@aztec/p2p 0.0.1-commit.fcb71a6 → 0.0.1-commit.fffb133c

package/src/mem_pools/tx_pool/eviction/fee_payer_balance_eviction_rule.ts

@@ -0,0 +1,162 @@
+import { createLogger } from '@aztec/foundation/log';
+import { ProtocolContractAddress } from '@aztec/protocol-contracts';
+import { computeFeePayerBalanceStorageSlot } from '@aztec/protocol-contracts/fee-juice';
+import type { AztecAddress } from '@aztec/stdlib/aztec-address';
+import type { WorldStateSynchronizer } from '@aztec/stdlib/interfaces/server';
+import { DatabasePublicStateSource, type MerkleTreeReadOperations } from '@aztec/stdlib/trees';
+import type { TxHash } from '@aztec/stdlib/tx';
+
+import type { TxPoolOptions } from '../tx_pool.js';
+import {
+  type EvictionContext,
+  EvictionEvent,
+  type EvictionResult,
+  type EvictionRule,
+  type FeePayerTxInfo,
+  type TxPoolOperations,
+} from './eviction_strategy.js';
+
+export class FeePayerBalanceEvictionRule implements EvictionRule {
+  public readonly name = 'FeePayerBalanceEviction';
+  public readonly reason = 'fee_payer_balance';
+
+  private log = createLogger('p2p:mempool:tx_pool:fee_payer_balance_eviction_rule');
+
+  constructor(private worldState: WorldStateSynchronizer) {}
+
+  async evict(context: EvictionContext, txPool: TxPoolOperations): Promise<EvictionResult> {
+    try {
+      if (context.event === EvictionEvent.TXS_ADDED) {
+        return await this.evictForFeePayers(context.feePayers, this.worldState.getCommitted(), txPool);
+      }
+
+      if (context.event === EvictionEvent.BLOCK_MINED) {
+        const blockNumber = context.block.getBlockNumber();
+        // Ensure world state is synced to this block before accessing the snapshot.
+        // This handles the race where a block is added to the archiver
+        // but the world state hasn't synced it yet.
+        await this.worldState.syncImmediate(blockNumber);
+        return await this.evictForFeePayers(context.feePayers, this.worldState.getSnapshot(blockNumber), txPool);
+      }
+
+      // TODO: fix this edge-case
+      // This can lead to a race condition if we are catching up in the p2p client.
+      // Let's say we have 3 txs for the same fee payer, which get mined in blocks 1, 2, 3.
+      // Tx1 consumes fee juice, tx2 increases it, tx3 consumes it again. We see block1 with tx1 first, run this rule, and evict tx3.
+      // But tx3 was valid (due to tx2) and mined on block3. And we have just removed from the mempool a tx we needed for proving/reexec.
+      //
+      // NOTE: this will happen only in case of that lower-priority-fee tx entered in e.g. block 2, and we have higher-priority-fee tx in block 3
+      // (simply because that was the timing of these txs). But, in case of higher-priority-fee txs being in block 2, the tx3 won't be evicted
+      // -----
+      // Proposed fix: evict only if node is synched
+      if (context.event === EvictionEvent.CHAIN_PRUNED) {
+        // Ensure world state is synced to this block before accessing the snapshot.
+        await this.worldState.syncImmediate(context.blockNumber);
+        const feePayers = await txPool.getPendingFeePayers();
+        return await this.evictForFeePayers(feePayers, this.worldState.getSnapshot(context.blockNumber), txPool);
+      }
+
+      return {
+        reason: this.reason,
+        success: true,
+        txsEvicted: [],
+      };
+    } catch (err) {
+      this.log.error('Failed to evict txs due to fee payer balance', { err });
+      return {
+        reason: this.reason,
+        success: false,
+        txsEvicted: [],
+        error: new Error('Failed to evict txs due to fee payer balance', { cause: err }),
+      };
+    }
+  }
+
+  updateConfig(_config: TxPoolOptions): void {}
+
+  private async evictForFeePayers(
+    feePayers: Array<AztecAddress>, // assumed to be unique
+    db: MerkleTreeReadOperations,
+    txPool: TxPoolOperations,
+  ): Promise<EvictionResult> {
+    const publicStateSource = this.createPublicStateSource(db);
+
+    const txsToEvict = (
+      await Promise.all(feePayers.map(feePayer => this.getEvictionsForFeePayer(feePayer, publicStateSource, txPool)))
+    ).flat();
+
+    if (txsToEvict.length > 0) {
+      await txPool.deleteTxs(txsToEvict);
+    }
+
+    return {
+      reason: this.reason,
+      success: true,
+      txsEvicted: txsToEvict,
+    };
+  }
+
+  private async getEvictionsForFeePayer(
+    feePayer: AztecAddress,
+    publicStateSource: DatabasePublicStateSource,
+    txPool: TxPoolOperations,
+  ): Promise<TxHash[]> {
+    const initialBalance = (
+      await publicStateSource.storageRead(
+        ProtocolContractAddress.FeeJuice,
+        //TODO: cache this LRU-style
+        await computeFeePayerBalanceStorageSlot(feePayer),
+      )
+    ).toBigInt();
+
+    const txs: FeePayerTxInfo[] = [];
+    for await (const entry of txPool.getFeePayerTxInfos(feePayer)) {
+      txs.push(entry);
+    }
+
+    if (txs.length === 0) {
+      return [];
+    }
+
+    const txsToEvict: TxHash[] = [];
+    let balance = initialBalance;
+    let hasNonEvictableOverBalance = false;
+
+    // Evaluate balance in priority order so later claims cannot fund earlier spends.
+    // This sorts so that higher priority txs come first.
+    txs.sort((a, b) => {
+      if (a.priority === b.priority) {
+        return a.txHash.toBigInt() >= b.txHash.toBigInt() ? -1 : 1;
+      }
+
+      return a.priority > b.priority ? -1 : 1;
+    });
+
+    for (const tx of txs) {
+      const available = balance + tx.claimAmount;
+      if (available >= tx.feeLimit) {
+        balance = available - tx.feeLimit;
+        continue;
+      }
+
+      if (tx.isEvictable) {
+        txsToEvict.push(tx.txHash);
+      } else {
+        hasNonEvictableOverBalance = true;
+      }
+    }
+
+    if (hasNonEvictableOverBalance) {
+      this.log.verbose('Fee payer balance cannot be satisfied due to non-evictable txs', {
+        feePayer: feePayer.toString(),
+        balance: initialBalance,
+      });
+    }
+
+    return txsToEvict;
+  }
+
+  private createPublicStateSource(db: MerkleTreeReadOperations): DatabasePublicStateSource {
+    return new DatabasePublicStateSource(db);
+  }
+}

package/src/mem_pools/tx_pool/eviction/invalid_txs_after_reorg_rule.ts

@@ -1,7 +1,7 @@
 import { findIndexInSortedArray, insertIntoSortedArray } from '@aztec/foundation/array';
 import { Fr } from '@aztec/foundation/curves/bn254';
 import { createLogger } from '@aztec/foundation/log';
-import type { ReadonlyWorldStateAccess } from '@aztec/stdlib/interfaces/server';
+import type { WorldStateSynchronizer } from '@aztec/stdlib/interfaces/server';
 import { MerkleTreeId } from '@aztec/stdlib/trees';
 import type { TxHash } from '@aztec/stdlib/tx';
 
@@ -26,7 +26,7 @@ export class InvalidTxsAfterReorgRule implements EvictionRule {
 
   private log = createLogger('p2p:mempool:tx_pool:invalid_txs_after_reorg_rule');
 
-  public constructor(private worldState: ReadonlyWorldStateAccess) {}
+  public constructor(private worldState: WorldStateSynchronizer) {}
 
   async evict(context: EvictionContext, txPool: TxPoolOperations): Promise<EvictionResult> {
     if (context.event !== EvictionEvent.CHAIN_PRUNED) {
@@ -46,6 +46,8 @@ export class InvalidTxsAfterReorgRule implements EvictionRule {
         insertIntoSortedArray(uniqueBlockHashes, blockHash, Fr.cmp, false);
       });
 
+      // Ensure world state is synced to this block before accessing the snapshot.
+      await this.worldState.syncImmediate(context.blockNumber);
       const db = this.worldState.getSnapshot(context.blockNumber);
       const blocksFromDb = await db.findLeafIndices(MerkleTreeId.ARCHIVE, uniqueBlockHashes);
 

package/src/mem_pools/tx_pool/eviction/nullifier_conflict_pre_add_rule.ts

@@ -0,0 +1,75 @@
+import { findIndexInSortedArray, insertIntoSortedArray } from '@aztec/foundation/array';
+import { Fr } from '@aztec/foundation/curves/bn254';
+import { createLogger } from '@aztec/foundation/log';
+import { type Tx, TxHash } from '@aztec/stdlib/tx';
+
+import type { PreAddEvictionResult, PreAddEvictionRule, PreAddPoolAccess } from './eviction_strategy.js';
+
+const cmpTxHash = (a: TxHash, b: TxHash) => Fr.cmp(a.hash, b.hash);
+
+/**
+ * Pre-add eviction rule that checks for nullifier conflicts between incoming and existing transactions.
+ *
+ * When an incoming tx shares nullifiers with existing pending txs:
+ * - If the incoming tx has strictly higher priority fee, evict all conflicting txs
+ * - If any conflicting tx has equal or higher priority fee, reject the incoming tx
+ *
+ * This prevents nullifier spam attacks where an attacker floods the mempool with
+ * transactions spending the same nullifiers.
+ */
+export class NullifierConflictPreAddRule implements PreAddEvictionRule {
+  public readonly name = 'NullifierConflictPreAdd';
+
+  private log = createLogger('p2p:mempool:tx_pool:nullifier_conflict_pre_add_rule');
+
+  /**
+   * Check if the incoming transaction conflicts with existing transactions via nullifiers.
+   *
+   * @param tx - The incoming transaction
+   * @param poolAccess - Read-only access to pool state
+   * @returns Result with rejection status and txs to evict
+   */
+  async check(tx: Tx, poolAccess: PreAddPoolAccess): Promise<PreAddEvictionResult> {
+    const txHash = tx.getTxHash();
+    const nullifiers = tx.data.getNonEmptyNullifiers();
+    const txHashesToEvict: TxHash[] = [];
+    const incomingPriority = poolAccess.getTxPriority(tx);
+
+    for (const nullifier of nullifiers) {
+      const conflictingHash = await poolAccess.getTxHashByNullifier(nullifier);
+
+      if (
+        !conflictingHash ||
+        conflictingHash.equals(txHash) ||
+        findIndexInSortedArray(txHashesToEvict, conflictingHash, cmpTxHash) !== -1
+      ) {
+        continue;
+      }
+
+      // Get the conflicting tx's priority
+      const conflictingTx = await poolAccess.getPendingTxByHash(conflictingHash);
+      if (!conflictingTx) {
+        continue;
+      }
+
+      const conflictingPriority = poolAccess.getTxPriority(conflictingTx);
+
+      // If incoming tx has strictly higher priority, mark for eviction
+      // Otherwise, reject incoming tx (ties go to existing tx)
+      if (incomingPriority > conflictingPriority) {
+        insertIntoSortedArray(txHashesToEvict, conflictingHash, cmpTxHash);
+      } else {
+        this.log.debug(
+          `Rejecting tx ${txHash.toString()}: nullifier conflict with ${conflictingHash.toString()} which has higher or equal fee`,
+        );
+        return {
+          shouldReject: true,
+          txHashesToEvict: [],
+          reason: `nullifier conflict with ${conflictingHash.toString()}`,
+        };
+      }
+    }
+
+    return { shouldReject: false, txHashesToEvict };
+  }
+}

package/src/msg_validators/attestation_validator/attestation_validator.ts

@@ -1,67 +1,82 @@
 import type { EpochCacheInterface } from '@aztec/epoch-cache';
 import { NoCommitteeError } from '@aztec/ethereum/contracts';
 import { type Logger, createLogger } from '@aztec/foundation/log';
-import { type BlockAttestation, type P2PValidator, PeerErrorSeverity } from '@aztec/stdlib/p2p';
+import {
+  type CheckpointAttestation,
+  type P2PValidator,
+  PeerErrorSeverity,
+  type ValidationResult,
+} from '@aztec/stdlib/p2p';
 
-export class AttestationValidator implements P2PValidator<BlockAttestation> {
+import { isWithinClockTolerance } from '../clock_tolerance.js';
+
+export class CheckpointAttestationValidator implements P2PValidator<CheckpointAttestation> {
   protected epochCache: EpochCacheInterface;
   protected logger: Logger;
 
   constructor(epochCache: EpochCacheInterface) {
     this.epochCache = epochCache;
-    this.logger = createLogger('p2p:attestation-validator');
+    this.logger = createLogger('p2p:checkpoint-attestation-validator');
   }
 
-  async validate(message: BlockAttestation): Promise<PeerErrorSeverity | undefined> {
+  async validate(message: CheckpointAttestation): Promise<ValidationResult> {
     const slotNumber = message.payload.header.slotNumber;
 
     try {
-      const { currentProposer, nextProposer, currentSlot, nextSlot } =
-        await this.epochCache.getProposerAttesterAddressInCurrentOrNextSlot();
+      const { currentSlot, nextSlot } = this.epochCache.getCurrentAndNextSlot();
 
       if (slotNumber !== currentSlot && slotNumber !== nextSlot) {
-        this.logger.warn(`Attestation slot ${slotNumber} is not current (${currentSlot}) or next (${nextSlot}) slot`);
-        return PeerErrorSeverity.HighToleranceError;
+        // Check if message is for previous slot and within clock tolerance
+        if (!isWithinClockTolerance(slotNumber, currentSlot, this.epochCache)) {
+          this.logger.warn(
+            `Checkpoint attestation slot ${slotNumber} is not current (${currentSlot}) or next (${nextSlot}) slot`,
+          );
+          return { result: 'reject', severity: PeerErrorSeverity.HighToleranceError };
+        }
+        this.logger.debug(`Ignoring checkpoint attestation for previous slot ${slotNumber} within clock tolerance`);
+        return { result: 'ignore' };
       }
 
       // Verify the signature is valid
       const attester = message.getSender();
       if (attester === undefined) {
-        this.logger.warn(`Invalid signature in attestation for slot ${slotNumber}`);
-        return PeerErrorSeverity.LowToleranceError;
+        this.logger.warn(`Invalid signature in checkpoint attestation for slot ${slotNumber}`);
+        return { result: 'reject', severity: PeerErrorSeverity.LowToleranceError };
       }
 
       // Verify the attester is in the committee for this slot
       if (!(await this.epochCache.isInCommittee(slotNumber, attester))) {
         this.logger.warn(`Attester ${attester.toString()} is not in committee for slot ${slotNumber}`);
-        return PeerErrorSeverity.HighToleranceError;
+        return { result: 'reject', severity: PeerErrorSeverity.HighToleranceError };
       }
 
-      // Verify the proposer signature matches the expected proposer for this slot
+      // Verify the proposer signature matches the expected proposer for the attestation's slot
+      // We look up the proposer for the specific slot rather than using currentSlot/nextSlot
+      // since timing differences could cause mismatches
       const proposer = message.getProposer();
-      const expectedProposer = slotNumber === currentSlot ? currentProposer : nextProposer;
+      const expectedProposer = await this.epochCache.getProposerAttesterAddressInSlot(slotNumber);
       if (!expectedProposer) {
         this.logger.warn(`No proposer defined for slot ${slotNumber}`);
-        return PeerErrorSeverity.HighToleranceError;
+        return { result: 'reject', severity: PeerErrorSeverity.HighToleranceError };
       }
       if (!proposer) {
-        this.logger.warn(`Invalid proposer signature in attestation for slot ${slotNumber}`);
-        return PeerErrorSeverity.LowToleranceError;
+        this.logger.warn(`Invalid proposer signature in checkpoint attestation for slot ${slotNumber}`);
+        return { result: 'reject', severity: PeerErrorSeverity.LowToleranceError };
       }
       if (!proposer.equals(expectedProposer)) {
         this.logger.warn(
-          `Proposer signature mismatch in attestation. ` +
+          `Proposer signature mismatch in checkpoint attestation. ` +
             `Expected ${expectedProposer?.toString() ?? 'none'} but got ${proposer.toString()} for slot ${slotNumber}`,
         );
-        return PeerErrorSeverity.HighToleranceError;
+        return { result: 'reject', severity: PeerErrorSeverity.HighToleranceError };
       }
 
-      return undefined;
+      return { result: 'accept' };
     } catch (e) {
       // People shouldn't be sending us attestations if the committee doesn't exist
       if (e instanceof NoCommitteeError) {
-        this.logger.warn(`No committee exists for attestation for slot ${slotNumber}`);
-        return PeerErrorSeverity.LowToleranceError;
+        this.logger.warn(`No committee exists for checkpoint attestation for slot ${slotNumber}`);
+        return { result: 'reject', severity: PeerErrorSeverity.LowToleranceError };
       }
       throw e;
     }

package/src/msg_validators/attestation_validator/fisherman_attestation_validator.ts

@@ -1,9 +1,9 @@
 import type { EpochCacheInterface } from '@aztec/epoch-cache';
-import { type BlockAttestation, PeerErrorSeverity } from '@aztec/stdlib/p2p';
-import { Attributes, Metrics, type TelemetryClient, ValueType } from '@aztec/telemetry-client';
+import { type CheckpointAttestation, PeerErrorSeverity, type ValidationResult } from '@aztec/stdlib/p2p';
+import { Attributes, Metrics, type TelemetryClient } from '@aztec/telemetry-client';
 
 import type { AttestationPool } from '../../mem_pools/attestation_pool/attestation_pool.js';
-import { AttestationValidator } from './attestation_validator.js';
+import { CheckpointAttestationValidator } from './attestation_validator.js';
 
 /**
  * FishermanAttestationValidator extends the base AttestationValidator to add
@@ -13,7 +13,7 @@ import { AttestationValidator } from './attestation_validator.js';
  * handled by LibP2PService based on the fishermanMode config to ensure a better
  * view of the network.
  */
-export class FishermanAttestationValidator extends AttestationValidator {
+export class FishermanAttestationValidator extends CheckpointAttestationValidator {
   private invalidAttestationCounter;
 
   constructor(
@@ -25,16 +25,13 @@ export class FishermanAttestationValidator extends AttestationValidator {
     this.logger = this.logger.createChild('[FISHERMAN]');
 
     const meter = telemetryClient.getMeter('FishermanAttestationValidator');
-    this.invalidAttestationCounter = meter.createUpDownCounter(Metrics.VALIDATOR_INVALID_ATTESTATION_RECEIVED_COUNT, {
-      description: 'The number of invalid attestations received',
-      valueType: ValueType.INT,
-    });
+    this.invalidAttestationCounter = meter.createUpDownCounter(Metrics.VALIDATOR_INVALID_ATTESTATION_RECEIVED_COUNT);
   }
 
-  override async validate(message: BlockAttestation): Promise<PeerErrorSeverity | undefined> {
+  override async validate(message: CheckpointAttestation): Promise<ValidationResult> {
     // First run the standard validation
     const baseValidationResult = await super.validate(message);
-    if (baseValidationResult !== undefined) {
+    if (baseValidationResult.result !== 'accept') {
       // Track base validation failures (invalid signature, wrong committee, etc.)
       this.invalidAttestationCounter.add(1, {
         [Attributes.ERROR_TYPE]: 'base_validation_failed',
@@ -48,15 +45,15 @@ export class FishermanAttestationValidator extends AttestationValidator {
     const proposer = message.getProposer();
 
     if (!attester || !proposer) {
-      return undefined;
+      return { result: 'accept' };
     }
 
     const proposalId = message.archive.toString();
-    const proposal = await this.attestationPool.getBlockProposal(proposalId);
+    const proposal = await this.attestationPool.getCheckpointProposal(proposalId);
 
     if (proposal) {
       // Compare the attestation payload with the proposal payload
-      if (!message.payload.equals(proposal.payload)) {
+      if (!message.payload.equals(proposal)) {
         this.logger.error(
           `Attestation payload mismatch for slot ${slotNumberBigInt}! ` +
             `Attester ${attester.toString()} signed different data than the proposal.`,
@@ -66,7 +63,7 @@ export class FishermanAttestationValidator extends AttestationValidator {
             proposer: proposer.toString(),
             proposalArchive: proposal.archive.toString(),
             attestationArchive: message.archive.toString(),
-            proposalHeader: proposal.payload.header.hash().toString(),
+            proposalHeader: proposal.checkpointHeader.hash().toString(),
             attestationHeader: message.payload.header.hash().toString(),
           },
         );
@@ -77,7 +74,7 @@ export class FishermanAttestationValidator extends AttestationValidator {
         });
 
         // Return error to reject the message, but LibP2PService won't penalize in fisherman mode
-        return PeerErrorSeverity.LowToleranceError;
+        return { result: 'reject', severity: PeerErrorSeverity.LowToleranceError };
       }
     } else {
       // We might receive attestations before proposals in some cases
@@ -86,6 +83,6 @@ export class FishermanAttestationValidator extends AttestationValidator {
       );
     }
 
-    return undefined;
+    return { result: 'accept' };
   }
 }

package/src/msg_validators/clock_tolerance.ts

@@ -0,0 +1,51 @@
+import type { EpochCacheInterface } from '@aztec/epoch-cache';
+import { SlotNumber } from '@aztec/foundation/branded-types';
+
+/**
+ * Maximum clock disparity tolerance for P2P message validation (in milliseconds).
+ * Messages for the previous slot are accepted if we're within this many milliseconds
+ * of the current slot start. This prevents penalizing peers for messages that
+ * were valid when sent but arrived slightly late due to network latency.
+ *
+ * This follows Ethereum's MAXIMUM_GOSSIP_CLOCK_DISPARITY approach.
+ */
+export const MAXIMUM_GOSSIP_CLOCK_DISPARITY_MS = 500;
+
+/**
+ * Checks if a message for the previous slot should be accepted due to clock tolerance.
+ *
+ * @param messageSlot - The slot number from the received message
+ * @param currentSlot - The current slot number
+ * @param epochCache - EpochCache to get timing information
+ * @returns true if the message is for the previous slot AND we're within the clock tolerance window
+ */
+export function isWithinClockTolerance(
+  messageSlot: SlotNumber,
+  currentSlot: SlotNumber,
+  epochCache: EpochCacheInterface,
+): boolean {
+  // Guard against slot 0 edge case (genesis)
+  if (currentSlot === SlotNumber.ZERO) {
+    return false;
+  }
+
+  // Only apply tolerance to messages for the previous slot
+  const previousSlot = SlotNumber(currentSlot - 1);
+  if (messageSlot !== previousSlot) {
+    return false;
+  }
+
+  // Check how far we are into the current slot (in milliseconds)
+  const { ts: slotStartTs, nowMs, slot } = epochCache.getEpochAndSlotNow();
+
+  // Sanity check: ensure the epoch cache's current slot matches the expected current slot
+  if (slot !== currentSlot) {
+    return false;
+  }
+
+  // ts is in seconds, convert to ms; nowMs is already in milliseconds
+  const slotStartMs = slotStartTs * 1000n;
+  const elapsedMs = Number(nowMs - slotStartMs);
+
+  return elapsedMs < MAXIMUM_GOSSIP_CLOCK_DISPARITY_MS;
+}

package/src/msg_validators/index.ts

@@ -1,3 +1,3 @@
 export * from './tx_validator/index.js';
-export * from './block_proposal_validator/index.js';
+export * from './proposal_validator/index.js';
 export * from './attestation_validator/index.js';

package/src/msg_validators/proposal_validator/block_proposal_validator.ts

@@ -0,0 +1,10 @@
+import type { EpochCacheInterface } from '@aztec/epoch-cache';
+import type { BlockProposal, P2PValidator } from '@aztec/stdlib/p2p';
+
+import { ProposalValidator } from '../proposal_validator/proposal_validator.js';
+
+export class BlockProposalValidator extends ProposalValidator<BlockProposal> implements P2PValidator<BlockProposal> {
+  constructor(epochCache: EpochCacheInterface, opts: { txsPermitted: boolean }) {
+    super(epochCache, opts, 'p2p:block_proposal_validator');
+  }
+}

package/src/msg_validators/proposal_validator/checkpoint_proposal_validator.ts

@@ -0,0 +1,13 @@
+import type { EpochCacheInterface } from '@aztec/epoch-cache';
+import type { CheckpointProposal, P2PValidator } from '@aztec/stdlib/p2p';
+
+import { ProposalValidator } from '../proposal_validator/proposal_validator.js';
+
+export class CheckpointProposalValidator
+  extends ProposalValidator<CheckpointProposal>
+  implements P2PValidator<CheckpointProposal>
+{
+  constructor(epochCache: EpochCacheInterface, opts: { txsPermitted: boolean }) {
+    super(epochCache, opts, 'p2p:checkpoint_proposal_validator');
+  }
+}

package/src/msg_validators/proposal_validator/index.ts

@@ -0,0 +1,3 @@
+export * from './block_proposal_validator.js';
+export * from './checkpoint_proposal_validator.js';
+export * from './proposal_validator.js';

package/src/msg_validators/proposal_validator/proposal_validator.ts

@@ -0,0 +1,92 @@
+import type { EpochCacheInterface } from '@aztec/epoch-cache';
+import { NoCommitteeError } from '@aztec/ethereum/contracts';
+import { type Logger, createLogger } from '@aztec/foundation/log';
+import { BlockProposal, CheckpointProposal, PeerErrorSeverity, type ValidationResult } from '@aztec/stdlib/p2p';
+
+import { isWithinClockTolerance } from '../clock_tolerance.js';
+
+export abstract class ProposalValidator<TProposal extends BlockProposal | CheckpointProposal> {
+  protected epochCache: EpochCacheInterface;
+  protected logger: Logger;
+  protected txsPermitted: boolean;
+
+  constructor(epochCache: EpochCacheInterface, opts: { txsPermitted: boolean }, loggerName: string) {
+    this.epochCache = epochCache;
+    this.txsPermitted = opts.txsPermitted;
+    this.logger = createLogger(loggerName);
+  }
+
+  public async validate(proposal: TProposal): Promise<ValidationResult> {
+    try {
+      // Slot check
+      const { currentSlot, nextSlot } = this.epochCache.getCurrentAndNextSlot();
+      const slotNumber = proposal.slotNumber;
+      if (slotNumber !== currentSlot && slotNumber !== nextSlot) {
+        // Check if message is for previous slot and within clock tolerance
+        if (!isWithinClockTolerance(slotNumber, currentSlot, this.epochCache)) {
+          this.logger.debug(`Penalizing peer for invalid slot number ${slotNumber}`, { currentSlot, nextSlot });
+          return { result: 'reject', severity: PeerErrorSeverity.HighToleranceError };
+        }
+        this.logger.debug(`Ignoring proposal for previous slot ${slotNumber} within clock tolerance`);
+        return { result: 'ignore' };
+      }
+
+      // Signature validity
+      const proposer = proposal.getSender();
+      if (!proposer) {
+        this.logger.debug(`Penalizing peer for proposal with invalid signature`);
+        return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
+      }
+
+      // Transactions permitted check
+      const embeddedTxCount = proposal.txs?.length ?? 0;
+      if (!this.txsPermitted && (proposal.txHashes.length > 0 || embeddedTxCount > 0)) {
+        this.logger.debug(
+          `Penalizing peer for proposal with ${proposal.txHashes.length} transaction(s) when transactions are not permitted`,
+        );
+        return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
+      }
+
+      // Embedded txs must be listed in txHashes
+      const hashSet = new Set(proposal.txHashes.map(h => h.toString()));
+      const missingTxHashes =
+        embeddedTxCount > 0
+          ? proposal.txs!.filter(tx => !hashSet.has(tx.getTxHash().toString())).map(tx => tx.getTxHash().toString())
+          : [];
+      if (embeddedTxCount > 0 && missingTxHashes.length > 0) {
+        this.logger.warn('Penalizing peer for embedded transaction(s) not included in txHashes', {
+          embeddedTxCount,
+          txHashesLength: proposal.txHashes.length,
+          missingTxHashes,
+        });
+        return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
+      }
+
+      // Proposer check
+      const expectedProposer = await this.epochCache.getProposerAttesterAddressInSlot(slotNumber);
+      if (expectedProposer !== undefined && !proposer.equals(expectedProposer)) {
+        this.logger.debug(`Penalizing peer for invalid proposer for current slot ${slotNumber}`, {
+          expectedProposer,
+          proposer: proposer.toString(),
+        });
+        return { result: 'reject', severity: PeerErrorSeverity.MidToleranceError };
+      }
+
+      // Validate tx hashes for all txs embedded in the proposal
+      if (!(await Promise.all(proposal.txs?.map(tx => tx.validateTxHash()) ?? [])).every(v => v)) {
+        this.logger.warn(`Penalizing peer for invalid tx hashes in proposal`, {
+          proposer,
+          slotNumber,
+        });
+        return { result: 'reject', severity: PeerErrorSeverity.LowToleranceError };
+      }
+
+      return { result: 'accept' };
+    } catch (e) {
+      if (e instanceof NoCommitteeError) {
+        return { result: 'reject', severity: PeerErrorSeverity.LowToleranceError };
+      }
+      throw e;
+    }
+  }
+}