@aztec/p2p 0.55.0 → 0.55.1

package/src/service/libp2p_service.ts

@@ -1,36 +1,49 @@
 import {
   BlockAttestation,
   BlockProposal,
+  type ClientProtocolCircuitVerifier,
   type Gossipable,
+  type L2BlockSource,
+  MerkleTreeId,
   type RawGossipMessage,
   TopicType,
   TopicTypeMap,
   Tx,
   TxHash,
+  type WorldStateSynchronizer,
 } from '@aztec/circuit-types';
+import { Fr } from '@aztec/circuits.js';
 import { createDebugLogger } from '@aztec/foundation/log';
 import { SerialQueue } from '@aztec/foundation/queue';
 import { RunningPromise } from '@aztec/foundation/running-promise';
 import type { AztecKVStore } from '@aztec/kv-store';
 
 import { type ENR } from '@chainsafe/enr';
-import { type GossipsubEvents, gossipsub } from '@chainsafe/libp2p-gossipsub';
+import { type GossipSub, type GossipSubComponents, gossipsub } from '@chainsafe/libp2p-gossipsub';
+import { createPeerScoreParams, createTopicScoreParams } from '@chainsafe/libp2p-gossipsub/score';
 import { noise } from '@chainsafe/libp2p-noise';
 import { yamux } from '@chainsafe/libp2p-yamux';
 import { identify } from '@libp2p/identify';
-import type { PeerId, PubSub } from '@libp2p/interface';
+import type { PeerId } from '@libp2p/interface';
 import '@libp2p/kad-dht';
 import { mplex } from '@libp2p/mplex';
 import { createFromJSON, createSecp256k1PeerId } from '@libp2p/peer-id-factory';
 import { tcp } from '@libp2p/tcp';
-import { type Libp2p, createLibp2p } from 'libp2p';
+import { createLibp2p } from 'libp2p';
 
 import { type AttestationPool } from '../attestation_pool/attestation_pool.js';
 import { type P2PConfig } from '../config.js';
 import { type TxPool } from '../tx_pool/index.js';
-import { convertToMultiaddr } from '../util.js';
+import {
+  DataTxValidator,
+  DoubleSpendTxValidator,
+  MetadataTxValidator,
+  TxProofValidator,
+} from '../tx_validator/index.js';
+import { type PubSubLibp2p, convertToMultiaddr } from '../util.js';
 import { AztecDatastore } from './data_store.js';
 import { PeerManager } from './peer_manager.js';
+import { PeerErrorSeverity } from './peer_scoring.js';
 import { pingHandler, statusHandler } from './reqresp/handlers.js';
 import {
   DEFAULT_SUB_PROTOCOL_HANDLERS,
@@ -45,11 +58,6 @@ import {
 import { ReqResp } from './reqresp/reqresp.js';
 import type { P2PService, PeerDiscoveryService } from './service.js';
 
-export interface PubSubLibp2p extends Libp2p {
-  services: {
-    pubsub: PubSub<GossipsubEvents>;
-  };
-}
 /**
  * Create a libp2p peer ID from the private key if provided, otherwise creates a new random ID.
  * @param privateKey - Optional peer ID private key as hex string
@@ -90,10 +98,17 @@ export class LibP2PService implements P2PService {
     private peerDiscoveryService: PeerDiscoveryService,
     private txPool: TxPool,
     private attestationPool: AttestationPool,
+    private l2BlockSource: L2BlockSource,
+    private proofVerifier: ClientProtocolCircuitVerifier,
+    private worldStateSynchronizer: WorldStateSynchronizer,
     private requestResponseHandlers: ReqRespSubProtocolHandlers = DEFAULT_SUB_PROTOCOL_HANDLERS,
     private logger = createDebugLogger('aztec:libp2p_service'),
   ) {
     this.peerManager = new PeerManager(node, peerDiscoveryService, config, logger);
+    this.node.services.pubsub.score.params.appSpecificScore = (peerId: string) => {
+      return this.peerManager.getPeerScore(peerId);
+    };
+    this.node.services.pubsub.score.params.appSpecificWeight = 10;
     this.reqresp = new ReqResp(config, node);
 
     this.blockReceivedCallback = (block: BlockProposal): Promise<BlockAttestation | undefined> => {
@@ -136,15 +151,15 @@ export class LibP2PService implements P2PService {
 
     // add GossipSub listener
     this.node.services.pubsub.addEventListener('gossipsub:message', async e => {
-      const { msg } = e.detail;
+      const { msg, propagationSource: peerId } = e.detail;
       this.logger.debug(`Received PUBSUB message.`);
 
-      await this.jobQueue.put(() => this.handleNewGossipMessage(msg));
+      await this.jobQueue.put(() => this.handleNewGossipMessage(msg, peerId));
     });
 
     // Start running promise for peer discovery
     this.discoveryRunningPromise = new RunningPromise(() => {
-      this.peerManager.discover();
+      this.peerManager.heartbeat();
     }, this.config.peerCheckIntervalMS);
     this.discoveryRunningPromise.start();
     await this.reqresp.start(this.requestResponseHandlers);
@@ -181,6 +196,9 @@ export class LibP2PService implements P2PService {
     peerId: PeerId,
     txPool: TxPool,
     attestationPool: AttestationPool,
+    l2BlockSource: L2BlockSource,
+    proofVerifier: ClientProtocolCircuitVerifier,
+    worldStateSynchronizer: WorldStateSynchronizer,
     store: AztecKVStore,
   ) {
     const { tcpListenAddress, tcpAnnounceAddress, minPeerCount, maxPeerCount } = config;
@@ -223,13 +241,22 @@ export class LibP2PService implements P2PService {
         }),
         pubsub: gossipsub({
           allowPublishToZeroTopicPeers: true,
-          D: 6,
-          Dlo: 4,
-          Dhi: 12,
-          heartbeatInterval: 1_000,
-          mcacheLength: 5,
-          mcacheGossip: 3,
-        }),
+          D: config.gossipsubD,
+          Dlo: config.gossipsubDlo,
+          Dhi: config.gossipsubDhi,
+          heartbeatInterval: config.gossipsubInterval,
+          mcacheLength: config.gossipsubMcacheLength,
+          mcacheGossip: config.gossipsubMcacheGossip,
+          scoreParams: createPeerScoreParams({
+            topics: {
+              [Tx.p2pTopic]: createTopicScoreParams({
+                topicWeight: 1,
+                invalidMessageDeliveriesWeight: -20,
+                invalidMessageDeliveriesDecay: 0.5,
+              }),
+            },
+          }),
+        }) as (components: GossipSubComponents) => GossipSub,
       },
     });
 
@@ -252,7 +279,17 @@ export class LibP2PService implements P2PService {
       [TX_REQ_PROTOCOL]: txHandler,
     };
 
-    return new LibP2PService(config, node, peerDiscoveryService, txPool, attestationPool, requestResponseHandlers);
+    return new LibP2PService(
+      config,
+      node,
+      peerDiscoveryService,
+      txPool,
+      attestationPool,
+      l2BlockSource,
+      proofVerifier,
+      worldStateSynchronizer,
+      requestResponseHandlers,
+    );
   }
 
   /**
@@ -323,10 +360,10 @@ export class LibP2PService implements P2PService {
    * @param topic - The message's topic.
    * @param data - The message data
    */
-  private async handleNewGossipMessage(message: RawGossipMessage) {
+  private async handleNewGossipMessage(message: RawGossipMessage, peerId: PeerId) {
     if (message.topic === Tx.p2pTopic) {
       const tx = Tx.fromBuffer(Buffer.from(message.data));
-      await this.processTxFromPeer(tx);
+      await this.processTxFromPeer(tx, peerId);
     }
     if (message.topic === BlockAttestation.p2pTopic) {
       const attestation = BlockAttestation.fromBuffer(Buffer.from(message.data));
@@ -376,11 +413,87 @@ export class LibP2PService implements P2PService {
     void this.jobQueue.put(() => Promise.resolve(this.sendToPeers(message)));
   }
 
-  private async processTxFromPeer(tx: Tx): Promise<void> {
+  private async processTxFromPeer(tx: Tx, peerId: PeerId): Promise<void> {
     const txHash = tx.getTxHash();
     const txHashString = txHash.toString();
     this.logger.verbose(`Received tx ${txHashString} from external peer.`);
-    await this.txPool.addTxs([tx]);
+
+    const isValidTx = await this.validateTx(tx, peerId);
+
+    if (isValidTx) {
+      await this.txPool.addTxs([tx]);
+    }
+  }
+
+  private async validateTx(tx: Tx, peerId: PeerId): Promise<boolean> {
+    const blockNumber = (await this.l2BlockSource.getBlockNumber()) + 1;
+    // basic data validation
+    const dataValidator = new DataTxValidator();
+    const [_, dataInvalidTxs] = await dataValidator.validateTxs([tx]);
+    if (dataInvalidTxs.length > 0) {
+      // penalize
+      this.node.services.pubsub.score.markInvalidMessageDelivery(peerId.toString(), Tx.p2pTopic);
+      return false;
+    }
+
+    // metadata validation
+    const metadataValidator = new MetadataTxValidator(new Fr(this.config.l1ChainId), new Fr(blockNumber));
+    const [__, metaInvalidTxs] = await metadataValidator.validateTxs([tx]);
+    if (metaInvalidTxs.length > 0) {
+      // penalize
+      this.node.services.pubsub.score.markInvalidMessageDelivery(peerId.toString(), Tx.p2pTopic);
+      return false;
+    }
+
+    // double spend validation
+    const doubleSpendValidator = new DoubleSpendTxValidator({
+      getNullifierIndex: async (nullifier: Fr) => {
+        const merkleTree = this.worldStateSynchronizer.getLatest();
+        const index = await merkleTree.findLeafIndex(MerkleTreeId.NULLIFIER_TREE, nullifier.toBuffer());
+        return index;
+      },
+    });
+    const [___, doubleSpendInvalidTxs] = await doubleSpendValidator.validateTxs([tx]);
+    if (doubleSpendInvalidTxs.length > 0) {
+      // check if nullifier is older than 20 blocks
+      if (blockNumber - this.config.severePeerPenaltyBlockLength > 0) {
+        const snapshotValidator = new DoubleSpendTxValidator({
+          getNullifierIndex: async (nullifier: Fr) => {
+            const merkleTree = this.worldStateSynchronizer.getSnapshot(
+              blockNumber - this.config.severePeerPenaltyBlockLength,
+            );
+            const index = await merkleTree.findLeafIndex(MerkleTreeId.NULLIFIER_TREE, nullifier.toBuffer());
+            return index;
+          },
+        });
+
+        const [____, snapshotInvalidTxs] = await snapshotValidator.validateTxs([tx]);
+        // High penalty if nullifier is older than 20 blocks
+        if (snapshotInvalidTxs.length > 0) {
+          // penalize
+          this.peerManager.penalizePeer(peerId, PeerErrorSeverity.LowToleranceError);
+          return false;
+        }
+      }
+      // penalize
+      this.peerManager.penalizePeer(peerId, PeerErrorSeverity.HighToleranceError);
+      return false;
+    }
+
+    // proof validation
+    const proofValidator = new TxProofValidator(this.proofVerifier);
+    const [_____, proofInvalidTxs] = await proofValidator.validateTxs([tx]);
+    if (proofInvalidTxs.length > 0) {
+      // penalize
+      this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
+      return false;
+    }
+
+    return true;
+  }
+
+  public getPeerScore(peerId: PeerId): number {
+    return this.node.services.pubsub.score.score(peerId.toString());
   }
 
   private async sendToPeers<T extends Gossipable>(message: T) {

package/src/service/peer_manager.ts

@@ -3,9 +3,10 @@ import { createDebugLogger } from '@aztec/foundation/log';
 import { type ENR } from '@chainsafe/enr';
 import { type PeerId } from '@libp2p/interface';
 import { type Multiaddr } from '@multiformats/multiaddr';
-import { type Libp2p } from 'libp2p';
 
 import { type P2PConfig } from '../config.js';
+import { type PubSubLibp2p } from '../util.js';
+import { type PeerErrorSeverity, PeerScoring } from './peer_scoring.js';
 import { type PeerDiscoveryService } from './service.js';
 
 const MAX_DIAL_ATTEMPTS = 3;
@@ -20,12 +21,15 @@ type CachedPeer = {
 
 export class PeerManager {
   private cachedPeers: Map<string, CachedPeer> = new Map();
+  private peerScoring: PeerScoring;
+
   constructor(
-    private libP2PNode: Libp2p,
+    private libP2PNode: PubSubLibp2p,
     private peerDiscoveryService: PeerDiscoveryService,
     private config: P2PConfig,
     private logger = createDebugLogger('aztec:p2p:peer_manager'),
   ) {
+    this.peerScoring = new PeerScoring(config);
     // Handle new established connections
     this.libP2PNode.addEventListener('peer:connect', evt => {
       const peerId = evt.detail;
@@ -52,10 +56,25 @@ export class PeerManager {
     });
   }
 
+  public heartbeat() {
+    this.discover();
+    this.peerScoring.decayAllScores();
+  }
+
+  public penalizePeer(peerId: PeerId, penalty: PeerErrorSeverity) {
+    const id = peerId.toString();
+    const penaltyValue = this.peerScoring.peerPenalties[penalty];
+    this.peerScoring.updateScore(id, -penaltyValue);
+  }
+
+  public getPeerScore(peerId: string): number {
+    return this.peerScoring.getScore(peerId);
+  }
+
   /**
    * Discovers peers.
    */
-  public discover() {
+  private discover() {
     // Get current connections
     const connections = this.libP2PNode.getConnections();
 
@@ -155,7 +174,7 @@ export class PeerManager {
     }
   }
 
-  async dialPeer(peer: CachedPeer) {
+  private async dialPeer(peer: CachedPeer) {
     const id = peer.peerId.toString();
     await this.libP2PNode.peerStore.merge(peer.peerId, { multiaddrs: [peer.multiaddrTcp] });
 

package/src/service/peer_scoring.ts

@@ -0,0 +1,81 @@
+import { type P2PConfig } from '../config.js';
+
+export enum PeerErrorSeverity {
+  /**
+   * Not malicious action, but it must not be tolerated
+   * ~2 occurrences will get the peer banned
+   */
+  LowToleranceError = 'LowToleranceError',
+  /**
+   * Negative action that can be tolerated only sometimes
+   * ~10 occurrences will get the peer banned
+   */
+  MidToleranceError = 'MidToleranceError',
+  /**
+   * Some error that can be tolerated multiple times
+   * ~50 occurrences will get the peer banned
+   */
+  HighToleranceError = 'HighToleranceError',
+}
+
+const DefaultPeerPenalties = {
+  [PeerErrorSeverity.LowToleranceError]: 2,
+  [PeerErrorSeverity.MidToleranceError]: 10,
+  [PeerErrorSeverity.HighToleranceError]: 50,
+};
+
+export class PeerScoring {
+  private scores: Map<string, number> = new Map();
+  private lastUpdateTime: Map<string, number> = new Map();
+  private decayInterval = 1000 * 60; // 1 minute
+  private decayFactor = 0.9;
+  peerPenalties: { [key in PeerErrorSeverity]: number };
+
+  constructor(config: P2PConfig) {
+    const orderedValues = config.peerPenaltyValues.sort((a, b) => a - b);
+    this.peerPenalties = {
+      [PeerErrorSeverity.HighToleranceError]:
+        orderedValues[0] ?? DefaultPeerPenalties[PeerErrorSeverity.LowToleranceError],
+      [PeerErrorSeverity.MidToleranceError]:
+        orderedValues[1] ?? DefaultPeerPenalties[PeerErrorSeverity.MidToleranceError],
+      [PeerErrorSeverity.LowToleranceError]:
+        orderedValues[2] ?? DefaultPeerPenalties[PeerErrorSeverity.HighToleranceError],
+    };
+  }
+
+  updateScore(peerId: string, scoreDelta: number): void {
+    const currentTime = Date.now();
+    const lastUpdate = this.lastUpdateTime.get(peerId) || currentTime;
+    const timePassed = currentTime - lastUpdate;
+    const decayPeriods = Math.floor(timePassed / this.decayInterval);
+
+    let currentScore = this.scores.get(peerId) || 0;
+
+    // Apply decay
+    currentScore *= Math.pow(this.decayFactor, decayPeriods);
+
+    // Apply new score delta
+    currentScore += scoreDelta;
+
+    this.scores.set(peerId, currentScore);
+    this.lastUpdateTime.set(peerId, currentTime);
+  }
+
+  decayAllScores(): void {
+    const currentTime = Date.now();
+    for (const [peerId, lastUpdate] of this.lastUpdateTime.entries()) {
+      const timePassed = currentTime - lastUpdate;
+      const decayPeriods = Math.floor(timePassed / this.decayInterval);
+      if (decayPeriods > 0) {
+        let score = this.scores.get(peerId) || 0;
+        score *= Math.pow(this.decayFactor, decayPeriods);
+        this.scores.set(peerId, score);
+        this.lastUpdateTime.set(peerId, currentTime);
+      }
+    }
+  }
+
+  getScore(peerId: string): number {
+    return this.scores.get(peerId) || 0;
+  }
+}

package/src/tx_validator/aggregate_tx_validator.ts

@@ -0,0 +1,24 @@
+import { type ProcessedTx, type Tx, type TxValidator } from '@aztec/circuit-types';
+
+export class AggregateTxValidator<T extends Tx | ProcessedTx> implements TxValidator<T> {
+  #validators: TxValidator<T>[];
+  constructor(...validators: TxValidator<T>[]) {
+    if (validators.length === 0) {
+      throw new Error('At least one validator must be provided');
+    }
+
+    this.#validators = validators;
+  }
+
+  async validateTxs(txs: T[]): Promise<[validTxs: T[], invalidTxs: T[]]> {
+    const invalidTxs: T[] = [];
+    let txPool = txs;
+    for (const validator of this.#validators) {
+      const [valid, invalid] = await validator.validateTxs(txPool);
+      invalidTxs.push(...invalid);
+      txPool = valid;
+    }
+
+    return [txPool, invalidTxs];
+  }
+}

package/src/tx_validator/data_validator.ts

@@ -0,0 +1,61 @@
+import { Tx, type TxValidator } from '@aztec/circuit-types';
+import { createDebugLogger } from '@aztec/foundation/log';
+
+export class DataTxValidator implements TxValidator<Tx> {
+  #log = createDebugLogger('aztec:sequencer:tx_validator:tx_data');
+
+  validateTxs(txs: Tx[]): Promise<[validTxs: Tx[], invalidTxs: Tx[]]> {
+    const validTxs: Tx[] = [];
+    const invalidTxs: Tx[] = [];
+    for (const tx of txs) {
+      if (!this.#hasCorrectExecutionRequests(tx)) {
+        invalidTxs.push(tx);
+        continue;
+      }
+
+      validTxs.push(tx);
+    }
+
+    return Promise.resolve([validTxs, invalidTxs]);
+  }
+
+  #hasCorrectExecutionRequests(tx: Tx): boolean {
+    const callRequests = [
+      ...tx.data.getRevertiblePublicCallRequests(),
+      ...tx.data.getNonRevertiblePublicCallRequests(),
+    ];
+    if (callRequests.length !== tx.enqueuedPublicFunctionCalls.length) {
+      this.#log.warn(
+        `Rejecting tx ${Tx.getHash(tx)} because of mismatch number of execution requests for public calls. Expected ${
+          callRequests.length
+        }. Got ${tx.enqueuedPublicFunctionCalls.length}.`,
+      );
+      return false;
+    }
+
+    const invalidExecutionRequestIndex = tx.enqueuedPublicFunctionCalls.findIndex(
+      (execRequest, i) => !execRequest.isForCallRequest(callRequests[i]),
+    );
+    if (invalidExecutionRequestIndex !== -1) {
+      this.#log.warn(
+        `Rejecting tx ${Tx.getHash(
+          tx,
+        )} because of incorrect execution requests for public call at index ${invalidExecutionRequestIndex}.`,
+      );
+      return false;
+    }
+
+    const teardownCallRequest = tx.data.getTeardownPublicCallRequest();
+    const isInvalidTeardownExecutionRequest =
+      (!teardownCallRequest && !tx.publicTeardownFunctionCall.isEmpty()) ||
+      (teardownCallRequest && !tx.publicTeardownFunctionCall.isForCallRequest(teardownCallRequest));
+    if (isInvalidTeardownExecutionRequest) {
+      this.#log.warn(`Rejecting tx ${Tx.getHash(tx)} because of incorrect teardown execution requests.`);
+      return false;
+    }
+
+    return true;
+  }
+
+  // TODO: Check logs.
+}

package/src/tx_validator/double_spend_validator.ts

@@ -0,0 +1,65 @@
+import { type AnyTx, Tx, type TxValidator } from '@aztec/circuit-types';
+import { Fr } from '@aztec/circuits.js';
+import { createDebugLogger } from '@aztec/foundation/log';
+
+export interface NullifierSource {
+  getNullifierIndex: (nullifier: Fr) => Promise<bigint | undefined>;
+}
+
+export class DoubleSpendTxValidator<T extends AnyTx> implements TxValidator<T> {
+  #log = createDebugLogger('aztec:sequencer:tx_validator:tx_double_spend');
+  #nullifierSource: NullifierSource;
+
+  constructor(nullifierSource: NullifierSource, private readonly isValidatingBlock: boolean = true) {
+    this.#nullifierSource = nullifierSource;
+  }
+
+  async validateTxs(txs: T[]): Promise<[validTxs: T[], invalidTxs: T[]]> {
+    const validTxs: T[] = [];
+    const invalidTxs: T[] = [];
+    const thisBlockNullifiers = new Set<bigint>();
+
+    for (const tx of txs) {
+      if (!(await this.#uniqueNullifiers(tx, thisBlockNullifiers))) {
+        invalidTxs.push(tx);
+        continue;
+      }
+
+      validTxs.push(tx);
+    }
+
+    return [validTxs, invalidTxs];
+  }
+
+  async #uniqueNullifiers(tx: AnyTx, thisBlockNullifiers: Set<bigint>): Promise<boolean> {
+    const nullifiers = tx.data.getNonEmptyNullifiers().map(x => x.toBigInt());
+
+    // Ditch this tx if it has repeated nullifiers
+    const uniqueNullifiers = new Set(nullifiers);
+    if (uniqueNullifiers.size !== nullifiers.length) {
+      this.#log.warn(`Rejecting tx ${Tx.getHash(tx)} for emitting duplicate nullifiers`);
+      return false;
+    }
+
+    if (this.isValidatingBlock) {
+      for (const nullifier of nullifiers) {
+        if (thisBlockNullifiers.has(nullifier)) {
+          this.#log.warn(`Rejecting tx ${Tx.getHash(tx)} for repeating a nullifier in the same block`);
+          return false;
+        }
+
+        thisBlockNullifiers.add(nullifier);
+      }
+    }
+
+    const nullifierIndexes = await Promise.all(nullifiers.map(n => this.#nullifierSource.getNullifierIndex(new Fr(n))));
+
+    const hasDuplicates = nullifierIndexes.some(index => index !== undefined);
+    if (hasDuplicates) {
+      this.#log.warn(`Rejecting tx ${Tx.getHash(tx)} for repeating nullifiers present in state trees`);
+      return false;
+    }
+
+    return true;
+  }
+}

package/src/tx_validator/index.ts

@@ -0,0 +1,5 @@
+export * from './aggregate_tx_validator.js';
+export * from './data_validator.js';
+export * from './double_spend_validator.js';
+export * from './metadata_validator.js';
+export * from './tx_proof_validator.js';

package/src/tx_validator/metadata_validator.ts

@@ -0,0 +1,61 @@
+import { type AnyTx, Tx, type TxValidator } from '@aztec/circuit-types';
+import { type Fr } from '@aztec/circuits.js';
+import { createDebugLogger } from '@aztec/foundation/log';
+
+export class MetadataTxValidator<T extends AnyTx> implements TxValidator<T> {
+  #log = createDebugLogger('aztec:sequencer:tx_validator:tx_metadata');
+
+  constructor(private chainId: Fr, private blockNumber: Fr) {}
+
+  validateTxs(txs: T[]): Promise<[validTxs: T[], invalidTxs: T[]]> {
+    const validTxs: T[] = [];
+    const invalidTxs: T[] = [];
+    for (const tx of txs) {
+      if (!this.#hasCorrectChainId(tx)) {
+        invalidTxs.push(tx);
+        continue;
+      }
+
+      if (!this.#isValidForBlockNumber(tx)) {
+        invalidTxs.push(tx);
+        continue;
+      }
+
+      validTxs.push(tx);
+    }
+
+    return Promise.resolve([validTxs, invalidTxs]);
+  }
+
+  #hasCorrectChainId(tx: T): boolean {
+    if (!tx.data.constants.txContext.chainId.equals(this.chainId)) {
+      this.#log.warn(
+        `Rejecting tx ${Tx.getHash(
+          tx,
+        )} because of incorrect chain ${tx.data.constants.txContext.chainId.toNumber()} != ${this.chainId.toNumber()}`,
+      );
+      return false;
+    } else {
+      return true;
+    }
+  }
+
+  #isValidForBlockNumber(tx: T): boolean {
+    const target =
+      tx instanceof Tx
+        ? tx.data.forRollup?.rollupValidationRequests || tx.data.forPublic!.validationRequests.forRollup
+        : tx.data.rollupValidationRequests;
+    const maxBlockNumber = target.maxBlockNumber;
+
+    if (maxBlockNumber.isSome && maxBlockNumber.value < this.blockNumber) {
+      this.#log.warn(
+        `Rejecting tx ${Tx.getHash(tx)} for low max block number. Tx max block number: ${
+          maxBlockNumber.value
+        }, current block number: ${this.blockNumber}.`,
+      );
+      return false;
+    } else {
+      return true;
+    }
+  }
+}

package/src/tx_validator/tx_proof_validator.ts

@@ -0,0 +1,28 @@
+import { type ClientProtocolCircuitVerifier, Tx, type TxValidator } from '@aztec/circuit-types';
+import { createDebugLogger } from '@aztec/foundation/log';
+
+export class TxProofValidator implements TxValidator<Tx> {
+  #log = createDebugLogger('aztec:sequencer:tx_validator:private_proof');
+
+  constructor(private verifier: ClientProtocolCircuitVerifier) {}
+
+  async validateTxs(txs: Tx[]): Promise<[validTxs: Tx[], invalidTxs: Tx[]]> {
+    const validTxs: Tx[] = [];
+    const invalidTxs: Tx[] = [];
+
+    for (const tx of txs) {
+      if (await this.verifier.verifyProof(tx)) {
+        validTxs.push(tx);
+      } else {
+        this.#log.warn(`Rejecting tx ${Tx.getHash(tx)} for invalid proof`);
+        invalidTxs.push(tx);
+      }
+    }
+
+    return [validTxs, invalidTxs];
+  }
+
+  validateTx(tx: Tx): Promise<boolean> {
+    return this.verifier.verifyProof(tx);
+  }
+}

package/src/util.ts

@@ -1,4 +1,12 @@
+import type { GossipSub } from '@chainsafe/libp2p-gossipsub';
 import { resolve } from 'dns/promises';
+import type { Libp2p } from 'libp2p';
+
+export interface PubSubLibp2p extends Libp2p {
+  services: {
+    pubsub: GossipSub;
+  };
+}
 
 /**
  * Converts an address string to a multiaddr string.