@aztec/validator-client 0.0.1-commit.1142ef1 → 0.0.1-commit.1bea0213

package/src/key_store/node_keystore_adapter.ts

@@ -6,6 +6,7 @@ import { KeystoreManager, loadKeystoreFile } from '@aztec/node-keystore';
 import type { EthRemoteSignerConfig } from '@aztec/node-keystore';
 import { AztecAddress } from '@aztec/stdlib/aztec-address';
 import { InvalidValidatorPrivateKeyError } from '@aztec/stdlib/validators';
+import type { SigningContext } from '@aztec/validator-ha-signer/types';
 
 import type { TypedDataDefinition } from 'viem';
 import { privateKeyToAccount } from 'viem/accounts';
@@ -230,9 +231,10 @@ export class NodeKeystoreAdapter implements ExtendedValidatorKeyStore {
   /**
    * Sign typed data with all attester signers across validators.
    * @param typedData EIP-712 typed data
+   * @param _context Signing context (ignored by NodeKeystoreAdapter, used for HA protection)
    * @returns Array of signatures in validator order, flattened
    */
-  async signTypedData(typedData: TypedDataDefinition): Promise<Signature[]> {
+  async signTypedData(typedData: TypedDataDefinition, _context: SigningContext): Promise<Signature[]> {
     const jobs: Promise<Signature>[] = [];
     for (const i of this.validatorIndices()) {
       const v = this.ensureValidator(i);
@@ -246,9 +248,10 @@ export class NodeKeystoreAdapter implements ExtendedValidatorKeyStore {
   /**
    * Sign a message with all attester signers across validators.
    * @param message 32-byte message (already hashed/padded as needed)
+   * @param _context Signing context (ignored by NodeKeystoreAdapter, used for HA protection)
    * @returns Array of signatures in validator order, flattened
    */
-  async signMessage(message: Buffer32): Promise<Signature[]> {
+  async signMessage(message: Buffer32, _context: SigningContext): Promise<Signature[]> {
     const jobs: Promise<Signature>[] = [];
     for (const i of this.validatorIndices()) {
       const v = this.ensureValidator(i);
@@ -264,10 +267,15 @@ export class NodeKeystoreAdapter implements ExtendedValidatorKeyStore {
    * Hydrates caches on-demand when the address is first seen.
    * @param address Address to sign with
    * @param typedData EIP-712 typed data
+   * @param _context Signing context (ignored by NodeKeystoreAdapter, used for HA protection)
    * @returns Signature from the signer matching the address
    * @throws Error when no signer exists for the address
    */
-  async signTypedDataWithAddress(address: EthAddress, typedData: TypedDataDefinition): Promise<Signature> {
+  async signTypedDataWithAddress(
+    address: EthAddress,
+    typedData: TypedDataDefinition,
+    _context: SigningContext,
+  ): Promise<Signature> {
     const entry = this.addressIndex.get(NodeKeystoreAdapter.key(address));
     if (entry) {
       return await this.keystoreManager.signTypedData(entry.signer, typedData);
@@ -290,10 +298,11 @@ export class NodeKeystoreAdapter implements ExtendedValidatorKeyStore {
    * Hydrates caches on-demand when the address is first seen.
    * @param address Address to sign with
    * @param message 32-byte message
+   * @param _context Signing context (ignored by NodeKeystoreAdapter, used for HA protection)
    * @returns Signature from the signer matching the address
    * @throws Error when no signer exists for the address
    */
-  async signMessageWithAddress(address: EthAddress, message: Buffer32): Promise<Signature> {
+  async signMessageWithAddress(address: EthAddress, message: Buffer32, _context: SigningContext): Promise<Signature> {
     const entry = this.addressIndex.get(NodeKeystoreAdapter.key(address));
     if (entry) {
       return await this.keystoreManager.signMessage(entry.signer, message);
@@ -372,4 +381,18 @@ export class NodeKeystoreAdapter implements ExtendedValidatorKeyStore {
     const validatorIndex = this.findValidatorIndexForAttester(attesterAddress);
     return this.keystoreManager.getEffectiveRemoteSignerConfig(validatorIndex, attesterAddress);
   }
+
+  /**
+   * Start the key store - no-op
+   */
+  start(): Promise<void> {
+    return Promise.resolve();
+  }
+
+  /**
+   * Stop the key store - no-op
+   */
+  stop(): Promise<void> {
+    return Promise.resolve();
+  }
 }

package/src/key_store/web3signer_key_store.ts

@@ -2,6 +2,7 @@ import type { Buffer32 } from '@aztec/foundation/buffer';
 import { normalizeSignature } from '@aztec/foundation/crypto/secp256k1-signer';
 import { EthAddress } from '@aztec/foundation/eth-address';
 import { Signature } from '@aztec/foundation/eth-signature';
+import type { SigningContext } from '@aztec/validator-ha-signer/types';
 
 import type { TypedDataDefinition } from 'viem';
 
@@ -44,9 +45,10 @@ export class Web3SignerKeyStore implements ValidatorKeyStore {
   /**
    * Sign EIP-712 typed data with all keystore addresses
    * @param typedData - The complete EIP-712 typed data structure (domain, types, primaryType, message)
+   * @param _context - Signing context (ignored by Web3SignerKeyStore, used for HA protection)
    * @return signatures
    */
-  public signTypedData(typedData: TypedDataDefinition): Promise<Signature[]> {
+  public signTypedData(typedData: TypedDataDefinition, _context: SigningContext): Promise<Signature[]> {
     return Promise.all(this.addresses.map(address => this.makeJsonRpcSignTypedDataRequest(address, typedData)));
   }
 
@@ -54,10 +56,15 @@ export class Web3SignerKeyStore implements ValidatorKeyStore {
    * Sign EIP-712 typed data with a specific address
    * @param address - The address of the signer to use
    * @param typedData - The complete EIP-712 typed data structure (domain, types, primaryType, message)
+   * @param _context - Signing context (ignored by Web3SignerKeyStore, used for HA protection)
    * @returns signature for the specified address
    * @throws Error if the address is not found in the keystore or signing fails
    */
-  public async signTypedDataWithAddress(address: EthAddress, typedData: TypedDataDefinition): Promise<Signature> {
+  public async signTypedDataWithAddress(
+    address: EthAddress,
+    typedData: TypedDataDefinition,
+    _context: SigningContext,
+  ): Promise<Signature> {
     if (!this.addresses.some(addr => addr.equals(address))) {
       throw new Error(`Address ${address.toString()} not found in keystore`);
     }
@@ -69,9 +76,10 @@ export class Web3SignerKeyStore implements ValidatorKeyStore {
    * Sign a message with all keystore addresses using EIP-191 prefix
    *
    * @param message - The message to sign
+   * @param _context - Signing context (ignored by Web3SignerKeyStore, used for HA protection)
    * @return signatures
    */
-  public signMessage(message: Buffer32): Promise<Signature[]> {
+  public signMessage(message: Buffer32, _context: SigningContext): Promise<Signature[]> {
     return Promise.all(this.addresses.map(address => this.makeJsonRpcSignRequest(address, message)));
   }
 
@@ -79,10 +87,15 @@ export class Web3SignerKeyStore implements ValidatorKeyStore {
    * Sign a message with a specific address using EIP-191 prefix
    * @param address - The address of the signer to use
    * @param message - The message to sign
+   * @param _context - Signing context (ignored by Web3SignerKeyStore, used for HA protection)
    * @returns signature for the specified address
    * @throws Error if the address is not found in the keystore or signing fails
    */
-  public async signMessageWithAddress(address: EthAddress, message: Buffer32): Promise<Signature> {
+  public async signMessageWithAddress(
+    address: EthAddress,
+    message: Buffer32,
+    _context: SigningContext,
+  ): Promise<Signature> {
     if (!this.addresses.some(addr => addr.equals(address))) {
       throw new Error(`Address ${address.toString()} not found in keystore`);
     }

package/src/tx_validator/tx_validator_factory.ts

@@ -10,6 +10,7 @@ import {
   GasTxValidator,
   MetadataTxValidator,
   PhasesTxValidator,
+  SizeTxValidator,
   TimestampTxValidator,
   TxPermittedValidator,
   TxProofValidator,
@@ -55,6 +56,7 @@ export function createValidatorForAcceptingTxs(
 ): TxValidator<Tx> {
   const validators: TxValidator<Tx>[] = [
     new TxPermittedValidator(txsPermitted),
+    new SizeTxValidator(),
     new DataTxValidator(),
     new MetadataTxValidator({
       l1ChainId: new Fr(l1ChainId),

package/src/validator.ts

@@ -1,7 +1,13 @@
 import type { BlobClientInterface } from '@aztec/blob-client/client';
 import { type Blob, getBlobsPerL1Block } from '@aztec/blob-lib';
 import type { EpochCache } from '@aztec/epoch-cache';
-import { BlockNumber, CheckpointNumber, EpochNumber, SlotNumber } from '@aztec/foundation/branded-types';
+import {
+  BlockNumber,
+  CheckpointNumber,
+  EpochNumber,
+  IndexWithinCheckpoint,
+  SlotNumber,
+} from '@aztec/foundation/branded-types';
 import { Fr } from '@aztec/foundation/curves/bn254';
 import { TimeoutError } from '@aztec/foundation/error';
 import type { EthAddress } from '@aztec/foundation/eth-address';
@@ -16,7 +22,8 @@ import type { P2P, PeerId, TxProvider } from '@aztec/p2p';
 import { AuthRequest, AuthResponse, BlockProposalValidator, ReqRespSubProtocol } from '@aztec/p2p';
 import { OffenseType, WANT_TO_SLASH_EVENT, type Watcher, type WatcherEmitter } from '@aztec/slasher';
 import type { AztecAddress } from '@aztec/stdlib/aztec-address';
-import type { CommitteeAttestationsAndSigners, L2BlockNew, L2BlockSink, L2BlockSource } from '@aztec/stdlib/block';
+import type { CommitteeAttestationsAndSigners, L2Block, L2BlockSink, L2BlockSource } from '@aztec/stdlib/block';
+import { getEpochAtSlot } from '@aztec/stdlib/epoch-helpers';
 import type {
   CreateCheckpointProposalLastBlockData,
   Validator,
@@ -36,6 +43,8 @@ import type { CheckpointHeader } from '@aztec/stdlib/rollup';
 import type { BlockHeader, CheckpointGlobalVariables, Tx } from '@aztec/stdlib/tx';
 import { AttestationTimeoutError } from '@aztec/stdlib/validators';
 import { type TelemetryClient, type Tracer, getTelemetryClient } from '@aztec/telemetry-client';
+import { createHASigner } from '@aztec/validator-ha-signer/factory';
+import { DutyType, type SigningContext } from '@aztec/validator-ha-signer/types';
 
 import { EventEmitter } from 'events';
 import type { TypedDataDefinition } from 'viem';
@@ -43,6 +52,8 @@ import type { TypedDataDefinition } from 'viem';
 import { BlockProposalHandler, type BlockProposalValidationFailureReason } from './block_proposal_handler.js';
 import type { FullNodeCheckpointsBuilder } from './checkpoint_builder.js';
 import { ValidationService } from './duties/validation_service.js';
+import { HAKeyStore } from './key_store/ha_key_store.js';
+import type { ExtendedValidatorKeyStore } from './key_store/interface.js';
 import { NodeKeystoreAdapter } from './key_store/node_keystore_adapter.js';
 import { ValidatorMetrics } from './metrics.js';
 
@@ -82,7 +93,7 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
   private validatedBlockSlots: Set<SlotNumber> = new Set();
 
   protected constructor(
-    private keyStore: NodeKeystoreAdapter,
+    private keyStore: ExtendedValidatorKeyStore,
     private epochCache: EpochCache,
     private p2pClient: P2P,
     private blockProposalHandler: BlockProposalHandler,
@@ -165,7 +176,7 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     }
   }
 
-  static new(
+  static async new(
     config: ValidatorClientFullConfig,
     checkpointsBuilder: FullNodeCheckpointsBuilder,
     worldState: WorldStateSynchronizer,
@@ -190,14 +201,26 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
       l1ToL2MessageSource,
       txProvider,
       blockProposalValidator,
+      epochCache,
       config,
       metrics,
       dateProvider,
       telemetry,
     );
 
+    let validatorKeyStore: ExtendedValidatorKeyStore = NodeKeystoreAdapter.fromKeyStoreManager(keyStoreManager);
+    if (config.haSigningEnabled) {
+      // If maxStuckDutiesAgeMs is not explicitly set, compute it from Aztec slot duration
+      const haConfig = {
+        ...config,
+        maxStuckDutiesAgeMs: config.maxStuckDutiesAgeMs ?? epochCache.getL1Constants().slotDuration * 2 * 1000,
+      };
+      const { signer } = await createHASigner(haConfig);
+      validatorKeyStore = new HAKeyStore(validatorKeyStore, signer);
+    }
+
     const validator = new ValidatorClient(
-      NodeKeystoreAdapter.fromKeyStoreManager(keyStoreManager),
+      validatorKeyStore,
       epochCache,
       p2pClient,
       blockProposalHandler,
@@ -224,8 +247,8 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     return this.blockProposalHandler;
   }
 
-  public signWithAddress(addr: EthAddress, msg: TypedDataDefinition) {
-    return this.keyStore.signTypedDataWithAddress(addr, msg);
+  public signWithAddress(addr: EthAddress, msg: TypedDataDefinition, context: SigningContext) {
+    return this.keyStore.signTypedDataWithAddress(addr, msg, context);
   }
 
   public getCoinbaseForAttestor(attestor: EthAddress): EthAddress {
@@ -250,6 +273,8 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
       return;
     }
 
+    await this.keyStore.start();
+
     await this.registerHandlers();
 
     const myAddresses = this.getValidatorAddresses();
@@ -265,6 +290,7 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
 
   public async stop() {
     await this.epochCacheUpdateLoop.stop();
+    await this.keyStore.stop();
   }
 
   /** Register handlers on the p2p client */
@@ -301,6 +327,11 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
    */
   async validateBlockProposal(proposal: BlockProposal, proposalSender: PeerId): Promise<boolean> {
     const slotNumber = proposal.slotNumber;
+
+    // Note: During escape hatch, we still want to "validate" proposals for observability,
+    // but we intentionally reject them and disable slashing invalid block and attestation flow.
+    const escapeHatchOpen = await this.epochCache.isEscapeHatchOpenAtSlot(slotNumber);
+
     const proposer = proposal.getSender();
 
     // Reject proposals with invalid signatures
@@ -334,7 +365,7 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     const validationResult = await this.blockProposalHandler.handleBlockProposal(
       proposal,
       proposalSender,
-      !!shouldReexecute,
+      !!shouldReexecute && !escapeHatchOpen,
     );
 
     if (!validationResult.isValid) {
@@ -359,6 +390,7 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
 
       // Slash invalid block proposals (can happen even when not in committee)
       if (
+        !escapeHatchOpen &&
         validationResult.reason &&
         SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT.includes(validationResult.reason) &&
         slashBroadcastedInvalidBlockPenalty > 0n
@@ -373,8 +405,14 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
       ...proposalInfo,
       inCommittee: partOfCommittee,
       fishermanMode: this.config.fishermanMode || false,
+      escapeHatchOpen,
     });
 
+    if (escapeHatchOpen) {
+      this.log.warn(`Escape hatch open for slot ${slotNumber}, rejecting block proposal`, proposalInfo);
+      return false;
+    }
+
     // TODO(palla/mbps): Remove this once checkpoint validation is stable.
     // Track that we successfully validated a block for this slot, so we can attest to checkpoint proposals for it.
     this.validatedBlockSlots.add(slotNumber);
@@ -395,6 +433,12 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     const slotNumber = proposal.slotNumber;
     const proposer = proposal.getSender();
 
+    // If escape hatch is open for this slot's epoch, do not attest.
+    if (await this.epochCache.isEscapeHatchOpenAtSlot(slotNumber)) {
+      this.log.warn(`Escape hatch open for slot ${slotNumber}, skipping checkpoint attestation handling`);
+      return undefined;
+    }
+
     // Reject proposals with invalid signatures
     if (!proposer) {
       this.log.warn(`Received checkpoint proposal with invalid signature for slot ${slotNumber}`);
@@ -531,16 +575,8 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
       return { isValid: false, reason: 'last_block_not_found' };
     }
 
-    // Get the last full block to determine checkpoint number
-    const lastBlock = await this.blockSource.getL2BlockNew(lastBlockHeader.getBlockNumber());
-    if (!lastBlock) {
-      this.log.warn(`Last block ${lastBlockHeader.getBlockNumber()} not found`, proposalInfo);
-      return { isValid: false, reason: 'last_block_not_found' };
-    }
-    const checkpointNumber = lastBlock.checkpointNumber;
-
     // Get all full blocks for the slot and checkpoint
-    const blocks = await this.getBlocksForSlot(slot, lastBlockHeader, checkpointNumber);
+    const blocks = await this.blockSource.getBlocksForSlot(slot);
     if (blocks.length === 0) {
       this.log.warn(`No blocks found for slot ${slot}`, proposalInfo);
       return { isValid: false, reason: 'no_blocks_for_slot' };
@@ -554,10 +590,20 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     // Get checkpoint constants from first block
     const firstBlock = blocks[0];
     const constants = this.extractCheckpointConstants(firstBlock);
+    const checkpointNumber = firstBlock.checkpointNumber;
 
     // Get L1-to-L2 messages for this checkpoint
     const l1ToL2Messages = await this.l1ToL2MessageSource.getL1ToL2Messages(checkpointNumber);
 
+    // Compute the previous checkpoint out hashes for the epoch.
+    // TODO: There can be a more efficient way to get the previous checkpoint out hashes without having to fetch the
+    // actual checkpoints and the blocks/txs in them.
+    const epoch = getEpochAtSlot(slot, this.epochCache.getL1Constants());
+    const previousCheckpoints = (await this.blockSource.getCheckpointsForEpoch(epoch))
+      .filter(b => b.number < checkpointNumber)
+      .sort((a, b) => a.number - b.number);
+    const previousCheckpointOutHashes = previousCheckpoints.map(c => c.getCheckpointOutHash());
+
     // Fork world state at the block before the first block
     const parentBlockNumber = BlockNumber(firstBlock.number - 1);
     const fork = await this.worldState.fork(parentBlockNumber);
@@ -568,6 +614,7 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
         checkpointNumber,
         constants,
         l1ToL2Messages,
+        previousCheckpointOutHashes,
         fork,
         blocks,
       );
@@ -595,6 +642,18 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
         return { isValid: false, reason: 'archive_mismatch' };
       }
 
+      // Check that the accumulated out hash matches the value in the proposal.
+      const computedOutHash = computedCheckpoint.getCheckpointOutHash();
+      const proposalOutHash = proposal.checkpointHeader.epochOutHash;
+      if (!computedOutHash.equals(proposalOutHash)) {
+        this.log.warn(`Epoch out hash mismatch`, {
+          proposalOutHash: proposalOutHash.toString(),
+          computedOutHash: computedOutHash.toString(),
+          ...proposalInfo,
+        });
+        return { isValid: false, reason: 'out_hash_mismatch' };
+      }
+
       this.log.verbose(`Checkpoint proposal validation successful for slot ${slot}`, proposalInfo);
       return { isValid: true };
     } finally {
@@ -602,50 +661,10 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     }
   }
 
-  /**
-   * Get all full blocks for a given slot and checkpoint by walking backwards from the last block.
-   * Returns blocks in ascending order (earliest to latest).
-   * TODO(palla/mbps): Add getL2BlocksForSlot() to L2BlockSource interface for efficiency.
-   */
-  private async getBlocksForSlot(
-    slot: SlotNumber,
-    lastBlockHeader: BlockHeader,
-    checkpointNumber: CheckpointNumber,
-  ): Promise<L2BlockNew[]> {
-    const blocks: L2BlockNew[] = [];
-    let currentHeader = lastBlockHeader;
-    const { genesisArchiveRoot } = await this.blockSource.getGenesisValues();
-
-    while (currentHeader.getSlot() === slot) {
-      const block = await this.blockSource.getL2BlockNew(currentHeader.getBlockNumber());
-      if (!block) {
-        this.log.warn(`Block ${currentHeader.getBlockNumber()} not found while getting blocks for slot ${slot}`);
-        break;
-      }
-      if (block.checkpointNumber !== checkpointNumber) {
-        break;
-      }
-      blocks.unshift(block);
-
-      const prevArchive = currentHeader.lastArchive.root;
-      if (prevArchive.equals(genesisArchiveRoot)) {
-        break;
-      }
-
-      const prevHeader = await this.blockSource.getBlockHeaderByArchive(prevArchive);
-      if (!prevHeader || prevHeader.getSlot() !== slot) {
-        break;
-      }
-      currentHeader = prevHeader;
-    }
-
-    return blocks;
-  }
-
   /**
    * Extract checkpoint global variables from a block.
    */
-  private extractCheckpointConstants(block: L2BlockNew): CheckpointGlobalVariables {
+  private extractCheckpointConstants(block: L2Block): CheckpointGlobalVariables {
     const gv = block.header.globalVariables;
     return {
       chainId: gv.chainId,
@@ -668,14 +687,7 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
         return;
       }
 
-      // Get the last full block to determine checkpoint number
-      const lastBlock = await this.blockSource.getL2BlockNew(lastBlockHeader.getBlockNumber());
-      if (!lastBlock) {
-        this.log.warn(`Failed to get last block for blob upload`, proposalInfo);
-        return;
-      }
-
-      const blocks = await this.getBlocksForSlot(proposal.slotNumber, lastBlockHeader, lastBlock.checkpointNumber);
+      const blocks = await this.blockSource.getBlocksForSlot(proposal.slotNumber);
       if (blocks.length === 0) {
         this.log.warn(`No blocks found for blob upload`, proposalInfo);
         return;
@@ -722,7 +734,7 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
 
   async createBlockProposal(
     blockHeader: BlockHeader,
-    indexWithinCheckpoint: number,
+    indexWithinCheckpoint: IndexWithinCheckpoint,
     inHash: Fr,
     archive: Fr,
     txs: Tx[],
@@ -778,8 +790,10 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
   async signAttestationsAndSigners(
     attestationsAndSigners: CommitteeAttestationsAndSigners,
     proposer: EthAddress,
+    slot: SlotNumber,
+    blockNumber: BlockNumber | CheckpointNumber,
   ): Promise<Signature> {
-    return await this.validationService.signAttestationsAndSigners(attestationsAndSigners, proposer);
+    return await this.validationService.signAttestationsAndSigners(attestationsAndSigners, proposer, slot, blockNumber);
   }
 
   async collectOwnAttestations(proposal: CheckpointProposal): Promise<CheckpointAttestation[]> {
@@ -886,7 +900,9 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     }
 
     const payloadToSign = authRequest.getPayloadToSign();
-    const signature = await this.keyStore.signMessageWithAddress(addressToUse, payloadToSign);
+    // AUTH_REQUEST doesn't require HA protection - multiple signatures are safe
+    const context: SigningContext = { dutyType: DutyType.AUTH_REQUEST };
+    const signature = await this.keyStore.signMessageWithAddress(addressToUse, payloadToSign, context);
     const authResponse = new AuthResponse(statusMessage, signature);
     return authResponse.toBuffer();
   }