@aztec/slasher 0.0.1-commit.96bb3f7 → 0.0.1-commit.993d240

package/src/stores/offenses_store.ts

@@ -1,5 +1,5 @@
 import { createLogger } from '@aztec/aztec.js/log';
-import type { AztecAsyncKVStore, AztecAsyncMap, AztecAsyncMultiMap, AztecAsyncSet } from '@aztec/kv-store';
+import type { AztecAsyncKVStore, AztecAsyncMap, AztecAsyncMultiMap } from '@aztec/kv-store';
 import {
   type Offense,
   type OffenseIdentifier,
@@ -10,14 +10,15 @@ import {
 
 export const SCHEMA_VERSION = 1;
 
+type ClearOffensesFilter = Pick<Offense, 'offenseType' | 'epochOrSlot'> & {
+  validators?: Offense['validator'][];
+};
+
 export class SlasherOffensesStore {
   /** Map from offense key to offense data */
   private offenses: AztecAsyncMap<string, Buffer>;
 
-  /** Map from offense key to whether the offense has been executed (only used for empire based slashing) */
-  private offensesSlashed: AztecAsyncSet<string>;
-
-  /** Multimap from round to offense keys (only used for consensus based slashing) */
+  /** Multimap from round to offense keys */
   private roundsOffenses: AztecAsyncMultiMap<string, string>;
 
   private log = createLogger('slasher:store:offenses');
@@ -32,18 +33,13 @@ export class SlasherOffensesStore {
   ) {
     this.offenses = kvStore.openMap('offenses');
     this.roundsOffenses = kvStore.openMultiMap('rounds-offenses');
-    this.offensesSlashed = kvStore.openSet('offenses-slashed');
   }
 
-  /** Returns all offenses not marked as slashed */
-  public async getPendingOffenses(): Promise<Offense[]> {
+  /** Returns all offenses */
+  public async getOffenses(): Promise<Offense[]> {
     const offenses: Offense[] = [];
-    for await (const [key, buffer] of this.offenses.entriesAsync()) {
-      if (await this.offensesSlashed.hasAsync(key)) {
-        continue; // Skip executed offenses
-      }
-      const offense = deserializeOffense(buffer);
-      offenses.push(offense);
+    for await (const [, buffer] of this.offenses.entriesAsync()) {
+      offenses.push(deserializeOffense(buffer));
     }
     return offenses;
   }
@@ -61,34 +57,68 @@ export class SlasherOffensesStore {
     return offenses;
   }
 
-  /** Returns whether an offense is pending (ie not marked as slashed) */
-  public async hasPendingOffense(offense: OffenseIdentifier): Promise<boolean> {
-    const key = this.getOffenseKey(offense);
-    return (await this.offenses.getAsync(key)) !== undefined && !(await this.offensesSlashed.hasAsync(key));
-  }
-
   /** Returns whether we have seen this offense */
   public async hasOffense(offense: OffenseIdentifier): Promise<boolean> {
     const key = this.getOffenseKey(offense);
     return (await this.offenses.getAsync(key)) !== undefined;
   }
 
-  /** Adds a new offense (defaults to pending, but will be slashed if markAsSlashed had been called for it) */
-  public async addPendingOffense(offense: Offense): Promise<void> {
+  /** Adds a new offense. Returns false if the offense is already pending. */
+  public async addOffense(offense: Offense): Promise<boolean> {
     const key = this.getOffenseKey(offense);
-    await this.offenses.set(key, serializeOffense(offense));
     const round = getRoundForOffense(offense, this.settings);
-    await this.roundsOffenses.set(this.getRoundKey(round), key);
-    this.log.trace(`Adding pending offense ${key} for round ${round}`);
+    const added = await this.kvStore.transactionAsync(async () => {
+      if ((await this.offenses.getAsync(key)) !== undefined) {
+        return false;
+      }
+
+      await this.offenses.set(key, serializeOffense(offense));
+      await this.roundsOffenses.set(this.getRoundKey(round), key);
+      return true;
+    });
+
+    if (added) {
+      this.log.trace(`Adding pending offense ${key} for round ${round}`);
+    }
+
+    return added;
   }
 
-  /** Marks the given offenses as slashed (regardless of whether they are known or not)  */
-  public async markAsSlashed(offenses: OffenseIdentifier[]): Promise<void> {
-    await this.kvStore.transactionAsync(async () => {
-      for (const offense of offenses) {
-        const key = this.getOffenseKey(offense);
-        await this.offensesSlashed.add(key);
+  /** Removes pending offenses matching the given offense type, epoch/slot, and optional validators. */
+  public async clearOffenses(filter: ClearOffensesFilter): Promise<number> {
+    return await this.kvStore.transactionAsync(async () => {
+      const offensesToClear = new Map<string, Offense>();
+
+      if (filter.validators && filter.validators.length > 0) {
+        for (const validator of filter.validators) {
+          const identifier = { validator, offenseType: filter.offenseType, epochOrSlot: filter.epochOrSlot };
+          const key = this.getOffenseKey(identifier);
+          const buffer = await this.offenses.getAsync(key);
+          if (buffer) {
+            offensesToClear.set(key, deserializeOffense(buffer));
+          }
+        }
+      } else {
+        for await (const [key, buffer] of this.offenses.entriesAsync()) {
+          const offense = deserializeOffense(buffer);
+          if (offense.offenseType === filter.offenseType && offense.epochOrSlot === filter.epochOrSlot) {
+            offensesToClear.set(key, offense);
+          }
+        }
       }
+
+      if (offensesToClear.size === 0) {
+        return 0;
+      }
+
+      for (const [key, offense] of offensesToClear) {
+        const round = getRoundForOffense(offense, this.settings);
+        await this.offenses.delete(key);
+        await this.roundsOffenses.deleteValue(this.getRoundKey(round), key);
+        this.log.trace(`Cleared pending offense ${key} for round ${round}`);
+      }
+
+      return offensesToClear.size;
     });
   }
 
@@ -104,34 +134,32 @@ export class SlasherOffensesStore {
       return 0; // Not enough rounds have passed to expire anything
     }
 
-    // Collect expired offenses and rounds
-    const expiredRoundKeys = new Set<string>();
-    const expiredOffenseKeys = new Set<string>();
-    for await (const [roundKey, offenseKey] of this.roundsOffenses.entriesAsync({
-      end: this.getRoundKey(expiredBefore),
-    })) {
-      expiredOffenseKeys.add(offenseKey);
-      expiredRoundKeys.add(roundKey);
-    }
+    return await this.kvStore.transactionAsync(async () => {
+      // Collect expired offenses and rounds
+      const expiredRoundKeys = new Set<string>();
+      const expiredOffenseKeys = new Set<string>();
+      for await (const [roundKey, offenseKey] of this.roundsOffenses.entriesAsync({
+        end: this.getRoundKey(expiredBefore),
+      })) {
+        expiredOffenseKeys.add(offenseKey);
+        expiredRoundKeys.add(roundKey);
+      }
 
-    if (expiredOffenseKeys.size === 0 && expiredRoundKeys.size === 0) {
-      return 0; // Nothing to clean up
-    }
+      if (expiredOffenseKeys.size === 0 && expiredRoundKeys.size === 0) {
+        return 0; // Nothing to clean up
+      }
 
-    // Remove expired stuff in a transaction
-    await this.kvStore.transactionAsync(async () => {
       for (const key of expiredOffenseKeys) {
         this.log.trace(`Deleting offense ${key}`);
         await this.offenses.delete(key);
-        await this.offensesSlashed.delete(key);
       }
       for (const roundKey of expiredRoundKeys) {
         this.log.trace(`Deleting round info for ${roundKey}`);
         await this.roundsOffenses.delete(roundKey);
       }
-    });
 
-    return expiredOffenseKeys.size;
+      return expiredOffenseKeys.size;
+    });
   }
 
   /** Generate a unique key for an offense */

package/src/watcher.ts

@@ -5,6 +5,7 @@ import { OffenseType } from '@aztec/stdlib/slashing';
 import type { SlasherConfig } from './config.js';
 
 export const WANT_TO_SLASH_EVENT = 'want-to-slash' as const;
+export const WANT_TO_CLEAR_SLASH_EVENT = 'want-to-clear-slash' as const;
 
 export interface WantToSlashArgs {
   validator: EthAddress;
@@ -13,9 +14,16 @@ export interface WantToSlashArgs {
   epochOrSlot: bigint; // Epoch number for epoch-based offenses, slot number for slot-based
 }
 
+export interface WantToClearSlashArgs {
+  offenseType: OffenseType;
+  epochOrSlot: bigint; // Epoch number for epoch-based offenses, slot number for slot-based
+  validators?: EthAddress[];
+}
+
 // Event map for specific, known events of a watcher
 export interface WatcherEventMap {
   [WANT_TO_SLASH_EVENT]: (args: WantToSlashArgs[]) => void;
+  [WANT_TO_CLEAR_SLASH_EVENT]: (args: WantToClearSlashArgs[]) => void;
 }
 
 export type WatcherEmitter = TypedEventEmitter<WatcherEventMap>;

package/src/watchers/attestations_block_watcher.ts

@@ -1,15 +1,16 @@
 import { EpochCache } from '@aztec/epoch-cache';
-import { SlotNumber } from '@aztec/foundation/branded-types';
+import { EpochNumber } from '@aztec/foundation/branded-types';
 import { merge, pick } from '@aztec/foundation/collection';
-import { type Logger, createLogger } from '@aztec/foundation/log';
+import { type Logger, type LoggerBindings, createLogger } from '@aztec/foundation/log';
 import {
+  type DescendentOfInvalidAttestationsCheckpointEvent,
   type InvalidCheckpointDetectedEvent,
   type L2BlockSourceEventEmitter,
   L2BlockSourceEvents,
   type ValidateCheckpointNegativeResult,
 } from '@aztec/stdlib/block';
-import type { CheckpointInfo } from '@aztec/stdlib/checkpoint';
-import { OffenseType } from '@aztec/stdlib/slashing';
+import { getEpochAtSlot } from '@aztec/stdlib/epoch-helpers';
+import { OffenseType, getOffenseTypeName } from '@aztec/stdlib/slashing';
 
 import EventEmitter from 'node:events';
 
@@ -17,27 +18,31 @@ import type { SlasherConfig } from '../config.js';
 import { WANT_TO_SLASH_EVENT, type WantToSlashArgs, type Watcher, type WatcherEmitter } from '../watcher.js';
 
 const AttestationsBlockWatcherConfigKeys = [
-  'slashAttestDescendantOfInvalidPenalty',
+  'slashProposeDescendantOfCheckpointWithInvalidAttestationsPenalty',
   'slashProposeInvalidAttestationsPenalty',
 ] as const;
 
 type AttestationsBlockWatcherConfig = Pick<SlasherConfig, (typeof AttestationsBlockWatcherConfigKeys)[number]>;
 
 /**
- * This watcher is responsible for detecting invalid blocks and creating slashing arguments for offenders.
- * An invalid block is one that doesn't have enough attestations or has incorrect attestations.
- * The proposer of an invalid block should be slashed.
- * If there's another block consecutive to the invalid one, its proposer and attestors should also be slashed.
+ * Watches the archiver for checkpoints whose publication is itself a slashable offense.
+ *
+ * Two cases are handled, both targeting the proposer of the offending checkpoint:
+ *
+ * - Invalid-attestations checkpoint: the proposer published a checkpoint to L1 whose
+ *   attestations are either insufficient (below quorum) or incorrect (signature from a
+ *   non-committee member, malformed signature, etc.). Slashed via
+ *   {@link OffenseType.PROPOSED_INSUFFICIENT_ATTESTATIONS} or
+ *   {@link OffenseType.PROPOSED_INCORRECT_ATTESTATIONS}.
+ *
+ * - Descendant of an invalid checkpoint: the proposer published a checkpoint that extends a
+ *   previously-rejected one. The descendant may itself have valid attestations, but it is still
+ *   unusable. Triggered by the archiver's  `CheckpointBuiltOnInvalidAncestorDetected` event
+ *   when the descendant has valid attestations (skipped before ingestion). Slashes the descendant's
+ *   proposer via {@link OffenseType.PROPOSED_DESCENDANT_OF_CHECKPOINT_WITH_INVALID_ATTESTATIONS}.
  */
 export class AttestationsBlockWatcher extends (EventEmitter as new () => WatcherEmitter) implements Watcher {
-  private log: Logger = createLogger('attestations-block-watcher');
-
-  // Only keep track of the last N invalid checkpoints
-  private maxInvalidCheckpoints = 100;
-
-  // All invalid archive roots seen
-  private invalidArchiveRoots: Set<string> = new Set();
-
+  private log: Logger;
   private config: AttestationsBlockWatcherConfig;
 
   private boundHandleInvalidCheckpoint = (event: InvalidCheckpointDetectedEvent) => {
@@ -51,12 +56,23 @@ export class AttestationsBlockWatcher extends (EventEmitter as new () => Watcher
     }
   };
 
+  private boundHandleDescendantOfInvalid = (event: DescendentOfInvalidAttestationsCheckpointEvent) => {
+    this.handleDescendantOfInvalid(event).catch(err => {
+      this.log.error('Error handling descendant of invalid checkpoint', err, {
+        checkpointNumber: event.checkpoint.checkpointNumber,
+        ancestorCheckpointNumber: event.ancestorCheckpointNumber,
+      });
+    });
+  };
+
   constructor(
     private l2BlockSource: L2BlockSourceEventEmitter,
     private epochCache: EpochCache,
     config: AttestationsBlockWatcherConfig,
+    bindings?: LoggerBindings,
   ) {
     super();
+    this.log = createLogger('slasher:attestations-block-watcher', bindings);
     this.config = pick(config, ...AttestationsBlockWatcherConfigKeys);
     this.log.info('AttestationsBlockWatcher initialized');
   }
@@ -67,98 +83,103 @@ export class AttestationsBlockWatcher extends (EventEmitter as new () => Watcher
   }
 
   public start() {
-    this.l2BlockSource.on(L2BlockSourceEvents.InvalidAttestationsCheckpointDetected, this.boundHandleInvalidCheckpoint);
+    this.l2BlockSource.events.on(
+      L2BlockSourceEvents.InvalidAttestationsCheckpointDetected,
+      this.boundHandleInvalidCheckpoint,
+    );
+    this.l2BlockSource.events.on(
+      L2BlockSourceEvents.DescendentOfInvalidAttestationsCheckpointDetected,
+      this.boundHandleDescendantOfInvalid,
+    );
     return Promise.resolve();
   }
 
   public stop() {
-    this.l2BlockSource.removeListener(
+    this.l2BlockSource.events.removeListener(
       L2BlockSourceEvents.InvalidAttestationsCheckpointDetected,
       this.boundHandleInvalidCheckpoint,
     );
+    this.l2BlockSource.events.removeListener(
+      L2BlockSourceEvents.DescendentOfInvalidAttestationsCheckpointDetected,
+      this.boundHandleDescendantOfInvalid,
+    );
     return Promise.resolve();
   }
 
-  private handleInvalidCheckpoint(event: InvalidCheckpointDetectedEvent): void {
+  /** Event handler for invalid checkpoints as reported by the archiver. Public for testing purposes. */
+  public handleInvalidCheckpoint(event: InvalidCheckpointDetectedEvent): void {
     const { validationResult } = event;
-    const checkpoint = validationResult.checkpoint;
-
-    // Check if we already have processed this checkpoint, archiver may emit the same event multiple times
-    if (this.invalidArchiveRoots.has(checkpoint.archive.toString())) {
-      this.log.trace(`Already processed invalid checkpoint ${checkpoint.checkpointNumber}`);
-      return;
-    }
+    const { reason, checkpoint } = validationResult;
 
     this.log.verbose(`Detected invalid checkpoint ${checkpoint.checkpointNumber}`, {
       ...checkpoint,
       reason: validationResult.valid === false ? validationResult.reason : 'unknown',
     });
 
-    // Store the invalid checkpoint
-    this.addInvalidCheckpoint(event.validationResult.checkpoint);
+    const { checkpointNumber, slotNumber: slot } = checkpoint;
+    const epochCommitteeInfo = { ...validationResult, isEscapeHatchOpen: false };
+    const proposer = this.epochCache.getProposerFromEpochCommittee(epochCommitteeInfo, slot);
 
-    // Slash the proposer of the invalid checkpoint
-    this.slashProposer(event.validationResult);
+    if (!proposer) {
+      this.log.warn(`No proposer found for checkpoint ${checkpointNumber} at slot ${slot}`);
+      return;
+    }
 
-    // Check if the parent of this checkpoint is invalid as well, if so, we will slash its attestors as well
-    this.slashAttestorsOnAncestorInvalid(event.validationResult);
-  }
+    const offense = this.getOffenseFromInvalidationReason(reason);
+    const amount = this.config.slashProposeInvalidAttestationsPenalty;
+    const args: WantToSlashArgs = {
+      validator: proposer,
+      amount,
+      offenseType: offense,
+      epochOrSlot: BigInt(slot),
+    };
 
-  private slashAttestorsOnAncestorInvalid(validationResult: ValidateCheckpointNegativeResult) {
-    const checkpoint = validationResult.checkpoint;
-
-    const parentArchive = checkpoint.lastArchive.toString();
-    if (this.invalidArchiveRoots.has(parentArchive)) {
-      const attestors = validationResult.attestors;
-      this.log.info(
-        `Want to slash attestors of checkpoint ${checkpoint.checkpointNumber} built on invalid checkpoint`,
-        {
-          ...checkpoint,
-          ...attestors,
-          parentArchive,
-        },
-      );
+    this.log.info(`Detected invalid attestations checkpoint proposer offense`, {
+      ...checkpoint,
+      reason,
+      validator: args.validator.toString(),
+      amount: args.amount,
+      offenseType: getOffenseTypeName(args.offenseType),
+      epochOrSlot: args.epochOrSlot,
+    });
 
-      this.emit(
-        WANT_TO_SLASH_EVENT,
-        attestors.map(attestor => ({
-          validator: attestor,
-          amount: this.config.slashAttestDescendantOfInvalidPenalty,
-          offenseType: OffenseType.ATTESTED_DESCENDANT_OF_INVALID,
-          epochOrSlot: BigInt(SlotNumber(checkpoint.slotNumber)),
-        })),
-      );
-    }
+    this.emit(WANT_TO_SLASH_EVENT, [args]);
   }
 
-  private slashProposer(validationResult: ValidateCheckpointNegativeResult) {
-    const { reason, checkpoint } = validationResult;
-    const checkpointNumber = checkpoint.checkpointNumber;
+  /**
+   * Event handler for valid-attestations checkpoints that build on a previously-rejected ancestor.
+   * The archiver emits this when ingesting the descendant, and we slash its proposer.
+   */
+  public async handleDescendantOfInvalid(event: DescendentOfInvalidAttestationsCheckpointEvent): Promise<void> {
+    const { checkpoint, ancestorCheckpointNumber, ancestorArchiveRoot } = event;
+
     const slot = checkpoint.slotNumber;
-    const epochCommitteeInfo = {
-      committee: validationResult.committee,
-      seed: validationResult.seed,
-      epoch: validationResult.epoch,
-    };
-    const proposer = this.epochCache.getProposerFromEpochCommittee(epochCommitteeInfo, slot);
+    const epoch = EpochNumber(getEpochAtSlot(slot, this.epochCache.getL1Constants()));
+    const epochCommitteeInfo = await this.epochCache.getCommitteeForEpoch(epoch);
+    const proposer = this.epochCache.getProposerFromEpochCommittee({ ...epochCommitteeInfo, epoch }, slot);
 
     if (!proposer) {
-      this.log.warn(`No proposer found for checkpoint ${checkpointNumber} at slot ${slot}`);
+      this.log.warn(
+        `No proposer found for invalid descendant checkpoint ${checkpoint.checkpointNumber} at slot ${slot}`,
+      );
       return;
     }
 
-    const offense = this.getOffenseFromInvalidationReason(reason);
-    const amount = this.config.slashProposeInvalidAttestationsPenalty;
     const args: WantToSlashArgs = {
       validator: proposer,
-      amount,
-      offenseType: offense,
+      amount: this.config.slashProposeDescendantOfCheckpointWithInvalidAttestationsPenalty,
+      offenseType: OffenseType.PROPOSED_DESCENDANT_OF_CHECKPOINT_WITH_INVALID_ATTESTATIONS,
       epochOrSlot: BigInt(slot),
     };
 
-    this.log.info(`Want to slash proposer of checkpoint ${checkpointNumber} due to ${reason}`, {
+    this.log.info(`Detected invalid descendant checkpoint proposer offense`, {
       ...checkpoint,
-      ...args,
+      ancestorCheckpointNumber,
+      ancestorArchiveRoot: ancestorArchiveRoot.toString(),
+      validator: args.validator.toString(),
+      amount: args.amount,
+      offenseType: getOffenseTypeName(args.offenseType),
+      epochOrSlot: args.epochOrSlot,
     });
 
     this.emit(WANT_TO_SLASH_EVENT, [args]);
@@ -176,14 +197,4 @@ export class AttestationsBlockWatcher extends (EventEmitter as new () => Watcher
       }
     }
   }
-
-  private addInvalidCheckpoint(checkpoint: CheckpointInfo) {
-    this.invalidArchiveRoots.add(checkpoint.archive.toString());
-
-    // Prune old entries if we exceed the maximum
-    if (this.invalidArchiveRoots.size > this.maxInvalidCheckpoints) {
-      const oldestKey = this.invalidArchiveRoots.keys().next().value!;
-      this.invalidArchiveRoots.delete(oldestKey);
-    }
-  }
 }

package/src/watchers/attested_invalid_proposal_watcher.ts

@@ -0,0 +1,168 @@
+import type { EpochCacheInterface } from '@aztec/epoch-cache';
+import { SlotNumber } from '@aztec/foundation/branded-types';
+import { merge, pick } from '@aztec/foundation/collection';
+import type { EthAddress } from '@aztec/foundation/eth-address';
+import { FifoSet } from '@aztec/foundation/fifo-set';
+import { type Logger, createLogger } from '@aztec/foundation/log';
+import { RunningPromise } from '@aztec/foundation/running-promise';
+import type { L2BlockSource } from '@aztec/stdlib/block';
+import type { P2PClient, SlasherConfig } from '@aztec/stdlib/interfaces/server';
+import type { CheckpointAttestation } from '@aztec/stdlib/p2p';
+import { OffenseType, getOffenseTypeName } from '@aztec/stdlib/slashing';
+
+import EventEmitter from 'node:events';
+
+import { WANT_TO_SLASH_EVENT, type WantToSlashArgs, type Watcher, type WatcherEmitter } from '../watcher.js';
+
+const AttestedInvalidProposalWatcherConfigKeys = ['slashAttestInvalidCheckpointProposalPenalty'] as const;
+
+const SCAN_SLOT_LAG = 1;
+const DEFAULT_SCAN_SLOT_LOOKBACK = 4;
+const MAX_TRACKED_BAD_ATTESTATIONS = 10_000;
+
+type AttestedInvalidProposalWatcherConfig = Pick<
+  SlasherConfig,
+  (typeof AttestedInvalidProposalWatcherConfigKeys)[number]
+>;
+
+type P2PCheckpointAttestationSource = Pick<P2PClient, 'getCheckpointAttestationsForSlot'>;
+
+type AttestedInvalidProposalWatcherOptions = {
+  scanSlotLookback?: number;
+  log?: Logger;
+};
+
+export type InvalidProposalSlotSource = {
+  hasInvalidProposals(slot: SlotNumber): boolean;
+  hasProposalEquivocation(slot: SlotNumber): boolean;
+};
+
+export class AttestedInvalidProposalWatcher extends (EventEmitter as new () => WatcherEmitter) implements Watcher {
+  private readonly log: Logger;
+  private readonly runningPromise: RunningPromise;
+  private readonly emittedOffenses = FifoSet.withLimit<string>(MAX_TRACKED_BAD_ATTESTATIONS);
+  private readonly scanSlotLookback: number;
+  private config: AttestedInvalidProposalWatcherConfig;
+  private lastScannedSlot: SlotNumber | undefined;
+
+  constructor(
+    private readonly p2pClient: P2PCheckpointAttestationSource,
+    private readonly invalidProposalSlotSource: InvalidProposalSlotSource,
+    private readonly l2BlockSource: Pick<L2BlockSource, 'getSyncedL2SlotNumber'>,
+    private readonly epochCache: Pick<EpochCacheInterface, 'getSlotNow' | 'getL1Constants'>,
+    config: AttestedInvalidProposalWatcherConfig,
+    options: AttestedInvalidProposalWatcherOptions = {},
+  ) {
+    super();
+    const constants = epochCache.getL1Constants();
+    this.log = options.log ?? createLogger('attested-invalid-proposal-watcher');
+    this.config = pick(config, ...AttestedInvalidProposalWatcherConfigKeys);
+    this.scanSlotLookback = Math.max(1, options.scanSlotLookback ?? DEFAULT_SCAN_SLOT_LOOKBACK);
+
+    const intervalMs = Math.max(1000, (constants.ethereumSlotDuration * 1000) / 4);
+    this.runningPromise = new RunningPromise(() => this.scan(), this.log, intervalMs);
+    this.log.info('AttestedInvalidProposalWatcher initialized', { scanSlotLookback: this.scanSlotLookback });
+  }
+
+  public updateConfig(config: Partial<SlasherConfig>): void {
+    this.config = merge(this.config, pick(config, ...AttestedInvalidProposalWatcherConfigKeys));
+    this.log.verbose('AttestedInvalidProposalWatcher config updated', this.config);
+  }
+
+  public start(): Promise<void> {
+    this.runningPromise.start();
+    return Promise.resolve();
+  }
+
+  public stop(): Promise<void> {
+    return this.runningPromise.stop();
+  }
+
+  public async scan(): Promise<void> {
+    const currentSlot = (await this.l2BlockSource.getSyncedL2SlotNumber()) ?? this.epochCache.getSlotNow();
+    // genesis
+    if (currentSlot <= SlotNumber(SCAN_SLOT_LAG)) {
+      return;
+    }
+
+    const newestSlotToConsider = SlotNumber(currentSlot - SCAN_SLOT_LAG);
+    const oldestSlot =
+      this.lastScannedSlot === undefined
+        ? SlotNumber(Math.max(0, newestSlotToConsider - this.scanSlotLookback + 1))
+        : SlotNumber(this.lastScannedSlot + 1);
+    if (oldestSlot > newestSlotToConsider) {
+      return;
+    }
+
+    for (let slot = oldestSlot; slot <= newestSlotToConsider; slot++) {
+      await this.scanSlot(slot);
+    }
+
+    this.lastScannedSlot = newestSlotToConsider;
+  }
+
+  /** Scans a single invalid-proposal slot. */
+  public async scanSlot(slot: SlotNumber): Promise<void> {
+    if (
+      this.invalidProposalSlotSource.hasProposalEquivocation(slot) ||
+      !this.invalidProposalSlotSource.hasInvalidProposals(slot)
+    ) {
+      return;
+    }
+
+    let attestations: CheckpointAttestation[];
+    try {
+      attestations = await this.p2pClient.getCheckpointAttestationsForSlot(slot);
+    } catch (err) {
+      this.log.warn('Error getting checkpoint attestations for invalid proposal slot', { err, slot });
+      return;
+    }
+
+    const slashArgs = attestations
+      .map(attestation => this.getSlashArgs(slot, attestation))
+      .filter((args): args is WantToSlashArgs => args !== undefined)
+      .filter(args => this.markAsNewOffense(args));
+
+    if (slashArgs.length === 0) {
+      return;
+    }
+
+    this.log.info('Detected attestations to invalid checkpoint proposal', {
+      slot,
+      offenses: slashArgs.map(args => ({
+        validator: args.validator.toString(),
+        amount: args.amount,
+        offenseType: getOffenseTypeName(args.offenseType),
+        epochOrSlot: args.epochOrSlot,
+      })),
+    });
+    this.emit(WANT_TO_SLASH_EVENT, slashArgs);
+  }
+
+  private getSlashArgs(slot: SlotNumber, attestation: CheckpointAttestation): WantToSlashArgs | undefined {
+    const attester = attestation.getSender();
+    if (!attester) {
+      this.log.warn('Cannot slash checkpoint attestation with invalid signature', {
+        slot,
+        archive: attestation.archive.toString(),
+      });
+      return undefined;
+    }
+
+    return this.getSlashArgsForAttester(slot, attester);
+  }
+
+  private getSlashArgsForAttester(slot: SlotNumber, attester: EthAddress): WantToSlashArgs {
+    return {
+      validator: attester,
+      amount: this.config.slashAttestInvalidCheckpointProposalPenalty,
+      offenseType: OffenseType.ATTESTED_TO_INVALID_CHECKPOINT_PROPOSAL,
+      epochOrSlot: BigInt(slot),
+    };
+  }
+
+  private markAsNewOffense(args: WantToSlashArgs): boolean {
+    const key = `${args.validator.toString()}-${args.offenseType}-${args.epochOrSlot}`;
+    return this.emittedOffenses.addIfAbsent(key);
+  }
+}