@aztec/p2p 1.2.1 → 2.0.0-nightly.20250813

package/src/msg_validators/tx_validator/phases_validator.ts

@@ -34,7 +34,7 @@ export class PhasesTxValidator implements TxValidator<Tx> {
 
       if (!tx.data.forPublic) {
         this.#log.debug(
-          `Tx ${await Tx.getHash(tx)} does not contain enqueued public functions. Skipping phases validation.`,
+          `Tx ${tx.getTxHash().toString()} does not contain enqueued public functions. Skipping phases validation.`,
         );
         return { result: 'valid' };
       }
@@ -43,7 +43,7 @@ export class PhasesTxValidator implements TxValidator<Tx> {
       for (const setupFn of setupFns) {
         if (!(await this.isOnAllowList(setupFn, this.setupAllowList))) {
           this.#log.verbose(
-            `Rejecting tx ${await Tx.getHash(tx)} because it calls setup function not on allow list: ${
+            `Rejecting tx ${tx.getTxHash().toString()} because it calls setup function not on allow list: ${
               setupFn.request.contractAddress
             }:${setupFn.functionSelector}`,
             { allowList: this.setupAllowList },

package/src/msg_validators/tx_validator/tx_proof_validator.ts

@@ -10,10 +10,10 @@ export class TxProofValidator implements TxValidator<Tx> {
   async validateTx(tx: Tx): Promise<TxValidationResult> {
     const result = await this.verifier.verifyProof(tx);
     if (!result.valid) {
-      this.#log.verbose(`Rejecting tx ${await Tx.getHash(tx)} for invalid proof`);
+      this.#log.verbose(`Rejecting tx ${tx.getTxHash().toString()} for invalid proof`);
       return { result: 'invalid', reason: [TX_ERROR_INVALID_PROOF] };
     }
-    this.#log.trace(`Accepted ${await Tx.getHash(tx)} with valid proof`);
+    this.#log.trace(`Accepted ${tx.getTxHash().toString()} with valid proof`);
     return { result: 'valid' };
   }
 }

package/src/services/discv5/discV5_service.ts

@@ -191,7 +191,7 @@ export class DiscV5Service extends EventEmitter implements PeerDiscoveryService
 
   public async runRandomNodesQuery(): Promise<void> {
     if (this.currentState !== PeerDiscoveryState.RUNNING) {
-      throw new Error('DiscV5Service not running');
+      return;
     }
 
     // First, wait some time before starting the peer discovery
@@ -229,6 +229,9 @@ export class DiscV5Service extends EventEmitter implements PeerDiscoveryService
   }
 
   public async stop(): Promise<void> {
+    if (this.currentState !== PeerDiscoveryState.RUNNING) {
+      return;
+    }
     await this.discv5.off(Discv5Event.DISCOVERED, this.handlers.onDiscovered);
     await this.discv5.off(Discv5Event.ENR_ADDED, this.handlers.onEnrAdded);
     await this.discv5.off(Discv5Event.MULTIADDR_UPDATED, this.handlers.onMultiaddrUpdated);

package/src/services/dummy_service.ts

@@ -1,3 +1,4 @@
+import type { EthAddress } from '@aztec/foundation/eth-address';
 import type { PeerInfo } from '@aztec/stdlib/interfaces/server';
 import type { Gossipable, PeerErrorSeverity } from '@aztec/stdlib/p2p';
 import { Tx, TxHash } from '@aztec/stdlib/tx';
@@ -8,10 +9,12 @@ import EventEmitter from 'events';
 
 import type { PeerManagerInterface } from './peer-manager/interface.js';
 import type { P2PReqRespConfig } from './reqresp/config.js';
+import { type AuthRequest, StatusMessage } from './reqresp/index.js';
 import type {
   ReqRespInterface,
   ReqRespResponse,
   ReqRespSubProtocol,
+  ReqRespSubProtocolHandler,
   ReqRespSubProtocolHandlers,
   ReqRespSubProtocolValidators,
   SubProtocolMap,
@@ -108,6 +111,21 @@ export class DummyP2PService implements P2PService {
   validate(_txs: Tx[]): Promise<void> {
     return Promise.resolve();
   }
+
+  addReqRespSubProtocol(
+    _subProtocol: ReqRespSubProtocol,
+    _handler: ReqRespSubProtocolHandler,
+    _validator?: ReqRespSubProtocolValidators[ReqRespSubProtocol],
+  ): Promise<void> {
+    return Promise.resolve();
+  }
+
+  handleAuthRequestFromPeer(_authRequest: AuthRequest, _peerId: PeerId): Promise<StatusMessage> {
+    return Promise.resolve(StatusMessage.random());
+  }
+
+  //this is no-op
+  registerThisValidatorAddresses(_address: EthAddress[]): void {}
 }
 
 /**
@@ -184,14 +202,28 @@ export class DummyPeerManager implements PeerManagerInterface {
   public getPeerScore(_peerId: string): number {
     return 0;
   }
+
+  public shouldDisableP2PGossip(_peerId: string): boolean {
+    return false;
+  }
+
   public stop(): Promise<void> {
     return Promise.resolve();
   }
-  public heartbeat(): void {}
+  public heartbeat(): Promise<void> {
+    return Promise.resolve();
+  }
   public addTrustedPeer(_peerId: PeerId): void {}
   public addPrivatePeer(_peerId: PeerId): void {}
   public goodbyeReceived(_peerId: PeerId, _reason: GoodByeReason): void {}
   public penalizePeer(_peerId: PeerId, _penalty: PeerErrorSeverity): void {}
+  public addPreferredPeer(_peerId: PeerId): void {}
+  public handleAuthRequestFromPeer(_authRequest: AuthRequest, _peerId: PeerId): Promise<StatusMessage> {
+    return Promise.resolve(StatusMessage.random());
+  }
+
+  //this is no-op
+  registerThisValidatorAddresses(_address: EthAddress[]): void {}
 }
 
 export class DummyReqResp implements ReqRespInterface {
@@ -213,13 +245,13 @@ export class DummyReqResp implements ReqRespInterface {
   }
   sendBatchRequest<SubProtocol extends ReqRespSubProtocol>(
     _subProtocol: SubProtocol,
-    requests: InstanceType<SubProtocolMap[SubProtocol]['request']>[],
+    _requests: InstanceType<SubProtocolMap[SubProtocol]['request']>[],
     _pinnedPeer: PeerId | undefined,
     _timeoutMs?: number,
     _maxPeers?: number,
     _maxRetryAttempts?: number,
-  ): Promise<(InstanceType<SubProtocolMap[SubProtocol]['response']> | undefined)[]> {
-    return Promise.resolve(requests.map(() => undefined));
+  ): Promise<InstanceType<SubProtocolMap[SubProtocol]['response']>[]> {
+    return Promise.resolve([]);
   }
   public sendRequestToPeer(
     _peerId: PeerId,
@@ -229,4 +261,12 @@ export class DummyReqResp implements ReqRespInterface {
   ): Promise<ReqRespResponse> {
     return Promise.resolve({ status: ReqRespStatus.SUCCESS, data: Buffer.from([]) });
   }
+
+  addSubProtocol(
+    _subProtocol: ReqRespSubProtocol,
+    _handler: ReqRespSubProtocolHandler,
+    _validator?: ReqRespSubProtocolValidators[ReqRespSubProtocol],
+  ): Promise<void> {
+    return Promise.resolve();
+  }
 }

package/src/services/index.ts

@@ -1,4 +1,6 @@
 export * from './service.js';
 export * from './libp2p/libp2p_service.js';
-export * from './tx_collector.js';
+export * from './tx_provider.js';
 export * from './dummy_service.js';
+export * from './reqresp/index.js';
+export * from './tx_collection/index.js';

package/src/services/libp2p/libp2p_service.ts

@@ -1,11 +1,12 @@
 import type { EpochCacheInterface } from '@aztec/epoch-cache';
+import { randomInt } from '@aztec/foundation/crypto';
 import { type Logger, createLibp2pComponentLogger, createLogger } from '@aztec/foundation/log';
 import { SerialQueue } from '@aztec/foundation/queue';
 import { RunningPromise } from '@aztec/foundation/running-promise';
 import { Timer } from '@aztec/foundation/timer';
 import type { AztecAsyncKVStore } from '@aztec/kv-store';
 import { protocolContractTreeRoot } from '@aztec/protocol-contracts';
-import type { L2BlockSource } from '@aztec/stdlib/block';
+import type { EthAddress, L2BlockSource } from '@aztec/stdlib/block';
 import type { ContractDataSource } from '@aztec/stdlib/contract';
 import { GasFees } from '@aztec/stdlib/gas';
 import type { ClientProtocolCircuitVerifier, PeerInfo, WorldStateSynchronizer } from '@aztec/stdlib/interfaces/server';
@@ -27,7 +28,7 @@ import type { UInt64 } from '@aztec/stdlib/types';
 import { compressComponentVersions } from '@aztec/stdlib/versioning';
 import { Attributes, OtelMetricsAdapter, type TelemetryClient, WithTracer, trackSpan } from '@aztec/telemetry-client';
 
-import type { ENR } from '@chainsafe/enr';
+import { ENR } from '@chainsafe/enr';
 import {
   type GossipSub,
   type GossipSubComponents,
@@ -40,7 +41,7 @@ import { noise } from '@chainsafe/libp2p-noise';
 import { yamux } from '@chainsafe/libp2p-yamux';
 import { bootstrap } from '@libp2p/bootstrap';
 import { identify } from '@libp2p/identify';
-import { type Message, type PeerId, TopicValidatorResult } from '@libp2p/interface';
+import { type Message, type MultiaddrConnection, type PeerId, TopicValidatorResult } from '@libp2p/interface';
 import type { ConnectionManager } from '@libp2p/interface-internal';
 import '@libp2p/kad-dht';
 import { mplex } from '@libp2p/mplex';
@@ -69,10 +70,17 @@ import {
   DEFAULT_SUB_PROTOCOL_VALIDATORS,
   type ReqRespInterface,
   ReqRespSubProtocol,
+  type ReqRespSubProtocolHandler,
+  type ReqRespSubProtocolHandlers,
+  type ReqRespSubProtocolValidators,
   type SubProtocolMap,
+  ValidationError,
 } from '../reqresp/interface.js';
+import { reqRespBlockTxsHandler } from '../reqresp/protocols/block_txs/block_txs_handler.js';
 import { reqGoodbyeHandler } from '../reqresp/protocols/goodbye.js';
 import {
+  AuthRequest,
+  StatusMessage,
   pingHandler,
   reqRespBlockHandler,
   reqRespStatusHandler,
@@ -218,12 +226,9 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
       createLogger(`${logger.module}:discv5_service`),
     );
 
-    const bootstrapNodes = peerDiscoveryService.bootstrapNodeEnrs.map(enr => enr.encodeTxt());
+    // Seed libp2p's bootstrap discovery with private and trusted peers
+    const bootstrapNodes = [...config.privatePeers, ...config.trustedPeers];
 
-    // If trusted peers are provided, also provide them to the p2p service
-    bootstrapNodes.push(...config.trustedPeers);
-
-    // If bootstrap nodes are provided, also provide them to the p2p service
     const peerDiscovery = [];
     if (bootstrapNodes.length > 0) {
       peerDiscovery.push(bootstrap({ list: bootstrapNodes }));
@@ -236,23 +241,51 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
     const blockProposalTopic = createTopicString(TopicType.block_proposal, protocolVersion);
     const blockAttestationTopic = createTopicString(TopicType.block_attestation, protocolVersion);
 
+    const preferredPeersEnrs: ENR[] = config.preferredPeers.map(enr => ENR.decodeTxt(enr));
+    const directPeers = (
+      await Promise.all(
+        preferredPeersEnrs.map(async enr => {
+          const peerId = await enr.peerId();
+          const address = enr.getLocationMultiaddr('tcp');
+          if (address === undefined) {
+            throw new Error(`Direct peer ${peerId.toString()} has no TCP address, ENR: ${enr.encodeTxt()}`);
+          }
+          return {
+            id: peerId,
+            addrs: [address],
+          };
+        }),
+      )
+    ).filter(peer => peer !== undefined);
+
+    const announceTcpMultiaddr = config.p2pIp ? [convertToMultiaddr(config.p2pIp, p2pPort, 'tcp')] : [];
+
     const node = await createLibp2p({
       start: false,
       peerId,
       addresses: {
         listen: [bindAddrTcp],
-        announce: [], // announce is handled by the peer discovery service
+        announce: announceTcpMultiaddr,
       },
       transports: [
         tcp({
-          maxConnections: config.maxPeerCount,
+          // It's better to have this number a bit higher than our maxPeerCount because it's sets the limit on transport (TCP) layer
+          // The connection attempts to the node on TCP layer are not necessarily valid Aztec peers so we want to have a bit of leeway here
+          // If we hit the limit, the connection will be temporarily accepted and immediately dropped.
+          // Docs: https://nodejs.org/api/net.html#servermaxconnections
+          maxConnections: Math.ceil(maxPeerCount * 1.5),
           // socket option: the maximum length of the queue of pending connections
           // https://nodejs.org/dist/latest-v22.x/docs/api/net.html#serverlisten
           // it's not safe if we increase this number
           backlog: 5,
           closeServerOnMaxConnections: {
-            closeAbove: maxPeerCount ?? Infinity,
-            listenBelow: maxPeerCount ?? Infinity,
+            // The property `maxConnections` will protect us against the most DDOS attack
+            // This property protects us in case of burst of new connections where server is not able to close them quickly enough
+            // In case closeAbove is reached, the server stops listening altogether
+            // It's important that there is enough difference between closeAbove and listenAbove,
+            // otherwise the server.listener will flap between being closed and open potentially degrading perf even more
+            closeAbove: maxPeerCount * 2,
+            listenBelow: Math.floor(maxPeerCount * 0.9),
           },
         }),
       ],
@@ -262,16 +295,41 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
       connectionEncryption: [noise()],
       connectionManager: {
         minConnections: 0,
+        maxConnections: maxPeerCount,
         maxParallelDials: 100,
         dialTimeout: 30_000,
         maxPeerAddrsToDial: 5,
         maxIncomingPendingConnections: 5,
       },
+      connectionGater: {
+        denyInboundConnection: (maConn: MultiaddrConnection) => {
+          const allowed = peerManager.isNodeAllowedToConnect(maConn.remoteAddr.nodeAddress().address);
+          if (allowed) {
+            return false;
+          }
+
+          logger.debug(`Connection gater: Denying inbound connection from ${maConn.remoteAddr.toString()}`);
+          return true;
+        },
+        denyInboundEncryptedConnection: (peerId: PeerId, _maConn: MultiaddrConnection) => {
+          //NOTE: it is not necessary to check address here because this was already done by
+          // denyInboundConnection
+          const allowed = peerManager.isNodeAllowedToConnect(peerId);
+          if (allowed) {
+            return false;
+          }
+
+          logger.debug(`Connection gater: Denying inbound encrypted connection from ${peerId.toString()}`);
+          return true;
+        },
+      },
       services: {
         identify: identify({
           protocolPrefix: 'aztec',
+          runOnConnectionOpen: true,
         }),
         pubsub: gossipsub({
+          directPeers,
           debugName: 'gossipsub',
           globalSignaturePolicy: SignaturePolicy.StrictNoSign,
           allowPublishToZeroTopicPeers: true,
@@ -334,11 +392,13 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
       reqresp,
       worldStateSynchronizer,
       protocolVersion,
+      epochCache,
     );
 
     // Update gossipsub score params
     node.services.pubsub.score.params.appSpecificWeight = 10;
-    node.services.pubsub.score.params.appSpecificScore = (peerId: string) => peerManager.getPeerScore(peerId);
+    node.services.pubsub.score.params.appSpecificScore = (peerId: string) =>
+      peerManager.shouldDisableP2PGossip(peerId) ? -Infinity : peerManager.getPeerScore(peerId);
 
     return new LibP2PService(
       clientType,
@@ -378,7 +438,9 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
     this.jobQueue.start();
 
     await this.peerManager.initializePeers();
-    await this.peerDiscoveryService.start();
+    if (!this.config.p2pDiscoveryDisabled) {
+      await this.peerDiscoveryService.start();
+    }
     await this.node.start();
 
     // Subscribe to standard GossipSub topics by default
@@ -391,8 +453,12 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
     const goodbyeHandler = reqGoodbyeHandler(this.peerManager);
     const blockHandler = reqRespBlockHandler(this.archiver);
     const statusHandler = reqRespStatusHandler(this.protocolVersion, this.worldStateSynchronizer, this.logger);
+    // In case P2P client doesnt'have attestation pool,
+    // const blockTxsHandler = this.mempools.attestationPool
+    //   ? reqRespBlockTxsHandler(this.mempools.attestationPool, this.mempools.txPool)
+    //   : def;
 
-    const requestResponseHandlers = {
+    const requestResponseHandlers: Partial<ReqRespSubProtocolHandlers> = {
       [ReqRespSubProtocol.PING]: pingHandler,
       [ReqRespSubProtocol.STATUS]: statusHandler.bind(this),
       [ReqRespSubProtocol.TX]: txHandler.bind(this),
@@ -400,6 +466,12 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
       [ReqRespSubProtocol.BLOCK]: blockHandler.bind(this),
     };
 
+    // Only handle block transactions request if attestation pool is available to the client
+    if (this.mempools.attestationPool) {
+      const blockTxsHandler = reqRespBlockTxsHandler(this.mempools.attestationPool, this.mempools.txPool);
+      requestResponseHandlers[ReqRespSubProtocol.BLOCK_TXS] = blockTxsHandler.bind(this);
+    }
+
     // add GossipSub listener
     this.node.services.pubsub.addEventListener(GossipSubEvent.MESSAGE, this.gossipSubEventHandler);
 
@@ -451,6 +523,18 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
     this.logger.info('LibP2P service stopped');
   }
 
+  addReqRespSubProtocol(
+    subProtocol: ReqRespSubProtocol,
+    handler: ReqRespSubProtocolHandler,
+    validator?: ReqRespSubProtocolValidators[ReqRespSubProtocol],
+  ): Promise<void> {
+    return this.reqresp.addSubProtocol(subProtocol, handler, validator);
+  }
+
+  public registerThisValidatorAddresses(address: EthAddress[]): void {
+    this.peerManager.registerThisValidatorAddresses(address);
+  }
+
   public getPeers(includePending?: boolean): PeerInfo[] {
     return this.peerManager.getPeers(includePending);
   }
@@ -468,23 +552,6 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
     setImmediate(() => void safeJob());
   }
 
-  /**
-   * Send Request via the ReqResp service
-   * The subprotocol defined will determine the request and response types
-   *
-   * See the subProtocolMap for the mapping of subprotocols to request/response types in `interface.ts`
-   *
-   * @param protocol The request response protocol to use
-   * @param request The request type to send
-   * @returns
-   */
-  sendRequest<SubProtocol extends ReqRespSubProtocol>(
-    protocol: SubProtocol,
-    request: InstanceType<SubProtocolMap[SubProtocol]['request']>,
-  ): Promise<InstanceType<SubProtocolMap[SubProtocol]['response']> | undefined> {
-    return this.reqresp.sendRequest(protocol, request);
-  }
-
   /**
    * Send a batch of requests to peers, and return the responses
    * @param protocol - The request response protocol to use
@@ -495,7 +562,7 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
     protocol: SubProtocol,
     requests: InstanceType<SubProtocolMap[SubProtocol]['request']>[],
     pinnedPeerId: PeerId | undefined,
-  ): Promise<(InstanceType<SubProtocolMap[SubProtocol]['response']> | undefined)[]> {
+  ): Promise<InstanceType<SubProtocolMap[SubProtocol]['response']>[]> {
     return this.reqresp.sendBatchRequest(protocol, requests, pinnedPeerId);
   }
 
@@ -653,12 +720,18 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
     if (!result || !tx) {
       return;
     }
-    const txHash = await tx.getTxHash();
+    const txHash = tx.getTxHash();
     const txHashString = txHash.toString();
     this.logger.verbose(`Received tx ${txHashString} from external peer ${source.toString()} via gossip`, {
       source: source.toString(),
       txHash: txHashString,
     });
+
+    if (this.config.dropTransactions && randomInt(1000) < this.config.dropTransactionsProbability * 1000) {
+      this.logger.debug(`Intentionally dropping tx ${txHashString} (probability rule)`);
+      return;
+    }
+
     await this.mempools.txPool.addTxs([tx]);
   }
 
@@ -752,7 +825,8 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
     }
 
     // Mark the txs in this proposal as non-evictable
-    await this.mempools.txPool.markTxsAsNonEvictable(block.payload.txHashes);
+    await this.mempools.txPool.markTxsAsNonEvictable(block.txHashes);
+    await this.mempools.attestationPool?.addBlockProposal(block);
     const attestations = await this.blockReceivedCallback(block, sender);
 
     // TODO: fix up this pattern - the abstraction is not nice
@@ -804,44 +878,58 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
   }
 
   /**
-   * Validate a tx that has been requested from a peer.
+   * Validate a collection of txs that has been requested from a peer.
    *
-   * The core component of this validator is that the tx hash MUST match the requested tx hash,
+   * The core component of this validator is that each tx hash MUST match the requested tx hash,
    * In order to perform this check, the tx proof must be verified.
    *
    * Note: This function is called from within `ReqResp.sendRequest` as part of the
    * ReqRespSubProtocol.TX subprotocol validation.
    *
-   * @param requestedTxHash - The hash of the tx that was requested.
-   * @param responseTx - The tx that was received as a response to the request.
+   * @param requestedTxHash - The collection of the txs that was requested.
+   * @param responseTx - The collectin of txs that was received as a response to the request.
    * @param peerId - The peer ID of the peer that sent the tx.
-   * @returns True if the tx is valid, false otherwise.
+   * @returns True if the whole collection of txs is valid, false otherwise.
    */
+  //TODO: (mralj) - this is somewhat naive implementation, if single tx is invlid we consider the whole response invalid.
+  // I think we should still extract the valid txs and return them, so that we can still use the response.
   @trackSpan('Libp2pService.validateRequestedTx', (requestedTxHash, _responseTx) => ({
     [Attributes.TX_HASH]: requestedTxHash.toString(),
   }))
-  private async validateRequestedTx(requestedTxHash: TxHash, responseTx: Tx, peerId: PeerId): Promise<boolean> {
+  private async validateRequestedTx(requestedTxHash: TxHash[], responseTx: Tx[], peerId: PeerId): Promise<boolean> {
+    const requested = new Set(requestedTxHash.map(h => h.toString()));
+
     const proofValidator = new TxProofValidator(this.proofVerifier);
-    const validProof = await proofValidator.validateTx(responseTx);
 
-    // If the node returns the wrong data, we penalize it
-    if (!requestedTxHash.equals(await responseTx.getTxHash())) {
-      // Returning the wrong data is a low tolerance error
-      this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
-      return false;
-    }
+    try {
+      await Promise.all(
+        responseTx.map(async tx => {
+          if (!requested.has(tx.getTxHash().toString())) {
+            this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
+            throw new ValidationError(`Received tx with hash ${tx.getTxHash().toString()} that was not requested.`);
+          }
+
+          const { result } = await proofValidator.validateTx(tx);
+          if (result === 'invalid') {
+            this.peerManager.penalizePeer(peerId, PeerErrorSeverity.LowToleranceError);
+            throw new ValidationError(`Received tx with hash ${tx.getTxHash().toString()} that is invalid.`);
+          }
+        }),
+      );
+      return true;
+    } catch (e: any) {
+      if (e instanceof ValidationError) {
+        this.logger.debug(`Failed to validate requested txs from peer ${peerId.toString()}, reason ${e.message}`);
+      } else {
+        this.logger.warn(`Error during validation of requested txs`, e);
+      }
 
-    if (validProof.result === 'invalid') {
-      // If the proof is invalid, but the txHash is correct, then this is an active attack and we severly punish
-      this.peerManager.penalizePeer(peerId, PeerErrorSeverity.LowToleranceError);
       return false;
     }
-
-    return true;
   }
 
-  @trackSpan('Libp2pService.validatePropagatedTx', async tx => ({
-    [Attributes.TX_HASH]: (await tx.getTxHash()).toString(),
+  @trackSpan('Libp2pService.validatePropagatedTx', tx => ({
+    [Attributes.TX_HASH]: tx.getTxHash().toString(),
   }))
   private async validatePropagatedTx(tx: Tx, peerId: PeerId): Promise<boolean> {
     const currentBlockNumber = await this.archiver.getBlockNumber();
@@ -1048,6 +1136,10 @@ export class LibP2PService<T extends P2PClientType = P2PClientType.Full> extends
     return this.node.services.pubsub.score.score(peerId.toString());
   }
 
+  public handleAuthRequestFromPeer(authRequest: AuthRequest, peerId: PeerId): Promise<StatusMessage> {
+    return this.peerManager.handleAuthRequestFromPeer(authRequest, peerId);
+  }
+
   private async sendToPeers<T extends Gossipable>(message: T) {
     const parent = message.constructor as typeof Gossipable;
 

package/src/services/peer-manager/interface.ts

@@ -1,20 +1,29 @@
+import type { EthAddress } from '@aztec/foundation/eth-address';
 import type { PeerInfo } from '@aztec/stdlib/interfaces/server';
 import type { PeerErrorSeverity } from '@aztec/stdlib/p2p';
 
 import type { PeerId } from '@libp2p/interface';
 
+import type { AuthRequest, StatusMessage } from '../reqresp/index.js';
 import type { GoodByeReason } from '../reqresp/protocols/goodbye.js';
 
 export interface PeerManagerInterface {
   getPeers(_includePending?: boolean): PeerInfo[];
 
   initializePeers(): Promise<void>;
-  heartbeat(): void;
+  heartbeat(): Promise<void>;
   addTrustedPeer(peerId: PeerId): void;
   addPrivatePeer(peerId: PeerId): void;
+  addPreferredPeer(peerId: PeerId): void;
   goodbyeReceived(peerId: PeerId, reason: GoodByeReason): void;
   penalizePeer(peerId: PeerId, penalty: PeerErrorSeverity): void;
+  handleAuthRequestFromPeer(authRequest: AuthRequest, peerId: PeerId): Promise<StatusMessage>;
 
   getPeerScore(peerId: string): number;
+  shouldDisableP2PGossip(peerId: string): boolean;
+
   stop(): Promise<void>;
+
+  /** If node running this P2P stack is validator, passes in validator address to P2P layer */
+  registerThisValidatorAddresses(address: EthAddress[]): void;
 }