@aztec/slasher 0.0.1-commit.86469d5 → 0.0.1-commit.8655d4a

package/src/watchers/broadcasted_invalid_checkpoint_proposal_watcher.ts

@@ -0,0 +1,192 @@
+import type { EpochCacheInterface } from '@aztec/epoch-cache';
+import { SlotNumber } from '@aztec/foundation/branded-types';
+import { merge, pick } from '@aztec/foundation/collection';
+import type { EthAddress } from '@aztec/foundation/eth-address';
+import { FifoSet } from '@aztec/foundation/fifo-set';
+import { type Logger, createLogger } from '@aztec/foundation/log';
+import { RunningPromise } from '@aztec/foundation/running-promise';
+import type { L2BlockSource } from '@aztec/stdlib/block';
+import type { P2PClient, SlasherConfig } from '@aztec/stdlib/interfaces/server';
+import type { BlockProposal, CheckpointProposalCore } from '@aztec/stdlib/p2p';
+import { OffenseType, getOffenseTypeName } from '@aztec/stdlib/slashing';
+
+import EventEmitter from 'node:events';
+
+import { WANT_TO_SLASH_EVENT, type WantToSlashArgs, type Watcher, type WatcherEmitter } from '../watcher.js';
+
+const BroadcastedInvalidCheckpointProposalWatcherConfigKeys = [
+  'slashBroadcastedInvalidCheckpointProposalPenalty',
+] as const;
+
+const SCAN_SLOT_LAG = 1;
+const DEFAULT_SCAN_SLOT_LOOKBACK = 4;
+
+type BroadcastedInvalidCheckpointProposalWatcherConfig = Pick<
+  SlasherConfig,
+  (typeof BroadcastedInvalidCheckpointProposalWatcherConfigKeys)[number]
+>;
+
+type ProposalsForSlot = Awaited<ReturnType<P2PClient['getProposalsForSlot']>>;
+type P2PProposalsForSlotSource = Pick<P2PClient, 'getProposalsForSlot'>;
+
+type SignedBlockProposal = {
+  proposal: BlockProposal;
+  signer: EthAddress;
+};
+
+/** Detects truncated-checkpoint proposal offenses from retained signed P2P proposals. */
+export class BroadcastedInvalidCheckpointProposalWatcher
+  extends (EventEmitter as new () => WatcherEmitter)
+  implements Watcher
+{
+  private readonly log: Logger = createLogger('broadcasted-invalid-checkpoint-proposal-watcher');
+  private readonly runningPromise: RunningPromise;
+  private readonly emittedOffenses: FifoSet<string>;
+  private readonly scanSlotLookback: number;
+  private config: BroadcastedInvalidCheckpointProposalWatcherConfig;
+  private lastScannedSlot: SlotNumber | undefined;
+
+  constructor(
+    private readonly p2pClient: P2PProposalsForSlotSource,
+    private readonly l2BlockSource: Pick<L2BlockSource, 'getSyncedL2SlotNumber'>,
+    private readonly epochCache: Pick<EpochCacheInterface, 'getSlotNow' | 'getL1Constants'>,
+    config: BroadcastedInvalidCheckpointProposalWatcherConfig,
+    scanSlotLookback = DEFAULT_SCAN_SLOT_LOOKBACK,
+  ) {
+    super();
+    const constants = epochCache.getL1Constants();
+    this.config = pick(config, ...BroadcastedInvalidCheckpointProposalWatcherConfigKeys);
+    this.scanSlotLookback = Math.max(1, scanSlotLookback);
+
+    // Bound emitted offenses to the number of slots we rescan. This watcher currently tracks one offense type,
+    // and at most one offense of that type can be emitted per slot.
+    const offenseTypes = 1;
+    this.emittedOffenses = FifoSet.withLimit<string>(offenseTypes * this.scanSlotLookback);
+
+    const intervalMs = Math.max(1000, (constants.ethereumSlotDuration * 1000) / 4);
+    this.runningPromise = new RunningPromise(() => this.scan(), this.log, intervalMs);
+    this.log.info('BroadcastedInvalidCheckpointProposalWatcher initialized', {
+      scanSlotLookback: this.scanSlotLookback,
+    });
+  }
+
+  public updateConfig(config: Partial<BroadcastedInvalidCheckpointProposalWatcherConfig>): void {
+    this.config = merge(this.config, pick(config, ...BroadcastedInvalidCheckpointProposalWatcherConfigKeys));
+    this.log.verbose('BroadcastedInvalidCheckpointProposalWatcher config updated', this.config);
+  }
+
+  public start(): Promise<void> {
+    this.runningPromise.start();
+    return Promise.resolve();
+  }
+
+  public stop(): Promise<void> {
+    return this.runningPromise.stop();
+  }
+
+  /**
+   * Scans newly closed slots, plus a small lookback for late-arriving proposals. Anchors
+   * `currentSlot` at the archiver's last synced L2 slot.
+   */
+  public async scan(): Promise<void> {
+    const currentSlot = (await this.l2BlockSource.getSyncedL2SlotNumber()) ?? this.epochCache.getSlotNow();
+    if (currentSlot <= SlotNumber(SCAN_SLOT_LAG)) {
+      return;
+    }
+
+    const newestSlotToConsider = SlotNumber(currentSlot - 1 - SCAN_SLOT_LAG);
+    const oldestLookbackSlot = SlotNumber(Math.max(0, newestSlotToConsider - this.scanSlotLookback + 1));
+    const oldestUnscannedSlot =
+      this.lastScannedSlot === undefined ? oldestLookbackSlot : SlotNumber(this.lastScannedSlot + 1);
+    const oldestSlot = SlotNumber(Math.min(oldestLookbackSlot, oldestUnscannedSlot));
+    for (let slot = oldestSlot; slot <= newestSlotToConsider; slot++) {
+      await this.scanSlot(SlotNumber(slot));
+    }
+    this.lastScannedSlot = newestSlotToConsider;
+  }
+
+  /** Scans a single slot. Public for tests. */
+  public async scanSlot(slot: SlotNumber): Promise<void> {
+    const proposals = await this.p2pClient.getProposalsForSlot(slot);
+    const slashArgs = this.getSlashArgsForProposals(slot, proposals).filter(args => this.markAsNewOffense(args));
+    if (slashArgs.length === 0) {
+      return;
+    }
+
+    this.log.info(`Detected broadcasted invalid checkpoint proposal offense`, {
+      slot,
+      offenses: slashArgs.map(args => ({
+        validator: args.validator.toString(),
+        amount: args.amount,
+        offenseType: getOffenseTypeName(args.offenseType),
+        epochOrSlot: args.epochOrSlot,
+      })),
+    });
+    this.emit(WANT_TO_SLASH_EVENT, slashArgs);
+  }
+
+  private getSlashArgsForProposals(slot: SlotNumber, proposals: ProposalsForSlot): WantToSlashArgs[] {
+    const offenders = this.findOffenders(proposals.blockProposals, proposals.checkpointProposals);
+    // we expect one proposer per slot today.
+    return [...offenders.values()].map(validator => ({
+      validator,
+      amount: this.config.slashBroadcastedInvalidCheckpointProposalPenalty,
+      offenseType: OffenseType.BROADCASTED_INVALID_CHECKPOINT_PROPOSAL,
+      epochOrSlot: BigInt(slot),
+    }));
+  }
+
+  private findOffenders(blockProposals: BlockProposal[], checkpointProposals: CheckpointProposalCore[]) {
+    const blocksBySigner = this.getSignedBlocksBySigner(blockProposals);
+    const offenders = new Map<string, EthAddress>();
+
+    for (const checkpoint of checkpointProposals) {
+      const checkpointSigner = checkpoint.getSender();
+      if (!checkpointSigner) {
+        continue;
+      }
+
+      const signerKey = checkpointSigner.toString();
+      const signerBlocks = blocksBySigner.get(signerKey) ?? [];
+      const terminalBlocks = signerBlocks.filter(
+        ({ proposal }) => proposal.slotNumber === checkpoint.slotNumber && proposal.archive.equals(checkpoint.archive),
+      );
+      if (terminalBlocks.length === 0) {
+        continue;
+      }
+
+      const hasTruncatedHigherBlock = terminalBlocks.some(terminalBlock =>
+        signerBlocks.some(
+          ({ proposal }) =>
+            proposal.slotNumber === checkpoint.slotNumber &&
+            proposal.indexWithinCheckpoint > terminalBlock.proposal.indexWithinCheckpoint,
+        ),
+      );
+      if (hasTruncatedHigherBlock) {
+        offenders.set(signerKey, checkpointSigner);
+      }
+    }
+
+    return offenders;
+  }
+
+  private getSignedBlocksBySigner(blockProposals: BlockProposal[]): Map<string, SignedBlockProposal[]> {
+    const blocksBySigner = new Map<string, SignedBlockProposal[]>();
+    for (const proposal of blockProposals) {
+      const signer = proposal.getSender();
+      if (!signer) {
+        continue;
+      }
+      const signerKey = signer.toString();
+      const signerBlocks = blocksBySigner.get(signerKey) ?? [];
+      signerBlocks.push({ proposal, signer });
+      blocksBySigner.set(signerKey, signerBlocks);
+    }
+    return blocksBySigner;
+  }
+
+  private markAsNewOffense(args: WantToSlashArgs): boolean {
+    const key = `${args.validator.toString()}-${args.offenseType}-${args.epochOrSlot}`;
+    return this.emittedOffenses.addIfAbsent(key);
+  }
+}

package/src/watchers/checkpoint_equivocation_watcher.ts

@@ -0,0 +1,96 @@
+import type { EpochCacheInterface } from '@aztec/epoch-cache';
+import { merge, pick } from '@aztec/foundation/collection';
+import { type Logger, createLogger } from '@aztec/foundation/log';
+import {
+  type CheckpointEquivocationDetectedEvent,
+  type L2BlockSourceEventEmitter,
+  L2BlockSourceEvents,
+} from '@aztec/stdlib/block';
+import type { SlasherConfig } from '@aztec/stdlib/interfaces/server';
+import { OffenseType, getOffenseTypeName } from '@aztec/stdlib/slashing';
+
+import EventEmitter from 'node:events';
+
+import { WANT_TO_SLASH_EVENT, type WantToSlashArgs, type Watcher, type WatcherEmitter } from '../watcher.js';
+
+const CheckpointEquivocationWatcherConfigKeys = ['slashDuplicateProposalPenalty'] as const;
+
+type CheckpointEquivocationWatcherConfig = Pick<
+  SlasherConfig,
+  (typeof CheckpointEquivocationWatcherConfigKeys)[number]
+>;
+
+type EquivocationEventSource = Pick<L2BlockSourceEventEmitter, 'events'>;
+type ProposerLookup = Pick<EpochCacheInterface, 'getProposerAttesterAddressInSlot'>;
+
+/**
+ * Slashes the slot proposer for DUPLICATE_PROPOSAL when the archiver detects that a
+ * locally-stored proposed checkpoint disagrees with the L1-confirmed checkpoint at the
+ * same slot. Both are signed by the slot proposer (the proposed one by accepting it via
+ * P2P or building it locally; the L1 one by submission), so the proposer equivocated.
+ */
+export class CheckpointEquivocationWatcher extends (EventEmitter as new () => WatcherEmitter) implements Watcher {
+  private readonly log: Logger = createLogger('checkpoint-equivocation-watcher');
+  private readonly handler: (args: CheckpointEquivocationDetectedEvent) => void;
+  private config: CheckpointEquivocationWatcherConfig;
+
+  constructor(
+    private readonly l2BlockSource: EquivocationEventSource,
+    private readonly epochCache: ProposerLookup,
+    config: CheckpointEquivocationWatcherConfig,
+  ) {
+    super();
+    this.config = pick(config, ...CheckpointEquivocationWatcherConfigKeys);
+    this.handler = event => {
+      this.onEquivocationDetected(event).catch(err =>
+        this.log.error('Failed to handle checkpoint equivocation event', err),
+      );
+    };
+    this.log.info('CheckpointEquivocationWatcher initialized');
+  }
+
+  public updateConfig(config: Partial<CheckpointEquivocationWatcherConfig>): void {
+    this.config = merge(this.config, pick(config, ...CheckpointEquivocationWatcherConfigKeys));
+    this.log.verbose('CheckpointEquivocationWatcher config updated', this.config);
+  }
+
+  public start(): Promise<void> {
+    this.l2BlockSource.events.on(L2BlockSourceEvents.CheckpointEquivocationDetected, this.handler);
+    return Promise.resolve();
+  }
+
+  public stop(): Promise<void> {
+    this.l2BlockSource.events.off(L2BlockSourceEvents.CheckpointEquivocationDetected, this.handler);
+    return Promise.resolve();
+  }
+
+  /** Public for tests. */
+  public async onEquivocationDetected(event: CheckpointEquivocationDetectedEvent): Promise<void> {
+    const proposer = await this.epochCache.getProposerAttesterAddressInSlot(event.slotNumber);
+    if (!proposer) {
+      this.log.warn(`Cannot attribute checkpoint equivocation: no proposer for slot ${event.slotNumber}`, {
+        slotNumber: event.slotNumber,
+        checkpointNumber: event.checkpointNumber,
+      });
+      return;
+    }
+
+    const slashArgs: WantToSlashArgs = {
+      validator: proposer,
+      amount: this.config.slashDuplicateProposalPenalty,
+      offenseType: OffenseType.DUPLICATE_PROPOSAL,
+      epochOrSlot: BigInt(event.slotNumber),
+    };
+
+    this.log.info(`Detected checkpoint equivocation offense`, {
+      slotNumber: event.slotNumber,
+      checkpointNumber: event.checkpointNumber,
+      amount: slashArgs.amount,
+      offenseType: getOffenseTypeName(slashArgs.offenseType),
+      l1ArchiveRoot: event.l1ArchiveRoot.toString(),
+      proposedArchiveRoot: event.proposedArchiveRoot.toString(),
+      validator: proposer.toString(),
+    });
+    this.emit(WANT_TO_SLASH_EVENT, [slashArgs]);
+  }
+}

package/src/watchers/data_withholding_watcher.ts

@@ -0,0 +1,225 @@
+import type { EpochCache } from '@aztec/epoch-cache';
+import { CheckpointProposalHash, SlotNumber } from '@aztec/foundation/branded-types';
+import { compactArray, merge, pick } from '@aztec/foundation/collection';
+import type { EthAddress } from '@aztec/foundation/eth-address';
+import { type Logger, createLogger } from '@aztec/foundation/log';
+import { RunningPromise } from '@aztec/foundation/promise';
+import type { L2BlockSource } from '@aztec/stdlib/block';
+import { getAttestationInfoFromPublishedCheckpoint } from '@aztec/stdlib/block';
+import type { CheckpointReexecutionTracker, PublishedCheckpoint } from '@aztec/stdlib/checkpoint';
+import type { ITxProvider, P2PApi, SlasherConfig } from '@aztec/stdlib/interfaces/server';
+import { ConsensusPayload, type CoordinationSignatureContext } from '@aztec/stdlib/p2p';
+import { OffenseType, getOffenseTypeName } from '@aztec/stdlib/slashing';
+import type { TxHash } from '@aztec/stdlib/tx';
+
+import EventEmitter from 'node:events';
+
+import { WANT_TO_SLASH_EVENT, type WantToSlashArgs, type Watcher, type WatcherEmitter } from '../watcher.js';
+
+const DataWithholdingWatcherConfigKeys = ['slashDataWithholdingPenalty', 'slashDataWithholdingToleranceSlots'] as const;
+
+type DataWithholdingWatcherConfig = Pick<SlasherConfig, (typeof DataWithholdingWatcherConfigKeys)[number]>;
+
+/**
+ * Detects data-withholding offenses by probing the local mempool for the txs in published
+ * checkpoints once they are old enough that an honest node should have collected them.
+ *
+ * Per AZIP-7: once `slashDataWithholdingToleranceSlots` full slots have elapsed after the
+ * checkpoint's slot — i.e. at `slotStart(checkpoint.slot + slashDataWithholdingToleranceSlots
+ * + 1)` — if any tx from the checkpoint's blocks is still missing locally, the checkpoint's
+ * attesters are considered at fault for not making the data available, and we emit a slash
+ * for them.
+ *
+ * The watcher ticks at quarter-eth-slot cadence (matching the Sentinel template). On boot it
+ * floors processing at the current slot — restart-time gaps are accepted and not back-filled,
+ * matching the Sentinel approach.
+ */
+export class DataWithholdingWatcher extends (EventEmitter as new () => WatcherEmitter) implements Watcher {
+  private runningPromise: RunningPromise;
+  private initialSlot: SlotNumber | undefined;
+  private lastCheckedSlot: SlotNumber | undefined;
+  private config: DataWithholdingWatcherConfig;
+
+  constructor(
+    private readonly epochCache: EpochCache,
+    private readonly l2BlockSource: Pick<L2BlockSource, 'getCheckpoint' | 'getSyncedL2SlotNumber'>,
+    private readonly txProvider: Pick<ITxProvider, 'hasTxs'>,
+    private readonly p2p: Pick<P2PApi, 'getCheckpointAttestationsForSlot'>,
+    private readonly reexecutionTracker: Pick<CheckpointReexecutionTracker, 'getTxsCollectedRecord'>,
+    private readonly signatureContext: CoordinationSignatureContext,
+    config: DataWithholdingWatcherConfig,
+    private readonly log: Logger = createLogger('data-withholding-watcher'),
+  ) {
+    super();
+    this.config = pick(config, ...DataWithholdingWatcherConfigKeys);
+    const interval = (epochCache.getL1Constants().ethereumSlotDuration * 1000) / 4;
+    this.runningPromise = new RunningPromise(this.work.bind(this), log, interval);
+    this.log.verbose(`DataWithholdingWatcher initialized`, this.config);
+  }
+
+  public async start(): Promise<void> {
+    // Floor processing at the archiver's synced slot rather than the wallclock — restart-time
+    // gaps before the archiver catches up are accepted and not back-filled. Falls back to the
+    // wallclock if the archiver isn't ready yet (cold start).
+    const syncedSlot = await this.l2BlockSource.getSyncedL2SlotNumber();
+    this.initialSlot = syncedSlot ?? this.epochCache.getSlotNow();
+    this.log.info(`Starting data-withholding watcher with initial slot ${this.initialSlot}`);
+    this.runningPromise.start();
+  }
+
+  public stop(): Promise<void> {
+    return this.runningPromise.stop();
+  }
+
+  public updateConfig(config: Partial<SlasherConfig>): void {
+    this.config = merge(this.config, pick(config, ...DataWithholdingWatcherConfigKeys));
+    this.log.verbose('DataWithholdingWatcher config updated', this.config);
+  }
+
+  /**
+   * Runs every tick. Walks newly-eligible slots and probes their checkpoints for data
+   * availability; emits a DATA_WITHHOLDING slash for any checkpoint whose txs are missing.
+   */
+  public async work(): Promise<void> {
+    if (this.initialSlot === undefined) {
+      return;
+    }
+
+    // tolerance is the number of full slots that must elapse after the checkpoint's slot
+    // before we declare its data missing. For checkpoint slot S, we therefore process S
+    // only once we are in slot `S + tolerance + 1` or later. Drive this off the archiver's
+    // synced slot rather than the wallclock so we don't make claims about slots we haven't
+    // fully ingested yet (archiver may lag behind L1).
+    const tolerance = this.config.slashDataWithholdingToleranceSlots;
+    const currentSlot = (await this.l2BlockSource.getSyncedL2SlotNumber()) ?? this.epochCache.getSlotNow();
+    if (currentSlot <= tolerance) {
+      return;
+    }
+
+    const targetSlot = SlotNumber(currentSlot - tolerance - 1);
+    if (targetSlot <= this.initialSlot) {
+      return;
+    }
+
+    const startSlot = this.lastCheckedSlot === undefined ? this.initialSlot : this.lastCheckedSlot;
+    for (let slot = SlotNumber(startSlot + 1); slot <= targetSlot; slot = SlotNumber(slot + 1)) {
+      try {
+        await this.processSlot(slot);
+      } catch (err) {
+        this.log.error(`Error processing slot ${slot} for data-withholding check`, err, { slot });
+      }
+      this.lastCheckedSlot = slot;
+    }
+  }
+
+  /** Probes the checkpoint at the given slot, if any, and emits a slash on missing txs. */
+  private async processSlot(slot: SlotNumber): Promise<void> {
+    const published = await this.l2BlockSource.getCheckpoint({ slot });
+    if (!published) {
+      this.log.trace(`No published checkpoint at slot ${slot}`, { slot });
+      return;
+    }
+
+    const checkpointNumber = published.checkpoint.number;
+
+    // Per-block tx-collection records (true | false | undefined) for every block in this
+    // published checkpoint. Captured by the validator's proposal handler at the moment of
+    // tx collection (i.e. by the *re-execution* deadline). Used as a positive short-circuit
+    // only: a `true` for every block means we know the data was available locally, so this
+    // checkpoint cannot be a data-withholding offense. A `false` does *not* trigger a slash
+    // on its own — the re-execution deadline is much earlier than the data-withholding
+    // tolerance window, so missing txs at that earlier deadline may still arrive in time.
+    // Anything other than all-true falls through to the mempool probe, which respects the
+    // tolerance window.
+    const collectionRecords = published.checkpoint.blocks.map((block, idx) =>
+      this.reexecutionTracker.getTxsCollectedRecord(block.header.getSlot(), idx),
+    );
+
+    if (collectionRecords.every(r => r === true)) {
+      this.log.trace(`All blocks for checkpoint at slot ${slot} were collected locally; skipping`, {
+        slot,
+        checkpointNumber,
+      });
+      return;
+    }
+
+    const txHashes: TxHash[] = published.checkpoint.blocks.flatMap(block =>
+      block.body.txEffects.map(txEffect => txEffect.txHash),
+    );
+
+    if (txHashes.length === 0) {
+      this.log.trace(`Checkpoint at slot ${slot} has no txs`, { slot });
+      return;
+    }
+
+    const availability = await this.txProvider.hasTxs(txHashes);
+    const missingTxs = txHashes.filter((_, i) => !availability[i]);
+    if (missingTxs.length === 0) {
+      this.log.trace(`All ${txHashes.length} txs available for checkpoint at slot ${slot}`, { slot });
+      return;
+    }
+
+    const attesters = await this.extractAttesters(published);
+
+    if (attesters.length === 0) {
+      this.log.warn(`Detected data withholding at slot ${slot} but no recoverable attesters`, {
+        slot,
+        checkpointNumber,
+        missingTxs: missingTxs.map(h => h.toString()),
+        records: collectionRecords,
+      });
+      return;
+    }
+
+    this.log.info(`Detected data withholding offense at slot ${slot}`, {
+      slot,
+      checkpointNumber,
+      amount: this.config.slashDataWithholdingPenalty,
+      offenseType: getOffenseTypeName(OffenseType.DATA_WITHHOLDING),
+      missingTxs: missingTxs.map(h => h.toString()),
+      records: collectionRecords,
+      attesters: attesters.map(a => a.toString()),
+    });
+
+    const args: WantToSlashArgs[] = attesters.map(validator => ({
+      validator,
+      amount: this.config.slashDataWithholdingPenalty,
+      offenseType: OffenseType.DATA_WITHHOLDING,
+      epochOrSlot: BigInt(slot),
+    }));
+    this.emit(WANT_TO_SLASH_EVENT, args);
+  }
+
+  /**
+   * Returns the union of:
+   *   1. attesters whose signatures landed in the published checkpoint on L1, and
+   *   2. attesters we observed signing the same proposal on p2p (the proposer publishes as
+   *      soon as it has hit committee quorum, so honest peer attestations that arrive after
+   *      that point are dropped — but they still vouched for the data and
+   *      should be slashed for withholding it).
+   *
+   *
+   * Exposed as protected so tests can substitute a deterministic recovery without having
+   * to construct real secp256k1 signatures.
+   */
+  protected async extractAttesters(published: PublishedCheckpoint): Promise<EthAddress[]> {
+    const fromL1 = getAttestationInfoFromPublishedCheckpoint(published, this.signatureContext)
+      .filter(info => info.status === 'recovered-from-signature')
+      .map(info => info.address);
+
+    const slot = published.checkpoint.header.slotNumber;
+    const proposalPayloadHash = CheckpointProposalHash.fromBuffer(
+      ConsensusPayload.fromCheckpoint(published.checkpoint, this.signatureContext).getPayloadHash(),
+    );
+    const fromP2p = await this.p2p
+      .getCheckpointAttestationsForSlot(slot, proposalPayloadHash)
+      .then(attestations => attestations.map(a => a.getSender()));
+
+    // Dedupe
+    const all = new Map<string, EthAddress>();
+    for (const addr of compactArray([...fromL1, ...fromP2p])) {
+      all.set(addr.toString(), addr);
+    }
+    return [...all.values()];
+  }
+}