@aztec/p2p 4.0.0-devnet.2-patch.4 → 4.0.0-devnet.3-patch.0

package/src/services/reqresp/README.md

@@ -0,0 +1,229 @@
+# ReqResp Protocols
+
+This module implements libp2p request-response protocols for the Aztec P2P network. All protocols share common transport-level validation (rate limiting, timeouts, Snappy decompression, error penalties) with protocol-specific logic layered on top.
+
+## Common Transport Validation
+
+### Rate Limiting (Responder Side)
+
+Applied before the protocol handler runs.
+
+| Protocol | Peer Limit | Global Limit | File |
+|----------|-----------|-------------|------|
+| PING | 5/s | 10/s | `rate-limiter/rate_limits.ts` |
+| STATUS | 5/s | 10/s | same |
+| AUTH | 5/s | 10/s | same |
+| GOODBYE | 5/s | 10/s | same |
+| BLOCK | 2/s | 5/s | same |
+| BLOCK_TXS | 10/s | 200/s | same |
+| TX | (see rate limits file) | (see rate limits file) | same |
+
+- Per-peer limit exceeded: `HighToleranceError` penalty + `RATE_LIMIT_EXCEEDED` status. Penalty fires inside `RequestResponseRateLimiter.allow()`, not the stream handler.
+- Global limit exceeded: `RATE_LIMIT_EXCEEDED` status only (no peer penalty).
+
+### Response Status Byte (Requester Side)
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| First chunk must be exactly 1 byte | `ReqRespStatusError(UNKNOWN)` | `status.ts` |
+| Byte must be valid `ReqRespStatus` enum (0-4, 126, 127) | `ReqRespStatusError(UNKNOWN)` | same |
+
+Note: `prettyPrintReqRespStatus` is missing a `NOT_FOUND` case (minor logging bug).
+
+### Snappy Decompression (Requester Side)
+
+Per-protocol size limits checked via preamble before decompression.
+
+### Timeouts (Requester Side)
+
+| Timeout | Default | Penalty |
+|---------|---------|---------|
+| Individual request | 10s | HighToleranceError |
+| Dial | 5s | HighToleranceError |
+
+### Error Penalty Categorization (Requester Side)
+
+| Error Type | Severity |
+|------------|----------|
+| GOODBYE subprotocol errors | None |
+| `CollectiveReqRespTimeoutError` / `InvalidResponseError` | None |
+| `AbortError` / connection close / muxer closed | None |
+| `ECONNRESET` / `EPIPE` / `ECONNREFUSED` / `ERR_UNEXPECTED_EOF` | HighToleranceError |
+| `ERR_UNSUPPORTED_PROTOCOL` | HighToleranceError |
+| `IndividualReqRespTimeoutError` / `TimeoutError` | HighToleranceError |
+| Catch-all | HighToleranceError |
+
+### Request Error Penalty (Responder Side)
+
+| Error Type | Severity |
+|------------|----------|
+| `BADLY_FORMED_REQUEST` | LowToleranceError |
+| All others | None |
+
+### Notes
+
+- Request payloads are NOT snappy-compressed (asymmetric: only responses use snappy).
+
+---
+
+## Handshake Protocols
+
+### Connection-Level Gating (Before Any Handshake)
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Deny inbound connection from IP/peerId with too many failed auth handshakes | Connection denied | `libp2p_service.ts` |
+| Threshold: `p2pMaxFailedAuthAttemptsAllowed` (default 3) | Tracked per peerId AND per IP | `peer_manager.ts` |
+| Failed auth entries expire after 1 hour | Peer can reconnect; no escalating penalty for repeat offenders | same |
+
+### Handshake Trigger Logic (`peer:connect`)
+
+1. `p2pDisableStatusHandshake` = true: no handshake
+2. `p2pAllowOnlyValidators` = false: STATUS handshake
+3. Peer is protected (trusted/private/preferred): STATUS handshake
+4. Otherwise: AUTH handshake (superset of STATUS)
+
+Config constraint: `p2pDisableStatusHandshake && p2pAllowOnlyValidators` is disallowed.
+
+### STATUS Protocol (`/aztec/req/status/1.0.0`)
+
+**Requester side** (`peer_manager.ts`):
+
+| Rule | Consequence |
+|------|-------------|
+| Response status must be SUCCESS | Peer scheduled for disconnect |
+| `compressedComponentsVersion` must match | Peer scheduled for disconnect |
+| Any exception | Peer scheduled for disconnect |
+
+`StatusMessage.validate()` currently only checks `compressedComponentsVersion`. Fields `latestBlockNumber`, `latestBlockHash`, `finalizedBlockNumber` are NOT validated (TODO in code).
+
+**Responder side**: no validation of incoming request content (always responds with own status). This means the requester leaks its blockchain state to any peer before validation.
+
+**Deserialization bounds**: `MAX_VERSION_STRING_LENGTH` = 64 bytes, `MAX_BLOCK_HASH_STRING_LENGTH` = 128 bytes. Expected response size: 1 KB.
+
+### AUTH Protocol (`/aztec/req/auth/1.0.0`)
+
+**Requester side** (`peer_manager.ts`):
+
+| # | Rule | Consequence |
+|---|------|-------------|
+| 1 | Response status is SUCCESS | `markAuthHandshakeFailed` + disconnect |
+| 2 | `compressedComponentsVersion` match | `markAuthHandshakeFailed` + disconnect |
+| 3 | Valid ECDSA signature recovery from challenge response | `markAuthHandshakeFailed` + disconnect |
+| 4 | Recovered address is a registered validator | `markAuthHandshakeFailed` + disconnect |
+| 5 | Validator address not already authenticated to different peerId | Silent return (no disconnect, no failure marking -- peer stays connected but unauthenticated) |
+| 6 | Any exception | `markAuthHandshakeFailed` + disconnect |
+
+Challenge: random `Fr`, payload = `keccak256("Aztec Validator Challenge:" + challenge)`, signed with `eth_sign` style. Challenge is NOT bound to peer identity (transport encryption via Noise is the binding layer).
+
+On success: peer added to authenticated maps, prior failures cleared (including IP-based ones -- shared-IP peers benefit from a legitimate validator's success).
+
+**Responder side** (`validator-client/src/validator.ts` + `peer_manager.ts`):
+
+| # | Rule | Consequence |
+|---|------|-------------|
+| 1 | Peer must be protected (`shouldTrustWithIdentity` in `peer_manager.ts`) | Returns empty buffer (SUCCESS status + empty payload -> requester gets parse error -> `markAuthHandshakeFailed`) |
+| 2 | Node must have registered validator address | Returns empty buffer (same consequence) |
+
+**Unauthenticated peer gossip**: when `p2pAllowOnlyValidators` is true, unauthenticated peers get `appSpecificScore = -Infinity`, completely excluding them from all gossip.
+
+### PING Protocol (`/aztec/req/ping/1.0.0`)
+
+No validation on either side. Responder returns `Buffer.from('pong')`. Expected response: 1 KB.
+
+### GOODBYE Protocol (`/aztec/req/goodbye/1.0.0`)
+
+**Responder**: buffer must be 1 byte (defaults to `UNKNOWN` on invalid length). Goodbye reason byte is NOT validated against the enum -- any byte 0-255 accepted. Peer scheduled for disconnect regardless of reason.
+
+**Requester**: response errors are never penalized (GOODBYE subprotocol exempt from error categorization).
+
+### Periodic Re-validation
+
+| Rule | Interval | File |
+|------|----------|------|
+| Authenticated validators re-checked against current validator set | Every heartbeat (`peerCheckIntervalMS`) | `peer_manager.ts` |
+| If validator address no longer registered, auth entry removed | Same | same |
+
+Protected peers (private/trusted/preferred) are always considered "authenticated" without AUTH handshake.
+
+---
+
+## Block Data Protocols
+
+### BLOCK Protocol (`/aztec/req/block/1.0.0`)
+
+**Server side**:
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Request must parse as `Fr` | `BADLY_FORMED_REQUEST` + LowToleranceError | `protocols/block.ts` |
+| Block lookup throws | `INTERNAL_ERROR` status | same |
+| Block not found | SUCCESS + empty buffer (design choice; no `NOT_FOUND` status used) | same |
+
+**Requester side** (Snappy limit: 3 MB):
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Response block number must match requested | LowToleranceError; rejected | `libp2p_service.ts` (`validateRequestedBlock`) |
+| Local block must exist for hash verification | Rejected (no penalty) | same |
+| Response block hash must equal local block hash | MidToleranceError; rejected | same |
+
+**Limitation**: the local-block requirement means BLOCK req/resp is unusable for initial P2P-only sync (before L1 sync provides local copies for verification). A TODO in the code acknowledges this.
+
+### BLOCK_TXS Protocol (`/aztec/req/block_txs/1.0.0`)
+
+**Server side**:
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Request must parse as `BlockTxsRequest` (Fr + TxHashArray + BitVector) | `BADLY_FORMED_REQUEST` + LowToleranceError | `protocols/block_txs/block_txs_handler.ts` |
+| BitVector length: non-negative and <= `MAX_TXS_PER_BLOCK` (65536) | Deserialization throws -> `BADLY_FORMED_REQUEST` | `protocols/block_txs/bitvector.ts` |
+| Archive root not found and no explicit txHashes | `NOT_FOUND` status | handler |
+| Internal error during lookup | Unhandled exception -> stream abort (no `INTERNAL_ERROR` status, unlike BLOCK) | handler |
+
+Conditional registration: BLOCK_TXS handler only registered when `config.disableTransactions` is false. Otherwise peers get `ERR_UNSUPPORTED_PROTOCOL`.
+
+**Requester side via `sendBatchRequest`** (Snappy limit: `max(N, 1) * 512 + 1` KB):
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Archive root must match request | MidToleranceError | `libp2p_service.ts` (`validateRequestedBlockTxs`) |
+| BitVector length must match request | MidToleranceError | same |
+| No duplicate tx hashes | MidToleranceError | same |
+| Tx count within bounds | MidToleranceError | same |
+| Local block proposal must exist for archive root | Rejected (no penalty) | same |
+| All tx hashes must be in proposal's tx list at allowed indices | LowToleranceError | same |
+| Txs in strictly increasing index order | LowToleranceError | same |
+| Each tx passes well-formedness (Metadata [4 fields], Size, Data, Proof) | LowToleranceError | same |
+
+**Requester side via `BatchTxRequester`** (separate validation path):
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Non-SUCCESS status: `FAILURE`/`UNKNOWN` | HighToleranceError + "bad peer" tracking | `batch-tx-requester/batch_tx_requester.ts` |
+| `RATE_LIMIT_EXCEEDED` | Peer marked rate-limited (cooldown) | same |
+| `NOT_FOUND` / `BADLY_FORMED_REQUEST` / `INTERNAL_ERROR` | Falls through silently (no penalty) | same |
+| Each tx validated (Metadata + Size + Data + Proof) | LowToleranceError per invalid tx; valid txs from same response still accepted | same |
+| Archive root match + non-empty txIndices | No penalty on mismatch; peer not promoted to "smart" | same |
+
+**Double penalty on transport errors**: when `BatchTxRequester` encounters a transport error (e.g., ECONNRESET), both `sendRequestToPeer`'s internal handler and the `BatchTxRequester`'s catch block penalize the peer, resulting in double HighToleranceError.
+
+See [BatchTxRequester README](batch-tx-requester/README.md) for the full architecture (peer classification, worker model, wire protocol).
+
+### TX Protocol (`/aztec/req/tx/1.0.0`)
+
+**Server side**:
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Request must parse as `TxHashArray` | `BADLY_FORMED_REQUEST` + LowToleranceError | `protocols/tx.ts` |
+
+**Requester side** (validator registered at startup, not the default noop):
+
+| Rule | Consequence | File |
+|------|-------------|------|
+| Each returned tx hash must be in the requested set | MidToleranceError | `libp2p_service.ts` (`validateRequestedTxs`) |
+| Each tx passes well-formedness (Metadata + Size + Data + Proof) | LowToleranceError | same |
+
+Snappy limit: `max(N, 1) * 512 + 1` KB.
+

package/src/services/reqresp/batch-tx-requester/tx_validator.ts

@@ -1,7 +1,7 @@
 import type { ClientProtocolCircuitVerifier } from '@aztec/stdlib/interfaces/server';
 import { Tx, type TxValidationResult, type TxValidator } from '@aztec/stdlib/tx';
 
-import { createTxReqRespValidator } from '../../../msg_validators/tx_validator/factory.js';
+import { createTxValidatorForReqResponseReceivedTxs } from '../../../msg_validators/index.js';
 
 export interface BatchRequestTxValidatorConfig {
   l1ChainId: number;
@@ -29,7 +29,7 @@ export class BatchRequestTxValidator implements IBatchRequestTxValidator {
   }
 
   static createRequestedTxValidator(config: BatchRequestTxValidatorConfig): TxValidator {
-    return createTxReqRespValidator(config.proofVerifier, {
+    return createTxValidatorForReqResponseReceivedTxs(config.proofVerifier, {
       l1ChainId: config.l1ChainId,
       rollupVersion: config.rollupVersion,
     });

package/src/services/reqresp/rate-limiter/rate_limiter.ts

@@ -97,9 +97,10 @@ export function prettyPrintRateLimitStatus(status: RateLimitStatus) {
  * 2. Individual rate limits for each peer.
  *
  * How it works:
- * - When a request comes in, it first checks against the global rate limit.
- * - If the global limit allows, it then checks against the specific peer's rate limit.
- * - The request is only allowed if both the global and peer-specific limits allow it.
+ * - When a request comes in, it first checks against the peer's individual rate limit.
+ * - If the peer limit allows, it then checks against the global rate limit.
+ * - The request is only allowed if both the peer-specific and global limits allow it.
+ * - Checking peer limit first ensures a rate-limited peer cannot exhaust the global quota.
  * - It automatically creates and manages rate limiters for new peers as they make requests.
  * - It periodically cleans up rate limiters for inactive peers to conserve memory.
  *
@@ -119,10 +120,6 @@ export class SubProtocolRateLimiter {
   }
 
   allow(peerId: PeerId): RateLimitStatus {
-    if (!this.globalLimiter.allow()) {
-      return RateLimitStatus.DeniedGlobal;
-    }
-
     const peerIdStr = peerId.toString();
     let peerLimiter: PeerRateLimiter | undefined = this.peerLimiters.get(peerIdStr);
     if (!peerLimiter) {
@@ -135,10 +132,17 @@ export class SubProtocolRateLimiter {
     } else {
       peerLimiter.lastAccess = Date.now();
     }
-    const peerLimitAllowed = peerLimiter.limiter.allow();
-    if (!peerLimitAllowed) {
+
+    // Check peer limit first: a rate-limited peer must not consume global quota,
+    // otherwise one spamming peer can starve all others by exhausting the global bucket.
+    if (!peerLimiter.limiter.allow()) {
       return RateLimitStatus.DeniedPeer;
     }
+
+    if (!this.globalLimiter.allow()) {
+      return RateLimitStatus.DeniedGlobal;
+    }
+
     return RateLimitStatus.Allowed;
   }
 

package/src/services/reqresp/reqresp.ts

@@ -16,7 +16,7 @@ import {
   IndividualReqRespTimeoutError,
   InvalidResponseError,
 } from '../../errors/reqresp.error.js';
-import { SnappyTransform } from '../encoding.js';
+import { OversizedSnappyResponseError, SnappyTransform } from '../encoding.js';
 import type { PeerScoring } from '../peer-manager/peer_scoring.js';
 import {
   DEFAULT_INDIVIDUAL_REQUEST_TIMEOUT_MS,
@@ -553,16 +553,10 @@ export class ReqResp implements ReqRespInterface {
         data: message,
       };
     } catch (e: any) {
+      // All errors (invalid status bytes, oversized snappy responses, corrupt data, etc.)
+      // are re-thrown so the caller can penalize the peer via handleResponseError.
       this.logger.debug(`Reading message failed: ${e.message}`);
-
-      let status = ReqRespStatus.UNKNOWN;
-      if (e instanceof ReqRespStatusError) {
-        status = e.status;
-      }
-
-      return {
-        status,
-      };
+      throw e;
     }
   }
 
@@ -778,6 +772,20 @@ export class ReqResp implements ReqRespInterface {
       return undefined;
     }
 
+    // Invalid status byte: the peer sent a status byte that doesn't match any known status code.
+    // This is a protocol violation, penalize harshly.
+    if (e instanceof ReqRespStatusError) {
+      this.logger.warn(`Invalid status byte from peer ${peerId.toString()} in ${subProtocol}: ${e.message}`, logTags);
+      return PeerErrorSeverity.LowToleranceError;
+    }
+
+    // Oversized snappy response: the peer is sending data that exceeds the allowed size.
+    // This is a protocol violation that wastes bandwidth, so penalize harshly.
+    if (e instanceof OversizedSnappyResponseError) {
+      this.logger.warn(`Oversized response from peer ${peerId.toString()} in ${subProtocol}: ${e.message}`, logTags);
+      return PeerErrorSeverity.LowToleranceError;
+    }
+
     return this.categorizeConnectionErrors(e, peerId, subProtocol);
   }
 

package/src/services/service.ts

@@ -1,7 +1,13 @@
 import type { SlotNumber } from '@aztec/foundation/branded-types';
 import type { EthAddress } from '@aztec/foundation/eth-address';
 import type { PeerInfo } from '@aztec/stdlib/interfaces/server';
-import type { BlockProposal, CheckpointAttestation, CheckpointProposalCore, Gossipable } from '@aztec/stdlib/p2p';
+import type {
+  BlockProposal,
+  CheckpointAttestation,
+  CheckpointProposalCore,
+  Gossipable,
+  TopicType,
+} from '@aztec/stdlib/p2p';
 import type { Tx } from '@aztec/stdlib/tx';
 
 import type { PeerId } from '@libp2p/interface';
@@ -130,7 +136,10 @@ export interface P2PService {
 
   getPeers(includePending?: boolean): PeerInfo[];
 
-  validate(txs: Tx[]): Promise<void>;
+  /** Returns the number of peers in the GossipSub mesh for a given topic type. */
+  getGossipMeshPeerCount(topicType: TopicType): number;
+
+  validateTxsReceivedInBlockProposal(txs: Tx[]): Promise<void>;
 
   addReqRespSubProtocol(
     subProtocol: ReqRespSubProtocol,

package/src/services/tx_collection/file_store_tx_source.ts

@@ -1,7 +1,8 @@
+import { partitionAsync } from '@aztec/foundation/collection';
 import { type Logger, createLogger } from '@aztec/foundation/log';
 import { Timer } from '@aztec/foundation/timer';
 import { type ReadOnlyFileStore, createReadOnlyFileStore } from '@aztec/stdlib/file-store';
-import { Tx, type TxHash } from '@aztec/stdlib/tx';
+import { Tx, type TxHash, type TxValidator } from '@aztec/stdlib/tx';
 import {
   type Histogram,
   Metrics,
@@ -23,6 +24,7 @@ export class FileStoreTxSource implements TxSource {
     private readonly fileStore: ReadOnlyFileStore,
     private readonly baseUrl: string,
     private readonly basePath: string,
+    private readonly txValidator: TxValidator,
     private readonly log: Logger,
     telemetry: TelemetryClient,
   ) {
@@ -44,6 +46,7 @@ export class FileStoreTxSource implements TxSource {
   public static async create(
     url: string,
     basePath: string,
+    txValidator: TxValidator,
     log: Logger = createLogger('p2p:file_store_tx_source'),
     telemetry: TelemetryClient = getTelemetryClient(),
   ): Promise<FileStoreTxSource | undefined> {
@@ -53,7 +56,7 @@ export class FileStoreTxSource implements TxSource {
         log.warn(`Failed to create file store for URL: ${url}`);
         return undefined;
       }
-      return new FileStoreTxSource(fileStore, url, basePath, log, telemetry);
+      return new FileStoreTxSource(fileStore, url, basePath, txValidator, log, telemetry);
     } catch (err) {
       log.warn(`Error creating file store for URL: ${url}`, { error: err });
       return undefined;
@@ -65,35 +68,41 @@ export class FileStoreTxSource implements TxSource {
   }
 
   public async getTxsByHash(txHashes: TxHash[]): Promise<TxSourceCollectionResult> {
-    const invalidTxHashes: string[] = [];
+    const results = await Promise.all(
+      txHashes.map(async txHash => {
+        const path = `${this.basePath}/txs/${txHash.toString()}.bin`;
+        const timer = new Timer();
+        try {
+          const buffer = await this.fileStore.read(path);
+          const tx = Tx.fromBuffer(buffer);
+          return { tx, downloadDuration: timer.ms(), downloadSize: buffer.length };
+        } catch {
+          this.downloadsFailed.add(1);
+          return undefined;
+        }
+      }),
+    );
+
+    const txs = results.filter(tx => tx !== undefined);
+    const [validTxs, invalidTxs] = await partitionAsync(
+      txs,
+      async ({ tx, downloadDuration, downloadSize }): Promise<boolean> => {
+        const valid = await this.txValidator.validateTx(tx);
+        if (valid.result === 'valid') {
+          this.downloadsSuccess.add(1);
+          this.downloadDuration.record(Math.ceil(downloadDuration));
+          this.downloadSize.record(downloadSize);
+          return true;
+        } else {
+          this.downloadsFailed.add(1);
+          return false;
+        }
+      },
+    );
+
     return {
-      validTxs: (
-        await Promise.all(
-          txHashes.map(async txHash => {
-            const path = `${this.basePath}/txs/${txHash.toString()}.bin`;
-            const timer = new Timer();
-            try {
-              const buffer = await this.fileStore.read(path);
-              const tx = Tx.fromBuffer(buffer);
-              if ((await tx.validateTxHash()) && txHash.equals(tx.txHash)) {
-                this.downloadsSuccess.add(1);
-                this.downloadDuration.record(Math.ceil(timer.ms()));
-                this.downloadSize.record(buffer.length);
-                return tx;
-              } else {
-                invalidTxHashes.push(tx.txHash.toString());
-                this.downloadsFailed.add(1);
-                return undefined;
-              }
-            } catch {
-              // Tx not found or error reading - return undefined
-              this.downloadsFailed.add(1);
-              return undefined;
-            }
-          }),
-        )
-      ).filter(tx => tx !== undefined),
-      invalidTxHashes: invalidTxHashes,
+      validTxs: validTxs.map(({ tx }) => tx),
+      invalidTxHashes: invalidTxs.map(({ tx }) => tx.getTxHash().toString()),
     };
   }
 }
@@ -109,9 +118,12 @@ export class FileStoreTxSource implements TxSource {
 export async function createFileStoreTxSources(
   urls: string[],
   basePath: string,
+  txValidator: TxValidator,
   log: Logger = createLogger('p2p:file_store_tx_source'),
   telemetry: TelemetryClient = getTelemetryClient(),
 ): Promise<FileStoreTxSource[]> {
-  const sources = await Promise.all(urls.map(url => FileStoreTxSource.create(url, basePath, log, telemetry)));
+  const sources = await Promise.all(
+    urls.map(url => FileStoreTxSource.create(url, basePath, txValidator, log, telemetry)),
+  );
   return sources.filter((s): s is FileStoreTxSource => s !== undefined);
 }

package/src/services/tx_collection/tx_source.ts

@@ -2,7 +2,7 @@ import { getVKTreeRoot } from '@aztec/noir-protocol-circuits-types/vk-tree';
 import { protocolContractsHash } from '@aztec/protocol-contracts';
 import type { ChainConfig } from '@aztec/stdlib/config';
 import { type AztecNode, createAztecNodeClient } from '@aztec/stdlib/interfaces/client';
-import type { Tx, TxHash } from '@aztec/stdlib/tx';
+import type { Tx, TxHash, TxValidator } from '@aztec/stdlib/tx';
 import { type ComponentsVersions, getComponentsVersionsFromConfig } from '@aztec/stdlib/versioning';
 import { makeTracedFetch } from '@aztec/telemetry-client';
 
@@ -16,12 +16,13 @@ export interface TxSource {
 export class NodeRpcTxSource implements TxSource {
   constructor(
     private readonly client: Pick<AztecNode, 'getTxsByHash'>,
+    private readonly txValidator: TxValidator,
     private readonly info: string,
   ) {}
 
-  public static fromUrl(nodeUrl: string, versions: ComponentsVersions): NodeRpcTxSource {
+  public static fromUrl(nodeUrl: string, txValidator: TxValidator, versions: ComponentsVersions): NodeRpcTxSource {
     const client = createAztecNodeClient(nodeUrl, versions, makeTracedFetch([1, 2, 3], false));
-    return new NodeRpcTxSource(client, nodeUrl);
+    return new NodeRpcTxSource(client, txValidator, nodeUrl);
   }
 
   public getInfo() {
@@ -38,8 +39,8 @@ export class NodeRpcTxSource implements TxSource {
     const invalidTxHashes: string[] = [];
     await Promise.all(
       txs.map(async tx => {
-        const isValid = await tx.validateTxHash();
-        if (isValid) {
+        const validation = await this.txValidator.validateTx(tx);
+        if (validation.result === 'valid') {
           validTxs.push(tx);
         } else {
           invalidTxHashes.push(tx.getTxHash().toString());
@@ -50,7 +51,7 @@ export class NodeRpcTxSource implements TxSource {
   }
 }
 
-export function createNodeRpcTxSources(urls: string[], chainConfig: ChainConfig) {
+export function createNodeRpcTxSources(urls: string[], txValidator: TxValidator, chainConfig: ChainConfig) {
   const versions = getComponentsVersionsFromConfig(chainConfig, protocolContractsHash, getVKTreeRoot());
-  return urls.map(url => NodeRpcTxSource.fromUrl(url, versions));
+  return urls.map(url => NodeRpcTxSource.fromUrl(url, txValidator, versions));
 }

package/src/services/tx_provider.ts

@@ -25,7 +25,7 @@ export class TxProvider implements ITxProvider {
   constructor(
     private txCollection: TxCollection,
     private txPool: TxPoolV2,
-    private txValidator: Pick<P2PClient, 'validate'>,
+    private blockProposalTransactionValidator: Pick<P2PClient, 'validateTxsReceivedInBlockProposal'>,
     private log: Logger = createLogger('p2p:tx-collector'),
     client: TelemetryClient = getTelemetryClient(),
   ) {
@@ -227,7 +227,7 @@ export class TxProvider implements ITxProvider {
     if (txs.length === 0) {
       return;
     }
-    await this.txValidator.validate(txs);
+    await this.blockProposalTransactionValidator.validateTxsReceivedInBlockProposal(txs);
     await this.txPool.addProtectedTxs(txs, blockHeader);
   }
 }

package/src/test-helpers/make-test-p2p-clients.ts

@@ -7,7 +7,6 @@ import { sleep } from '@aztec/foundation/sleep';
 import type { DataStoreConfig } from '@aztec/kv-store/config';
 import { openTmpStore } from '@aztec/kv-store/lmdb-v2';
 import type { WorldStateSynchronizer } from '@aztec/stdlib/interfaces/server';
-import { P2PClientType } from '@aztec/stdlib/p2p';
 
 import { createP2PClient } from '../client/index.js';
 import type { P2PClient } from '../client/p2p_client.js';
@@ -98,7 +97,6 @@ export async function makeTestP2PClient(
   const kvStore = await openTmpStore('test');
 
   const client = await createP2PClient(
-    P2PClientType.Full,
     config,
     l2BlockSource,
     proofVerifier,

package/src/test-helpers/mock-pubsub.ts

@@ -4,7 +4,6 @@ import type { AztecAsyncKVStore } from '@aztec/kv-store';
 import type { L2BlockSource } from '@aztec/stdlib/block';
 import type { ContractDataSource } from '@aztec/stdlib/contract';
 import type { ClientProtocolCircuitVerifier, WorldStateSynchronizer } from '@aztec/stdlib/interfaces/server';
-import { P2PClientType } from '@aztec/stdlib/p2p';
 import type { TelemetryClient } from '@aztec/telemetry-client';
 
 import type { GossipsubEvents, GossipsubMessage } from '@chainsafe/libp2p-gossipsub';
@@ -42,11 +41,10 @@ type GossipSubService = PubSubLibp2p['services']['pubsub'];
  * Given a mock gossip sub network, returns a factory function that creates an instance LibP2PService connected to it.
  * Designed to be used in tests in P2PClientDeps.p2pServiceFactory.
  */
-export function getMockPubSubP2PServiceFactory<T extends P2PClientType>(
+export function getMockPubSubP2PServiceFactory(
   network: MockGossipSubNetwork,
-): (...args: Parameters<(typeof LibP2PService<T>)['new']>) => Promise<LibP2PService<T>> {
+): (...args: Parameters<(typeof LibP2PService)['new']>) => Promise<LibP2PService> {
   return (
-    clientType: P2PClientType,
     config: P2PConfig,
     peerId: PeerId,
     deps: {
@@ -66,8 +64,7 @@ export function getMockPubSubP2PServiceFactory<T extends P2PClientType>(
     const peerManager = new DummyPeerManager(peerId, network);
     const reqresp: ReqRespInterface = new MockReqResp(peerId, network);
     const peerDiscoveryService = new DummyPeerDiscoveryService();
-    const service = new LibP2PService<T>(
-      clientType as T,
+    const service = new LibP2PService(
       config,
       libp2p,
       peerDiscoveryService,
@@ -270,6 +267,16 @@ class MockGossipSubService extends TypedEventEmitter<GossipsubEvents> implements
       { msgId, propagationSource, acceptance },
     );
   }
+
+  getMeshPeers(topic?: TopicStr): PeerIdStr[] {
+    if (topic && !this.subscribedTopics.has(topic)) {
+      return [];
+    }
+    return this.network
+      .getPeers()
+      .filter(peer => !this.peerId.equals(peer))
+      .map(peer => peer.toString());
+  }
 }
 
 /**

package/src/test-helpers/reqresp-nodes.ts

@@ -12,7 +12,6 @@ import type {
   IVCProofVerificationResult,
   WorldStateSynchronizer,
 } from '@aztec/stdlib/interfaces/server';
-import type { P2PClientType } from '@aztec/stdlib/p2p';
 import type { Tx } from '@aztec/stdlib/tx';
 import { compressComponentVersions } from '@aztec/stdlib/versioning';
 import { type TelemetryClient, getTelemetryClient } from '@aztec/telemetry-client';
@@ -107,8 +106,7 @@ export async function createLibp2pNode(
  *
  *
  */
-export async function createTestLibP2PService<T extends P2PClientType>(
-  clientType: T,
+export async function createTestLibP2PService(
   boostrapAddrs: string[] = [],
   archiver: L2BlockSource & ContractDataSource,
   worldStateSynchronizer: WorldStateSynchronizer,
@@ -159,8 +157,7 @@ export async function createTestLibP2PService<T extends P2PClientType>(
   p2pNode.services.pubsub.score.params.appSpecificScore = (peerId: string) =>
     peerManager.shouldDisableP2PGossip(peerId) ? -Infinity : peerManager.getPeerScore(peerId);
 
-  return new LibP2PService<T>(
-    clientType,
+  return new LibP2PService(
     config,
     p2pNode as PubSubLibp2p,
     discoveryService,

package/src/test-helpers/testbench-utils.ts

@@ -76,7 +76,7 @@ export class InMemoryTxPool extends EventEmitter implements TxPoolV2 {
     return Promise.resolve({ accepted, ignored: [], rejected: [] });
   }
 
-  canAddPendingTx(tx: Tx): Promise<'accepted' | 'ignored' | 'rejected'> {
+  canAddPendingTx(tx: Tx): Promise<'accepted' | 'ignored'> {
     const key = tx.getTxHash().toString();
     if (this.txsByHash.has(key)) {
       return Promise.resolve('ignored');
@@ -292,6 +292,7 @@ export function createMockEpochCache(): EpochCacheInterface {
       ethereumSlotDuration: 1,
       proofSubmissionEpochs: 1,
       targetCommitteeSize: 48,
+      rollupManaLimit: Number.MAX_SAFE_INTEGER,
     }),
   };
 }