       const slotNumber = proposal.slotNumber;
-      if (slotNumber !== currentSlot && slotNumber !== nextSlot) {
+      if (slotNumber !== targetSlot && slotNumber !== nextSlot) {
         // Check if message is for previous slot and within clock tolerance
-        if (!isWithinClockTolerance(slotNumber, currentSlot, this.epochCache)) {
-          this.logger.warn(`Penalizing peer for invalid slot number ${slotNumber}`, { currentSlot, nextSlot });
+        if (!isWithinClockTolerance(slotNumber, targetSlot, this.epochCache)) {
+          this.logger.warn(`Penalizing peer for invalid slot number ${slotNumber}`, { targetSlot, nextSlot });
           return { result: 'reject', severity: PeerErrorSeverity.HighToleranceError };
         }
         this.logger.verbose(`Ignoring proposal for previous slot ${slotNumber} within clock tolerance`);
@@ -44,38 +52,6 @@ export abstract class ProposalValidator<TProposal extends BlockProposal | Checkp
         return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
       }
 
-      // Transactions permitted check
-      const embeddedTxCount = proposal.txs?.length ?? 0;
-      if (!this.txsPermitted && (proposal.txHashes.length > 0 || embeddedTxCount > 0)) {
-        this.logger.warn(
-          `Penalizing peer for proposal with ${proposal.txHashes.length} transaction(s) when transactions are not permitted`,
-        );
-        return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
-      }
-
-      // Max txs per block check
-      if (this.maxTxsPerBlock !== undefined && proposal.txHashes.length > this.maxTxsPerBlock) {
-        this.logger.warn(
-          `Penalizing peer for proposal with ${proposal.txHashes.length} transaction(s) when max is ${this.maxTxsPerBlock}`,
-        );
-        return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
-      }
-
-      // Embedded txs must be listed in txHashes
-      const hashSet = new Set(proposal.txHashes.map(h => h.toString()));
-      const missingTxHashes =
-        embeddedTxCount > 0
-          ? proposal.txs!.filter(tx => !hashSet.has(tx.getTxHash().toString())).map(tx => tx.getTxHash().toString())
-          : [];
-      if (embeddedTxCount > 0 && missingTxHashes.length > 0) {
-        this.logger.warn('Penalizing peer for embedded transaction(s) not included in txHashes', {
-          embeddedTxCount,
-          txHashesLength: proposal.txHashes.length,
-          missingTxHashes,
-        });
-        return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
-      }
-
       // Proposer check
       const expectedProposer = await this.epochCache.getProposerAttesterAddressInSlot(slotNumber);
       if (expectedProposer !== undefined && !proposer.equals(expectedProposer)) {
@@ -86,15 +62,6 @@ export abstract class ProposalValidator<TProposal extends BlockProposal | Checkp
         return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
       }
 
-      // Validate tx hashes for all txs embedded in the proposal
-      if (!(await Promise.all(proposal.txs?.map(tx => tx.validateTxHash()) ?? [])).every(v => v)) {
-        this.logger.warn(`Penalizing peer for invalid tx hashes in proposal`, {
-          proposer,
-          slotNumber,
-        });
-        return { result: 'reject', severity: PeerErrorSeverity.LowToleranceError };
-      }
-
       return { result: 'accept' };
     } catch (e) {
       if (e instanceof NoCommitteeError) {
@@ -103,4 +70,47 @@ export abstract class ProposalValidator<TProposal extends BlockProposal | Checkp
       throw e;
     }
   }
+
+  /** Validates transaction-related fields of a block proposal. */
+  public async validateTxs(proposal: BlockProposal): Promise<ValidationResult> {
+    // Transactions permitted check
+    const embeddedTxCount = proposal.txs?.length ?? 0;
+    if (!this.txsPermitted && (proposal.txHashes.length > 0 || embeddedTxCount > 0)) {
+      this.logger.warn(
+        `Penalizing peer for proposal with ${proposal.txHashes.length} transaction(s) when transactions are not permitted`,
+      );
+      return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
+    }
+
+    // Max txs per block check
+    if (this.maxTxsPerBlock !== undefined && proposal.txHashes.length > this.maxTxsPerBlock) {
+      this.logger.warn(
+        `Penalizing peer for proposal with ${proposal.txHashes.length} transaction(s) when max is ${this.maxTxsPerBlock}`,
+      );
+      return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
+    }
+
+    // Embedded txs must be listed in txHashes
+    const hashSet = new Set(proposal.txHashes.map(h => h.toString()));
+    const missingTxHashes =
+      embeddedTxCount > 0
+        ? proposal.txs!.filter(tx => !hashSet.has(tx.getTxHash().toString())).map(tx => tx.getTxHash().toString())
+        : [];
+    if (embeddedTxCount > 0 && missingTxHashes.length > 0) {
+      this.logger.warn('Penalizing peer for embedded transaction(s) not included in txHashes', {
+        embeddedTxCount,
+        txHashesLength: proposal.txHashes.length,
+        missingTxHashes,
+      });
+      return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
+    }
+
+    // Validate tx hashes for all txs embedded in the proposal
+    if (!(await Promise.all(proposal.txs?.map(tx => tx.validateTxHash()) ?? [])).every(v => v)) {
+      this.logger.warn(`Penalizing peer for invalid tx hashes in proposal`);
+      return { result: 'reject', severity: PeerErrorSeverity.LowToleranceError };
+    }
+
+    return { result: 'accept' };
+  }
 }

package/src/msg_validators/tx_validator/README.md

@@ -75,10 +75,12 @@ This validator is invoked on **every** transaction potentially entering the pend
 - Startup hydration — revalidating persisted non-mined txs on node restart
 
 Runs:
-- DoubleSpend, BlockHeader, GasLimits, Timestamp
+- DoubleSpend, BlockHeader, GasLimits, Timestamp, AllowedSetupCalls
 
 Operates on `TxMetaData` (pre-built by the pool) rather than full `Tx` objects.
 
+The `AllowedSetupCallsMetaValidator` checks a precomputed boolean flag (`TxMetaData.allowedSetupCalls`) rather than re-running the full `PhasesTxValidator`. This flag is computed by `createCheckAllowedSetupCalls` when the tx first enters the pool (via `addProtectedTxs` or startup hydration), so the pool migration validator can reject txs with disallowed setup calls without needing the full `Tx` object or its dependencies.
+
 ## Individual Validators
 
 | Validator | What it checks | Benchmarked verification duration |
@@ -92,6 +94,7 @@ Operates on `TxMetaData` (pre-built by the pool) rather than full `Tx` objects.
 | `GasTxValidator` | Gas limits are within bounds (delegates to `GasLimitsValidator`), max fee per gas meets current block fees, and fee payer has sufficient FeeJuice balance | 1.02 ms |
 | `GasLimitsValidator` | Gas limits are >= fixed minimums and <= AVM max processable L2 gas. Used standalone in pool migration; also called internally by `GasTxValidator` | 3–10 us |
 | `PhasesTxValidator` | Public function calls in setup phase are on the allow list | 10.12–13.12 us |
+| `AllowedSetupCallsMetaValidator` | Checks the precomputed `allowedSetupCalls` flag on `TxMetaData`. Used in pool migration instead of the full `PhasesTxValidator` | — |
 | `BlockHeaderTxValidator` | Transaction's anchor block hash exists in the archive tree | 98.88 us |
 | `TxProofValidator` | Client proof verifies correctly | ~250ms |
 
@@ -108,6 +111,7 @@ Operates on `TxMetaData` (pre-built by the pool) rather than full `Tx` objects.
 | Gas (balance + limits) | Stage 1 | Optional* | — | Yes | — |
 | GasLimits (standalone) | — | — | — | — | Yes |
 | Phases | Stage 1 | Yes | — | Yes | — |
+| AllowedSetupCalls | — | — | — | — | Yes |
 | BlockHeader | Stage 1 | Yes | — | Yes | Yes |
 | Proof | Stage 2 | Optional** | Yes | — | — |
 

package/src/msg_validators/tx_validator/allowed_public_setup.ts

@@ -1,49 +1,30 @@
-import { TokenContractArtifact } from '@aztec/noir-contracts.js/Token';
 import { ProtocolContractAddress } from '@aztec/protocol-contracts';
-import { FunctionSelector } from '@aztec/stdlib/abi';
-import { getContractClassFromArtifact } from '@aztec/stdlib/contract';
+import { AuthRegistryArtifact } from '@aztec/protocol-contracts/auth-registry';
+import { FeeJuiceArtifact } from '@aztec/protocol-contracts/fee-juice';
 import type { AllowedElement } from '@aztec/stdlib/interfaces/server';
 
+import { buildAllowedElement } from './allowed_setup_helpers.js';
+
 let defaultAllowedSetupFunctions: AllowedElement[] | undefined;
 
 /** Returns the default list of functions allowed to run in the setup phase of a transaction. */
 export async function getDefaultAllowedSetupFunctions(): Promise<AllowedElement[]> {
   if (defaultAllowedSetupFunctions === undefined) {
-    const tokenClassId = (await getContractClassFromArtifact(TokenContractArtifact)).id;
-    const setAuthorizedInternalSelector = await FunctionSelector.fromSignature('_set_authorized((Field),Field,bool)');
-    const setAuthorizedSelector = await FunctionSelector.fromSignature('set_authorized(Field,bool)');
-    const increaseBalanceSelector = await FunctionSelector.fromSignature('_increase_public_balance((Field),u128)');
-    const transferInPublicSelector = await FunctionSelector.fromSignature(
-      'transfer_in_public((Field),(Field),u128,Field)',
-    );
-
-    defaultAllowedSetupFunctions = [
+    defaultAllowedSetupFunctions = await Promise.all([
       // AuthRegistry: needed for authwit support via private path (set_authorized_private enqueues _set_authorized)
-      {
-        address: ProtocolContractAddress.AuthRegistry,
-        selector: setAuthorizedInternalSelector,
-      },
+      buildAllowedElement(AuthRegistryArtifact, { address: ProtocolContractAddress.AuthRegistry }, '_set_authorized', {
+        onlySelf: true,
+        rejectNullMsgSender: true,
+      }),
       // AuthRegistry: needed for authwit support via public path (PublicFeePaymentMethod calls set_authorized directly)
-      {
-        address: ProtocolContractAddress.AuthRegistry,
-        selector: setAuthorizedSelector,
-      },
+      buildAllowedElement(AuthRegistryArtifact, { address: ProtocolContractAddress.AuthRegistry }, 'set_authorized', {
+        rejectNullMsgSender: true,
+      }),
       // FeeJuice: needed for claiming on the same tx as a spend (claim_and_end_setup enqueues this)
-      {
-        address: ProtocolContractAddress.FeeJuice,
-        selector: increaseBalanceSelector,
-      },
-      // Token: needed for private transfers via FPC (transfer_to_public enqueues this)
-      {
-        classId: tokenClassId,
-        selector: increaseBalanceSelector,
-      },
-      // Token: needed for public transfers via FPC (fee_entrypoint_public enqueues this)
-      {
-        classId: tokenClassId,
-        selector: transferInPublicSelector,
-      },
-    ];
+      buildAllowedElement(FeeJuiceArtifact, { address: ProtocolContractAddress.FeeJuice }, '_increase_public_balance', {
+        onlySelf: true,
+      }),
+    ]);
   }
   return defaultAllowedSetupFunctions;
 }

package/src/msg_validators/tx_validator/allowed_setup_helpers.ts

@@ -0,0 +1,31 @@
+import type { Fr } from '@aztec/foundation/curves/bn254';
+import { FunctionSelector, countArgumentsSize, getAllFunctionAbis } from '@aztec/stdlib/abi';
+import type { ContractArtifact } from '@aztec/stdlib/abi';
+import type { AztecAddress } from '@aztec/stdlib/aztec-address';
+import type { AllowedElement } from '@aztec/stdlib/interfaces/server';
+
+/**
+ * Builds an AllowedElement from a contract artifact, deriving both the function selector
+ * and calldata length from the artifact instead of hardcoding signature strings.
+ */
+export async function buildAllowedElement(
+  artifact: ContractArtifact,
+  target: { address: AztecAddress } | { classId: Fr },
+  functionName: string,
+  opts?: { onlySelf?: boolean; rejectNullMsgSender?: boolean },
+): Promise<AllowedElement> {
+  const allFunctions = getAllFunctionAbis(artifact);
+  const fn = allFunctions.find(f => f.name === functionName);
+  if (!fn) {
+    throw new Error(`Unknown function ${functionName} in artifact ${artifact.name}`);
+  }
+  const selector = await FunctionSelector.fromNameAndParameters(fn.name, fn.parameters);
+  const calldataLength = 1 + countArgumentsSize(fn);
+  return {
+    ...target,
+    selector,
+    calldataLength,
+    ...(opts?.onlySelf ? { onlySelf: true } : {}),
+    ...(opts?.rejectNullMsgSender ? { rejectNullMsgSender: true } : {}),
+  } as AllowedElement;
+}

package/src/msg_validators/tx_validator/contract_instance_validator.ts

@@ -0,0 +1,56 @@
+import { type Logger, type LoggerBindings, createLogger } from '@aztec/foundation/log';
+import { ContractInstancePublishedEvent } from '@aztec/protocol-contracts/instance-registry';
+import { computeContractAddressFromInstance } from '@aztec/stdlib/contract';
+import {
+  TX_ERROR_INCORRECT_CONTRACT_ADDRESS,
+  TX_ERROR_MALFORMED_CONTRACT_INSTANCE_LOG,
+  type Tx,
+  type TxValidationResult,
+  type TxValidator,
+} from '@aztec/stdlib/tx';
+
+/** Validates that contract instance deployment logs contain correct addresses. */
+export class ContractInstanceTxValidator implements TxValidator<Tx> {
+  #log: Logger;
+
+  constructor(bindings?: LoggerBindings) {
+    this.#log = createLogger('p2p:tx_validator:contract_instance', bindings);
+  }
+
+  async validateTx(tx: Tx): Promise<TxValidationResult> {
+    const reason = await this.#hasCorrectContractInstanceAddresses(tx);
+    return reason ? { result: 'invalid', reason: [reason] } : { result: 'valid' };
+  }
+
+  async #hasCorrectContractInstanceAddresses(tx: Tx): Promise<string | undefined> {
+    const privateLogs = tx.data.getNonEmptyPrivateLogs();
+    for (const log of privateLogs) {
+      if (!ContractInstancePublishedEvent.isContractInstancePublishedEvent(log)) {
+        continue;
+      }
+
+      let event;
+      try {
+        event = ContractInstancePublishedEvent.fromLog(log);
+      } catch (e) {
+        this.#log.warn(`Rejecting tx ${tx.getTxHash()}: failed to parse contract instance event: ${e}`);
+        return TX_ERROR_MALFORMED_CONTRACT_INSTANCE_LOG;
+      }
+
+      try {
+        const instance = event.toContractInstance();
+        const computedAddress = await computeContractAddressFromInstance(instance);
+        if (!computedAddress.equals(instance.address)) {
+          this.#log.warn(
+            `Rejecting tx ${tx.getTxHash()}: contract instance address mismatch. Claimed ${instance.address}, computed ${computedAddress}`,
+          );
+          return TX_ERROR_INCORRECT_CONTRACT_ADDRESS;
+        }
+      } catch (e) {
+        this.#log.warn(`Rejecting tx ${tx.getTxHash()}: failed to compute contract instance address: ${e}`);
+        return TX_ERROR_MALFORMED_CONTRACT_INSTANCE_LOG;
+      }
+    }
+    return undefined;
+  }
+}

package/src/msg_validators/tx_validator/data_validator.ts

@@ -1,5 +1,7 @@
 import { MAX_FR_CALLDATA_TO_ALL_ENQUEUED_CALLS } from '@aztec/constants';
 import { type Logger, type LoggerBindings, createLogger } from '@aztec/foundation/log';
+import { ContractClassPublishedEvent } from '@aztec/protocol-contracts/class-registry';
+import { computeContractClassId } from '@aztec/stdlib/contract';
 import { computeCalldataHash } from '@aztec/stdlib/hash';
 import {
   TX_ERROR_CALLDATA_COUNT_MISMATCH,
@@ -9,7 +11,9 @@ import {
   TX_ERROR_CONTRACT_CLASS_LOG_LENGTH,
   TX_ERROR_CONTRACT_CLASS_LOG_SORTING,
   TX_ERROR_INCORRECT_CALLDATA,
+  TX_ERROR_INCORRECT_CONTRACT_CLASS_ID,
   TX_ERROR_INCORRECT_HASH,
+  TX_ERROR_MALFORMED_CONTRACT_CLASS_LOG,
   Tx,
   type TxValidationResult,
   type TxValidator,
@@ -26,7 +30,8 @@ export class DataTxValidator implements TxValidator<Tx> {
     const reason =
       (await this.#hasCorrectHash(tx)) ??
       (await this.#hasCorrectCalldata(tx)) ??
-      (await this.#hasCorrectContractClassLogs(tx));
+      (await this.#hasCorrectContractClassLogs(tx)) ??
+      (await this.#hasCorrectContractClassIds(tx));
     return reason ? { result: 'invalid', reason: [reason] } : { result: 'valid' };
   }
 
@@ -127,4 +132,40 @@ export class DataTxValidator implements TxValidator<Tx> {
 
     return undefined;
   }
+
+  async #hasCorrectContractClassIds(tx: Tx): Promise<string | undefined> {
+    const contractClassLogs = tx.getContractClassLogs();
+    for (const log of contractClassLogs) {
+      if (!ContractClassPublishedEvent.isContractClassPublishedEvent(log)) {
+        continue;
+      }
+
+      let event;
+      try {
+        event = ContractClassPublishedEvent.fromLog(log);
+      } catch (e) {
+        this.#log.warn(`Rejecting tx ${tx.getTxHash()}: failed to parse contract class event: ${e}`);
+        return TX_ERROR_MALFORMED_CONTRACT_CLASS_LOG;
+      }
+
+      try {
+        const { publicBytecodeCommitment } = await event.toContractClassPublicWithBytecodeCommitment();
+        const computedClassId = await computeContractClassId({
+          artifactHash: event.artifactHash,
+          privateFunctionsRoot: event.privateFunctionsRoot,
+          publicBytecodeCommitment,
+        });
+        if (!computedClassId.equals(event.contractClassId)) {
+          this.#log.warn(
+            `Rejecting tx ${tx.getTxHash()}: contract class id mismatch. Claimed ${event.contractClassId}, computed ${computedClassId}`,
+          );
+          return TX_ERROR_INCORRECT_CONTRACT_CLASS_ID;
+        }
+      } catch (e) {
+        this.#log.warn(`Rejecting tx ${tx.getTxHash()}: failed to compute contract class id: ${e}`);
+        return TX_ERROR_MALFORMED_CONTRACT_CLASS_LOG;
+      }
+    }
+    return undefined;
+  }
 }

package/src/msg_validators/tx_validator/factory.ts

@@ -53,12 +53,13 @@ import type { TxMetaData } from '../../mem_pools/tx_pool_v2/tx_metadata.js';
 import { AggregateTxValidator } from './aggregate_tx_validator.js';
 import { ArchiveCache } from './archive_cache.js';
 import { type ArchiveSource, BlockHeaderTxValidator } from './block_header_validator.js';
+import { ContractInstanceTxValidator } from './contract_instance_validator.js';
 import { DataTxValidator } from './data_validator.js';
 import { DoubleSpendTxValidator, type NullifierSource } from './double_spend_validator.js';
 import { GasLimitsValidator, GasTxValidator } from './gas_validator.js';
 import { MetadataTxValidator } from './metadata_validator.js';
 import { NullifierCache } from './nullifier_cache.js';
-import { PhasesTxValidator } from './phases_validator.js';
+import { AllowedSetupCallsMetaValidator, PhasesTxValidator } from './phases_validator.js';
 import { SizeTxValidator } from './size_validator.js';
 import { TimestampTxValidator } from './timestamp_validator.js';
 import { TxPermittedValidator } from './tx_permitted_validator.js';
@@ -97,6 +98,7 @@ export function createFirstStageTxValidationsForGossipedTransactions(
   txsPermitted: boolean,
   allowedInSetup: AllowedElement[] = [],
   bindings?: LoggerBindings,
+  gasLimitOpts?: { rollupManaLimit?: number; maxBlockL2Gas?: number; maxBlockDAGas?: number },
 ): Record<string, TransactionValidator> {
   const merkleTree = worldStateSynchronizer.getCommitted();
 
@@ -158,6 +160,7 @@ export function createFirstStageTxValidationsForGossipedTransactions(
         ProtocolContractAddress.FeeJuice,
         gasFees,
         bindings,
+        gasLimitOpts,
       ),
       severity: PeerErrorSeverity.MidToleranceError,
     },
@@ -165,6 +168,10 @@ export function createFirstStageTxValidationsForGossipedTransactions(
       validator: new DataTxValidator(bindings),
       severity: PeerErrorSeverity.MidToleranceError,
     },
+    contractInstanceValidator: {
+      validator: new ContractInstanceTxValidator(bindings),
+      severity: PeerErrorSeverity.MidToleranceError,
+    },
   };
 }
 
@@ -216,6 +223,7 @@ function createTxValidatorForMinimumTxIntegrityChecks(
     ),
     new SizeTxValidator(bindings),
     new DataTxValidator(bindings),
+    new ContractInstanceTxValidator(bindings),
     new TxProofValidator(verifier, bindings),
   );
 }
@@ -278,6 +286,9 @@ export function createTxValidatorForAcceptingTxsOverRPC(
     timestamp,
     blockNumber,
     txsPermitted,
+    rollupManaLimit,
+    maxBlockL2Gas,
+    maxBlockDAGas,
   }: {
     l1ChainId: number;
     rollupVersion: number;
@@ -287,6 +298,9 @@ export function createTxValidatorForAcceptingTxsOverRPC(
     timestamp: UInt64;
     blockNumber: BlockNumber;
     txsPermitted: boolean;
+    rollupManaLimit: number;
+    maxBlockL2Gas?: number;
+    maxBlockDAGas?: number;
   },
   bindings?: LoggerBindings,
 ): TxValidator<Tx> {
@@ -313,11 +327,16 @@ export function createTxValidatorForAcceptingTxsOverRPC(
     new BlockHeaderTxValidator(new ArchiveCache(db), bindings),
     new DoubleSpendTxValidator(new NullifierCache(db), bindings),
     new DataTxValidator(bindings),
+    new ContractInstanceTxValidator(bindings),
   ];
 
   if (!skipFeeEnforcement) {
     validators.push(
-      new GasTxValidator(new DatabasePublicStateSource(db), ProtocolContractAddress.FeeJuice, gasFees, bindings),
+      new GasTxValidator(new DatabasePublicStateSource(db), ProtocolContractAddress.FeeJuice, gasFees, bindings, {
+        rollupManaLimit,
+        maxBlockL2Gas,
+        maxBlockDAGas,
+      }),
     );
   }
 
@@ -403,6 +422,7 @@ export async function createTxValidatorForTransactionsEnteringPendingTxPool(
   worldStateSynchronizer: WorldStateSynchronizer,
   timestamp: bigint,
   blockNumber: BlockNumber,
+  gasLimitOpts: { rollupManaLimit?: number; maxBlockL2Gas?: number; maxBlockDAGas?: number },
   bindings?: LoggerBindings,
 ): Promise<TxValidator<TxMetaData>> {
   await worldStateSynchronizer.syncImmediate();
@@ -419,9 +439,29 @@ export async function createTxValidatorForTransactionsEnteringPendingTxPool(
     },
   };
   return new AggregateTxValidator<TxMetaData>(
-    new GasLimitsValidator<TxMetaData>(bindings),
+    new GasLimitsValidator<TxMetaData>({ ...gasLimitOpts, bindings }),
     new TimestampTxValidator<TxMetaData>({ timestamp, blockNumber }, bindings),
     new DoubleSpendTxValidator<TxMetaData>(nullifierSource, bindings),
     new BlockHeaderTxValidator<TxMetaData>(archiveSource, bindings),
+    new AllowedSetupCallsMetaValidator<TxMetaData>(bindings),
   );
 }
+
+/**
+ * Creates a function that checks whether a tx's setup-phase calls are on the allow list.
+ *
+ * Uses the `PhasesTxValidator` on the full Tx. The result is stored as a boolean
+ * flag in `TxMetaData.allowedSetupCalls` at receipt time, so the pending pool
+ * migration validator can check it without needing the full Tx or its dependencies.
+ */
+export function createCheckAllowedSetupCalls(
+  contractDataSource: ContractDataSource,
+  setupAllowList: AllowedElement[],
+  getTimestamp: () => UInt64,
+): (tx: Tx) => Promise<boolean> {
+  return async (tx: Tx) => {
+    const validator = new PhasesTxValidator(contractDataSource, setupAllowList, getTimestamp());
+    const result = await validator.validateTx(tx);
+    return result.result === 'valid';
+  };
+}

package/src/msg_validators/tx_validator/fee_payer_balance.ts

@@ -1,5 +1,6 @@
+import { FeeJuiceArtifact } from '@aztec/protocol-contracts/fee-juice';
 import { getCallRequestsWithCalldataByPhase } from '@aztec/simulator/server';
-import { FunctionSelector } from '@aztec/stdlib/abi';
+import { FunctionSelector, getAllFunctionAbis } from '@aztec/stdlib/abi';
 import type { AztecAddress } from '@aztec/stdlib/aztec-address';
 import { type Tx, TxExecutionPhase } from '@aztec/stdlib/tx';
 
@@ -8,7 +9,10 @@ export type FeePayerBalanceDelta = {
   claimAmount: bigint;
 };
 
-const increasePublicBalanceSelectorPromise = FunctionSelector.fromSignature('_increase_public_balance((Field),u128)');
+const increasePublicBalanceSelectorPromise = (() => {
+  const fn = getAllFunctionAbis(FeeJuiceArtifact).find(f => f.name === '_increase_public_balance')!;
+  return FunctionSelector.fromNameAndParameters(fn.name, fn.parameters);
+})();
 
 export function getTxFeeLimit(tx: Tx): bigint {
   return tx.data.constants.txContext.gasSettings.getFeeLimit().toBigInt();