@aztec/pxe 0.0.1-commit.ef17749e1 → 0.0.1-commit.f1b29a41e

package/src/contract_logging.ts

@@ -5,18 +5,22 @@ import type { DebugLog } from '@aztec/stdlib/logs';
 
 /** Resolves a contract address to a human-readable name, if available. */
 export type ContractNameResolver = (address: AztecAddress) => Promise<string | undefined>;
+export type CONTRACT_LOG_KIND = 'aztecnr' | 'user';
 
 /**
- * Creates a logger whose output is prefixed with `contract_log::<name>(<addrAbbrev>)`.
+ * Creates a logger whose output is prefixed with `contract:<name>(<addrAbbrev>)`.
  */
 export async function createContractLogger(
   contractAddress: AztecAddress,
   getContractName: ContractNameResolver,
+  kind: CONTRACT_LOG_KIND,
   options?: { instanceId?: string },
 ): Promise<Logger> {
   const addrAbbrev = contractAddress.toString().slice(0, 10);
   const name = await getContractName(contractAddress);
-  const module = name ? `contract_log::${name}(${addrAbbrev})` : `contract_log::Unknown(${addrAbbrev})`;
+
+  const prefix = kind == 'aztecnr' ? 'aztecnr' : 'contract';
+  const module = name ? `${prefix}:${name}(${addrAbbrev})` : `${prefix}:Unknown(${addrAbbrev})`;
   return createLogger(module, options);
 }
 
@@ -29,11 +33,20 @@ export function logContractMessage(logger: Logger, level: LogLevel, message: str
 
 /**
  * Displays debug logs collected during public function simulation,
- * using the `contract_log::` prefixed logger format.
+ * using the `contract:` prefixed logger format.
  */
 export async function displayDebugLogs(debugLogs: DebugLog[], getContractName: ContractNameResolver): Promise<void> {
   for (const log of debugLogs) {
-    const logger = await createContractLogger(log.contractAddress, getContractName);
-    logContractMessage(logger, log.level, log.message, log.fields);
+    const { kind, message } = stripAztecnrLogPrefix(log.message);
+    const logger = await createContractLogger(log.contractAddress, getContractName, kind);
+    logContractMessage(logger, log.level, message, log.fields);
+  }
+}
+
+export function stripAztecnrLogPrefix(message: string): { kind: CONTRACT_LOG_KIND; message: string } {
+  if (message.startsWith('[aztec-nr] ')) {
+    return { kind: 'aztecnr', message: message.slice('[aztec-nr] '.length) };
+  } else {
+    return { kind: 'user', message };
   }
 }

package/src/contract_sync/contract_sync_service.ts

@@ -20,23 +20,24 @@ export class ContractSyncService implements StagedStore {
   readonly storeName = 'contract_sync';
 
   // Tracks contracts synced since last wipe. The cache is keyed per individual scope address
-  // (`contractAddress:scopeAddress`), or `contractAddress:*` for undefined scopes (all accounts).
+  // (`contractAddress:scopeAddress`), or `contractAddress:*` for all scopes (all accounts).
   // The value is a promise that resolves when the contract is synced.
   private syncedContracts: Map<string, Promise<void>> = new Map();
 
-  // Per-job overridden contract addresses - these contracts should not be synced.
-  private overriddenContracts: Map<string, Set<string>> = new Map();
+  // Per-job excluded contract addresses - these contracts should not be synced.
+  private excludedFromSync: Map<string, Set<string>> = new Map();
 
   constructor(
     private aztecNode: AztecNode,
     private contractStore: ContractStore,
     private noteStore: NoteStore,
+    private getRegisteredAccounts: () => Promise<AztecAddress[]>,
     private log: Logger,
   ) {}
 
   /** Sets contracts that should be skipped during sync for a specific job. */
-  setOverriddenContracts(jobId: string, addresses: Set<string>): void {
-    this.overriddenContracts.set(jobId, addresses);
+  setExcludedFromSync(jobId: string, addresses: Set<string>): void {
+    this.excludedFromSync.set(jobId, addresses);
   }
 
   /**
@@ -56,47 +57,34 @@ export class ContractSyncService implements StagedStore {
     jobId: string,
     scopes: AccessScopes,
   ): Promise<void> {
-    // Skip sync if this contract has an override for this job (overrides are keyed by contract address only)
-    const overrides = this.overriddenContracts.get(jobId);
-    if (overrides?.has(contractAddress.toString())) {
+    if (this.#shouldSkipSync(jobId, contractAddress)) {
       return;
     }
 
-    // Skip sync if we already synced for "all scopes", or if we have an empty list of scopes
-    const allScopesKey = toKey(contractAddress, 'ALL_SCOPES');
-    const allScopesExisting = this.syncedContracts.get(allScopesKey);
-    if (allScopesExisting || (scopes !== 'ALL_SCOPES' && scopes.length == 0)) {
-      return;
-    }
-
-    const unsyncedScopes =
-      scopes === 'ALL_SCOPES'
-        ? scopes
-        : scopes.filter(scope => !this.syncedContracts.has(toKey(contractAddress, scope)));
-    const unsyncedScopesKeys = toKeys(contractAddress, unsyncedScopes);
-
-    if (unsyncedScopesKeys.length > 0) {
-      // Start sync and store the promise for all unsynced scopes
-      const promise = this.#doSync(
+    this.#startSyncIfNeeded(contractAddress, scopes, scopesToSync =>
+      this.#syncContract(
         contractAddress,
         functionToInvokeAfterSync,
         utilityExecutor,
         anchorBlockHeader,
         jobId,
-        unsyncedScopes,
-      ).catch(err => {
-        // There was an error syncing the contract, so we remove it from the cache so that it can be retried.
-        unsyncedScopesKeys.forEach(key => this.syncedContracts.delete(key));
-        throw err;
-      });
-      unsyncedScopesKeys.forEach(key => this.syncedContracts.set(key, promise));
-    }
+        scopesToSync,
+      ),
+    );
 
-    const promises = toKeys(contractAddress, scopes).map(key => this.syncedContracts.get(key)!);
-    await Promise.all(promises);
+    await this.#awaitSync(contractAddress, scopes);
   }
 
-  async #doSync(
+  /** Clears sync cache entries for the given scopes of a contract. Also clears the ALL_SCOPES entry. */
+  invalidateContractForScopes(contractAddress: AztecAddress, scopes: AztecAddress[]): void {
+    if (scopes.length === 0) {
+      return;
+    }
+    scopes.forEach(scope => this.syncedContracts.delete(toKey(contractAddress, scope)));
+    this.syncedContracts.delete(toKey(contractAddress, 'ALL_SCOPES'));
+  }
+
+  async #syncContract(
     contractAddress: AztecAddress,
     functionToInvokeAfterSync: FunctionSelector | null,
     utilityExecutor: (call: FunctionCall, scopes: AccessScopes) => Promise<any>,
@@ -105,18 +93,28 @@ export class ContractSyncService implements StagedStore {
     scopes: AccessScopes,
   ): Promise<void> {
     this.log.debug(`Syncing contract ${contractAddress}`);
+
+    // Resolve ALL_SCOPES to actual registered accounts, since sync_state must be called once per account.
+    const scopeAddresses = scopes === 'ALL_SCOPES' ? await this.getRegisteredAccounts() : scopes;
+
     await Promise.all([
-      syncState(
-        contractAddress,
-        this.contractStore,
-        functionToInvokeAfterSync,
-        utilityExecutor,
-        this.noteStore,
-        this.aztecNode,
-        anchorBlockHeader,
-        jobId,
-        scopes,
-      ),
+      // Call sync_state sequentially for each scope address — each invocation synchronizes one account's private
+      // state using scoped capsule arrays.
+      (async () => {
+        for (const scope of scopeAddresses) {
+          await syncState(
+            contractAddress,
+            this.contractStore,
+            functionToInvokeAfterSync,
+            utilityExecutor,
+            this.noteStore,
+            this.aztecNode,
+            anchorBlockHeader,
+            jobId,
+            scope,
+          );
+        }
+      })(),
       verifyCurrentClassId(contractAddress, this.aztecNode, this.contractStore, anchorBlockHeader),
     ]);
     this.log.debug(`Contract ${contractAddress} synced`);
@@ -129,8 +127,8 @@ export class ContractSyncService implements StagedStore {
   }
 
   commit(jobId: string): Promise<void> {
-    // Clear overridden contracts for this job
-    this.overriddenContracts.delete(jobId);
+    // Clear excluded contracts for this job
+    this.excludedFromSync.delete(jobId);
     return Promise.resolve();
   }
 
@@ -138,9 +136,51 @@ export class ContractSyncService implements StagedStore {
     // We clear the synced contracts cache here because, when the job is discarded, any associated database writes from
     // the sync are also undone.
     this.syncedContracts.clear();
-    this.overriddenContracts.delete(jobId);
+    this.excludedFromSync.delete(jobId);
     return Promise.resolve();
   }
+  /** Returns true if sync should be skipped for this contract */
+  #shouldSkipSync(jobId: string, contractAddress: AztecAddress): boolean {
+    return !!this.excludedFromSync.get(jobId)?.has(contractAddress.toString());
+  }
+
+  /** If there are unsynced scopes, starts sync and stores the promise in cache with error cleanup. */
+  #startSyncIfNeeded(
+    contractAddress: AztecAddress,
+    scopes: AccessScopes,
+    syncFn: (scopesToSync: AccessScopes) => Promise<void>,
+  ): void {
+    const scopesToSync = this.#getScopesToSync(contractAddress, scopes);
+    const keys = toKeys(contractAddress, scopesToSync);
+    if (keys.length === 0) {
+      return;
+    }
+    const promise = syncFn(scopesToSync).catch(err => {
+      keys.forEach(key => this.syncedContracts.delete(key));
+      throw err;
+    });
+    keys.forEach(key => this.syncedContracts.set(key, promise));
+  }
+
+  /** Filters out scopes that are already cached, returning only those that still need syncing. */
+  #getScopesToSync(contractAddress: AztecAddress, scopes: AccessScopes): AccessScopes {
+    if (this.syncedContracts.has(toKey(contractAddress, 'ALL_SCOPES'))) {
+      // If we are already syncing all scopes, then return an empty list
+      return [];
+    }
+    if (scopes === 'ALL_SCOPES') {
+      return 'ALL_SCOPES';
+    }
+    return scopes.filter(scope => !this.syncedContracts.has(toKey(contractAddress, scope)));
+  }
+
+  /** Collects all relevant scope promises (including in-flight ones from concurrent calls) and awaits them. */
+  async #awaitSync(contractAddress: AztecAddress, scopes: AccessScopes): Promise<void> {
+    const promises = toKeys(contractAddress, scopes)
+      .map(key => this.syncedContracts.get(key))
+      .filter(p => p !== undefined);
+    await Promise.all(promises);
+  }
 }
 
 function toKeys(contract: AztecAddress, scopes: AccessScopes) {

package/src/contract_sync/helpers.ts

@@ -48,11 +48,11 @@ export async function syncState(
   aztecNode: AztecNode,
   anchorBlockHeader: BlockHeader,
   jobId: string,
-  scopes: AccessScopes,
+  scope: AztecAddress,
 ) {
   // Protocol contracts don't have private state to sync
   if (!isProtocolContract(contractAddress)) {
-    const syncStateFunctionCall = await contractStore.getFunctionCall('sync_state', [], contractAddress);
+    const syncStateFunctionCall = await contractStore.getFunctionCall('sync_state', [scope], contractAddress);
     if (functionToInvokeAfterSync && functionToInvokeAfterSync.equals(syncStateFunctionCall.selector)) {
       throw new Error(
         'Forbidden `sync_state` invocation. `sync_state` can only be invoked by PXE, manual execution can lead to inconsistencies.',
@@ -60,6 +60,7 @@ export async function syncState(
     }
 
     const noteService = new NoteService(noteStore, aztecNode, anchorBlockHeader, jobId);
+    const scopes: AccessScopes = [scope];
 
     // Both sync_state and syncNoteNullifiers interact with the note store, but running them in parallel is safe
     // because note store is designed to handle concurrent operations.

package/src/events/event_service.ts

@@ -1,4 +1,5 @@
 import type { Fr } from '@aztec/foundation/curves/bn254';
+import { createLogger } from '@aztec/foundation/log';
 import type { EventSelector } from '@aztec/stdlib/abi';
 import type { AztecAddress } from '@aztec/stdlib/aztec-address';
 import { siloNullifier } from '@aztec/stdlib/hash';
@@ -13,6 +14,7 @@ export class EventService {
     private readonly aztecNode: AztecNode,
     private readonly privateEventStore: PrivateEventStore,
     private readonly jobId: string,
+    private readonly log = createLogger('pxe:event_service'),
   ) {}
 
   public async validateAndStoreEvent(
@@ -36,19 +38,30 @@ export class EventService {
     const anchorBlockNumber = this.anchorBlockHeader.getBlockNumber();
 
     if (!txEffect) {
-      throw new Error(`Could not find tx effect for tx hash ${txHash}`);
+      // We error out instead of just logging a warning and skipping the event because this would indicate a bug. This
+      // is because the node has already served info about this tx either when obtaining the log (TxScopedL2Log contain
+      // tx info) or when getting metadata for the offchain message (before the message got passed to `process_log`).
+      throw new Error(`Could not find tx effect for tx hash ${txHash} when processing an event.`);
     }
 
     if (txEffect.l2BlockNumber > anchorBlockNumber) {
-      throw new Error(`Could not find tx effect for tx hash ${txHash} as of block number ${anchorBlockNumber}`);
+      // We should never process a message from a tx past the anchor block. If we got here, a preprocessing step made
+      // a mistake.
+      throw new Error(
+        `Obtained a newer tx effect for ${txHash} for an event validation request than the anchor block ${anchorBlockNumber}. This is a bug as smart contracts should not issue event validation requests for events from blocks newer than the anchor block.`,
+      );
     }
 
     // Find the index of the event commitment in the nullifiers array to determine event ordering within the tx
     const eventIndexInTx = txEffect.data.nullifiers.findIndex(n => n.equals(siloedEventCommitment));
     if (eventIndexInTx === -1) {
-      throw new Error(
-        `Event commitment ${eventCommitment} (siloed as ${siloedEventCommitment}) is not present in tx ${txHash}`,
+      // Unlike in NoteService, this might not be a bug since the commitment hasn't been verified yet in the message
+      // processing pipeline. A malformed or malicious message could trigger this condition. Because of this we don't
+      // error out and we just show a warning.
+      this.log.warn(
+        `Skipping event whose commitment is not present in its tx. siloedEventCommitment=${siloedEventCommitment}, contract=${contractAddress}, selector=${selector}, eventCommitment=${eventCommitment}, txHash=${txHash}`,
       );
+      return;
     }
 
     return this.privateEventStore.storePrivateEventLog(

package/src/logs/log_service.ts

@@ -12,11 +12,10 @@ import {
 } from '@aztec/stdlib/logs';
 import type { BlockHeader } from '@aztec/stdlib/tx';
 
-import type { AccessScopes } from '../access_scopes.js';
 import type { LogRetrievalRequest } from '../contract_function_simulator/noir-structs/log_retrieval_request.js';
 import { LogRetrievalResponse } from '../contract_function_simulator/noir-structs/log_retrieval_response.js';
 import { AddressStore } from '../storage/address_store/address_store.js';
-import { CapsuleStore } from '../storage/capsule_store/capsule_store.js';
+import type { CapsuleService } from '../storage/capsule_store/capsule_service.js';
 import type { RecipientTaggingStore } from '../storage/tagging_store/recipient_tagging_store.js';
 import type { SenderAddressBookStore } from '../storage/tagging_store/sender_address_book_store.js';
 import {
@@ -32,7 +31,7 @@ export class LogService {
     private readonly aztecNode: AztecNode,
     private readonly anchorBlockHeader: BlockHeader,
     private readonly keyStore: KeyStore,
-    private readonly capsuleStore: CapsuleStore,
+    private readonly capsuleService: CapsuleService,
     private readonly recipientTaggingStore: RecipientTaggingStore,
     private readonly senderAddressBookStore: SenderAddressBookStore,
     private readonly addressStore: AddressStore,
@@ -42,7 +41,16 @@ export class LogService {
     this.log = createLogger('pxe:log_service', bindings);
   }
 
-  public async bulkRetrieveLogs(logRetrievalRequests: LogRetrievalRequest[]): Promise<(LogRetrievalResponse | null)[]> {
+  public async fetchLogsByTag(
+    contractAddress: AztecAddress,
+    logRetrievalRequests: LogRetrievalRequest[],
+  ): Promise<(LogRetrievalResponse | null)[]> {
+    for (const request of logRetrievalRequests) {
+      if (!contractAddress.equals(request.contractAddress)) {
+        throw new Error(`Got a log retrieval request from ${request.contractAddress}, expected ${contractAddress}`);
+      }
+    }
+
     return await Promise.all(
       logRetrievalRequests.map(async request => {
         const [publicLog, privateLog] = await Promise.all([
@@ -51,8 +59,8 @@ export class LogService {
         ]);
 
         if (publicLog !== null && privateLog !== null) {
-          throw new Error(
-            `Found both a public and private log when searching for tag ${request.tag} from contract ${request.contractAddress}`,
+          this.log.warn(
+            `Found both a public and private log for tag ${request.tag} from contract ${request.contractAddress}. This may indicate a contract bug. Returning the public log.`,
           );
         }
 
@@ -74,9 +82,8 @@ export class LogService {
     if (logsForTag.length === 0) {
       return null;
     } else if (logsForTag.length > 1) {
-      // TODO(#11627): handle this case
-      throw new Error(
-        `Got ${logsForTag.length} logs for tag ${tag} and contract ${contractAddress.toString()}. getPublicLogByTag currently only supports a single log per tag`,
+      this.log.warn(
+        `Expected at most 1 public log for tag ${tag} and contract ${contractAddress.toString()}, got ${logsForTag.length}. This may indicate a contract bug. Returning the first log.`,
       );
     }
 
@@ -98,9 +105,8 @@ export class LogService {
     if (logsForTag.length === 0) {
       return null;
     } else if (logsForTag.length > 1) {
-      // TODO(#11627): handle this case
-      throw new Error(
-        `Got ${logsForTag.length} logs for tag ${siloedTag}. getPrivateLogByTag currently only supports a single log per tag`,
+      this.log.warn(
+        `Expected at most 1 private log for tag ${siloedTag}, got ${logsForTag.length}. This may indicate a contract bug. Returning the first log.`,
       );
     }
 
@@ -114,46 +120,40 @@ export class LogService {
     );
   }
 
-  public async fetchTaggedLogs(contractAddress: AztecAddress, pendingTaggedLogArrayBaseSlot: Fr, scopes: AccessScopes) {
+  public async fetchTaggedLogs(
+    contractAddress: AztecAddress,
+    pendingTaggedLogArrayBaseSlot: Fr,
+    recipient: AztecAddress,
+  ) {
     this.log.verbose(`Fetching tagged logs for ${contractAddress.toString()}`);
 
     // We only load logs from block up to and including the anchor block number
     const anchorBlockNumber = this.anchorBlockHeader.getBlockNumber();
     const anchorBlockHash = await this.anchorBlockHeader.hash();
 
-    // Determine recipients: use scopes if provided, otherwise get all accounts
-    const recipients = scopes !== 'ALL_SCOPES' && scopes.length > 0 ? scopes : await this.keyStore.getAccounts();
-
-    // For each recipient, fetch secrets, load logs, and store them.
-    // We run these per-recipient tasks in parallel so that logs are loaded for all recipients concurrently.
-    await Promise.all(
-      recipients.map(async recipient => {
-        // Get all secrets for this recipient (one per sender)
-        const secrets = await this.#getSecretsForSenders(contractAddress, recipient);
-
-        // Load logs for all sender-recipient pairs in parallel
-        const logArrays = await Promise.all(
-          secrets.map(secret =>
-            loadPrivateLogsForSenderRecipientPair(
-              secret,
-              this.aztecNode,
-              this.recipientTaggingStore,
-              anchorBlockNumber,
-              anchorBlockHash,
-              this.jobId,
-            ),
-          ),
-        );
+    // Get all secrets for this recipient (one per sender)
+    const secrets = await this.#getSecretsForSenders(contractAddress, recipient);
+
+    // Load logs for all sender-recipient pairs in parallel
+    const logArrays = await Promise.all(
+      secrets.map(secret =>
+        loadPrivateLogsForSenderRecipientPair(
+          secret,
+          this.aztecNode,
+          this.recipientTaggingStore,
+          anchorBlockNumber,
+          anchorBlockHash,
+          this.jobId,
+        ),
+      ),
+    );
 
-        // Flatten all logs from all secrets
-        const allLogs = logArrays.flat();
+    // Flatten all logs from all secrets
+    const allLogs = logArrays.flat();
 
-        // Store the logs for this recipient
-        if (allLogs.length > 0) {
-          await this.#storePendingTaggedLogs(contractAddress, pendingTaggedLogArrayBaseSlot, recipient, allLogs);
-        }
-      }),
-    );
+    if (allLogs.length > 0) {
+      await this.#storePendingTaggedLogs(contractAddress, pendingTaggedLogArrayBaseSlot, recipient, allLogs);
+    }
   }
 
   async #getSecretsForSenders(
@@ -201,13 +201,18 @@ export class LogService {
         scopedLog.txHash,
         scopedLog.noteHashes,
         scopedLog.firstNullifier,
-        recipient,
       );
 
       return pendingTaggedLog.toFields();
     });
 
     // TODO: This looks like it could belong more at the oracle interface level
-    return this.capsuleStore.appendToCapsuleArray(contractAddress, capsuleArrayBaseSlot, pendingTaggedLogs, this.jobId);
+    return this.capsuleService.appendToCapsuleArray(
+      contractAddress,
+      capsuleArrayBaseSlot,
+      pendingTaggedLogs,
+      this.jobId,
+      recipient,
+    );
   }
 }

package/src/messages/message_context_service.ts

@@ -0,0 +1,44 @@
+import { Fr } from '@aztec/foundation/curves/bn254';
+import type { AztecNode } from '@aztec/stdlib/interfaces/server';
+import { MessageContext } from '@aztec/stdlib/logs';
+import { TxHash } from '@aztec/stdlib/tx';
+
+/** Resolves transaction hashes into the context needed to process messages. */
+export class MessageContextService {
+  constructor(private readonly aztecNode: AztecNode) {}
+
+  /**
+   * Resolves a list of tx hashes into their message contexts.
+   *
+   * For each tx hash, looks up the corresponding tx effect and extracts the note hashes and first nullifier needed to
+   * process messages that originated from that transaction. Returns `null` for tx hashes that are zero, not yet
+   * available, or in blocks beyond the anchor block.
+   */
+  getMessageContextsByTxHash(txHashes: Fr[], anchorBlockNumber: number): Promise<(MessageContext | null)[]> {
+    // TODO: optimize, we might be hitting the node to get the same txHash repeatedly
+    return Promise.all(
+      txHashes.map(async txHashField => {
+        // A zero tx hash indicates a tx-less offchain message (e.g. one not tied to any onchain transaction).
+        // These messages don't have a transaction context to resolve, so we return null.
+        if (txHashField.isZero()) {
+          return null;
+        }
+
+        const txHash = TxHash.fromField(txHashField);
+        const txEffect = await this.aztecNode.getTxEffect(txHash);
+        if (!txEffect || txEffect.l2BlockNumber > anchorBlockNumber) {
+          return null;
+        }
+
+        // Every tx has at least one nullifier (the first nullifier derived from the tx hash). Hitting this condition
+        // would mean a buggy node, but since we need to access data.nullifiers[0], the defensive check does no harm.
+        const data = txEffect.data;
+        if (data.nullifiers.length === 0) {
+          throw new Error(`Tx effect for ${txHash} has no nullifiers`);
+        }
+
+        return new MessageContext(data.txHash, data.noteHashes, data.nullifiers[0]);
+      }),
+    );
+  }
+}

package/src/notes/note_service.ts

@@ -121,7 +121,7 @@ export class NoteService {
     noteHash: Fr,
     nullifier: Fr,
     txHash: TxHash,
-    recipient: AztecAddress,
+    scope: AztecAddress,
   ): Promise<void> {
     // We are going to store the new note in the NoteStore, which will let us later return it via `getNotes`.
     // There's two things we need to check before we do this however:
@@ -155,16 +155,28 @@ export class NoteService {
       this.aztecNode.findLeavesIndexes(anchorBlockHash, MerkleTreeId.NULLIFIER_TREE, [siloedNullifier]),
     ]);
     if (!txEffect) {
-      throw new Error(`Could not find tx effect for tx hash ${txHash}`);
+      // We error out instead of just logging a warning and skipping the note because this would indicate a bug. This
+      // is because the node has already served info about this tx either when obtaining the log (TxScopedL2Log contain
+      // tx info) or when getting metadata for the offchain message (before the message got passed to `process_log`).
+      throw new Error(`Could not find tx effect for tx hash ${txHash} when processing a note.`);
     }
 
     if (txEffect.l2BlockNumber > anchorBlockNumber) {
-      throw new Error(`Could not find tx effect for tx hash ${txHash} as of block number ${anchorBlockNumber}`);
+      // If the message was delivered onchain, this would indicate a bug: log sync should never load logs from blocks
+      // newer than the anchor block. If the note came via an offchain message, it would likely also be a bug, since we
+      // sync a new anchor block before calling `process_message`. For this not to be a bug, the message would need to
+      // come from a newer block than the anchor served by the node, implying the node isn't properly synced.
+      //     We therefore error out here rather than assuming the offchain message was constructed by a malicious
+      // sender with the intention of bricking recipient's PXE (if we assumed that we would just ignore the message).
+      throw new Error(
+        `Obtained a newer tx effect for ${txHash} for a note validation request than the anchor block ${anchorBlockNumber}. This is a bug as we should not ever be processing a note from a newer block than the anchor block.`,
+      );
     }
 
     // Find the index of the note hash in the noteHashes array to determine note ordering within the tx
     const noteIndexInTx = txEffect.data.noteHashes.findIndex(nh => nh.equals(uniqueNoteHash));
     if (noteIndexInTx === -1) {
+      // Similar to the comment above - we error out as this would indicate a bug in nonce discovery.
       throw new Error(`Note hash ${noteHash} (uniqued as ${uniqueNoteHash}) is not present in tx ${txHash}`);
     }
 
@@ -184,8 +196,7 @@ export class NoteService {
       noteIndexInTx,
     );
 
-    // The note was found by `recipient`, so we use that as the scope when storing the note.
-    await this.noteStore.addNotes([noteDao], recipient, this.jobId);
+    await this.noteStore.addNotes([noteDao], scope, this.jobId);
 
     if (nullifierIndex !== undefined) {
       // We found nullifier index which implies that the note has already been nullified.

package/src/oracle_version.ts

@@ -4,9 +4,9 @@
 ///
 /// @dev Whenever a contract function or Noir test is run, the `aztec_utl_assertCompatibleOracleVersion` oracle is called
 /// and if the oracle version is incompatible an error is thrown.
-export const ORACLE_VERSION = 14;
+export const ORACLE_VERSION = 21;
 
 /// This hash is computed as by hashing the Oracle interface and it is used to detect when the Oracle interface changes,
 /// which in turn implies that you need to update the ORACLE_VERSION constant in this file and in
 /// `noir-projects/aztec-nr/aztec/src/oracle/version.nr`.
-export const ORACLE_INTERFACE_HASH = '9fb918682455c164ce8dd3acb71c751e2b9b2fc48913604069c9ea885fa378ca';
+export const ORACLE_INTERFACE_HASH = '83f1de1a9741a34916fd58cf12b857d0bac90f74bf00751b20304301a3f5c8eb';