@aztec/validator-client 0.0.0-test.1 → 0.0.1-commit.1142ef1

package/src/key_store/web3signer_key_store.ts

@@ -0,0 +1,192 @@
+import type { Buffer32 } from '@aztec/foundation/buffer';
+import { normalizeSignature } from '@aztec/foundation/crypto/secp256k1-signer';
+import { EthAddress } from '@aztec/foundation/eth-address';
+import { Signature } from '@aztec/foundation/eth-signature';
+
+import type { TypedDataDefinition } from 'viem';
+
+import type { ValidatorKeyStore } from './interface.js';
+
+/**
+ * Web3Signer Key Store
+ *
+ * An implementation of the Key store using Web3Signer remote signing service.
+ * This implementation uses the Web3Signer JSON-RPC API for secp256k1 signatures.
+ */
+export class Web3SignerKeyStore implements ValidatorKeyStore {
+  constructor(
+    private addresses: EthAddress[],
+    private baseUrl: string,
+  ) {}
+
+  /**
+   * Get the address of a signer by index
+   *
+   * @param index - The index of the signer
+   * @returns the address
+   */
+  public getAddress(index: number): EthAddress {
+    if (index >= this.addresses.length) {
+      throw new Error(`Index ${index} is out of bounds.`);
+    }
+    return this.addresses[index];
+  }
+
+  /**
+   * Get all addresses
+   *
+   * @returns all addresses
+   */
+  public getAddresses(): EthAddress[] {
+    return this.addresses;
+  }
+
+  /**
+   * Sign EIP-712 typed data with all keystore addresses
+   * @param typedData - The complete EIP-712 typed data structure (domain, types, primaryType, message)
+   * @return signatures
+   */
+  public signTypedData(typedData: TypedDataDefinition): Promise<Signature[]> {
+    return Promise.all(this.addresses.map(address => this.makeJsonRpcSignTypedDataRequest(address, typedData)));
+  }
+
+  /**
+   * Sign EIP-712 typed data with a specific address
+   * @param address - The address of the signer to use
+   * @param typedData - The complete EIP-712 typed data structure (domain, types, primaryType, message)
+   * @returns signature for the specified address
+   * @throws Error if the address is not found in the keystore or signing fails
+   */
+  public async signTypedDataWithAddress(address: EthAddress, typedData: TypedDataDefinition): Promise<Signature> {
+    if (!this.addresses.some(addr => addr.equals(address))) {
+      throw new Error(`Address ${address.toString()} not found in keystore`);
+    }
+
+    return await this.makeJsonRpcSignTypedDataRequest(address, typedData);
+  }
+
+  /**
+   * Sign a message with all keystore addresses using EIP-191 prefix
+   *
+   * @param message - The message to sign
+   * @return signatures
+   */
+  public signMessage(message: Buffer32): Promise<Signature[]> {
+    return Promise.all(this.addresses.map(address => this.makeJsonRpcSignRequest(address, message)));
+  }
+
+  /**
+   * Sign a message with a specific address using EIP-191 prefix
+   * @param address - The address of the signer to use
+   * @param message - The message to sign
+   * @returns signature for the specified address
+   * @throws Error if the address is not found in the keystore or signing fails
+   */
+  public async signMessageWithAddress(address: EthAddress, message: Buffer32): Promise<Signature> {
+    if (!this.addresses.some(addr => addr.equals(address))) {
+      throw new Error(`Address ${address.toString()} not found in keystore`);
+    }
+    return await this.makeJsonRpcSignRequest(address, message);
+  }
+
+  /**
+   * Make a JSON-RPC sign request to Web3Signer using eth_sign
+   * @param address - The Ethereum address to sign with
+   * @param data - The data to sign
+   * @returns The signature
+   */
+  private async makeJsonRpcSignRequest(address: EthAddress, data: Buffer32): Promise<Signature> {
+    const url = this.baseUrl;
+
+    // Use JSON-RPC eth_sign method which automatically applies Ethereum message prefixing
+    const body = {
+      jsonrpc: '2.0',
+      method: 'eth_sign',
+      params: [
+        address.toString(), // Ethereum address as identifier
+        data.toString(), // Raw data to sign (eth_sign will apply Ethereum message prefix)
+      ],
+      id: 1,
+    };
+
+    const response = await fetch(url, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(body),
+    });
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      throw new Error(`Web3Signer request failed: ${response.status} ${response.statusText} - ${errorText}`);
+    }
+
+    const result = await response.json();
+
+    // Handle JSON-RPC response format
+    if (result.error) {
+      throw new Error(`Web3Signer JSON-RPC error: ${result.error.code} - ${result.error.message}`);
+    }
+
+    if (!result.result) {
+      throw new Error('Invalid response from Web3Signer: no result found');
+    }
+
+    let signatureHex = result.result;
+
+    // Ensure the signature has the 0x prefix
+    if (!signatureHex.startsWith('0x')) {
+      signatureHex = '0x' + signatureHex;
+    }
+
+    // Parse the signature from the hex string
+    return normalizeSignature(Signature.fromString(signatureHex as `0x${string}`));
+  }
+
+  private async makeJsonRpcSignTypedDataRequest(
+    address: EthAddress,
+    typedData: TypedDataDefinition,
+  ): Promise<Signature> {
+    const url = this.baseUrl;
+
+    const body = {
+      jsonrpc: '2.0',
+      method: 'eth_signTypedData',
+      params: [address.toString(), JSON.stringify(typedData)],
+      id: 1,
+    };
+
+    const response = await fetch(url, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(body),
+    });
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      throw new Error(`Web3Signer request failed: ${response.status} ${response.statusText} - ${errorText}`);
+    }
+
+    const result = await response.json();
+
+    if (result.error) {
+      throw new Error(`Web3Signer JSON-RPC error: ${result.error.code} - ${result.error.message}`);
+    }
+
+    if (!result.result) {
+      throw new Error('Invalid response from Web3Signer: no result found');
+    }
+
+    let signatureHex = result.result;
+
+    // Ensure the signature has the 0x prefix
+    if (!signatureHex.startsWith('0x')) {
+      signatureHex = '0x' + signatureHex;
+    }
+
+    return normalizeSignature(Signature.fromString(signatureHex as `0x${string}`));
+  }
+}

package/src/metrics.ts

@@ -2,49 +2,73 @@ import type { BlockProposal } from '@aztec/stdlib/p2p';
 import {
   Attributes,
   type Gauge,
+  type Histogram,
   Metrics,
   type TelemetryClient,
   type UpDownCounter,
-  ValueType,
 } from '@aztec/telemetry-client';
 
 export class ValidatorMetrics {
-  private reExecutionTime: Gauge;
   private failedReexecutionCounter: UpDownCounter;
+  private successfulAttestationsCount: UpDownCounter;
+  private failedAttestationsBadProposalCount: UpDownCounter;
+  private failedAttestationsNodeIssueCount: UpDownCounter;
+
+  private reexMana: Histogram;
+  private reexTx: Histogram;
+  private reexDuration: Gauge;
 
   constructor(telemetryClient: TelemetryClient) {
     const meter = telemetryClient.getMeter('Validator');
 
-    this.failedReexecutionCounter = meter.createUpDownCounter(Metrics.VALIDATOR_FAILED_REEXECUTION_COUNT, {
-      description: 'The number of failed re-executions',
-      unit: 'count',
-      valueType: ValueType.INT,
-    });
+    this.failedReexecutionCounter = meter.createUpDownCounter(Metrics.VALIDATOR_FAILED_REEXECUTION_COUNT);
 
-    this.reExecutionTime = meter.createGauge(Metrics.VALIDATOR_RE_EXECUTION_TIME, {
-      description: 'The time taken to re-execute a transaction',
-      unit: 'ms',
-      valueType: ValueType.DOUBLE,
-    });
-  }
+    this.successfulAttestationsCount = meter.createUpDownCounter(Metrics.VALIDATOR_ATTESTATION_SUCCESS_COUNT);
+
+    this.failedAttestationsBadProposalCount = meter.createUpDownCounter(
+      Metrics.VALIDATOR_ATTESTATION_FAILED_BAD_PROPOSAL_COUNT,
+    );
+
+    this.failedAttestationsNodeIssueCount = meter.createUpDownCounter(
+      Metrics.VALIDATOR_ATTESTATION_FAILED_NODE_ISSUE_COUNT,
+    );
+
+    this.reexMana = meter.createHistogram(Metrics.VALIDATOR_RE_EXECUTION_MANA);
+
+    this.reexTx = meter.createHistogram(Metrics.VALIDATOR_RE_EXECUTION_TX_COUNT);
 
-  public reExecutionTimer(): () => void {
-    const start = performance.now();
-    return () => {
-      const end = performance.now();
-      this.recordReExecutionTime(end - start);
-    };
+    this.reexDuration = meter.createGauge(Metrics.VALIDATOR_RE_EXECUTION_TIME);
   }
 
-  public recordReExecutionTime(time: number) {
-    this.reExecutionTime.record(time);
+  public recordReex(time: number, txs: number, mManaTotal: number) {
+    this.reexDuration.record(Math.ceil(time));
+    this.reexTx.record(txs);
+    this.reexMana.record(mManaTotal);
   }
 
-  public async recordFailedReexecution(proposal: BlockProposal) {
+  public recordFailedReexecution(proposal: BlockProposal) {
+    const proposer = proposal.getSender();
     this.failedReexecutionCounter.add(1, {
       [Attributes.STATUS]: 'failed',
-      [Attributes.BLOCK_NUMBER]: proposal.payload.header.globalVariables.blockNumber.toString(),
-      [Attributes.BLOCK_PROPOSER]: (await proposal.getSender())?.toString(),
+      [Attributes.BLOCK_PROPOSER]: proposer?.toString() ?? 'unknown',
+    });
+  }
+
+  public incSuccessfulAttestations(num: number) {
+    this.successfulAttestationsCount.add(num);
+  }
+
+  public incFailedAttestationsBadProposal(num: number, reason: string, inCommittee: boolean) {
+    this.failedAttestationsBadProposalCount.add(num, {
+      [Attributes.ERROR_TYPE]: reason,
+      [Attributes.IS_COMMITTEE_MEMBER]: inCommittee,
+    });
+  }
+
+  public incFailedAttestationsNodeIssue(num: number, reason: string, inCommittee: boolean) {
+    this.failedAttestationsNodeIssueCount.add(num, {
+      [Attributes.ERROR_TYPE]: reason,
+      [Attributes.IS_COMMITTEE_MEMBER]: inCommittee,
     });
   }
 }

package/src/tx_validator/index.ts

@@ -0,0 +1,2 @@
+export * from './nullifier_cache.js';
+export * from './tx_validator_factory.js';

package/src/tx_validator/nullifier_cache.ts

@@ -0,0 +1,30 @@
+import type { NullifierSource } from '@aztec/p2p';
+import type { MerkleTreeReadOperations } from '@aztec/stdlib/interfaces/server';
+import { MerkleTreeId } from '@aztec/stdlib/trees';
+
+/**
+ * Implements a nullifier source by checking a DB and an in-memory collection.
+ * Intended for validating transactions as they are added to a block.
+ */
+export class NullifierCache implements NullifierSource {
+  nullifiers: Set<string>;
+
+  constructor(private db: MerkleTreeReadOperations) {
+    this.nullifiers = new Set();
+  }
+
+  public async nullifiersExist(nullifiers: Buffer[]): Promise<boolean[]> {
+    const cacheResults = nullifiers.map(n => this.nullifiers.has(n.toString()));
+    const toCheckDb = nullifiers.filter((_n, index) => !cacheResults[index]);
+    const dbHits = await this.db.findLeafIndices(MerkleTreeId.NULLIFIER_TREE, toCheckDb);
+
+    let dbIndex = 0;
+    return nullifiers.map((_n, index) => cacheResults[index] || dbHits[dbIndex++] !== undefined);
+  }
+
+  public addNullifiers(nullifiers: Buffer[]) {
+    for (const nullifier of nullifiers) {
+      this.nullifiers.add(nullifier.toString());
+    }
+  }
+}

package/src/tx_validator/tx_validator_factory.ts

@@ -0,0 +1,133 @@
+import { BlockNumber } from '@aztec/foundation/branded-types';
+import { Fr } from '@aztec/foundation/curves/bn254';
+import { getVKTreeRoot } from '@aztec/noir-protocol-circuits-types/vk-tree';
+import {
+  AggregateTxValidator,
+  ArchiveCache,
+  BlockHeaderTxValidator,
+  DataTxValidator,
+  DoubleSpendTxValidator,
+  GasTxValidator,
+  MetadataTxValidator,
+  PhasesTxValidator,
+  TimestampTxValidator,
+  TxPermittedValidator,
+  TxProofValidator,
+} from '@aztec/p2p';
+import { ProtocolContractAddress, protocolContractsHash } from '@aztec/protocol-contracts';
+import type { ContractDataSource } from '@aztec/stdlib/contract';
+import type { GasFees } from '@aztec/stdlib/gas';
+import type {
+  AllowedElement,
+  ClientProtocolCircuitVerifier,
+  MerkleTreeReadOperations,
+  PublicProcessorValidator,
+} from '@aztec/stdlib/interfaces/server';
+import { DatabasePublicStateSource, type PublicStateSource } from '@aztec/stdlib/trees';
+import { GlobalVariables, type Tx, type TxValidator } from '@aztec/stdlib/tx';
+import type { UInt64 } from '@aztec/stdlib/types';
+
+import { NullifierCache } from './nullifier_cache.js';
+
+export function createValidatorForAcceptingTxs(
+  db: MerkleTreeReadOperations,
+  contractDataSource: ContractDataSource,
+  verifier: ClientProtocolCircuitVerifier | undefined,
+  {
+    l1ChainId,
+    rollupVersion,
+    setupAllowList,
+    gasFees,
+    skipFeeEnforcement,
+    timestamp,
+    blockNumber,
+    txsPermitted,
+  }: {
+    l1ChainId: number;
+    rollupVersion: number;
+    setupAllowList: AllowedElement[];
+    gasFees: GasFees;
+    skipFeeEnforcement?: boolean;
+    timestamp: UInt64;
+    blockNumber: BlockNumber;
+    txsPermitted: boolean;
+  },
+): TxValidator<Tx> {
+  const validators: TxValidator<Tx>[] = [
+    new TxPermittedValidator(txsPermitted),
+    new DataTxValidator(),
+    new MetadataTxValidator({
+      l1ChainId: new Fr(l1ChainId),
+      rollupVersion: new Fr(rollupVersion),
+      protocolContractsHash,
+      vkTreeRoot: getVKTreeRoot(),
+    }),
+    new TimestampTxValidator({
+      timestamp,
+      blockNumber,
+    }),
+    new DoubleSpendTxValidator(new NullifierCache(db)),
+    new PhasesTxValidator(contractDataSource, setupAllowList, timestamp),
+    new BlockHeaderTxValidator(new ArchiveCache(db)),
+  ];
+
+  if (!skipFeeEnforcement) {
+    validators.push(new GasTxValidator(new DatabasePublicStateSource(db), ProtocolContractAddress.FeeJuice, gasFees));
+  }
+
+  if (verifier) {
+    validators.push(new TxProofValidator(verifier));
+  }
+
+  return new AggregateTxValidator(...validators);
+}
+
+export function createValidatorForBlockBuilding(
+  db: MerkleTreeReadOperations,
+  contractDataSource: ContractDataSource,
+  globalVariables: GlobalVariables,
+  setupAllowList: AllowedElement[],
+): PublicProcessorValidator {
+  const nullifierCache = new NullifierCache(db);
+  const archiveCache = new ArchiveCache(db);
+  const publicStateSource = new DatabasePublicStateSource(db);
+
+  return {
+    preprocessValidator: preprocessValidator(
+      nullifierCache,
+      archiveCache,
+      publicStateSource,
+      contractDataSource,
+      globalVariables,
+      setupAllowList,
+    ),
+    nullifierCache,
+  };
+}
+
+function preprocessValidator(
+  nullifierCache: NullifierCache,
+  archiveCache: ArchiveCache,
+  publicStateSource: PublicStateSource,
+  contractDataSource: ContractDataSource,
+  globalVariables: GlobalVariables,
+  setupAllowList: AllowedElement[],
+): TxValidator<Tx> {
+  // We don't include the TxProofValidator nor the DataTxValidator here because they are already checked by the time we get to block building.
+  return new AggregateTxValidator(
+    new MetadataTxValidator({
+      l1ChainId: globalVariables.chainId,
+      rollupVersion: globalVariables.version,
+      protocolContractsHash,
+      vkTreeRoot: getVKTreeRoot(),
+    }),
+    new TimestampTxValidator({
+      timestamp: globalVariables.timestamp,
+      blockNumber: globalVariables.blockNumber,
+    }),
+    new DoubleSpendTxValidator(nullifierCache),
+    new PhasesTxValidator(contractDataSource, setupAllowList, globalVariables.timestamp),
+    new GasTxValidator(publicStateSource, ProtocolContractAddress.FeeJuice, globalVariables.gasFees),
+    new BlockHeaderTxValidator(archiveCache),
+  );
+}