@aztec/p2p 0.54.0 → 0.55.1

package/src/service/reqresp/interface.ts

@@ -3,9 +3,9 @@ import { Tx, TxHash } from '@aztec/circuit-types';
 /*
  * Request Response Sub Protocols
  */
-export const PING_PROTOCOL = '/aztec/ping/0.1.0';
-export const STATUS_PROTOCOL = '/aztec/status/0.1.0';
-export const TX_REQ_PROTOCOL = '/aztec/tx_req/0.1.0';
+export const PING_PROTOCOL = '/aztec/req/ping/0.1.0';
+export const STATUS_PROTOCOL = '/aztec/req/status/0.1.0';
+export const TX_REQ_PROTOCOL = '/aztec/req/tx/0.1.0';
 
 // Sum type for sub protocols
 export type ReqRespSubProtocol = typeof PING_PROTOCOL | typeof STATUS_PROTOCOL | typeof TX_REQ_PROTOCOL;
@@ -16,6 +16,36 @@ export type ReqRespSubProtocol = typeof PING_PROTOCOL | typeof STATUS_PROTOCOL |
  */
 export type ReqRespSubProtocolHandler = (msg: Buffer) => Promise<Uint8Array>;
 
+/**
+ * A type mapping from supprotocol to it's rate limits
+ */
+export type ReqRespSubProtocolRateLimits = Record<ReqRespSubProtocol, ProtocolRateLimitQuota>;
+
+/**
+ * A rate limit quota
+ */
+export interface RateLimitQuota {
+  /**
+   * The time window in ms
+   */
+  quotaTimeMs: number;
+  /**
+   * The number of requests allowed within the time window
+   */
+  quotaCount: number;
+}
+
+export interface ProtocolRateLimitQuota {
+  /**
+   * The rate limit quota for a single peer
+   */
+  peerLimit: RateLimitQuota;
+  /**
+   * The rate limit quota for the global peer set
+   */
+  globalLimit: RateLimitQuota;
+}
+
 /**
  * A type mapping from supprotocol to it's handling funciton
  */

package/src/service/reqresp/rate_limiter/index.ts

@@ -0,0 +1 @@
+export { RequestResponseRateLimiter } from './rate_limiter.js';

package/src/service/reqresp/rate_limiter/rate_limiter.ts

@@ -0,0 +1,198 @@
+/**
+ * @attribution Rate limiter approach implemented in the lodestar ethereum 2 client.
+ * Rationale is that if it was good enough for them, then it should be good enough for us.
+ * https://github.com/ChainSafe/lodestar
+ */
+import { type PeerId } from '@libp2p/interface';
+
+import { type ReqRespSubProtocol, type ReqRespSubProtocolRateLimits } from '../interface.js';
+import { DEFAULT_RATE_LIMITS } from './rate_limits.js';
+
+// Check for disconnected peers every 10 minutes
+const CHECK_DISCONNECTED_PEERS_INTERVAL_MS = 10 * 60 * 1000;
+
+/**
+ * GCRARateLimiter: A Generic Cell Rate Algorithm (GCRA) based rate limiter.
+ *
+ * How it works:
+ * 1. The rate limiter allows a certain number of operations (quotaCount) within a specified
+ *    time interval (quotaTimeMs).
+ * 2. It uses a "virtual scheduling time" (VST) to determine when the next operation should be allowed.
+ * 3. When an operation is requested, the limiter checks if enough time has passed since the last
+ *    allowed operation.
+ * 4. If sufficient time has passed, the operation is allowed, and the VST is updated.
+ * 5. If not enough time has passed, the operation is denied.
+ *
+ * The limiter also allows for short bursts of activity, as long as the overall rate doesn't exceed
+ * the specified quota over time.
+ *
+ * Usage example:
+ * ```
+ * const limiter = new GCRARateLimiter(100, 60000); // 100 operations per minute
+ * ```
+ */
+export class GCRARateLimiter {
+  // Virtual scheduling time: i.e. the time at which we should allow the next request
+  private vst: number;
+  // The interval at which we emit a new token
+  private readonly emissionInterval: number;
+  // The interval over which we limit the number of requests
+  private readonly limitInterval: number;
+
+  /**
+   * @param quotaCount - The number of requests to allow over the limit interval
+   * @param quotaTimeMs - The time interval over which the quotaCount applies
+   */
+  constructor(quotaCount: number, quotaTimeMs: number) {
+    this.emissionInterval = quotaTimeMs / quotaCount;
+    this.limitInterval = quotaTimeMs;
+    this.vst = Date.now();
+  }
+
+  allow(): boolean {
+    const now = Date.now();
+
+    const newVst = Math.max(this.vst, now) + this.emissionInterval;
+    if (newVst - now <= this.limitInterval) {
+      this.vst = newVst;
+      return true;
+    }
+
+    return false;
+  }
+}
+
+interface PeerRateLimiter {
+  // The rate limiter for this peer
+  limiter: GCRARateLimiter;
+  // The last time the peer was accessed - used to determine if the peer is still connected
+  lastAccess: number;
+}
+
+/**
+ * SubProtocolRateLimiter: A rate limiter for managing request rates on a per-peer and global basis for a specific subprotocol.
+ *
+ * This class provides a two-tier rate limiting system:
+ * 1. A global rate limit for all requests across all peers for this subprotocol.
+ * 2. Individual rate limits for each peer.
+ *
+ * How it works:
+ * - When a request comes in, it first checks against the global rate limit.
+ * - If the global limit allows, it then checks against the specific peer's rate limit.
+ * - The request is only allowed if both the global and peer-specific limits allow it.
+ * - It automatically creates and manages rate limiters for new peers as they make requests.
+ * - It periodically cleans up rate limiters for inactive peers to conserve memory.
+ *
+ * Note: Remember to call `start()` to begin the cleanup process and `stop()` when shutting down to clear the cleanup interval.
+ */
+export class SubProtocolRateLimiter {
+  private peerLimiters: Map<string, PeerRateLimiter> = new Map();
+  private globalLimiter: GCRARateLimiter;
+  private readonly peerQuotaCount: number;
+  private readonly peerQuotaTimeMs: number;
+
+  constructor(peerQuotaCount: number, peerQuotaTimeMs: number, globalQuotaCount: number, globalQuotaTimeMs: number) {
+    this.peerLimiters = new Map();
+    this.globalLimiter = new GCRARateLimiter(globalQuotaCount, globalQuotaTimeMs);
+    this.peerQuotaCount = peerQuotaCount;
+    this.peerQuotaTimeMs = peerQuotaTimeMs;
+  }
+
+  allow(peerId: PeerId): boolean {
+    if (!this.globalLimiter.allow()) {
+      return false;
+    }
+
+    const peerIdStr = peerId.toString();
+    let peerLimiter: PeerRateLimiter | undefined = this.peerLimiters.get(peerIdStr);
+    if (!peerLimiter) {
+      // Create a limiter for this peer
+      peerLimiter = {
+        limiter: new GCRARateLimiter(this.peerQuotaCount, this.peerQuotaTimeMs),
+        lastAccess: Date.now(),
+      };
+      this.peerLimiters.set(peerIdStr, peerLimiter);
+    } else {
+      peerLimiter.lastAccess = Date.now();
+    }
+    return peerLimiter.limiter.allow();
+  }
+
+  cleanupInactivePeers() {
+    const now = Date.now();
+    this.peerLimiters.forEach((peerLimiter, peerId) => {
+      if (now - peerLimiter.lastAccess > CHECK_DISCONNECTED_PEERS_INTERVAL_MS) {
+        this.peerLimiters.delete(peerId);
+      }
+    });
+  }
+}
+
+/**
+ * RequestResponseRateLimiter.
+ *
+ * A rate limiter that is protocol aware, then peer aware.
+ * SubProtocols can have their own global / peer level rate limits.
+ *
+ * How it works:
+ * - Initializes with a set of rate limit configurations for different subprotocols.
+ * - Creates a separate SubProtocolRateLimiter for each configured subprotocol.
+ * - When a request comes in, it routes the rate limiting decision to the appropriate subprotocol limiter.
+ *
+ * Usage:
+ * ```
+ * const rateLimits = {
+ *   subprotocol1: { peerLimit: { quotaCount: 10, quotaTimeMs: 1000 }, globalLimit: { quotaCount: 100, quotaTimeMs: 1000 } },
+ *   subprotocol2: { peerLimit: { quotaCount: 5, quotaTimeMs: 1000 }, globalLimit: { quotaCount: 50, quotaTimeMs: 1000 } }
+ * };
+ * const limiter = new RequestResponseRateLimiter(rateLimits);
+ *
+ * Note: Ensure to call `stop()` when shutting down to properly clean up all subprotocol limiters.
+ */
+export class RequestResponseRateLimiter {
+  private subProtocolRateLimiters: Map<ReqRespSubProtocol, SubProtocolRateLimiter>;
+
+  private cleanupInterval: NodeJS.Timeout | undefined = undefined;
+
+  constructor(rateLimits: ReqRespSubProtocolRateLimits = DEFAULT_RATE_LIMITS) {
+    this.subProtocolRateLimiters = new Map();
+
+    for (const [subProtocol, protocolLimits] of Object.entries(rateLimits)) {
+      this.subProtocolRateLimiters.set(
+        subProtocol as ReqRespSubProtocol,
+        new SubProtocolRateLimiter(
+          protocolLimits.peerLimit.quotaCount,
+          protocolLimits.peerLimit.quotaTimeMs,
+          protocolLimits.globalLimit.quotaCount,
+          protocolLimits.globalLimit.quotaTimeMs,
+        ),
+      );
+    }
+  }
+
+  start() {
+    this.cleanupInterval = setInterval(() => {
+      this.cleanupInactivePeers();
+    }, CHECK_DISCONNECTED_PEERS_INTERVAL_MS);
+  }
+
+  allow(subProtocol: ReqRespSubProtocol, peerId: PeerId): boolean {
+    const limiter = this.subProtocolRateLimiters.get(subProtocol);
+    if (!limiter) {
+      // TODO: maybe throw an error here if no rate limiter is configured?
+      return true;
+    }
+    return limiter.allow(peerId);
+  }
+
+  cleanupInactivePeers() {
+    this.subProtocolRateLimiters.forEach(limiter => limiter.cleanupInactivePeers());
+  }
+
+  /**
+   * Make sure to call destroy on each of the sub protocol rate limiters when cleaning up
+   */
+  stop() {
+    clearInterval(this.cleanupInterval);
+  }
+}

package/src/service/reqresp/rate_limiter/rate_limits.ts

@@ -0,0 +1,35 @@
+import { PING_PROTOCOL, type ReqRespSubProtocolRateLimits, STATUS_PROTOCOL, TX_REQ_PROTOCOL } from '../interface.js';
+
+// TODO(md): these defaults need to be tuned
+export const DEFAULT_RATE_LIMITS: ReqRespSubProtocolRateLimits = {
+  [PING_PROTOCOL]: {
+    peerLimit: {
+      quotaTimeMs: 1000,
+      quotaCount: 5,
+    },
+    globalLimit: {
+      quotaTimeMs: 1000,
+      quotaCount: 10,
+    },
+  },
+  [STATUS_PROTOCOL]: {
+    peerLimit: {
+      quotaTimeMs: 1000,
+      quotaCount: 5,
+    },
+    globalLimit: {
+      quotaTimeMs: 1000,
+      quotaCount: 10,
+    },
+  },
+  [TX_REQ_PROTOCOL]: {
+    peerLimit: {
+      quotaTimeMs: 1000,
+      quotaCount: 5,
+    },
+    globalLimit: {
+      quotaTimeMs: 1000,
+      quotaCount: 10,
+    },
+  },
+};

package/src/service/reqresp/reqresp.ts

@@ -1,16 +1,20 @@
 // @attribution: lodestar impl for inspiration
 import { type Logger, createDebugLogger } from '@aztec/foundation/log';
+import { executeTimeoutWithCustomError } from '@aztec/foundation/timer';
 
-import { type IncomingStreamData, type PeerId } from '@libp2p/interface';
+import { type IncomingStreamData, type PeerId, type Stream } from '@libp2p/interface';
 import { pipe } from 'it-pipe';
 import { type Libp2p } from 'libp2p';
 import { type Uint8ArrayList } from 'uint8arraylist';
 
+import { CollectiveReqRespTimeoutError, IndiviualReqRespTimeoutError } from '../../errors/reqresp.error.js';
+import { type P2PReqRespConfig } from './config.js';
 import {
   DEFAULT_SUB_PROTOCOL_HANDLERS,
   type ReqRespSubProtocol,
   type ReqRespSubProtocolHandlers,
 } from './interface.js';
+import { RequestResponseRateLimiter } from './rate_limiter/rate_limiter.js';
 
 /**
  * The Request Response Service
@@ -28,10 +32,19 @@ export class ReqResp {
 
   private abortController: AbortController = new AbortController();
 
+  private overallRequestTimeoutMs: number;
+  private individualRequestTimeoutMs: number;
+
   private subProtocolHandlers: ReqRespSubProtocolHandlers = DEFAULT_SUB_PROTOCOL_HANDLERS;
+  private rateLimiter: RequestResponseRateLimiter;
 
-  constructor(protected readonly libp2p: Libp2p) {
+  constructor(config: P2PReqRespConfig, protected readonly libp2p: Libp2p) {
     this.logger = createDebugLogger('aztec:p2p:reqresp');
+
+    this.overallRequestTimeoutMs = config.overallRequestTimeoutMs;
+    this.individualRequestTimeoutMs = config.individualRequestTimeoutMs;
+
+    this.rateLimiter = new RequestResponseRateLimiter();
   }
 
   /**
@@ -43,6 +56,7 @@ export class ReqResp {
     for (const subProtocol of Object.keys(this.subProtocolHandlers)) {
       await this.libp2p.handle(subProtocol, this.streamHandler.bind(this, subProtocol as ReqRespSubProtocol));
     }
+    this.rateLimiter.start();
   }
 
   /**
@@ -53,6 +67,7 @@ export class ReqResp {
     for (const protocol of Object.keys(this.subProtocolHandlers)) {
       await this.libp2p.unhandle(protocol);
     }
+    this.rateLimiter.stop();
     await this.libp2p.stop();
     this.abortController.abort();
   }
@@ -65,20 +80,33 @@ export class ReqResp {
    * @returns - The response from the peer, otherwise undefined
    */
   async sendRequest(subProtocol: ReqRespSubProtocol, payload: Buffer): Promise<Buffer | undefined> {
-    // Get active peers
-    const peers = this.libp2p.getPeers();
-
-    // Attempt to ask all of our peers
-    for (const peer of peers) {
-      const response = await this.sendRequestToPeer(peer, subProtocol, payload);
-
-      // If we get a response, return it, otherwise we iterate onto the next peer
-      // We do not consider it a success if we have an empty buffer
-      if (response && response.length > 0) {
-        return response;
+    const requestFunction = async () => {
+      // Get active peers
+      const peers = this.libp2p.getPeers();
+
+      // Attempt to ask all of our peers
+      for (const peer of peers) {
+        const response = await this.sendRequestToPeer(peer, subProtocol, payload);
+
+        // If we get a response, return it, otherwise we iterate onto the next peer
+        // We do not consider it a success if we have an empty buffer
+        if (response && response.length > 0) {
+          return response;
+        }
       }
+      return undefined;
+    };
+
+    try {
+      return await executeTimeoutWithCustomError<Buffer | undefined>(
+        requestFunction,
+        this.overallRequestTimeoutMs,
+        () => new CollectiveReqRespTimeoutError(),
+      );
+    } catch (e: any) {
+      this.logger.error(`${e.message} | subProtocol: ${subProtocol}`);
+      return undefined;
     }
-    return undefined;
   }
 
   /**
@@ -94,15 +122,37 @@ export class ReqResp {
     subProtocol: ReqRespSubProtocol,
     payload: Buffer,
   ): Promise<Buffer | undefined> {
+    let stream: Stream | undefined;
     try {
-      const stream = await this.libp2p.dialProtocol(peerId, subProtocol);
+      stream = await this.libp2p.dialProtocol(peerId, subProtocol);
+
+      this.logger.debug(`Stream opened with ${peerId.toString()} for ${subProtocol}`);
+
+      const result = await executeTimeoutWithCustomError<Buffer>(
+        (): Promise<Buffer> => pipe([payload], stream!, this.readMessage),
+        this.individualRequestTimeoutMs,
+        () => new IndiviualReqRespTimeoutError(),
+      );
+
+      await stream.close();
+      this.logger.debug(`Stream closed with ${peerId.toString()} for ${subProtocol}`);
 
-      const result = await pipe([payload], stream, this.readMessage);
       return result;
-    } catch (e) {
-      this.logger.warn(`Failed to send request to peer ${peerId.publicKey}`);
-      return undefined;
+    } catch (e: any) {
+      this.logger.error(`${e.message} | peerId: ${peerId.toString()} | subProtocol: ${subProtocol}`);
+    } finally {
+      if (stream) {
+        try {
+          await stream.close();
+          this.logger.debug(`Stream closed with ${peerId.toString()} for ${subProtocol}`);
+        } catch (closeError) {
+          this.logger.error(
+            `Error closing stream: ${closeError instanceof Error ? closeError.message : 'Unknown error'}`,
+          );
+        }
+      }
     }
+    return undefined;
   }
 
   /**
@@ -123,8 +173,16 @@ export class ReqResp {
    *
    * @param param0 - The incoming stream data
    */
-  private async streamHandler(protocol: ReqRespSubProtocol, { stream }: IncomingStreamData) {
+  private async streamHandler(protocol: ReqRespSubProtocol, { stream, connection }: IncomingStreamData) {
     // Store a reference to from this for the async generator
+    if (!this.rateLimiter.allow(protocol, connection.remotePeer)) {
+      this.logger.warn(`Rate limit exceeded for ${protocol} from ${connection.remotePeer}`);
+
+      // TODO(#8483): handle changing peer scoring for failed rate limit, maybe differentiate between global and peer limits here when punishing
+      await stream.close();
+      return;
+    }
+
     const handler = this.subProtocolHandlers[protocol];
 
     try {

package/src/service/service.ts

@@ -46,7 +46,7 @@ export interface P2PService {
   ): Promise<InstanceType<SubProtocolMap[Protocol]['response']> | undefined>;
 
   // Leaky abstraction: fix https://github.com/AztecProtocol/aztec-packages/issues/7963
-  registerBlockReceivedCallback(callback: (block: BlockProposal) => Promise<BlockAttestation>): void;
+  registerBlockReceivedCallback(callback: (block: BlockProposal) => Promise<BlockAttestation | undefined>): void;
 
   getEnr(): ENR | undefined;
 }

package/src/tx_validator/aggregate_tx_validator.ts

@@ -0,0 +1,24 @@
+import { type ProcessedTx, type Tx, type TxValidator } from '@aztec/circuit-types';
+
+export class AggregateTxValidator<T extends Tx | ProcessedTx> implements TxValidator<T> {
+  #validators: TxValidator<T>[];
+  constructor(...validators: TxValidator<T>[]) {
+    if (validators.length === 0) {
+      throw new Error('At least one validator must be provided');
+    }
+
+    this.#validators = validators;
+  }
+
+  async validateTxs(txs: T[]): Promise<[validTxs: T[], invalidTxs: T[]]> {
+    const invalidTxs: T[] = [];
+    let txPool = txs;
+    for (const validator of this.#validators) {
+      const [valid, invalid] = await validator.validateTxs(txPool);
+      invalidTxs.push(...invalid);
+      txPool = valid;
+    }
+
+    return [txPool, invalidTxs];
+  }
+}

package/src/tx_validator/data_validator.ts

@@ -0,0 +1,61 @@
+import { Tx, type TxValidator } from '@aztec/circuit-types';
+import { createDebugLogger } from '@aztec/foundation/log';
+
+export class DataTxValidator implements TxValidator<Tx> {
+  #log = createDebugLogger('aztec:sequencer:tx_validator:tx_data');
+
+  validateTxs(txs: Tx[]): Promise<[validTxs: Tx[], invalidTxs: Tx[]]> {
+    const validTxs: Tx[] = [];
+    const invalidTxs: Tx[] = [];
+    for (const tx of txs) {
+      if (!this.#hasCorrectExecutionRequests(tx)) {
+        invalidTxs.push(tx);
+        continue;
+      }
+
+      validTxs.push(tx);
+    }
+
+    return Promise.resolve([validTxs, invalidTxs]);
+  }
+
+  #hasCorrectExecutionRequests(tx: Tx): boolean {
+    const callRequests = [
+      ...tx.data.getRevertiblePublicCallRequests(),
+      ...tx.data.getNonRevertiblePublicCallRequests(),
+    ];
+    if (callRequests.length !== tx.enqueuedPublicFunctionCalls.length) {
+      this.#log.warn(
+        `Rejecting tx ${Tx.getHash(tx)} because of mismatch number of execution requests for public calls. Expected ${
+          callRequests.length
+        }. Got ${tx.enqueuedPublicFunctionCalls.length}.`,
+      );
+      return false;
+    }
+
+    const invalidExecutionRequestIndex = tx.enqueuedPublicFunctionCalls.findIndex(
+      (execRequest, i) => !execRequest.isForCallRequest(callRequests[i]),
+    );
+    if (invalidExecutionRequestIndex !== -1) {
+      this.#log.warn(
+        `Rejecting tx ${Tx.getHash(
+          tx,
+        )} because of incorrect execution requests for public call at index ${invalidExecutionRequestIndex}.`,
+      );
+      return false;
+    }
+
+    const teardownCallRequest = tx.data.getTeardownPublicCallRequest();
+    const isInvalidTeardownExecutionRequest =
+      (!teardownCallRequest && !tx.publicTeardownFunctionCall.isEmpty()) ||
+      (teardownCallRequest && !tx.publicTeardownFunctionCall.isForCallRequest(teardownCallRequest));
+    if (isInvalidTeardownExecutionRequest) {
+      this.#log.warn(`Rejecting tx ${Tx.getHash(tx)} because of incorrect teardown execution requests.`);
+      return false;
+    }
+
+    return true;
+  }
+
+  // TODO: Check logs.
+}

package/src/tx_validator/double_spend_validator.ts

@@ -0,0 +1,65 @@
+import { type AnyTx, Tx, type TxValidator } from '@aztec/circuit-types';
+import { Fr } from '@aztec/circuits.js';
+import { createDebugLogger } from '@aztec/foundation/log';
+
+export interface NullifierSource {
+  getNullifierIndex: (nullifier: Fr) => Promise<bigint | undefined>;
+}
+
+export class DoubleSpendTxValidator<T extends AnyTx> implements TxValidator<T> {
+  #log = createDebugLogger('aztec:sequencer:tx_validator:tx_double_spend');
+  #nullifierSource: NullifierSource;
+
+  constructor(nullifierSource: NullifierSource, private readonly isValidatingBlock: boolean = true) {
+    this.#nullifierSource = nullifierSource;
+  }
+
+  async validateTxs(txs: T[]): Promise<[validTxs: T[], invalidTxs: T[]]> {
+    const validTxs: T[] = [];
+    const invalidTxs: T[] = [];
+    const thisBlockNullifiers = new Set<bigint>();
+
+    for (const tx of txs) {
+      if (!(await this.#uniqueNullifiers(tx, thisBlockNullifiers))) {
+        invalidTxs.push(tx);
+        continue;
+      }
+
+      validTxs.push(tx);
+    }
+
+    return [validTxs, invalidTxs];
+  }
+
+  async #uniqueNullifiers(tx: AnyTx, thisBlockNullifiers: Set<bigint>): Promise<boolean> {
+    const nullifiers = tx.data.getNonEmptyNullifiers().map(x => x.toBigInt());
+
+    // Ditch this tx if it has repeated nullifiers
+    const uniqueNullifiers = new Set(nullifiers);
+    if (uniqueNullifiers.size !== nullifiers.length) {
+      this.#log.warn(`Rejecting tx ${Tx.getHash(tx)} for emitting duplicate nullifiers`);
+      return false;
+    }
+
+    if (this.isValidatingBlock) {
+      for (const nullifier of nullifiers) {
+        if (thisBlockNullifiers.has(nullifier)) {
+          this.#log.warn(`Rejecting tx ${Tx.getHash(tx)} for repeating a nullifier in the same block`);
+          return false;
+        }
+
+        thisBlockNullifiers.add(nullifier);
+      }
+    }
+
+    const nullifierIndexes = await Promise.all(nullifiers.map(n => this.#nullifierSource.getNullifierIndex(new Fr(n))));
+
+    const hasDuplicates = nullifierIndexes.some(index => index !== undefined);
+    if (hasDuplicates) {
+      this.#log.warn(`Rejecting tx ${Tx.getHash(tx)} for repeating nullifiers present in state trees`);
+      return false;
+    }
+
+    return true;
+  }
+}

package/src/tx_validator/index.ts

@@ -0,0 +1,5 @@
+export * from './aggregate_tx_validator.js';
+export * from './data_validator.js';
+export * from './double_spend_validator.js';
+export * from './metadata_validator.js';
+export * from './tx_proof_validator.js';

package/src/tx_validator/metadata_validator.ts

@@ -0,0 +1,61 @@
+import { type AnyTx, Tx, type TxValidator } from '@aztec/circuit-types';
+import { type Fr } from '@aztec/circuits.js';
+import { createDebugLogger } from '@aztec/foundation/log';
+
+export class MetadataTxValidator<T extends AnyTx> implements TxValidator<T> {
+  #log = createDebugLogger('aztec:sequencer:tx_validator:tx_metadata');
+
+  constructor(private chainId: Fr, private blockNumber: Fr) {}
+
+  validateTxs(txs: T[]): Promise<[validTxs: T[], invalidTxs: T[]]> {
+    const validTxs: T[] = [];
+    const invalidTxs: T[] = [];
+    for (const tx of txs) {
+      if (!this.#hasCorrectChainId(tx)) {
+        invalidTxs.push(tx);
+        continue;
+      }
+
+      if (!this.#isValidForBlockNumber(tx)) {
+        invalidTxs.push(tx);
+        continue;
+      }
+
+      validTxs.push(tx);
+    }
+
+    return Promise.resolve([validTxs, invalidTxs]);
+  }
+
+  #hasCorrectChainId(tx: T): boolean {
+    if (!tx.data.constants.txContext.chainId.equals(this.chainId)) {
+      this.#log.warn(
+        `Rejecting tx ${Tx.getHash(
+          tx,
+        )} because of incorrect chain ${tx.data.constants.txContext.chainId.toNumber()} != ${this.chainId.toNumber()}`,
+      );
+      return false;
+    } else {
+      return true;
+    }
+  }
+
+  #isValidForBlockNumber(tx: T): boolean {
+    const target =
+      tx instanceof Tx
+        ? tx.data.forRollup?.rollupValidationRequests || tx.data.forPublic!.validationRequests.forRollup
+        : tx.data.rollupValidationRequests;
+    const maxBlockNumber = target.maxBlockNumber;
+
+    if (maxBlockNumber.isSome && maxBlockNumber.value < this.blockNumber) {
+      this.#log.warn(
+        `Rejecting tx ${Tx.getHash(tx)} for low max block number. Tx max block number: ${
+          maxBlockNumber.value
+        }, current block number: ${this.blockNumber}.`,
+      );
+      return false;
+    } else {
+      return true;
+    }
+  }
+}