@aztec/validator-client 0.0.1-commit.cd76b27 → 0.0.1-commit.ce4f8c4f2

package/dest/validator.js

@@ -9,11 +9,12 @@ import { sleep } from '@aztec/foundation/sleep';
 import { DateProvider } from '@aztec/foundation/timer';
 import { AuthRequest, AuthResponse, BlockProposalValidator, ReqRespSubProtocol } from '@aztec/p2p';
 import { OffenseType, WANT_TO_SLASH_EVENT } from '@aztec/slasher';
+import { validateCheckpoint } from '@aztec/stdlib/checkpoint';
 import { getEpochAtSlot, getTimestampForSlot } from '@aztec/stdlib/epoch-helpers';
 import { accumulateCheckpointOutHashes } from '@aztec/stdlib/messaging';
 import { AttestationTimeoutError } from '@aztec/stdlib/validators';
 import { getTelemetryClient } from '@aztec/telemetry-client';
-import { createHASigner } from '@aztec/validator-ha-signer/factory';
+import { createHASigner, createLocalSignerWithProtection, createSignerFromSharedDb } from '@aztec/validator-ha-signer/factory';
 import { DutyType } from '@aztec/validator-ha-signer/types';
 import { EventEmitter } from 'events';
 import { BlockProposalHandler } from './block_proposal_handler.js';
@@ -42,7 +43,7 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
     l1ToL2MessageSource;
     config;
     blobClient;
-    haSigner;
+    slashingProtectionSigner;
     dateProvider;
     tracer;
     validationService;
@@ -54,10 +55,11 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
     /** Tracks the last checkpoint proposal we created. */ lastProposedCheckpoint;
     lastEpochForCommitteeUpdateLoop;
     epochCacheUpdateLoop;
+    /** Tracks the last epoch in which each attester successfully submitted at least one attestation. */ lastAttestedEpochByAttester;
     proposersOfInvalidBlocks;
     /** Tracks the last checkpoint proposal we attested to, to prevent equivocation. */ lastAttestedProposal;
-    constructor(keyStore, epochCache, p2pClient, blockProposalHandler, blockSource, checkpointsBuilder, worldState, l1ToL2MessageSource, config, blobClient, haSigner, dateProvider = new DateProvider(), telemetry = getTelemetryClient(), log = createLogger('validator')){
-        super(), this.keyStore = keyStore, this.epochCache = epochCache, this.p2pClient = p2pClient, this.blockProposalHandler = blockProposalHandler, this.blockSource = blockSource, this.checkpointsBuilder = checkpointsBuilder, this.worldState = worldState, this.l1ToL2MessageSource = l1ToL2MessageSource, this.config = config, this.blobClient = blobClient, this.haSigner = haSigner, this.dateProvider = dateProvider, this.hasRegisteredHandlers = false, this.proposersOfInvalidBlocks = new Set();
+    constructor(keyStore, epochCache, p2pClient, blockProposalHandler, blockSource, checkpointsBuilder, worldState, l1ToL2MessageSource, config, blobClient, slashingProtectionSigner, dateProvider = new DateProvider(), telemetry = getTelemetryClient(), log = createLogger('validator')){
+        super(), this.keyStore = keyStore, this.epochCache = epochCache, this.p2pClient = p2pClient, this.blockProposalHandler = blockProposalHandler, this.blockSource = blockSource, this.checkpointsBuilder = checkpointsBuilder, this.worldState = worldState, this.l1ToL2MessageSource = l1ToL2MessageSource, this.config = config, this.blobClient = blobClient, this.slashingProtectionSigner = slashingProtectionSigner, this.dateProvider = dateProvider, this.hasRegisteredHandlers = false, this.lastAttestedEpochByAttester = new Map(), this.proposersOfInvalidBlocks = new Set();
         // Create child logger with fisherman prefix if in fisherman mode
         this.log = config.fishermanMode ? log.createChild('[FISHERMAN]') : log;
         this.tracer = telemetry.getTracer('Validator');
@@ -96,6 +98,7 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
                 this.log.trace(`No committee found for slot`);
                 return;
             }
+            this.metrics.setCurrentEpoch(epoch);
             if (epoch !== this.lastEpochForCommitteeUpdateLoop) {
                 const me = this.getValidatorAddresses();
                 const committeeSet = new Set(committee.map((v)=>v.toString()));
@@ -111,26 +114,42 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
             this.log.error(`Error updating epoch committee`, err);
         }
     }
-    static async new(config, checkpointsBuilder, worldState, epochCache, p2pClient, blockSource, l1ToL2MessageSource, txProvider, keyStoreManager, blobClient, dateProvider = new DateProvider(), telemetry = getTelemetryClient()) {
+    static async new(config, checkpointsBuilder, worldState, epochCache, p2pClient, blockSource, l1ToL2MessageSource, txProvider, keyStoreManager, blobClient, dateProvider = new DateProvider(), telemetry = getTelemetryClient(), slashingProtectionDb) {
         const metrics = new ValidatorMetrics(telemetry);
         const blockProposalValidator = new BlockProposalValidator(epochCache, {
-            txsPermitted: !config.disableTransactions
+            txsPermitted: !config.disableTransactions,
+            maxTxsPerBlock: config.validateMaxTxsPerBlock
         });
         const blockProposalHandler = new BlockProposalHandler(checkpointsBuilder, worldState, blockSource, l1ToL2MessageSource, txProvider, blockProposalValidator, epochCache, config, metrics, dateProvider, telemetry);
         const nodeKeystoreAdapter = NodeKeystoreAdapter.fromKeyStoreManager(keyStoreManager);
-        let validatorKeyStore = nodeKeystoreAdapter;
-        let haSigner;
-        if (config.haSigningEnabled) {
+        let slashingProtectionSigner;
+        if (slashingProtectionDb) {
+            // Shared database mode: use a pre-existing database (e.g. for testing HA setups).
+            ({ signer: slashingProtectionSigner } = createSignerFromSharedDb(slashingProtectionDb, config, {
+                telemetryClient: telemetry,
+                dateProvider
+            }));
+        } else if (config.haSigningEnabled) {
+            // Multi-node HA mode: use PostgreSQL-backed distributed locking.
             // If maxStuckDutiesAgeMs is not explicitly set, compute it from Aztec slot duration
             const haConfig = {
                 ...config,
                 maxStuckDutiesAgeMs: config.maxStuckDutiesAgeMs ?? epochCache.getL1Constants().slotDuration * 2 * 1000
             };
-            const { signer } = await createHASigner(haConfig);
-            haSigner = signer;
-            validatorKeyStore = new HAKeyStore(nodeKeystoreAdapter, signer);
-        }
-        const validator = new ValidatorClient(validatorKeyStore, epochCache, p2pClient, blockProposalHandler, blockSource, checkpointsBuilder, worldState, l1ToL2MessageSource, config, blobClient, haSigner, dateProvider, telemetry);
+            ({ signer: slashingProtectionSigner } = await createHASigner(haConfig, {
+                telemetryClient: telemetry,
+                dateProvider
+            }));
+        } else {
+            // Single-node mode: use LMDB-backed local signing protection.
+            // This prevents double-signing if the node crashes and restarts mid-proposal.
+            ({ signer: slashingProtectionSigner } = await createLocalSignerWithProtection(config, {
+                telemetryClient: telemetry,
+                dateProvider
+            }));
+        }
+        const validatorKeyStore = new HAKeyStore(nodeKeystoreAdapter, slashingProtectionSigner);
+        const validator = new ValidatorClient(validatorKeyStore, epochCache, p2pClient, blockProposalHandler, blockSource, checkpointsBuilder, worldState, l1ToL2MessageSource, config, blobClient, slashingProtectionSigner, dateProvider, telemetry);
         return validator;
     }
     getValidatorAddresses() {
@@ -158,17 +177,8 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
         };
     }
     reloadKeystore(newManager) {
-        if (this.config.haSigningEnabled && !this.haSigner) {
-            this.log.warn('HA signing is enabled in config but was not initialized at startup. ' + 'Restart the node to enable HA signing.');
-        } else if (!this.config.haSigningEnabled && this.haSigner) {
-            this.log.warn('HA signing was disabled via config update but the HA signer is still active. ' + 'Restart the node to fully disable HA signing.');
-        }
         const newAdapter = NodeKeystoreAdapter.fromKeyStoreManager(newManager);
-        if (this.haSigner) {
-            this.keyStore = new HAKeyStore(newAdapter, this.haSigner);
-        } else {
-            this.keyStore = newAdapter;
-        }
+        this.keyStore = new HAKeyStore(newAdapter, this.slashingProtectionSigner);
         this.validationService = new ValidationService(this.keyStore, this.log.createChild('validation-service'));
     }
     async start() {
@@ -231,13 +241,12 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
             this.log.warn(`Received block proposal with invalid signature for slot ${slotNumber}`);
             return false;
         }
-        // Ignore proposals from ourselves (may happen in HA setups)
+        // Log self-proposals from HA peers (same validator key on different nodes)
         if (this.getValidatorAddresses().some((addr)=>addr.equals(proposer))) {
-            this.log.warn(`Ignoring block proposal from self for slot ${slotNumber}`, {
+            this.log.verbose(`Processing block proposal from HA peer for slot ${slotNumber}`, {
                 proposer: proposer.toString(),
                 slotNumber
             });
-            return false;
         }
         // Check if we're in the committee (for metrics purposes)
         const inCommittee = await this.epochCache.filterInCommittee(slotNumber, this.getValidatorAddresses());
@@ -257,8 +266,8 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
         const shouldReexecute = fishermanMode || slashBroadcastedInvalidBlockPenalty > 0n && validatorReexecute || partOfCommittee && validatorReexecute || alwaysReexecuteBlockProposals || this.blobClient.canUpload();
         const validationResult = await this.blockProposalHandler.handleBlockProposal(proposal, proposalSender, !!shouldReexecute && !escapeHatchOpen);
         if (!validationResult.isValid) {
-            this.log.warn(`Block proposal validation failed: ${validationResult.reason}`, proposalInfo);
             const reason = validationResult.reason || 'unknown';
+            this.log.warn(`Block proposal validation failed: ${reason}`, proposalInfo);
             // Classify failure reason: bad proposal vs node issue
             const badProposalReasons = [
                 'invalid_proposal',
@@ -298,48 +307,46 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
    * the lastBlock is extracted and processed separately via the block handler.
    * @returns Checkpoint attestations if valid, undefined otherwise
    */ async attestToCheckpointProposal(proposal, _proposalSender) {
-        const slotNumber = proposal.slotNumber;
+        const proposalSlotNumber = proposal.slotNumber;
         const proposer = proposal.getSender();
         // If escape hatch is open for this slot's epoch, do not attest.
-        if (await this.epochCache.isEscapeHatchOpenAtSlot(slotNumber)) {
-            this.log.warn(`Escape hatch open for slot ${slotNumber}, skipping checkpoint attestation handling`);
+        if (await this.epochCache.isEscapeHatchOpenAtSlot(proposalSlotNumber)) {
+            this.log.warn(`Escape hatch open for slot ${proposalSlotNumber}, skipping checkpoint attestation handling`);
             return undefined;
         }
         // Reject proposals with invalid signatures
         if (!proposer) {
-            this.log.warn(`Received checkpoint proposal with invalid signature for slot ${slotNumber}`);
+            this.log.warn(`Received checkpoint proposal with invalid signature for proposal slot ${proposalSlotNumber}`);
             return undefined;
         }
         // Ignore proposals from ourselves (may happen in HA setups)
         if (this.getValidatorAddresses().some((addr)=>addr.equals(proposer))) {
-            this.log.warn(`Ignoring block proposal from self for slot ${slotNumber}`, {
+            this.log.debug(`Ignoring block proposal from self for slot ${proposalSlotNumber}`, {
                 proposer: proposer.toString(),
-                slotNumber
+                proposalSlotNumber
             });
             return undefined;
         }
         // Validate fee asset price modifier is within allowed range
         if (!validateFeeAssetPriceModifier(proposal.feeAssetPriceModifier)) {
-            this.log.warn(`Received checkpoint proposal with invalid feeAssetPriceModifier ${proposal.feeAssetPriceModifier} for slot ${slotNumber}`);
+            this.log.warn(`Received checkpoint proposal with invalid feeAssetPriceModifier ${proposal.feeAssetPriceModifier} for slot ${proposalSlotNumber}`);
             return undefined;
         }
-        // Check that I have any address in current committee before attesting
-        const inCommittee = await this.epochCache.filterInCommittee(slotNumber, this.getValidatorAddresses());
+        // Check that I have any address in the committee where this checkpoint will land before attesting
+        const inCommittee = await this.epochCache.filterInCommittee(proposalSlotNumber, this.getValidatorAddresses());
         const partOfCommittee = inCommittee.length > 0;
         const proposalInfo = {
-            slotNumber,
+            proposalSlotNumber,
             archive: proposal.archive.toString(),
-            proposer: proposer.toString(),
-            txCount: proposal.txHashes.length
+            proposer: proposer.toString()
         };
-        this.log.info(`Received checkpoint proposal for slot ${slotNumber}`, {
+        this.log.info(`Received checkpoint proposal for slot ${proposalSlotNumber}`, {
             ...proposalInfo,
-            txHashes: proposal.txHashes.map((t)=>t.toString()),
             fishermanMode: this.config.fishermanMode || false
         });
         // Validate the checkpoint proposal before attesting (unless skipCheckpointProposalValidation is set)
         if (this.config.skipCheckpointProposalValidation) {
-            this.log.warn(`Skipping checkpoint proposal validation for slot ${slotNumber}`, proposalInfo);
+            this.log.warn(`Skipping checkpoint proposal validation for slot ${proposalSlotNumber}`, proposalInfo);
         } else {
             const validationResult = await this.validateCheckpointProposal(proposal, proposalInfo);
             if (!validationResult.isValid) {
@@ -358,12 +365,22 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
             return undefined;
         }
         // Provided all of the above checks pass, we can attest to the proposal
-        this.log.info(`${partOfCommittee ? 'Attesting to' : 'Validated'} checkpoint proposal for slot ${slotNumber}`, {
+        this.log.info(`${partOfCommittee ? 'Attesting to' : 'Validated'} checkpoint proposal for slot ${proposalSlotNumber}`, {
             ...proposalInfo,
             inCommittee: partOfCommittee,
             fishermanMode: this.config.fishermanMode || false
         });
         this.metrics.incSuccessfulAttestations(inCommittee.length);
+        // Track epoch participation per attester: count each (attester, epoch) pair at most once
+        const proposalEpoch = getEpochAtSlot(proposalSlotNumber, this.epochCache.getL1Constants());
+        for (const attester of inCommittee){
+            const key = attester.toString();
+            const lastEpoch = this.lastAttestedEpochByAttester.get(key);
+            if (lastEpoch === undefined || proposalEpoch > lastEpoch) {
+                this.lastAttestedEpochByAttester.set(key, proposalEpoch);
+                this.metrics.incAttestedEpochCount(attester);
+            }
+        }
         // Determine which validators should attest
         let attestors;
         if (partOfCommittee) {
@@ -380,7 +397,7 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
         }
         if (this.config.fishermanMode) {
             // bail out early and don't save attestations to the pool in fisherman mode
-            this.log.info(`Creating checkpoint attestations for slot ${slotNumber}`, {
+            this.log.info(`Creating checkpoint attestations for slot ${proposalSlotNumber}`, {
                 ...proposalInfo,
                 attestors: attestors.map((a)=>a.toString())
             });
@@ -534,6 +551,22 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
                     reason: 'out_hash_mismatch'
                 };
             }
+            // Final round of validations on the checkpoint, just in case.
+            try {
+                validateCheckpoint(computedCheckpoint, {
+                    rollupManaLimit: this.checkpointsBuilder.getConfig().rollupManaLimit,
+                    maxDABlockGas: this.config.validateMaxDABlockGas,
+                    maxL2BlockGas: this.config.validateMaxL2BlockGas,
+                    maxTxsPerBlock: this.config.validateMaxTxsPerBlock,
+                    maxTxsPerCheckpoint: this.config.validateMaxTxsPerCheckpoint
+                });
+            } catch (err) {
+                this.log.warn(`Checkpoint validation failed: ${err}`, proposalInfo);
+                return {
+                    isValid: false,
+                    reason: 'checkpoint_validation_failed'
+                };
+            }
             this.log.verbose(`Checkpoint proposal validation successful for slot ${slot}`, proposalInfo);
             return {
                 isValid: true

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aztec/validator-client",
-  "version": "0.0.1-commit.cd76b27",
+  "version": "0.0.1-commit.ce4f8c4f2",
   "main": "dest/index.js",
   "type": "module",
   "exports": {
@@ -64,30 +64,30 @@
     ]
   },
   "dependencies": {
-    "@aztec/blob-client": "0.0.1-commit.cd76b27",
-    "@aztec/blob-lib": "0.0.1-commit.cd76b27",
-    "@aztec/constants": "0.0.1-commit.cd76b27",
-    "@aztec/epoch-cache": "0.0.1-commit.cd76b27",
-    "@aztec/ethereum": "0.0.1-commit.cd76b27",
-    "@aztec/foundation": "0.0.1-commit.cd76b27",
-    "@aztec/node-keystore": "0.0.1-commit.cd76b27",
-    "@aztec/noir-protocol-circuits-types": "0.0.1-commit.cd76b27",
-    "@aztec/p2p": "0.0.1-commit.cd76b27",
-    "@aztec/protocol-contracts": "0.0.1-commit.cd76b27",
-    "@aztec/prover-client": "0.0.1-commit.cd76b27",
-    "@aztec/simulator": "0.0.1-commit.cd76b27",
-    "@aztec/slasher": "0.0.1-commit.cd76b27",
-    "@aztec/stdlib": "0.0.1-commit.cd76b27",
-    "@aztec/telemetry-client": "0.0.1-commit.cd76b27",
-    "@aztec/validator-ha-signer": "0.0.1-commit.cd76b27",
+    "@aztec/blob-client": "0.0.1-commit.ce4f8c4f2",
+    "@aztec/blob-lib": "0.0.1-commit.ce4f8c4f2",
+    "@aztec/constants": "0.0.1-commit.ce4f8c4f2",
+    "@aztec/epoch-cache": "0.0.1-commit.ce4f8c4f2",
+    "@aztec/ethereum": "0.0.1-commit.ce4f8c4f2",
+    "@aztec/foundation": "0.0.1-commit.ce4f8c4f2",
+    "@aztec/node-keystore": "0.0.1-commit.ce4f8c4f2",
+    "@aztec/noir-protocol-circuits-types": "0.0.1-commit.ce4f8c4f2",
+    "@aztec/p2p": "0.0.1-commit.ce4f8c4f2",
+    "@aztec/protocol-contracts": "0.0.1-commit.ce4f8c4f2",
+    "@aztec/prover-client": "0.0.1-commit.ce4f8c4f2",
+    "@aztec/simulator": "0.0.1-commit.ce4f8c4f2",
+    "@aztec/slasher": "0.0.1-commit.ce4f8c4f2",
+    "@aztec/stdlib": "0.0.1-commit.ce4f8c4f2",
+    "@aztec/telemetry-client": "0.0.1-commit.ce4f8c4f2",
+    "@aztec/validator-ha-signer": "0.0.1-commit.ce4f8c4f2",
     "koa": "^2.16.1",
     "koa-router": "^13.1.1",
     "tslib": "^2.4.0",
     "viem": "npm:@aztec/viem@2.38.2"
   },
   "devDependencies": {
-    "@aztec/archiver": "0.0.1-commit.cd76b27",
-    "@aztec/world-state": "0.0.1-commit.cd76b27",
+    "@aztec/archiver": "0.0.1-commit.ce4f8c4f2",
+    "@aztec/world-state": "0.0.1-commit.ce4f8c4f2",
     "@electric-sql/pglite": "^0.3.14",
     "@jest/globals": "^30.0.0",
     "@types/jest": "^30.0.0",

package/src/block_proposal_handler.ts

@@ -1,6 +1,7 @@
 import { INITIAL_L2_BLOCK_NUM } from '@aztec/constants';
 import type { EpochCache } from '@aztec/epoch-cache';
 import { BlockNumber, CheckpointNumber, SlotNumber } from '@aztec/foundation/branded-types';
+import { pick } from '@aztec/foundation/collection';
 import { Fr } from '@aztec/foundation/curves/bn254';
 import { TimeoutError } from '@aztec/foundation/error';
 import { createLogger } from '@aztec/foundation/log';
@@ -10,12 +11,15 @@ import type { P2P, PeerId } from '@aztec/p2p';
 import { BlockProposalValidator } from '@aztec/p2p/msg_validators';
 import type { BlockData, L2Block, L2BlockSink, L2BlockSource } from '@aztec/stdlib/block';
 import { getEpochAtSlot, getTimestampForSlot } from '@aztec/stdlib/epoch-helpers';
+import { Gas } from '@aztec/stdlib/gas';
 import type { ITxProvider, ValidatorClientFullConfig, WorldStateSynchronizer } from '@aztec/stdlib/interfaces/server';
 import { type L1ToL2MessageSource, computeInHashFromL1ToL2Messages } from '@aztec/stdlib/messaging';
 import type { BlockProposal } from '@aztec/stdlib/p2p';
+import { MerkleTreeId } from '@aztec/stdlib/trees';
 import type { CheckpointGlobalVariables, FailedTx, Tx } from '@aztec/stdlib/tx';
 import {
   ReExFailedTxsError,
+  ReExInitialStateMismatchError,
   ReExStateMismatchError,
   ReExTimeoutError,
   TransactionsNotAvailableError,
@@ -28,6 +32,7 @@ import type { ValidatorMetrics } from './metrics.js';
 export type BlockProposalValidationFailureReason =
   | 'invalid_proposal'
   | 'parent_block_not_found'
+  | 'block_source_not_synced'
   | 'parent_block_wrong_slot'
   | 'in_hash_mismatch'
   | 'global_variables_mismatch'
@@ -35,6 +40,7 @@ export type BlockProposalValidationFailureReason =
   | 'txs_not_available'
   | 'state_mismatch'
   | 'failed_txs'
+  | 'initial_state_mismatch'
   | 'timeout'
   | 'unknown_error';
 
@@ -87,25 +93,28 @@ export class BlockProposalHandler {
     this.tracer = telemetry.getTracer('BlockProposalHandler');
   }
 
-  registerForReexecution(p2pClient: P2P): BlockProposalHandler {
-    // Non-validator handler that re-executes for monitoring but does not attest.
+  register(p2pClient: P2P, shouldReexecute: boolean): BlockProposalHandler {
+    // Non-validator handler that processes or re-executes for monitoring but does not attest.
     // Returns boolean indicating whether the proposal was valid.
     const handler = async (proposal: BlockProposal, proposalSender: PeerId): Promise<boolean> => {
       try {
-        const result = await this.handleBlockProposal(proposal, proposalSender, true);
+        const { slotNumber, blockNumber } = proposal;
+        const result = await this.handleBlockProposal(proposal, proposalSender, shouldReexecute);
         if (result.isValid) {
-          this.log.info(`Non-validator reexecution completed for slot ${proposal.slotNumber}`, {
+          this.log.info(`Non-validator block proposal ${blockNumber} at slot ${slotNumber} handled`, {
             blockNumber: result.blockNumber,
+            slotNumber,
             reexecutionTimeMs: result.reexecutionResult?.reexecutionTimeMs,
             totalManaUsed: result.reexecutionResult?.totalManaUsed,
             numTxs: result.reexecutionResult?.block?.body?.txEffects?.length ?? 0,
+            reexecuted: shouldReexecute,
           });
           return true;
         } else {
-          this.log.warn(`Non-validator reexecution failed for slot ${proposal.slotNumber}`, {
-            blockNumber: result.blockNumber,
-            reason: result.reason,
-          });
+          this.log.warn(
+            `Non-validator block proposal ${blockNumber} at slot ${slotNumber} failed processing with ${result.reason}`,
+            { blockNumber: result.blockNumber, slotNumber, reason: result.reason },
+          );
           return false;
         }
       } catch (error) {
@@ -133,7 +142,13 @@ export class BlockProposalHandler {
       return { isValid: false, reason: 'invalid_proposal' };
     }
 
-    const proposalInfo = { ...proposal.toBlockInfo(), proposer: proposer.toString() };
+    const proposalInfo = {
+      ...proposal.toBlockInfo(),
+      proposer: proposer.toString(),
+      blockNumber: undefined as BlockNumber | undefined,
+      checkpointNumber: undefined as CheckpointNumber | undefined,
+    };
+
     this.log.info(`Processing proposal for slot ${slotNumber}`, {
       ...proposalInfo,
       txHashes: proposal.txHashes.map(t => t.toString()),
@@ -147,7 +162,24 @@ export class BlockProposalHandler {
       return { isValid: false, reason: 'invalid_proposal' };
     }
 
-    // Check that the parent proposal is a block we know, otherwise reexecution would fail
+    // Ensure the block source is synced before checking for existing blocks,
+    // since a pending checkpoint prune may remove blocks we'd otherwise find.
+    // This affects mostly the block_number_already_exists check, since a pending
+    // checkpoint prune could remove a block that would conflict with this proposal.
+    // When pipelining is enabled, the proposer builds ahead of L1 submission, so the
+    // block source won't have synced to the proposed slot yet. Skip the sync wait to
+    // avoid eating into the attestation window.
+    if (!this.epochCache.isProposerPipeliningEnabled()) {
+      const blockSourceSync = await this.waitForBlockSourceSync(slotNumber);
+      if (!blockSourceSync) {
+        this.log.warn(`Block source is not synced, skipping processing`, proposalInfo);
+        return { isValid: false, reason: 'block_source_not_synced' };
+      }
+    }
+
+    // Check that the parent proposal is a block we know, otherwise reexecution would fail.
+    // If we don't find it immediately, we keep retrying for a while; it may be we still
+    // need to process other block proposals to get to it.
     const parentBlock = await this.getParentBlock(proposal);
     if (parentBlock === undefined) {
       this.log.warn(`Parent block for proposal not found, skipping processing`, proposalInfo);
@@ -169,6 +201,7 @@ export class BlockProposalHandler {
       parentBlock === 'genesis'
         ? BlockNumber(INITIAL_L2_BLOCK_NUM)
         : BlockNumber(parentBlock.header.getBlockNumber() + 1);
+    proposalInfo.blockNumber = blockNumber;
 
     // Check that this block number does not exist already
     const existingBlock = await this.blockSource.getBlockHeader(blockNumber);
@@ -184,12 +217,22 @@ export class BlockProposalHandler {
       deadline: this.getReexecutionDeadline(slotNumber, config),
     });
 
+    // If reexecution is disabled, bail. We were just interested in triggering tx collection.
+    if (!shouldReexecute) {
+      this.log.info(
+        `Received valid block ${blockNumber} proposal at index ${proposal.indexWithinCheckpoint} on slot ${slotNumber}`,
+        proposalInfo,
+      );
+      return { isValid: true, blockNumber };
+    }
+
     // Compute the checkpoint number for this block and validate checkpoint consistency
     const checkpointResult = this.computeCheckpointNumber(proposal, parentBlock, proposalInfo);
     if (checkpointResult.reason) {
       return { isValid: false, blockNumber, reason: checkpointResult.reason };
     }
     const checkpointNumber = checkpointResult.checkpointNumber;
+    proposalInfo.checkpointNumber = checkpointNumber;
 
     // Check that I have the same set of l1ToL2Messages as the proposal
     const l1ToL2Messages = await this.l1ToL2MessageSource.getL1ToL2Messages(checkpointNumber);
@@ -210,30 +253,28 @@ export class BlockProposalHandler {
       return { isValid: false, blockNumber, reason: 'txs_not_available' };
     }
 
+    // Collect the out hashes of all the checkpoints before this one in the same epoch
+    const epoch = getEpochAtSlot(slotNumber, this.epochCache.getL1Constants());
+    const previousCheckpointOutHashes = (await this.blockSource.getCheckpointsDataForEpoch(epoch))
+      .filter(c => c.checkpointNumber < checkpointNumber)
+      .map(c => c.checkpointOutHash);
+
     // Try re-executing the transactions in the proposal if needed
     let reexecutionResult;
-    if (shouldReexecute) {
-      // Collect the out hashes of all the checkpoints before this one in the same epoch
-      const epoch = getEpochAtSlot(slotNumber, this.epochCache.getL1Constants());
-      const previousCheckpointOutHashes = (await this.blockSource.getCheckpointsDataForEpoch(epoch))
-        .filter(c => c.checkpointNumber < checkpointNumber)
-        .map(c => c.checkpointOutHash);
-
-      try {
-        this.log.verbose(`Re-executing transactions in the proposal`, proposalInfo);
-        reexecutionResult = await this.reexecuteTransactions(
-          proposal,
-          blockNumber,
-          checkpointNumber,
-          txs,
-          l1ToL2Messages,
-          previousCheckpointOutHashes,
-        );
-      } catch (error) {
-        this.log.error(`Error reexecuting txs while processing block proposal`, error, proposalInfo);
-        const reason = this.getReexecuteFailureReason(error);
-        return { isValid: false, blockNumber, reason, reexecutionResult };
-      }
+    try {
+      this.log.verbose(`Re-executing transactions in the proposal`, proposalInfo);
+      reexecutionResult = await this.reexecuteTransactions(
+        proposal,
+        blockNumber,
+        checkpointNumber,
+        txs,
+        l1ToL2Messages,
+        previousCheckpointOutHashes,
+      );
+    } catch (error) {
+      this.log.error(`Error reexecuting txs while processing block proposal`, error, proposalInfo);
+      const reason = this.getReexecuteFailureReason(error);
+      return { isValid: false, blockNumber, reason, reexecutionResult };
     }
 
     // If we succeeded, push this block into the archiver (unless disabled)
@@ -242,8 +283,8 @@ export class BlockProposalHandler {
     }
 
     this.log.info(
-      `Successfully processed block ${blockNumber} proposal at index ${proposal.indexWithinCheckpoint} on slot ${slotNumber}`,
-      proposalInfo,
+      `Successfully re-executed block ${blockNumber} proposal at index ${proposal.indexWithinCheckpoint} on slot ${slotNumber}`,
+      { ...proposalInfo, ...pick(reexecutionResult, 'reexecutionTimeMs', 'totalManaUsed') },
     );
 
     return { isValid: true, blockNumber, reexecutionResult };
@@ -413,8 +454,48 @@ export class BlockProposalHandler {
     return new Date(nextSlotTimestampSeconds * 1000);
   }
 
-  private getReexecuteFailureReason(err: any) {
-    if (err instanceof ReExStateMismatchError) {
+  /** Waits for the block source to sync L1 data up to at least the slot before the given one. */
+  private async waitForBlockSourceSync(slot: SlotNumber): Promise<boolean> {
+    const deadline = this.getReexecutionDeadline(slot, this.checkpointsBuilder.getConfig());
+    const timeoutMs = deadline.getTime() - this.dateProvider.now();
+    if (slot === 0) {
+      return true;
+    }
+
+    // Make a quick check before triggering an archiver sync
+    const syncedSlot = await this.blockSource.getSyncedL2SlotNumber();
+    if (syncedSlot !== undefined && syncedSlot + 1 >= slot) {
+      return true;
+    }
+
+    try {
+      // Trigger an immediate sync of the block source, and wait until it reports being synced to the required slot
+      return await retryUntil(
+        async () => {
+          await this.blockSource.syncImmediate();
+          const syncedSlot = await this.blockSource.getSyncedL2SlotNumber();
+          return syncedSlot !== undefined && syncedSlot + 1 >= slot;
+        },
+        'wait for block source sync',
+        timeoutMs / 1000,
+        0.5,
+      );
+    } catch (err) {
+      if (err instanceof TimeoutError) {
+        this.log.warn(`Timed out waiting for block source to sync to slot ${slot}`);
+        return false;
+      } else {
+        throw err;
+      }
+    }
+  }
+
+  private getReexecuteFailureReason(err: any): BlockProposalValidationFailureReason {
+    if (err instanceof TransactionsNotAvailableError) {
+      return 'txs_not_available';
+    } else if (err instanceof ReExInitialStateMismatchError) {
+      return 'initial_state_mismatch';
+    } else if (err instanceof ReExStateMismatchError) {
       return 'state_mismatch';
     } else if (err instanceof ReExFailedTxsError) {
       return 'failed_txs';
@@ -455,6 +536,13 @@ export class BlockProposalHandler {
     await this.worldState.syncImmediate(parentBlockNumber);
     await using fork = await this.worldState.fork(parentBlockNumber);
 
+    // Verify the fork's archive root matches the proposal's expected last archive.
+    // If they don't match, our world state synced to a different chain and reexecution would fail.
+    const forkArchiveRoot = new Fr((await fork.getTreeInfo(MerkleTreeId.ARCHIVE)).root);
+    if (!forkArchiveRoot.equals(proposal.blockHeader.lastArchive.root)) {
+      throw new ReExInitialStateMismatchError(proposal.blockHeader.lastArchive.root, forkArchiveRoot);
+    }
+
     // Build checkpoint constants from proposal (excludes blockNumber which is per-block)
     const constants: CheckpointGlobalVariables = {
       chainId: new Fr(config.l1ChainId),
@@ -480,18 +568,27 @@ export class BlockProposalHandler {
 
     // Build the new block
     const deadline = this.getReexecutionDeadline(slot, config);
+    const maxBlockGas =
+      this.config.validateMaxL2BlockGas !== undefined || this.config.validateMaxDABlockGas !== undefined
+        ? new Gas(this.config.validateMaxDABlockGas ?? Infinity, this.config.validateMaxL2BlockGas ?? Infinity)
+        : undefined;
     const result = await checkpointBuilder.buildBlock(txs, blockNumber, blockHeader.globalVariables.timestamp, {
+      isBuildingProposal: false,
+      minValidTxs: 0,
       deadline,
       expectedEndState: blockHeader.state,
+      maxTransactions: this.config.validateMaxTxsPerBlock,
+      maxBlockGas,
     });
 
     const { block, failedTxs } = result;
     const numFailedTxs = failedTxs.length;
 
-    this.log.verbose(`Transaction re-execution complete for slot ${slot}`, {
+    this.log.verbose(`Block proposal ${blockNumber} at slot ${slot} transaction re-execution complete`, {
       numFailedTxs,
       numProposalTxs: txHashes.length,
       numProcessedTxs: block.body.txEffects.length,
+      blockNumber,
       slot,
     });