@aztec/pxe 0.0.1-commit.2b2662070 → 0.0.1-commit.2c0ee1788

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aztec/pxe",
-  "version": "0.0.1-commit.2b2662070",
+  "version": "0.0.1-commit.2c0ee1788",
   "type": "module",
   "typedocOptions": {
     "entryPoints": [
@@ -70,19 +70,19 @@
     ]
   },
   "dependencies": {
-    "@aztec/bb-prover": "0.0.1-commit.2b2662070",
-    "@aztec/bb.js": "0.0.1-commit.2b2662070",
-    "@aztec/builder": "0.0.1-commit.2b2662070",
-    "@aztec/constants": "0.0.1-commit.2b2662070",
-    "@aztec/ethereum": "0.0.1-commit.2b2662070",
-    "@aztec/foundation": "0.0.1-commit.2b2662070",
-    "@aztec/key-store": "0.0.1-commit.2b2662070",
-    "@aztec/kv-store": "0.0.1-commit.2b2662070",
-    "@aztec/noir-protocol-circuits-types": "0.0.1-commit.2b2662070",
-    "@aztec/noir-types": "0.0.1-commit.2b2662070",
-    "@aztec/protocol-contracts": "0.0.1-commit.2b2662070",
-    "@aztec/simulator": "0.0.1-commit.2b2662070",
-    "@aztec/stdlib": "0.0.1-commit.2b2662070",
+    "@aztec/bb-prover": "0.0.1-commit.2c0ee1788",
+    "@aztec/bb.js": "0.0.1-commit.2c0ee1788",
+    "@aztec/builder": "0.0.1-commit.2c0ee1788",
+    "@aztec/constants": "0.0.1-commit.2c0ee1788",
+    "@aztec/ethereum": "0.0.1-commit.2c0ee1788",
+    "@aztec/foundation": "0.0.1-commit.2c0ee1788",
+    "@aztec/key-store": "0.0.1-commit.2c0ee1788",
+    "@aztec/kv-store": "0.0.1-commit.2c0ee1788",
+    "@aztec/noir-protocol-circuits-types": "0.0.1-commit.2c0ee1788",
+    "@aztec/noir-types": "0.0.1-commit.2c0ee1788",
+    "@aztec/protocol-contracts": "0.0.1-commit.2c0ee1788",
+    "@aztec/simulator": "0.0.1-commit.2c0ee1788",
+    "@aztec/stdlib": "0.0.1-commit.2c0ee1788",
     "koa": "^2.16.1",
     "koa-router": "^13.1.1",
     "lodash.omit": "^4.5.0",
@@ -91,8 +91,8 @@
     "viem": "npm:@aztec/viem@2.38.2"
   },
   "devDependencies": {
-    "@aztec/noir-test-contracts.js": "0.0.1-commit.2b2662070",
-    "@aztec/world-state": "0.0.1-commit.2b2662070",
+    "@aztec/noir-test-contracts.js": "0.0.1-commit.2c0ee1788",
+    "@aztec/world-state": "0.0.1-commit.2c0ee1788",
     "@jest/globals": "^30.0.0",
     "@types/jest": "^30.0.0",
     "@types/lodash.omit": "^4.5.7",

package/src/block_synchronizer/block_stream_source.ts

@@ -0,0 +1,52 @@
+import type { BlockNumber, CheckpointNumber } from '@aztec/foundation/branded-types';
+import { Fr } from '@aztec/foundation/curves/bn254';
+import { L2Block, type L2BlockSource } from '@aztec/stdlib/block';
+import { Checkpoint, L1PublishedData, PublishedCheckpoint } from '@aztec/stdlib/checkpoint';
+import type { AztecNode } from '@aztec/stdlib/interfaces/client';
+
+// TODO(spl/new-rpc-api): delete once `L2BlockStream` is refactored to consume the new
+// `BlockResponse` / `CheckpointResponse` shapes. For now the stream requires concrete `L2Block`
+// and `PublishedCheckpoint` instances, so we rehydrate them from RPC responses.
+/**
+ * Lifts an {@link AztecNode} RPC client into the shape {@link L2BlockStream} expects. `getBlocks`
+ * requests transaction bodies so that real `L2Block` instances can be constructed;
+ * `getCheckpoints` requests blocks + L1 info + attestations so that `PublishedCheckpoint`
+ * instances are fully populated.
+ */
+export function blockStreamSourceFromAztecNode(
+  node: AztecNode,
+): Pick<L2BlockSource, 'getBlocks' | 'getBlockHeader' | 'getL2Tips' | 'getCheckpoints' | 'getCheckpointedBlocks'> {
+  return {
+    getL2Tips: () => node.getL2Tips(),
+    getBlockHeader: number => node.getBlockHeader(number),
+    getCheckpointedBlocks: (from: BlockNumber, limit: number) => node.getCheckpointedBlocks(from, limit),
+
+    async getBlocks(from: BlockNumber, limit: number): Promise<L2Block[]> {
+      const responses = await node.getBlocks(from, limit, { includeTransactions: true });
+      return responses.map(r => new L2Block(r.archive, r.header, r.body!, r.checkpointNumber, r.indexWithinCheckpoint));
+    },
+
+    async getCheckpoints(from: CheckpointNumber, limit: number): Promise<PublishedCheckpoint[]> {
+      const responses = await node.getCheckpoints(from, limit, {
+        includeBlocks: true,
+        includeTransactions: true,
+        includeL1PublishInfo: true,
+        includeAttestations: true,
+      });
+      return responses.map(r => {
+        const checkpoint = new Checkpoint(
+          r.archive,
+          r.header,
+          r.blocks!.map(b => new L2Block(b.archive, b.header, b.body!, b.checkpointNumber, b.indexWithinCheckpoint)),
+          r.number,
+          r.feeAssetPriceModifier,
+        );
+        const l1 =
+          r.l1?.published === true
+            ? new L1PublishedData(r.l1.blockNumber, r.l1.timestamp, r.l1.blockHash)
+            : new L1PublishedData(0n, 0n, Fr.ZERO.toString());
+        return new PublishedCheckpoint(checkpoint, l1, r.attestations ?? []);
+      });
+    },
+  };
+}

package/src/block_synchronizer/block_synchronizer.ts

@@ -1,5 +1,6 @@
 import { BlockNumber } from '@aztec/foundation/branded-types';
 import { type Logger, type LoggerBindings, createLogger } from '@aztec/foundation/log';
+import { SerialQueue } from '@aztec/foundation/queue';
 import type { AztecAsyncKVStore } from '@aztec/kv-store';
 import type { L2TipsKVStore } from '@aztec/kv-store/stores';
 import { BlockHash, L2BlockStream, type L2BlockStreamEvent, type L2BlockStreamEventHandler } from '@aztec/stdlib/block';
@@ -11,6 +12,7 @@ import type { ContractSyncService } from '../contract_sync/contract_sync_service
 import type { AnchorBlockStore } from '../storage/anchor_block_store/anchor_block_store.js';
 import type { NoteStore } from '../storage/note_store/note_store.js';
 import type { PrivateEventStore } from '../storage/private_event_store/private_event_store.js';
+import { blockStreamSourceFromAztecNode } from './block_stream_source.js';
 
 /**
  * The BlockSynchronizer class orchestrates synchronization between PXE and Aztec node, maintaining an up-to-date
@@ -20,6 +22,7 @@ import type { PrivateEventStore } from '../storage/private_event_store/private_e
 export class BlockSynchronizer implements L2BlockStreamEventHandler {
   private log: Logger;
   private isSyncing: Promise<void> | undefined;
+  private readonly eventQueue = new SerialQueue();
   protected readonly blockStream: L2BlockStream;
 
   constructor(
@@ -35,11 +38,12 @@ export class BlockSynchronizer implements L2BlockStreamEventHandler {
   ) {
     this.log = createLogger('pxe:block_synchronizer', bindings);
     this.blockStream = this.createBlockStream(config);
+    this.eventQueue.start();
   }
 
   protected createBlockStream(config: Partial<BlockSynchronizerConfig>): L2BlockStream {
     return new L2BlockStream(
-      this.node,
+      blockStreamSourceFromAztecNode(this.node),
       this.l2TipsStore,
       this,
       createLogger('pxe:block_stream', this.log.getBindings()),
@@ -52,8 +56,12 @@ export class BlockSynchronizer implements L2BlockStreamEventHandler {
     );
   }
 
-  /** Handle events emitted by the block stream. */
-  public async handleBlockStreamEvent(event: L2BlockStreamEvent): Promise<void> {
+  /** Handle events emitted by the block stream. Serialized to prevent concurrent mutations to anchor state. */
+  public handleBlockStreamEvent(event: L2BlockStreamEvent): Promise<void> {
+    return this.eventQueue.put(() => this.doHandleBlockStreamEvent(event));
+  }
+
+  private async doHandleBlockStreamEvent(event: L2BlockStreamEvent): Promise<void> {
     await this.l2TipsStore.handleBlockStreamEvent(event);
 
     switch (event.type) {
@@ -74,9 +82,9 @@ export class BlockSynchronizer implements L2BlockStreamEventHandler {
       }
       case 'chain-proven': {
         if (this.config.syncChainTip === 'proven') {
-          const blockHeader = await this.node.getBlockHeader(BlockNumber(event.block.number));
-          if (blockHeader) {
-            await this.updateAnchorBlockHeader(blockHeader);
+          const block = await this.node.getBlock(BlockNumber(event.block.number));
+          if (block) {
+            await this.updateAnchorBlockHeader(block.header);
           } else {
             this.log.warn(`Block header not found for proven block ${event.block.number}, skipping anchor update`);
           }
@@ -85,9 +93,9 @@ export class BlockSynchronizer implements L2BlockStreamEventHandler {
       }
       case 'chain-finalized': {
         if (this.config.syncChainTip === 'finalized') {
-          const blockHeader = await this.node.getBlockHeader(BlockNumber(event.block.number));
-          if (blockHeader) {
-            await this.updateAnchorBlockHeader(blockHeader);
+          const block = await this.node.getBlock(BlockNumber(event.block.number));
+          if (block) {
+            await this.updateAnchorBlockHeader(block.header);
           } else {
             this.log.warn(`Block header not found for finalized block ${event.block.number}, skipping anchor update`);
           }
@@ -110,7 +118,8 @@ export class BlockSynchronizer implements L2BlockStreamEventHandler {
         // Note that the following is not necessarily the anchor block that will be used in the transaction - if
         // the chain has already moved past the reorg, we'll also see blocks-added events that will push the anchor
         // forward.
-        const newAnchorBlockHeader = await this.node.getBlockHeader(BlockHash.fromString(event.block.hash));
+        const newAnchorBlock = await this.node.getBlock(BlockHash.fromString(event.block.hash));
+        const newAnchorBlockHeader = newAnchorBlock?.header;
 
         if (!newAnchorBlockHeader) {
           throw new Error(
@@ -167,6 +176,13 @@ export class BlockSynchronizer implements L2BlockStreamEventHandler {
     }
   }
 
+  /** Stops the block synchronizer, waiting for any in-progress sync and queued events to complete. */
+  public async stop() {
+    await this.isSyncing;
+    await this.blockStream.stop();
+    await this.eventQueue.end();
+  }
+
   private async doSync() {
     let currentHeader;
 
@@ -177,7 +193,7 @@ export class BlockSynchronizer implements L2BlockStreamEventHandler {
     }
     if (!currentHeader) {
       // REFACTOR: We should know the header of the genesis block without having to request it from the node.
-      await this.anchorBlockStore.setHeader((await this.node.getBlockHeader(BlockNumber.ZERO))!);
+      await this.anchorBlockStore.setHeader((await this.node.getBlock(BlockNumber.ZERO))!.header);
     }
     await this.blockStream.sync();
   }

package/src/contract_function_simulator/contract_function_simulator.ts

@@ -208,7 +208,7 @@ export class ContractFunctionSimulator {
     }
 
     if (request.origin !== contractAddress) {
-      this.log.warn(
+      throw new Error(
         `Request origin does not match contract address in simulation. Request origin: ${request.origin}, contract address: ${contractAddress}`,
       );
     }
@@ -309,7 +309,6 @@ export class ContractFunctionSimulator {
     }
   }
 
-  // docs:start:execute_utility_function
   /**
    * Runs a utility function.
    * @param call - The function call to execute.
@@ -351,6 +350,7 @@ export class ContractFunctionSimulator {
       l2TipsStore: this.l2TipsStore,
       jobId,
       scopes,
+      simulator: this.simulator,
     });
 
     try {
@@ -384,7 +384,6 @@ export class ContractFunctionSimulator {
       throw createSimulationError(err instanceof Error ? err : new Error('Unknown error during private execution'));
     }
   }
-  // docs:end:execute_utility_function
 
   /**
    * Returns the execution statistics collected during the simulator run.

package/src/contract_function_simulator/oracle/interfaces.ts

@@ -164,6 +164,11 @@ export interface IUtilityExecutionOracle {
   getSharedSecret(address: AztecAddress, ephPk: Point, contractAddress: AztecAddress): Promise<Fr>;
   setContractSyncCacheInvalid(contractAddress: AztecAddress, scopes: AztecAddress[]): void;
   emitOffchainEffect(data: Fr[]): Promise<void>;
+  callUtilityFunction(
+    targetContractAddress: AztecAddress,
+    functionSelector: FunctionSelector,
+    args: Fr[],
+  ): Promise<Fr[]>;
 
   // Ephemeral array methods
   pushEphemeral(slot: Fr, elements: Fr[]): number;
@@ -204,6 +209,11 @@ export interface IPrivateExecutionOracle {
     sideEffectCounter: number,
     isStaticCall: boolean,
   ): Promise<{ endSideEffectCounter: Fr; returnsHash: Fr }>;
+  callUtilityFunction(
+    targetContractAddress: AztecAddress,
+    functionSelector: FunctionSelector,
+    args: Fr[],
+  ): Promise<Fr[]>;
   assertValidPublicCalldata(calldataHash: Fr): Promise<void>;
   notifyRevertiblePhaseStart(minRevertibleSideEffectCounter: number): Promise<void>;
   isExecutionInRevertiblePhase(sideEffectCounter: number): Promise<boolean>;

package/src/contract_function_simulator/oracle/oracle.ts

@@ -490,6 +490,20 @@ export class Oracle {
     return [values.map(toACVMField)];
   }
 
+  // eslint-disable-next-line camelcase
+  async aztec_utl_callUtilityFunction(
+    [contractAddress]: ACVMField[],
+    [functionSelector]: ACVMField[],
+    args: ACVMField[],
+  ): Promise<ACVMField[][]> {
+    const result = await this.handlerAsUtility().callUtilityFunction(
+      AztecAddress.fromField(Fr.fromString(contractAddress)),
+      FunctionSelector.fromField(Fr.fromString(functionSelector)),
+      args.map(Fr.fromString),
+    );
+    return [result.map(toACVMField)];
+  }
+
   // eslint-disable-next-line camelcase
   aztec_prv_notifyCreatedContractClassLog(
     [contractAddress]: ACVMField[],

package/src/contract_function_simulator/oracle/private_execution_oracle.ts

@@ -2,7 +2,7 @@ import { MAX_FR_CALLDATA_TO_ALL_ENQUEUED_CALLS, PRIVATE_CONTEXT_INPUTS_LENGTH }
 import { Fr } from '@aztec/foundation/curves/bn254';
 import { createLogger } from '@aztec/foundation/log';
 import { Timer } from '@aztec/foundation/timer';
-import { type CircuitSimulator, toACVMWitness } from '@aztec/simulator/client';
+import { toACVMWitness } from '@aztec/simulator/client';
 import {
   type FunctionAbi,
   type FunctionArtifact,
@@ -50,7 +50,6 @@ export type PrivateExecutionOracleArgs = Omit<UtilityExecutionOracleArgs, 'contr
   totalPublicCalldataCount?: number;
   sideEffectCounter?: number;
   senderForTags?: AztecAddress;
-  simulator?: CircuitSimulator;
 };
 
 /**
@@ -81,9 +80,11 @@ export class PrivateExecutionOracle extends UtilityExecutionOracle implements IP
   private readonly taggingIndexCache: ExecutionTaggingIndexCache;
   private readonly senderTaggingStore: SenderTaggingStore;
   private totalPublicCalldataCount: number;
-  protected sideEffectCounter: number;
-  private senderForTags?: AztecAddress;
-  private readonly simulator?: CircuitSimulator;
+  private readonly initialSideEffectCounter: number;
+  /** Sender for tags passed in at oracle construction time. Returned by `getSenderForTags` unless overridden. */
+  private readonly defaultSenderForTags: AztecAddress | undefined;
+  /** Per-call sender-for-tags override, set by `setSenderForTags`. Takes precedence over `defaultSenderForTags`. */
+  private currentSenderForTags: AztecAddress | undefined;
 
   constructor(args: PrivateExecutionOracleArgs) {
     super({
@@ -100,13 +101,17 @@ export class PrivateExecutionOracle extends UtilityExecutionOracle implements IP
     this.taggingIndexCache = args.taggingIndexCache;
     this.senderTaggingStore = args.senderTaggingStore;
     this.totalPublicCalldataCount = args.totalPublicCalldataCount ?? 0;
-    this.sideEffectCounter = args.sideEffectCounter ?? 0;
-    this.senderForTags = args.senderForTags;
-    this.simulator = args.simulator;
+    this.initialSideEffectCounter = args.sideEffectCounter ?? 0;
+    this.defaultSenderForTags = args.senderForTags;
   }
 
   public getPrivateContextInputs(): PrivateContextInputs {
-    return new PrivateContextInputs(this.callContext, this.anchorBlockHeader, this.txContext, this.sideEffectCounter);
+    return new PrivateContextInputs(
+      this.callContext,
+      this.anchorBlockHeader,
+      this.txContext,
+      this.initialSideEffectCounter,
+    );
   }
 
   // We still need this function until we can get user-defined ordering of structs for fn arguments
@@ -173,11 +178,10 @@ export class PrivateExecutionOracle extends UtilityExecutionOracle implements IP
    * for a tag in order to emit a log. Constrained tagging should not use this as there is no
    * guarantee that the recipient knows about the sender, and hence about the shared secret.
    *
-   * The value persists through nested calls, meaning all calls down the stack will use the same
-   * 'senderForTags' value (unless it is replaced).
+   * Returns `currentSenderForTags` if set (via `setSenderForTags`), otherwise `defaultSenderForTags`.
    */
   public getSenderForTags(): Promise<AztecAddress | undefined> {
-    return Promise.resolve(this.senderForTags);
+    return Promise.resolve(this.currentSenderForTags ?? this.defaultSenderForTags);
   }
 
   /**
@@ -187,12 +191,14 @@ export class PrivateExecutionOracle extends UtilityExecutionOracle implements IP
    * for a tag in order to emit a log. Constrained tagging should not use this as there is no
    * guarantee that the recipient knows about the sender, and hence about the shared secret.
    *
-   * Account contracts typically set this value before calling other contracts. The value persists
-   * through nested calls, meaning all calls down the stack will use the same 'senderForTags'
-   * value (unless it is replaced by another call to this setter).
+   * Overrides `defaultSenderForTags` for the remainder of this call. Each oracle instance is
+   * independent, so this has no effect on any other call in the execution.
    */
   public setSenderForTags(senderForTags: AztecAddress): Promise<void> {
-    this.senderForTags = senderForTags;
+    this.logger.debug(
+      `Sender for tags switched to ${senderForTags} by contract ${this.contractAddress} (default was ${this.defaultSenderForTags})`,
+    );
+    this.currentSenderForTags = senderForTags;
     return Promise.resolve();
   }
 
@@ -573,21 +579,24 @@ export class PrivateExecutionOracle extends UtilityExecutionOracle implements IP
       sideEffectCounter,
       log: this.logger,
       scopes: this.scopes,
-      senderForTags: this.senderForTags,
-      simulator: this.simulator!,
+      senderForTags: this.defaultSenderForTags,
+      simulator: this.simulator,
       l2TipsStore: this.l2TipsStore,
     });
 
     const setupTime = simulatorSetupTimer.ms();
 
     const childExecutionResult = await executePrivateFunction(
-      this.simulator!,
+      this.simulator,
       privateExecutionOracle,
       targetArtifact,
       targetContractAddress,
       functionSelector,
     );
 
+    // Propagate the nested call's calldata count so the parent sees its increments on subsequent enqueues.
+    this.totalPublicCalldataCount = privateExecutionOracle.getTotalPublicCalldataCount();
+
     if (isStaticCall) {
       this.#checkValidStaticCall(childExecutionResult);
     }
@@ -621,6 +630,10 @@ export class PrivateExecutionOracle extends UtilityExecutionOracle implements IP
     return Promise.resolve();
   }
 
+  public getTotalPublicCalldataCount(): number {
+    return this.totalPublicCalldataCount;
+  }
+
   public notifyRevertiblePhaseStart(minRevertibleSideEffectCounter: number): Promise<void> {
     return this.noteCache.setMinRevertibleSideEffectCounter(minRevertibleSideEffectCounter);
   }

package/src/contract_function_simulator/oracle/utility_execution_oracle.ts

@@ -7,6 +7,15 @@ import { LogLevels, type Logger, createLogger } from '@aztec/foundation/log';
 import type { MembershipWitness } from '@aztec/foundation/trees';
 import type { KeyStore } from '@aztec/key-store';
 import { isProtocolContract } from '@aztec/protocol-contracts';
+import {
+  type CircuitSimulator,
+  ExecutionError,
+  extractCallStack,
+  resolveAssertionMessageFromError,
+  toACVMWitness,
+  witnessMapToFields,
+} from '@aztec/simulator/client';
+import { FunctionSelector } from '@aztec/stdlib/abi';
 import type { AuthWitness } from '@aztec/stdlib/auth-witness';
 import { AztecAddress } from '@aztec/stdlib/aztec-address';
 import { BlockHash, type L2TipsProvider } from '@aztec/stdlib/block';
@@ -44,6 +53,7 @@ import { UtilityContext } from '../noir-structs/utility_context.js';
 import { pickNotes } from '../pick_notes.js';
 import type { IMiscOracle, IUtilityExecutionOracle, NoteData } from './interfaces.js';
 import { MessageLoadOracleInputs } from './message_load_oracle_inputs.js';
+import { Oracle } from './oracle.js';
 
 /** Args for UtilityExecutionOracle constructor. */
 export type UtilityExecutionOracleArgs = {
@@ -67,6 +77,7 @@ export type UtilityExecutionOracleArgs = {
   jobId: string;
   log?: ReturnType<typeof createLogger>;
   scopes: AztecAddress[];
+  simulator: CircuitSimulator;
 };
 
 /**
@@ -103,6 +114,7 @@ export class UtilityExecutionOracle implements IMiscOracle, IUtilityExecutionOra
   protected readonly jobId: string;
   protected logger: ReturnType<typeof createLogger>;
   protected readonly scopes: AztecAddress[];
+  protected readonly simulator: CircuitSimulator;
 
   constructor(args: UtilityExecutionOracleArgs) {
     this.contractAddress = args.contractAddress;
@@ -124,6 +136,7 @@ export class UtilityExecutionOracle implements IMiscOracle, IUtilityExecutionOra
     this.jobId = args.jobId;
     this.logger = args.log ?? createLogger('simulator:client_view_context');
     this.scopes = args.scopes;
+    this.simulator = args.simulator;
   }
 
   public assertCompatibleOracleVersion(major: number, minor: number): void {
@@ -333,10 +346,9 @@ export class UtilityExecutionOracle implements IMiscOracle, IUtilityExecutionOra
   }
 
   /**
-   * Returns an auth witness for the given message hash. Checks on the list of transient witnesses
-   * for this transaction first, and falls back to the local database if not found.
+   * Returns an auth witness for the given message hash from the list of transient witnesses for this transaction.
    * @param messageHash - Hash of the message to authenticate.
-   * @returns Authentication witness for the requested message hash.
+   * @returns Authentication witness for the requested message hash, or undefined if not found.
    */
   public getAuthWitness(messageHash: Fr): Promise<Fr[] | undefined> {
     return Promise.resolve(this.authWitnesses.find(w => w.requestHash.equals(messageHash))?.witness);
@@ -895,6 +907,70 @@ export class UtilityExecutionOracle implements IMiscOracle, IUtilityExecutionOra
     return Promise.resolve();
   }
 
+  /** Executes another utility function from within this one and returns its serialized return values. */
+  public async callUtilityFunction(
+    targetContractAddress: AztecAddress,
+    functionSelector: FunctionSelector,
+    args: Fr[],
+  ): Promise<Fr[]> {
+    // TODO(F-29): We want to support cross-contract utility calls, but doing so safely requires wallets to have
+    // a way to authorize which contracts can be called transitively, since those calls may expose private state.
+    // Until that is in place, restrict nested utility calls to the same contract only.
+    if (!targetContractAddress.equals(this.contractAddress)) {
+      throw new Error(
+        `Cross-contract utility calls are not yet supported: cannot call ${targetContractAddress} from utility function on ${this.contractAddress}.`,
+      );
+    }
+
+    this.logger.debug(
+      `Calling nested utility function ${targetContractAddress}:${functionSelector} from ${this.contractAddress}`,
+    );
+
+    const targetArtifact = await this.contractStore.getFunctionArtifactWithDebugMetadata(
+      targetContractAddress,
+      functionSelector,
+    );
+
+    const nestedOracle = new UtilityExecutionOracle({
+      contractAddress: targetContractAddress,
+      authWitnesses: this.authWitnesses,
+      capsules: this.capsules,
+      anchorBlockHeader: this.anchorBlockHeader,
+      contractStore: this.contractStore,
+      noteStore: this.noteStore,
+      keyStore: this.keyStore,
+      addressStore: this.addressStore,
+      aztecNode: this.aztecNode,
+      recipientTaggingStore: this.recipientTaggingStore,
+      senderAddressBookStore: this.senderAddressBookStore,
+      capsuleService: this.capsuleService,
+      privateEventStore: this.privateEventStore,
+      messageContextService: this.messageContextService,
+      contractSyncService: this.contractSyncService,
+      l2TipsStore: this.l2TipsStore,
+      jobId: this.jobId,
+      scopes: this.scopes,
+      simulator: this.simulator,
+      log: this.logger,
+    });
+
+    const initialWitness = toACVMWitness(0, args);
+    const acvmCallback = new Oracle(nestedOracle);
+    const acirExecutionResult = await this.simulator
+      .executeUserCircuit(initialWitness, targetArtifact, acvmCallback.toACIRCallback())
+      .catch((err: Error) => {
+        err.message = resolveAssertionMessageFromError(err, targetArtifact);
+        throw new ExecutionError(
+          err.message,
+          { contractAddress: targetContractAddress, functionSelector },
+          extractCallStack(err, targetArtifact.debug),
+          { cause: err },
+        );
+      });
+
+    return witnessMapToFields(acirExecutionResult.returnWitness);
+  }
+
   /** Returns offchain effects collected during execution. */
   public getOffchainEffects(): OffchainEffect[] {
     return this.offchainEffects;
@@ -905,7 +981,8 @@ export class UtilityExecutionOracle implements IMiscOracle, IUtilityExecutionOra
     const [response] = await Promise.all([
       query(),
       (async () => {
-        const header = await this.aztecNode.getBlockHeader(blockHash);
+        const block = await this.aztecNode.getBlock(blockHash);
+        const header = block?.header;
         if (!header) {
           throw new Error(`Could not find block header for block hash ${blockHash}`);
         }

package/src/contract_function_simulator/pick_notes.ts

@@ -85,6 +85,14 @@ interface ContainsNote {
 }
 
 const selectPropertyFromPackedNoteContent = (noteData: Fr[], selector: PropertySelector): Fr => {
+  if (selector.index >= noteData.length) {
+    throw new Error(`Property selector index ${selector.index} out of bounds for note with ${noteData.length} fields`);
+  }
+  if (selector.offset + selector.length > Fr.SIZE_IN_BYTES) {
+    throw new Error(
+      `Property selector range (offset=${selector.offset}, length=${selector.length}) exceeds Fr buffer size of ${Fr.SIZE_IN_BYTES} bytes`,
+    );
+  }
   const noteValueBuffer = noteData[selector.index].toBuffer();
   // Noir's PropertySelector counts offset from the LSB (last byte of the big-endian buffer),
   // so offset=0,length=Fr.SIZE_IN_BYTES reads the entire field, and offset=0,length=1 reads the last byte.
@@ -110,7 +118,11 @@ const selectNotes = <T extends ContainsNote>(noteDatas: T[], selects: Select[]):
         [Comparator.GTE]: () => !noteValueFr.lt(value),
       };
 
-      return comparatorSelector[comparator]();
+      const fn = comparatorSelector[comparator];
+      if (!fn) {
+        throw new Error(`Invalid comparator value: ${comparator}`);
+      }
+      return fn();
     }),
   );
 

package/src/events/event_service.ts

@@ -2,7 +2,7 @@ import type { Fr } from '@aztec/foundation/curves/bn254';
 import { createLogger } from '@aztec/foundation/log';
 import type { EventSelector } from '@aztec/stdlib/abi';
 import type { AztecAddress } from '@aztec/stdlib/aztec-address';
-import { siloNullifier } from '@aztec/stdlib/hash';
+import { computePrivateEventCommitment, siloNullifier } from '@aztec/stdlib/hash';
 import type { AztecNode } from '@aztec/stdlib/interfaces/server';
 import type { BlockHeader, TxHash } from '@aztec/stdlib/tx';
 
@@ -26,6 +26,18 @@ export class EventService {
     txHash: TxHash,
     scope: AztecAddress,
   ): Promise<void> {
+    // Defense-in-depth: the built-in private-event path derives this commitment from content before enqueueing, but
+    // unconstrained PXE-side code (e.g. a custom message handler) can reach this oracle with arbitrary
+    // (content, commitment) pairs. Without this check it could bind arbitrary content to a legitimate tx nullifier,
+    // causing PXE to surface fabricated event data.
+    const recomputedCommitment = await computePrivateEventCommitment(randomness, selector.toField(), content);
+    if (!recomputedCommitment.equals(eventCommitment)) {
+      this.log.warn(
+        `Skipping event whose content does not hash to the provided commitment. contract=${contractAddress}, selector=${selector}, eventCommitment=${eventCommitment}, txHash=${txHash}, recomputedCommitment=${recomputedCommitment}`,
+      );
+      return;
+    }
+
     // While using 'latest' block number would be fine for private events since they cannot be accessed from Aztec.nr
     // (and thus we're less concerned about being ahead of the synced block), we use the synced block number to
     // maintain consistent behavior in the PXE. Additionally, events should never be ahead of the synced block here

package/src/events/private_event_filter_validator.ts

@@ -1,11 +1,14 @@
 import type { PrivateEventFilter } from '@aztec/aztec.js/wallet';
 import { INITIAL_L2_BLOCK_NUM } from '@aztec/constants';
 import { BlockNumber } from '@aztec/foundation/branded-types';
+import { createLogger } from '@aztec/foundation/log';
 
 import type { PrivateEventStoreFilter } from '../storage/private_event_store/private_event_store.js';
 
 export class PrivateEventFilterValidator {
-  constructor(private lastBlock: BlockNumber) {}
+  private readonly log = createLogger('pxe:private_event_filter_validator');
+
+  constructor(private readonly lastBlock: BlockNumber) {}
 
   validate(filter: PrivateEventFilter): PrivateEventStoreFilter {
     let { fromBlock, toBlock } = filter;
@@ -35,6 +38,23 @@ export class PrivateEventFilterValidator {
       throw new Error('toBlock must be strictly greater than fromBlock');
     }
 
+    // Cap the requested range to the synced block range. Without this, callers that pass a large
+    // toBlock (e.g. Number.MAX_SAFE_INTEGER as a "give me everything" idiom) would silently receive
+    // only the events that happen to be synced and believe they have complete coverage.
+    // We warn + cap rather than throw so callers don't need to query the last synced block before
+    // every request (which would also be unreliable, as the block can advance between the two calls).
+    const syncedUpperBound = BlockNumber(this.lastBlock + 1);
+    if (fromBlock >= syncedUpperBound) {
+      this.log.warn(
+        `Requested fromBlock ${fromBlock} is past last synced block ${this.lastBlock}; no events will be returned until PXE syncs further.`,
+      );
+    } else if (toBlock > syncedUpperBound) {
+      this.log.warn(
+        `Requested toBlock ${toBlock} exceeds last synced block ${this.lastBlock}; capping to ${syncedUpperBound}. Retry once PXE is further synced for complete coverage.`,
+      );
+      toBlock = syncedUpperBound;
+    }
+
     return {
       contractAddress: filter.contractAddress,
       scopes: filter.scopes,