@aztec/p2p 0.0.1-commit.ff7989d6c → 0.0.1-commit.fff30aa

package/src/services/libp2p/libp2p_service.ts

@@ -1,5 +1,6 @@
 import type { EpochCacheInterface } from '@aztec/epoch-cache';
 import { BlockNumber, type SlotNumber } from '@aztec/foundation/branded-types';
+import { maxBy } from '@aztec/foundation/collection';
 import { Fr } from '@aztec/foundation/curves/bn254';
 import { type Logger, createLibp2pComponentLogger, createLogger } from '@aztec/foundation/log';
 import { RunningPromise } from '@aztec/foundation/running-promise';
@@ -16,13 +17,13 @@ import {
   CheckpointProposal,
   type CheckpointProposalCore,
   type Gossipable,
-  P2PClientType,
   P2PMessage,
   type ValidationResult as P2PValidationResult,
   PeerErrorSeverity,
+  PeerErrorSeverityByHarshness,
   TopicType,
   createTopicString,
-  getTopicsForClientAndConfig,
+  getTopicsForConfig,
   metricsTopicStrToLabels,
 } from '@aztec/stdlib/p2p';
 import { MerkleTreeId } from '@aztec/stdlib/trees';
@@ -69,9 +70,11 @@ import {
 } from '../../msg_validators/index.js';
 import { MessageSeenValidator } from '../../msg_validators/msg_seen_validator/msg_seen_validator.js';
 import {
-  type MessageValidator,
-  createTxMessageValidators,
-  createTxReqRespValidator,
+  type TransactionValidator,
+  createFirstStageTxValidationsForGossipedTransactions,
+  createSecondStageTxValidationsForGossipedTransactions,
+  createTxValidatorForBlockProposalReceivedTxs,
+  createTxValidatorForReqResponseReceivedTxs,
 } from '../../msg_validators/tx_validator/factory.js';
 import { GossipSubEvent } from '../../types/index.js';
 import { type PubSubLibp2p, convertToMultiaddr } from '../../util.js';
@@ -87,6 +90,9 @@ import { PeerScoring } from '../peer-manager/peer_scoring.js';
 import type { BatchTxRequesterLibP2PService } from '../reqresp/batch-tx-requester/interface.js';
 import type { P2PReqRespConfig } from '../reqresp/config.js';
 import {
+  AuthRequest,
+  BlockTxsRequest,
+  BlockTxsResponse,
   DEFAULT_SUB_PROTOCOL_VALIDATORS,
   type ReqRespInterface,
   type ReqRespResponse,
@@ -94,14 +100,9 @@ import {
   type ReqRespSubProtocolHandler,
   type ReqRespSubProtocolHandlers,
   type ReqRespSubProtocolValidators,
+  StatusMessage,
   type SubProtocolMap,
   ValidationError,
-} from '../reqresp/index.js';
-import {
-  AuthRequest,
-  BlockTxsRequest,
-  BlockTxsResponse,
-  StatusMessage,
   pingHandler,
   reqGoodbyeHandler,
   reqRespBlockHandler,
@@ -135,7 +136,7 @@ type ReceivedMessageValidationResult<T, M = undefined> =
 /**
  * Lib P2P implementation of the P2PService interface.
  */
-export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends WithTracer implements P2PService {
+export class LibP2PService extends WithTracer implements P2PService {
   private discoveryRunningPromise?: RunningPromise;
   private msgIdSeenValidators: Record<TopicType, MessageSeenValidator> = {} as Record<TopicType, MessageSeenValidator>;
 
@@ -182,7 +183,6 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
   protected logger: Logger;
 
   constructor(
-    private clientType: T,
     private config: P2PConfig,
     protected node: PubSubLibp2p,
     private peerDiscoveryService: PeerDiscoveryService,
@@ -224,10 +224,12 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
       this.protocolVersion,
     );
 
-    this.blockProposalValidator = new BlockProposalValidator(epochCache, { txsPermitted: !config.disableTransactions });
-    this.checkpointProposalValidator = new CheckpointProposalValidator(epochCache, {
+    const proposalValidatorOpts = {
       txsPermitted: !config.disableTransactions,
-    });
+      maxTxsPerBlock: config.validateMaxTxsPerBlock ?? config.validateMaxTxsPerCheckpoint,
+    };
+    this.blockProposalValidator = new BlockProposalValidator(epochCache, proposalValidatorOpts);
+    this.checkpointProposalValidator = new CheckpointProposalValidator(epochCache, proposalValidatorOpts);
     this.checkpointAttestationValidator = config.fishermanMode
       ? new FishermanAttestationValidator(epochCache, mempools.attestationPool, telemetry)
       : new CheckpointAttestationValidator(epochCache);
@@ -235,11 +237,11 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
     this.gossipSubEventHandler = this.handleGossipSubEvent.bind(this);
 
     this.blockReceivedCallback = async (block: BlockProposal): Promise<boolean> => {
-      this.logger.debug(
-        `Handler not yet registered: Block received callback not set. Received block for slot ${block.slotNumber} from peer.`,
+      this.logger.warn(
+        `Handler for block received not yet registered on P2P service. Received block ${block.blockNumber} for slot ${block.slotNumber} from peer.`,
         { p2pMessageIdentifier: await block.p2pMessageLoggingIdentifier() },
       );
-      return false;
+      return true;
     };
 
     this.checkpointReceivedCallback = (
@@ -262,8 +264,7 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
    * @param txPool - The transaction pool to be accessed by the service.
    * @returns The new service.
    */
-  public static async new<T extends P2PClientType>(
-    clientType: T,
+  public static async new(
     config: P2PConfig,
     peerId: PeerId,
     deps: {
@@ -475,7 +476,6 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
       peerManager.shouldDisableP2PGossip(peerId) ? -Infinity : peerManager.getPeerScore(peerId);
 
     return new LibP2PService(
-      clientType,
       config,
       node,
       peerDiscoveryService,
@@ -549,7 +549,7 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
     await this.node.start();
 
     // Subscribe to standard GossipSub topics by default
-    for (const topic of getTopicsForClientAndConfig(this.clientType, this.config.disableTransactions)) {
+    for (const topic of getTopicsForConfig(this.config.disableTransactions)) {
       this.subscribeToTopic(this.topicStrings[topic]);
     }
 
@@ -818,9 +818,7 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
       if (msg.topic === this.topicStrings[TopicType.tx]) {
         await this.handleGossipedTx(p2pMessage.payload, msgId, source);
       } else if (msg.topic === this.topicStrings[TopicType.checkpoint_attestation]) {
-        if (this.clientType === P2PClientType.Full) {
-          await this.processCheckpointAttestationFromPeer(p2pMessage.payload, msgId, source);
-        }
+        await this.processCheckpointAttestationFromPeer(p2pMessage.payload, msgId, source);
       } else if (msg.topic === this.topicStrings[TopicType.block_proposal]) {
         await this.processBlockFromPeer(p2pMessage.payload, msgId, source);
       } else if (msg.topic === this.topicStrings[TopicType.checkpoint_proposal]) {
@@ -906,15 +904,45 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
   protected async handleGossipedTx(payloadData: Buffer, msgId: string, source: PeerId) {
     const validationFunc: () => Promise<ReceivedMessageValidationResult<Tx>> = async () => {
       const tx = Tx.fromBuffer(payloadData);
-      const isValid = await this.validatePropagatedTx(tx, source);
-      if (!isValid) {
-        this.logger.trace(`Rejecting invalid propagated tx`, {
-          [Attributes.P2P_ID]: source.toString(),
-        });
+
+      const currentBlockNumber = await this.archiver.getBlockNumber();
+      const { ts: nextSlotTimestamp } = this.epochCache.getEpochAndSlotInNextL1Slot();
+
+      // Stage 1: fast validators (metadata, data, timestamps, double-spend, gas, phases, block header)
+      const firstStageValidators = await this.createFirstStageMessageValidators(currentBlockNumber, nextSlotTimestamp);
+      const firstStageOutcome = await this.runValidations(tx, firstStageValidators);
+      if (!firstStageOutcome.allPassed) {
+        const { name } = firstStageOutcome.failure;
+        let { severity } = firstStageOutcome.failure;
+
+        // Double spend validator has a special case handler. We perform more detailed examination
+        // as to how recently the nullifier was entered into the tree and if the transaction should
+        // have 'known' the nullifier existed. This determines the severity of the penalty applied to the peer.
+        if (name === 'doubleSpendValidator') {
+          const txBlockNumber = BlockNumber(currentBlockNumber + 1);
+          severity = await this.handleDoubleSpendFailure(tx, txBlockNumber);
+        }
+
+        this.peerManager.penalizePeer(source, severity);
+        return { result: TopicValidatorResult.Reject };
+      }
+
+      // Pool pre-check: see if the pool would accept this tx before doing expensive proof verification
+      const canAdd = await this.mempools.txPool.canAddPendingTx(tx);
+      if (canAdd === 'ignored') {
+        return { result: TopicValidatorResult.Ignore, obj: tx };
+      }
+
+      // Stage 2: expensive proof verification
+      const secondStageValidators = this.createSecondStageMessageValidators();
+      const secondStageOutcome = await this.runValidations(tx, secondStageValidators);
+      if (!secondStageOutcome.allPassed) {
+        const { severity } = secondStageOutcome.failure;
+        this.peerManager.penalizePeer(source, severity);
         return { result: TopicValidatorResult.Reject };
       }
 
-      // Propagate only on pool acceptance
+      // Pool add: persist the tx
       const txHash = tx.getTxHash();
       const addResult = await this.mempools.txPool.addPendingTxs([tx], { source: 'gossip' });
 
@@ -922,7 +950,6 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
       const wasIgnored = addResult.ignored.some(h => h.equals(txHash));
 
       this.logger.trace(`Validate propagated tx`, {
-        isValid,
         wasAccepted,
         wasIgnored,
         [Attributes.P2P_ID]: source.toString(),
@@ -933,6 +960,11 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
       } else if (wasIgnored) {
         return { result: TopicValidatorResult.Ignore, obj: tx };
       } else {
+        this.logger.warn(`Gossiped tx ${txHash.toString()} unexpectedly rejected by pool`, {
+          source: source.toString(),
+          txHash: txHash.toString(),
+        });
+        this.peerManager.penalizePeer(source, PeerErrorSeverity.HighToleranceError);
         return { result: TopicValidatorResult.Reject };
       }
     };
@@ -1165,7 +1197,7 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
     // Note: Validators do NOT attest to individual blocks, only to checkpoint proposals.
     const isValid = await this.blockReceivedCallback(block, sender);
     if (!isValid) {
-      this.logger.warn(`Block proposal validation failed for block ${block.blockNumber}`, block.toBlockInfo());
+      this.logger.info(`Block proposal validation failed for block ${block.blockNumber}`, block.toBlockInfo());
     }
   }
 
@@ -1537,43 +1569,12 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
   }
 
   protected createRequestedTxValidator(): TxValidator {
-    return createTxReqRespValidator(this.proofVerifier, {
+    return createTxValidatorForReqResponseReceivedTxs(this.proofVerifier, {
       l1ChainId: this.config.l1ChainId,
       rollupVersion: this.config.rollupVersion,
     });
   }
 
-  @trackSpan('Libp2pService.validatePropagatedTx', tx => ({
-    [Attributes.TX_HASH]: tx.getTxHash().toString(),
-  }))
-  protected async validatePropagatedTx(tx: Tx, peerId: PeerId): Promise<boolean> {
-    const currentBlockNumber = await this.archiver.getBlockNumber();
-
-    // We accept transactions if they are not expired by the next slot (checked based on the ExpirationTimestamp field)
-    const { ts: nextSlotTimestamp } = this.epochCache.getEpochAndSlotInNextL1Slot();
-    const messageValidators = await this.createMessageValidators(currentBlockNumber, nextSlotTimestamp);
-
-    for (const validator of messageValidators) {
-      const outcome = await this.runValidations(tx, validator);
-
-      if (outcome.allPassed) {
-        continue;
-      }
-      const { name } = outcome.failure;
-      let { severity } = outcome.failure;
-
-      // Double spend validator has a special case handler
-      if (name === 'doubleSpendValidator') {
-        const txBlockNumber = BlockNumber(currentBlockNumber + 1); // tx is expected to be in the next block
-        severity = await this.handleDoubleSpendFailure(tx, txBlockNumber);
-      }
-
-      this.peerManager.penalizePeer(peerId, severity);
-      return false;
-    }
-    return true;
-  }
-
   private async getGasFees(blockNumber: BlockNumber): Promise<GasFees> {
     if (blockNumber === this.feesCache?.blockNumber) {
       return this.feesCache.gasFees;
@@ -1601,60 +1602,62 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
     };
   }
 
-  public async validate(txs: Tx[]): Promise<void> {
-    const currentBlockNumber = await this.archiver.getBlockNumber();
-
-    // We accept transactions if they are not expired by the next slot (checked based on the ExpirationTimestamp field)
-    const { ts: nextSlotTimestamp } = this.epochCache.getEpochAndSlotInNextL1Slot();
-    const messageValidators = await this.createMessageValidators(currentBlockNumber, nextSlotTimestamp);
+  public async validateTxsReceivedInBlockProposal(txs: Tx[]): Promise<void> {
+    const validator = createTxValidatorForBlockProposalReceivedTxs(
+      this.proofVerifier,
+      { l1ChainId: this.config.l1ChainId, rollupVersion: this.config.rollupVersion },
+      this.logger.getBindings(),
+    );
 
-    await Promise.all(
+    const results = await Promise.all(
       txs.map(async tx => {
-        for (const validator of messageValidators) {
-          const outcome = await this.runValidations(tx, validator);
-          if (!outcome.allPassed) {
-            throw new Error('Invalid tx detected', { cause: { outcome } });
-          }
-        }
+        const result = await validator.validateTx(tx);
+        return result.result !== 'invalid';
       }),
     );
+    if (results.some(value => value === false)) {
+      throw new Error('Invalid tx detected');
+    }
   }
 
-  /**
-   * Create message validators for the given block number and timestamp.
-   *
-   * Each validator is a pair of a validator and a severity.
-   * If a validator fails, the peer is penalized with the severity of the validator.
-   *
-   * @param currentBlockNumber - The current synced block number.
-   * @param nextSlotTimestamp - The timestamp of the next slot (used to validate txs are not expired).
-   * @returns The message validators.
-   */
-  private async createMessageValidators(
+  /** Creates the first stage (fast) validators for gossiped transactions. */
+  protected async createFirstStageMessageValidators(
     currentBlockNumber: BlockNumber,
     nextSlotTimestamp: UInt64,
-  ): Promise<Record<string, MessageValidator>[]> {
+  ): Promise<Record<string, TransactionValidator>> {
     const gasFees = await this.getGasFees(currentBlockNumber);
-    const allowedInSetup = this.config.txPublicSetupAllowList ?? (await getDefaultAllowedSetupFunctions());
-
-    const blockNumberInWhichTheTxIsConsideredToBeIncluded = BlockNumber(currentBlockNumber + 1);
-
-    return createTxMessageValidators(
+    const allowedInSetup = [
+      ...(await getDefaultAllowedSetupFunctions()),
+      ...(this.config.txPublicSetupAllowListExtend ?? []),
+    ];
+    const blockNumber = BlockNumber(currentBlockNumber + 1);
+    const l1Constants = await this.archiver.getL1Constants();
+
+    return createFirstStageTxValidationsForGossipedTransactions(
       nextSlotTimestamp,
-      blockNumberInWhichTheTxIsConsideredToBeIncluded,
+      blockNumber,
       this.worldStateSynchronizer,
       gasFees,
       this.config.l1ChainId,
       this.config.rollupVersion,
       protocolContractsHash,
       this.archiver,
-      this.proofVerifier,
       !this.config.disableTransactions,
       allowedInSetup,
       this.logger.getBindings(),
+      {
+        rollupManaLimit: l1Constants.rollupManaLimit,
+        maxBlockL2Gas: this.config.validateMaxL2BlockGas,
+        maxBlockDAGas: this.config.validateMaxDABlockGas,
+      },
     );
   }
 
+  /** Creates the second stage (expensive proof verification) validators for gossiped transactions. */
+  protected createSecondStageMessageValidators(): Record<string, TransactionValidator> {
+    return createSecondStageTxValidationsForGossipedTransactions(this.proofVerifier, this.logger.getBindings());
+  }
+
   /**
    * Run validations on a tx.
    * @param tx - The tx to validate.
@@ -1663,7 +1666,7 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
    */
   private async runValidations(
     tx: Tx,
-    messageValidators: Record<string, MessageValidator>,
+    messageValidators: Record<string, TransactionValidator>,
   ): Promise<ValidationOutcome> {
     const validationPromises = Object.entries(messageValidators).map(async ([name, { validator, severity }]) => {
       const { result } = await validator.validateTx(tx);
@@ -1672,8 +1675,10 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
 
     // A promise that resolves when all validations have been run
     const allValidations = await Promise.all(validationPromises);
-    const failed = allValidations.find(x => !x.isValid);
-    if (failed) {
+    const failures = allValidations.filter(x => !x.isValid);
+    if (failures.length > 0) {
+      // Pick the most severe failure (lowest tolerance = harshest penalty)
+      const failed = maxBy(failures, f => PeerErrorSeverityByHarshness.indexOf(f.severity))!;
       return {
         allPassed: false,
         failure: {

package/src/services/reqresp/README.md

@@ -0,0 +1,229 @@
+# ReqResp Protocols
+
+This module implements libp2p request-response protocols for the Aztec P2P network. All protocols share common transport-level validation (rate limiting, timeouts, Snappy decompression, error penalties) with protocol-specific logic layered on top.
+
+## Common Transport Validation
+
+### Rate Limiting (Responder Side)
+
+Applied before the protocol handler runs.
+
+| Protocol | Peer Limit | Global Limit | File |
+|----------|-----------|-------------|------|
+| PING | 5/s | 10/s | `rate-limiter/rate_limits.ts` |
+| STATUS | 5/s | 10/s | same |
+| AUTH | 5/s | 10/s | same |
+| GOODBYE | 5/s | 10/s | same |
+| BLOCK | 2/s | 5/s | same |
+| BLOCK_TXS | 10/s | 200/s | same |
+| TX | (see rate limits file) | (see rate limits file) | same |
+
+- Per-peer limit exceeded: `HighToleranceError` penalty + `RATE_LIMIT_EXCEEDED` status. Penalty fires inside `RequestResponseRateLimiter.allow()`, not the stream handler.
+- Global limit exceeded: `RATE_LIMIT_EXCEEDED` status only (no peer penalty).
+
+### Response Status Byte (Requester Side)
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| First chunk must be exactly 1 byte | `ReqRespStatusError(UNKNOWN)` | `status.ts` |
+| Byte must be valid `ReqRespStatus` enum (0-4, 126, 127) | `ReqRespStatusError(UNKNOWN)` | same |
+
+Note: `prettyPrintReqRespStatus` is missing a `NOT_FOUND` case (minor logging bug).
+
+### Snappy Decompression (Requester Side)
+
+Per-protocol size limits checked via preamble before decompression.
+
+### Timeouts (Requester Side)
+
+| Timeout | Default | Penalty |
+|---------|---------|---------|
+| Individual request | 10s | HighToleranceError |
+| Dial | 5s | HighToleranceError |
+
+### Error Penalty Categorization (Requester Side)
+
+| Error Type | Severity |
+|------------|----------|
+| GOODBYE subprotocol errors | None |
+| `CollectiveReqRespTimeoutError` / `InvalidResponseError` | None |
+| `AbortError` / connection close / muxer closed | None |
+| `ECONNRESET` / `EPIPE` / `ECONNREFUSED` / `ERR_UNEXPECTED_EOF` | HighToleranceError |
+| `ERR_UNSUPPORTED_PROTOCOL` | HighToleranceError |
+| `IndividualReqRespTimeoutError` / `TimeoutError` | HighToleranceError |
+| Catch-all | HighToleranceError |
+
+### Request Error Penalty (Responder Side)
+
+| Error Type | Severity |
+|------------|----------|
+| `BADLY_FORMED_REQUEST` | LowToleranceError |
+| All others | None |
+
+### Notes
+
+- Request payloads are NOT snappy-compressed (asymmetric: only responses use snappy).
+
+---
+
+## Handshake Protocols
+
+### Connection-Level Gating (Before Any Handshake)
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Deny inbound connection from IP/peerId with too many failed auth handshakes | Connection denied | `libp2p_service.ts` |
+| Threshold: `p2pMaxFailedAuthAttemptsAllowed` (default 3) | Tracked per peerId AND per IP | `peer_manager.ts` |
+| Failed auth entries expire after 1 hour | Peer can reconnect; no escalating penalty for repeat offenders | same |
+
+### Handshake Trigger Logic (`peer:connect`)
+
+1. `p2pDisableStatusHandshake` = true: no handshake
+2. `p2pAllowOnlyValidators` = false: STATUS handshake
+3. Peer is protected (trusted/private/preferred): STATUS handshake
+4. Otherwise: AUTH handshake (superset of STATUS)
+
+Config constraint: `p2pDisableStatusHandshake && p2pAllowOnlyValidators` is disallowed.
+
+### STATUS Protocol (`/aztec/req/status/1.0.0`)
+
+**Requester side** (`peer_manager.ts`):
+
+| Rule | Consequence |
+|------|-------------|
+| Response status must be SUCCESS | Peer scheduled for disconnect |
+| `compressedComponentsVersion` must match | Peer scheduled for disconnect |
+| Any exception | Peer scheduled for disconnect |
+
+`StatusMessage.validate()` currently only checks `compressedComponentsVersion`. Fields `latestBlockNumber`, `latestBlockHash`, `finalizedBlockNumber` are NOT validated (TODO in code).
+
+**Responder side**: no validation of incoming request content (always responds with own status). This means the requester leaks its blockchain state to any peer before validation.
+
+**Deserialization bounds**: `MAX_VERSION_STRING_LENGTH` = 64 bytes, `MAX_BLOCK_HASH_STRING_LENGTH` = 128 bytes. Expected response size: 1 KB.
+
+### AUTH Protocol (`/aztec/req/auth/1.0.0`)
+
+**Requester side** (`peer_manager.ts`):
+
+| # | Rule | Consequence |
+|---|------|-------------|
+| 1 | Response status is SUCCESS | `markAuthHandshakeFailed` + disconnect |
+| 2 | `compressedComponentsVersion` match | `markAuthHandshakeFailed` + disconnect |
+| 3 | Valid ECDSA signature recovery from challenge response | `markAuthHandshakeFailed` + disconnect |
+| 4 | Recovered address is a registered validator | `markAuthHandshakeFailed` + disconnect |
+| 5 | Validator address not already authenticated to different peerId | Silent return (no disconnect, no failure marking -- peer stays connected but unauthenticated) |
+| 6 | Any exception | `markAuthHandshakeFailed` + disconnect |
+
+Challenge: random `Fr`, payload = `keccak256("Aztec Validator Challenge:" + challenge)`, signed with `eth_sign` style. Challenge is NOT bound to peer identity (transport encryption via Noise is the binding layer).
+
+On success: peer added to authenticated maps, prior failures cleared (including IP-based ones -- shared-IP peers benefit from a legitimate validator's success).
+
+**Responder side** (`validator-client/src/validator.ts` + `peer_manager.ts`):
+
+| # | Rule | Consequence |
+|---|------|-------------|
+| 1 | Peer must be protected (`shouldTrustWithIdentity` in `peer_manager.ts`) | Returns empty buffer (SUCCESS status + empty payload -> requester gets parse error -> `markAuthHandshakeFailed`) |
+| 2 | Node must have registered validator address | Returns empty buffer (same consequence) |
+
+**Unauthenticated peer gossip**: when `p2pAllowOnlyValidators` is true, unauthenticated peers get `appSpecificScore = -Infinity`, completely excluding them from all gossip.
+
+### PING Protocol (`/aztec/req/ping/1.0.0`)
+
+No validation on either side. Responder returns `Buffer.from('pong')`. Expected response: 1 KB.
+
+### GOODBYE Protocol (`/aztec/req/goodbye/1.0.0`)
+
+**Responder**: buffer must be 1 byte (defaults to `UNKNOWN` on invalid length). Goodbye reason byte is NOT validated against the enum -- any byte 0-255 accepted. Peer scheduled for disconnect regardless of reason.
+
+**Requester**: response errors are never penalized (GOODBYE subprotocol exempt from error categorization).
+
+### Periodic Re-validation
+
+| Rule | Interval | File |
+|------|----------|------|
+| Authenticated validators re-checked against current validator set | Every heartbeat (`peerCheckIntervalMS`) | `peer_manager.ts` |
+| If validator address no longer registered, auth entry removed | Same | same |
+
+Protected peers (private/trusted/preferred) are always considered "authenticated" without AUTH handshake.
+
+---
+
+## Block Data Protocols
+
+### BLOCK Protocol (`/aztec/req/block/1.0.0`)
+
+**Server side**:
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Request must parse as `Fr` | `BADLY_FORMED_REQUEST` + LowToleranceError | `protocols/block.ts` |
+| Block lookup throws | `INTERNAL_ERROR` status | same |
+| Block not found | SUCCESS + empty buffer (design choice; no `NOT_FOUND` status used) | same |
+
+**Requester side** (Snappy limit: 3 MB):
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Response block number must match requested | LowToleranceError; rejected | `libp2p_service.ts` (`validateRequestedBlock`) |
+| Local block must exist for hash verification | Rejected (no penalty) | same |
+| Response block hash must equal local block hash | MidToleranceError; rejected | same |
+
+**Limitation**: the local-block requirement means BLOCK req/resp is unusable for initial P2P-only sync (before L1 sync provides local copies for verification). A TODO in the code acknowledges this.
+
+### BLOCK_TXS Protocol (`/aztec/req/block_txs/1.0.0`)
+
+**Server side**:
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Request must parse as `BlockTxsRequest` (Fr + TxHashArray + BitVector) | `BADLY_FORMED_REQUEST` + LowToleranceError | `protocols/block_txs/block_txs_handler.ts` |
+| BitVector length: non-negative and <= `MAX_TXS_PER_BLOCK` (65536) | Deserialization throws -> `BADLY_FORMED_REQUEST` | `protocols/block_txs/bitvector.ts` |
+| Archive root not found and no explicit txHashes | `NOT_FOUND` status | handler |
+| Internal error during lookup | Unhandled exception -> stream abort (no `INTERNAL_ERROR` status, unlike BLOCK) | handler |
+
+Conditional registration: BLOCK_TXS handler only registered when `config.disableTransactions` is false. Otherwise peers get `ERR_UNSUPPORTED_PROTOCOL`.
+
+**Requester side via `sendBatchRequest`** (Snappy limit: `max(N, 1) * 512 + 1` KB):
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Archive root must match request | MidToleranceError | `libp2p_service.ts` (`validateRequestedBlockTxs`) |
+| BitVector length must match request | MidToleranceError | same |
+| No duplicate tx hashes | MidToleranceError | same |
+| Tx count within bounds | MidToleranceError | same |
+| Local block proposal must exist for archive root | Rejected (no penalty) | same |
+| All tx hashes must be in proposal's tx list at allowed indices | LowToleranceError | same |
+| Txs in strictly increasing index order | LowToleranceError | same |
+| Each tx passes well-formedness (Metadata [4 fields], Size, Data, Proof) | LowToleranceError | same |
+
+**Requester side via `BatchTxRequester`** (separate validation path):
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Non-SUCCESS status: `FAILURE`/`UNKNOWN` | HighToleranceError + "bad peer" tracking | `batch-tx-requester/batch_tx_requester.ts` |
+| `RATE_LIMIT_EXCEEDED` | Peer marked rate-limited (cooldown) | same |
+| `NOT_FOUND` / `BADLY_FORMED_REQUEST` / `INTERNAL_ERROR` | Falls through silently (no penalty) | same |
+| Each tx validated (Metadata + Size + Data + Proof) | LowToleranceError per invalid tx; valid txs from same response still accepted | same |
+| Archive root match + non-empty txIndices | No penalty on mismatch; peer not promoted to "smart" | same |
+
+**Double penalty on transport errors**: when `BatchTxRequester` encounters a transport error (e.g., ECONNRESET), both `sendRequestToPeer`'s internal handler and the `BatchTxRequester`'s catch block penalize the peer, resulting in double HighToleranceError.
+
+See [BatchTxRequester README](batch-tx-requester/README.md) for the full architecture (peer classification, worker model, wire protocol).
+
+### TX Protocol (`/aztec/req/tx/1.0.0`)
+
+**Server side**:
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Request must parse as `TxHashArray` | `BADLY_FORMED_REQUEST` + LowToleranceError | `protocols/tx.ts` |
+
+**Requester side** (validator registered at startup, not the default noop):
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Each returned tx hash must be in the requested set | MidToleranceError | `libp2p_service.ts` (`validateRequestedTxs`) |
+| Each tx passes well-formedness (Metadata + Size + Data + Proof) | LowToleranceError | same |
+
+Snappy limit: `max(N, 1) * 512 + 1` KB.
+

package/src/services/reqresp/batch-tx-requester/tx_validator.ts

@@ -1,7 +1,7 @@
 import type { ClientProtocolCircuitVerifier } from '@aztec/stdlib/interfaces/server';
 import { Tx, type TxValidationResult, type TxValidator } from '@aztec/stdlib/tx';
 
-import { createTxReqRespValidator } from '../../../msg_validators/tx_validator/factory.js';
+import { createTxValidatorForReqResponseReceivedTxs } from '../../../msg_validators/index.js';
 
 export interface BatchRequestTxValidatorConfig {
   l1ChainId: number;
@@ -29,7 +29,7 @@ export class BatchRequestTxValidator implements IBatchRequestTxValidator {
   }
 
   static createRequestedTxValidator(config: BatchRequestTxValidatorConfig): TxValidator {
-    return createTxReqRespValidator(config.proofVerifier, {
+    return createTxValidatorForReqResponseReceivedTxs(config.proofVerifier, {
       l1ChainId: config.l1ChainId,
       rollupVersion: config.rollupVersion,
     });