@aztec/validator-client 0.0.1-commit.dbf9cec → 0.0.1-commit.df81a97b5

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aztec/validator-client",
-  "version": "0.0.1-commit.dbf9cec",
+  "version": "0.0.1-commit.df81a97b5",
   "main": "dest/index.js",
   "type": "module",
   "exports": {
@@ -64,30 +64,30 @@
     ]
   },
   "dependencies": {
-    "@aztec/blob-client": "0.0.1-commit.dbf9cec",
-    "@aztec/blob-lib": "0.0.1-commit.dbf9cec",
-    "@aztec/constants": "0.0.1-commit.dbf9cec",
-    "@aztec/epoch-cache": "0.0.1-commit.dbf9cec",
-    "@aztec/ethereum": "0.0.1-commit.dbf9cec",
-    "@aztec/foundation": "0.0.1-commit.dbf9cec",
-    "@aztec/node-keystore": "0.0.1-commit.dbf9cec",
-    "@aztec/noir-protocol-circuits-types": "0.0.1-commit.dbf9cec",
-    "@aztec/p2p": "0.0.1-commit.dbf9cec",
-    "@aztec/protocol-contracts": "0.0.1-commit.dbf9cec",
-    "@aztec/prover-client": "0.0.1-commit.dbf9cec",
-    "@aztec/simulator": "0.0.1-commit.dbf9cec",
-    "@aztec/slasher": "0.0.1-commit.dbf9cec",
-    "@aztec/stdlib": "0.0.1-commit.dbf9cec",
-    "@aztec/telemetry-client": "0.0.1-commit.dbf9cec",
-    "@aztec/validator-ha-signer": "0.0.1-commit.dbf9cec",
+    "@aztec/blob-client": "0.0.1-commit.df81a97b5",
+    "@aztec/blob-lib": "0.0.1-commit.df81a97b5",
+    "@aztec/constants": "0.0.1-commit.df81a97b5",
+    "@aztec/epoch-cache": "0.0.1-commit.df81a97b5",
+    "@aztec/ethereum": "0.0.1-commit.df81a97b5",
+    "@aztec/foundation": "0.0.1-commit.df81a97b5",
+    "@aztec/node-keystore": "0.0.1-commit.df81a97b5",
+    "@aztec/noir-protocol-circuits-types": "0.0.1-commit.df81a97b5",
+    "@aztec/p2p": "0.0.1-commit.df81a97b5",
+    "@aztec/protocol-contracts": "0.0.1-commit.df81a97b5",
+    "@aztec/prover-client": "0.0.1-commit.df81a97b5",
+    "@aztec/simulator": "0.0.1-commit.df81a97b5",
+    "@aztec/slasher": "0.0.1-commit.df81a97b5",
+    "@aztec/stdlib": "0.0.1-commit.df81a97b5",
+    "@aztec/telemetry-client": "0.0.1-commit.df81a97b5",
+    "@aztec/validator-ha-signer": "0.0.1-commit.df81a97b5",
     "koa": "^2.16.1",
     "koa-router": "^13.1.1",
     "tslib": "^2.4.0",
     "viem": "npm:@aztec/viem@2.38.2"
   },
   "devDependencies": {
-    "@aztec/archiver": "0.0.1-commit.dbf9cec",
-    "@aztec/world-state": "0.0.1-commit.dbf9cec",
+    "@aztec/archiver": "0.0.1-commit.df81a97b5",
+    "@aztec/world-state": "0.0.1-commit.df81a97b5",
     "@electric-sql/pglite": "^0.3.14",
     "@jest/globals": "^30.0.0",
     "@types/jest": "^30.0.0",

package/src/block_proposal_handler.ts

@@ -1,6 +1,7 @@
 import { INITIAL_L2_BLOCK_NUM } from '@aztec/constants';
 import type { EpochCache } from '@aztec/epoch-cache';
 import { BlockNumber, CheckpointNumber, SlotNumber } from '@aztec/foundation/branded-types';
+import { pick } from '@aztec/foundation/collection';
 import { Fr } from '@aztec/foundation/curves/bn254';
 import { TimeoutError } from '@aztec/foundation/error';
 import { createLogger } from '@aztec/foundation/log';
@@ -10,12 +11,15 @@ import type { P2P, PeerId } from '@aztec/p2p';
 import { BlockProposalValidator } from '@aztec/p2p/msg_validators';
 import type { BlockData, L2Block, L2BlockSink, L2BlockSource } from '@aztec/stdlib/block';
 import { getEpochAtSlot, getTimestampForSlot } from '@aztec/stdlib/epoch-helpers';
+import { Gas } from '@aztec/stdlib/gas';
 import type { ITxProvider, ValidatorClientFullConfig, WorldStateSynchronizer } from '@aztec/stdlib/interfaces/server';
 import { type L1ToL2MessageSource, computeInHashFromL1ToL2Messages } from '@aztec/stdlib/messaging';
 import type { BlockProposal } from '@aztec/stdlib/p2p';
+import { MerkleTreeId } from '@aztec/stdlib/trees';
 import type { CheckpointGlobalVariables, FailedTx, Tx } from '@aztec/stdlib/tx';
 import {
   ReExFailedTxsError,
+  ReExInitialStateMismatchError,
   ReExStateMismatchError,
   ReExTimeoutError,
   TransactionsNotAvailableError,
@@ -28,6 +32,7 @@ import type { ValidatorMetrics } from './metrics.js';
 export type BlockProposalValidationFailureReason =
   | 'invalid_proposal'
   | 'parent_block_not_found'
+  | 'block_source_not_synced'
   | 'parent_block_wrong_slot'
   | 'in_hash_mismatch'
   | 'global_variables_mismatch'
@@ -35,6 +40,7 @@ export type BlockProposalValidationFailureReason =
   | 'txs_not_available'
   | 'state_mismatch'
   | 'failed_txs'
+  | 'initial_state_mismatch'
   | 'timeout'
   | 'unknown_error';
 
@@ -87,25 +93,28 @@ export class BlockProposalHandler {
     this.tracer = telemetry.getTracer('BlockProposalHandler');
   }
 
-  registerForReexecution(p2pClient: P2P): BlockProposalHandler {
-    // Non-validator handler that re-executes for monitoring but does not attest.
+  register(p2pClient: P2P, shouldReexecute: boolean): BlockProposalHandler {
+    // Non-validator handler that processes or re-executes for monitoring but does not attest.
     // Returns boolean indicating whether the proposal was valid.
     const handler = async (proposal: BlockProposal, proposalSender: PeerId): Promise<boolean> => {
       try {
-        const result = await this.handleBlockProposal(proposal, proposalSender, true);
+        const { slotNumber, blockNumber } = proposal;
+        const result = await this.handleBlockProposal(proposal, proposalSender, shouldReexecute);
         if (result.isValid) {
-          this.log.info(`Non-validator reexecution completed for slot ${proposal.slotNumber}`, {
+          this.log.info(`Non-validator block proposal ${blockNumber} at slot ${slotNumber} handled`, {
             blockNumber: result.blockNumber,
+            slotNumber,
             reexecutionTimeMs: result.reexecutionResult?.reexecutionTimeMs,
             totalManaUsed: result.reexecutionResult?.totalManaUsed,
             numTxs: result.reexecutionResult?.block?.body?.txEffects?.length ?? 0,
+            reexecuted: shouldReexecute,
           });
           return true;
         } else {
-          this.log.warn(`Non-validator reexecution failed for slot ${proposal.slotNumber}`, {
-            blockNumber: result.blockNumber,
-            reason: result.reason,
-          });
+          this.log.warn(
+            `Non-validator block proposal ${blockNumber} at slot ${slotNumber} failed processing with ${result.reason}`,
+            { blockNumber: result.blockNumber, slotNumber, reason: result.reason },
+          );
           return false;
         }
       } catch (error) {
@@ -133,7 +142,13 @@ export class BlockProposalHandler {
       return { isValid: false, reason: 'invalid_proposal' };
     }
 
-    const proposalInfo = { ...proposal.toBlockInfo(), proposer: proposer.toString() };
+    const proposalInfo = {
+      ...proposal.toBlockInfo(),
+      proposer: proposer.toString(),
+      blockNumber: undefined as BlockNumber | undefined,
+      checkpointNumber: undefined as CheckpointNumber | undefined,
+    };
+
     this.log.info(`Processing proposal for slot ${slotNumber}`, {
       ...proposalInfo,
       txHashes: proposal.txHashes.map(t => t.toString()),
@@ -147,7 +162,24 @@ export class BlockProposalHandler {
       return { isValid: false, reason: 'invalid_proposal' };
     }
 
-    // Check that the parent proposal is a block we know, otherwise reexecution would fail
+    // Ensure the block source is synced before checking for existing blocks,
+    // since a pending checkpoint prune may remove blocks we'd otherwise find.
+    // This affects mostly the block_number_already_exists check, since a pending
+    // checkpoint prune could remove a block that would conflict with this proposal.
+    // When pipelining is enabled, the proposer builds ahead of L1 submission, so the
+    // block source won't have synced to the proposed slot yet. Skip the sync wait to
+    // avoid eating into the attestation window.
+    if (!this.epochCache.isProposerPipeliningEnabled()) {
+      const blockSourceSync = await this.waitForBlockSourceSync(slotNumber);
+      if (!blockSourceSync) {
+        this.log.warn(`Block source is not synced, skipping processing`, proposalInfo);
+        return { isValid: false, reason: 'block_source_not_synced' };
+      }
+    }
+
+    // Check that the parent proposal is a block we know, otherwise reexecution would fail.
+    // If we don't find it immediately, we keep retrying for a while; it may be we still
+    // need to process other block proposals to get to it.
     const parentBlock = await this.getParentBlock(proposal);
     if (parentBlock === undefined) {
       this.log.warn(`Parent block for proposal not found, skipping processing`, proposalInfo);
@@ -169,6 +201,7 @@ export class BlockProposalHandler {
       parentBlock === 'genesis'
         ? BlockNumber(INITIAL_L2_BLOCK_NUM)
         : BlockNumber(parentBlock.header.getBlockNumber() + 1);
+    proposalInfo.blockNumber = blockNumber;
 
     // Check that this block number does not exist already
     const existingBlock = await this.blockSource.getBlockHeader(blockNumber);
@@ -184,12 +217,22 @@ export class BlockProposalHandler {
       deadline: this.getReexecutionDeadline(slotNumber, config),
     });
 
+    // If reexecution is disabled, bail. We were just interested in triggering tx collection.
+    if (!shouldReexecute) {
+      this.log.info(
+        `Received valid block ${blockNumber} proposal at index ${proposal.indexWithinCheckpoint} on slot ${slotNumber}`,
+        proposalInfo,
+      );
+      return { isValid: true, blockNumber };
+    }
+
     // Compute the checkpoint number for this block and validate checkpoint consistency
     const checkpointResult = this.computeCheckpointNumber(proposal, parentBlock, proposalInfo);
     if (checkpointResult.reason) {
       return { isValid: false, blockNumber, reason: checkpointResult.reason };
     }
     const checkpointNumber = checkpointResult.checkpointNumber;
+    proposalInfo.checkpointNumber = checkpointNumber;
 
     // Check that I have the same set of l1ToL2Messages as the proposal
     const l1ToL2Messages = await this.l1ToL2MessageSource.getL1ToL2Messages(checkpointNumber);
@@ -210,30 +253,28 @@ export class BlockProposalHandler {
       return { isValid: false, blockNumber, reason: 'txs_not_available' };
     }
 
+    // Collect the out hashes of all the checkpoints before this one in the same epoch
+    const epoch = getEpochAtSlot(slotNumber, this.epochCache.getL1Constants());
+    const previousCheckpointOutHashes = (await this.blockSource.getCheckpointsDataForEpoch(epoch))
+      .filter(c => c.checkpointNumber < checkpointNumber)
+      .map(c => c.checkpointOutHash);
+
     // Try re-executing the transactions in the proposal if needed
     let reexecutionResult;
-    if (shouldReexecute) {
-      // Collect the out hashes of all the checkpoints before this one in the same epoch
-      const epoch = getEpochAtSlot(slotNumber, this.epochCache.getL1Constants());
-      const previousCheckpointOutHashes = (await this.blockSource.getCheckpointsDataForEpoch(epoch))
-        .filter(c => c.checkpointNumber < checkpointNumber)
-        .map(c => c.checkpointOutHash);
-
-      try {
-        this.log.verbose(`Re-executing transactions in the proposal`, proposalInfo);
-        reexecutionResult = await this.reexecuteTransactions(
-          proposal,
-          blockNumber,
-          checkpointNumber,
-          txs,
-          l1ToL2Messages,
-          previousCheckpointOutHashes,
-        );
-      } catch (error) {
-        this.log.error(`Error reexecuting txs while processing block proposal`, error, proposalInfo);
-        const reason = this.getReexecuteFailureReason(error);
-        return { isValid: false, blockNumber, reason, reexecutionResult };
-      }
+    try {
+      this.log.verbose(`Re-executing transactions in the proposal`, proposalInfo);
+      reexecutionResult = await this.reexecuteTransactions(
+        proposal,
+        blockNumber,
+        checkpointNumber,
+        txs,
+        l1ToL2Messages,
+        previousCheckpointOutHashes,
+      );
+    } catch (error) {
+      this.log.error(`Error reexecuting txs while processing block proposal`, error, proposalInfo);
+      const reason = this.getReexecuteFailureReason(error);
+      return { isValid: false, blockNumber, reason, reexecutionResult };
     }
 
     // If we succeeded, push this block into the archiver (unless disabled)
@@ -242,8 +283,8 @@ export class BlockProposalHandler {
     }
 
     this.log.info(
-      `Successfully processed block ${blockNumber} proposal at index ${proposal.indexWithinCheckpoint} on slot ${slotNumber}`,
-      proposalInfo,
+      `Successfully re-executed block ${blockNumber} proposal at index ${proposal.indexWithinCheckpoint} on slot ${slotNumber}`,
+      { ...proposalInfo, ...pick(reexecutionResult, 'reexecutionTimeMs', 'totalManaUsed') },
     );
 
     return { isValid: true, blockNumber, reexecutionResult };
@@ -413,8 +454,48 @@ export class BlockProposalHandler {
     return new Date(nextSlotTimestampSeconds * 1000);
   }
 
-  private getReexecuteFailureReason(err: any) {
-    if (err instanceof ReExStateMismatchError) {
+  /** Waits for the block source to sync L1 data up to at least the slot before the given one. */
+  private async waitForBlockSourceSync(slot: SlotNumber): Promise<boolean> {
+    const deadline = this.getReexecutionDeadline(slot, this.checkpointsBuilder.getConfig());
+    const timeoutMs = deadline.getTime() - this.dateProvider.now();
+    if (slot === 0) {
+      return true;
+    }
+
+    // Make a quick check before triggering an archiver sync
+    const syncedSlot = await this.blockSource.getSyncedL2SlotNumber();
+    if (syncedSlot !== undefined && syncedSlot + 1 >= slot) {
+      return true;
+    }
+
+    try {
+      // Trigger an immediate sync of the block source, and wait until it reports being synced to the required slot
+      return await retryUntil(
+        async () => {
+          await this.blockSource.syncImmediate();
+          const syncedSlot = await this.blockSource.getSyncedL2SlotNumber();
+          return syncedSlot !== undefined && syncedSlot + 1 >= slot;
+        },
+        'wait for block source sync',
+        timeoutMs / 1000,
+        0.5,
+      );
+    } catch (err) {
+      if (err instanceof TimeoutError) {
+        this.log.warn(`Timed out waiting for block source to sync to slot ${slot}`);
+        return false;
+      } else {
+        throw err;
+      }
+    }
+  }
+
+  private getReexecuteFailureReason(err: any): BlockProposalValidationFailureReason {
+    if (err instanceof TransactionsNotAvailableError) {
+      return 'txs_not_available';
+    } else if (err instanceof ReExInitialStateMismatchError) {
+      return 'initial_state_mismatch';
+    } else if (err instanceof ReExStateMismatchError) {
       return 'state_mismatch';
     } else if (err instanceof ReExFailedTxsError) {
       return 'failed_txs';
@@ -455,6 +536,13 @@ export class BlockProposalHandler {
     await this.worldState.syncImmediate(parentBlockNumber);
     await using fork = await this.worldState.fork(parentBlockNumber);
 
+    // Verify the fork's archive root matches the proposal's expected last archive.
+    // If they don't match, our world state synced to a different chain and reexecution would fail.
+    const forkArchiveRoot = new Fr((await fork.getTreeInfo(MerkleTreeId.ARCHIVE)).root);
+    if (!forkArchiveRoot.equals(proposal.blockHeader.lastArchive.root)) {
+      throw new ReExInitialStateMismatchError(proposal.blockHeader.lastArchive.root, forkArchiveRoot);
+    }
+
     // Build checkpoint constants from proposal (excludes blockNumber which is per-block)
     const constants: CheckpointGlobalVariables = {
       chainId: new Fr(config.l1ChainId),
@@ -480,18 +568,27 @@ export class BlockProposalHandler {
 
     // Build the new block
     const deadline = this.getReexecutionDeadline(slot, config);
+    const maxBlockGas =
+      this.config.validateMaxL2BlockGas !== undefined || this.config.validateMaxDABlockGas !== undefined
+        ? new Gas(this.config.validateMaxDABlockGas ?? Infinity, this.config.validateMaxL2BlockGas ?? Infinity)
+        : undefined;
     const result = await checkpointBuilder.buildBlock(txs, blockNumber, blockHeader.globalVariables.timestamp, {
+      isBuildingProposal: false,
+      minValidTxs: 0,
       deadline,
       expectedEndState: blockHeader.state,
+      maxTransactions: this.config.validateMaxTxsPerBlock,
+      maxBlockGas,
     });
 
     const { block, failedTxs } = result;
     const numFailedTxs = failedTxs.length;
 
-    this.log.verbose(`Transaction re-execution complete for slot ${slot}`, {
+    this.log.verbose(`Block proposal ${blockNumber} at slot ${slot} transaction re-execution complete`, {
       numFailedTxs,
       numProposalTxs: txHashes.length,
       numProcessedTxs: block.body.txEffects.length,
+      blockNumber,
       slot,
     });
 

package/src/checkpoint_builder.ts

@@ -1,5 +1,7 @@
+import { NUM_CHECKPOINT_END_MARKER_FIELDS, getNumBlockEndBlobFields } from '@aztec/blob-lib/encoding';
+import { BLOBS_PER_CHECKPOINT, FIELDS_PER_BLOB, MAX_PROCESSABLE_DA_GAS_PER_CHECKPOINT } from '@aztec/constants';
 import { BlockNumber, CheckpointNumber } from '@aztec/foundation/branded-types';
-import { merge, pick } from '@aztec/foundation/collection';
+import { merge, pick, sum } from '@aztec/foundation/collection';
 import { Fr } from '@aztec/foundation/curves/bn254';
 import { type Logger, type LoggerBindings, createLogger } from '@aztec/foundation/log';
 import { bufferToHex } from '@aztec/foundation/string';
@@ -18,13 +20,14 @@ import type { ContractDataSource } from '@aztec/stdlib/contract';
 import type { L1RollupConstants } from '@aztec/stdlib/epoch-helpers';
 import { Gas } from '@aztec/stdlib/gas';
 import {
+  type BlockBuilderOptions,
   type BuildBlockInCheckpointResult,
   type FullNodeBlockBuilderConfig,
   FullNodeBlockBuilderConfigKeys,
   type ICheckpointBlockBuilder,
   type ICheckpointsBuilder,
+  InsufficientValidTxsError,
   type MerkleTreeWriteOperations,
-  NoValidTxsError,
   type PublicProcessorLimits,
   type WorldStateSynchronizer,
 } from '@aztec/stdlib/interfaces/server';
@@ -32,6 +35,7 @@ import { type DebugLogStore, NullDebugLogStore } from '@aztec/stdlib/logs';
 import { MerkleTreeId } from '@aztec/stdlib/trees';
 import { type CheckpointGlobalVariables, GlobalVariables, StateReference, Tx } from '@aztec/stdlib/tx';
 import { type TelemetryClient, getTelemetryClient } from '@aztec/telemetry-client';
+import { ForkCheckpoint } from '@aztec/world-state';
 
 // Re-export for backward compatibility
 export type { BuildBlockInCheckpointResult } from '@aztec/stdlib/interfaces/server';
@@ -43,6 +47,9 @@ export type { BuildBlockInCheckpointResult } from '@aztec/stdlib/interfaces/serv
 export class CheckpointBuilder implements ICheckpointBlockBuilder {
   private log: Logger;
 
+  /** Persistent contracts DB shared across all blocks in this checkpoint. */
+  protected contractsDB: PublicContractsDB;
+
   constructor(
     private checkpointBuilder: LightweightCheckpointBuilder,
     private fork: MerkleTreeWriteOperations,
@@ -57,6 +64,7 @@ export class CheckpointBuilder implements ICheckpointBlockBuilder {
       ...bindings,
       instanceId: `checkpoint-${checkpointBuilder.checkpointNumber}`,
     });
+    this.contractsDB = new PublicContractsDB(this.contractDataSource, this.log.getBindings());
   }
 
   getConstantData(): CheckpointGlobalVariables {
@@ -65,12 +73,13 @@ export class CheckpointBuilder implements ICheckpointBlockBuilder {
 
   /**
    * Builds a single block within this checkpoint.
+   * Automatically caps gas and blob field limits based on checkpoint-level budgets and prior blocks.
    */
   async buildBlock(
     pendingTxs: Iterable<Tx> | AsyncIterable<Tx>,
     blockNumber: BlockNumber,
     timestamp: bigint,
-    opts: PublicProcessorLimits & { expectedEndState?: StateReference } = {},
+    opts: BlockBuilderOptions & { expectedEndState?: StateReference },
   ): Promise<BuildBlockInCheckpointResult> {
     const slot = this.checkpointBuilder.constants.slotNumber;
 
@@ -94,39 +103,60 @@ export class CheckpointBuilder implements ICheckpointBlockBuilder {
     });
     const { processor, validator } = await this.makeBlockBuilderDeps(globalVariables, this.fork);
 
-    const [publicProcessorDuration, [processedTxs, failedTxs, usedTxs, _, usedTxBlobFields]] = await elapsed(() =>
-      processor.process(pendingTxs, opts, validator),
-    );
-
-    // Throw if we didn't collect a single valid tx and we're not allowed to build empty blocks
-    // (only the first block in a checkpoint can be empty)
-    if (processedTxs.length === 0 && this.checkpointBuilder.getBlockCount() > 0) {
-      throw new NoValidTxsError(failedTxs);
-    }
-
-    // Add block to checkpoint
-    const { block } = await this.checkpointBuilder.addBlock(globalVariables, processedTxs, {
-      expectedEndState: opts.expectedEndState,
-    });
+    // Cap gas limits amd available blob fields by remaining checkpoint-level budgets
+    const cappedOpts: PublicProcessorLimits & { expectedEndState?: StateReference } = {
+      ...opts,
+      ...this.capLimitsByCheckpointBudgets(opts),
+    };
 
-    // How much public gas was processed
-    const publicGas = processedTxs.reduce((acc, tx) => acc.add(tx.gasUsed.publicGas), Gas.empty());
+    // Create a block-level checkpoint on the contracts DB so we can roll back on failure
+    this.contractsDB.createCheckpoint();
+    // We execute all merkle tree operations on a world state fork checkpoint
+    // This enables us to discard all modifications in the event that we fail to successfully process sufficient transactions
+    const forkCheckpoint = await ForkCheckpoint.new(this.fork);
 
-    this.log.debug('Built block within checkpoint', {
-      header: block.header.toInspect(),
-      processedTxs: processedTxs.map(tx => tx.hash.toString()),
-      failedTxs: failedTxs.map(tx => tx.tx.txHash.toString()),
-    });
+    try {
+      const [publicProcessorDuration, [processedTxs, failedTxs, usedTxs]] = await elapsed(() =>
+        processor.process(pendingTxs, cappedOpts, validator),
+      );
 
-    return {
-      block,
-      publicGas,
-      publicProcessorDuration,
-      numTxs: processedTxs.length,
-      failedTxs,
-      usedTxs,
-      usedTxBlobFields,
-    };
+      // Throw before updating state if we don't have enough valid txs
+      const minValidTxs = opts.minValidTxs ?? 0;
+      if (processedTxs.length < minValidTxs) {
+        throw new InsufficientValidTxsError(processedTxs.length, minValidTxs, failedTxs);
+      }
+
+      // Commit the fork checkpoint
+      await forkCheckpoint.commit();
+
+      // Add block to checkpoint
+      const { block } = await this.checkpointBuilder.addBlock(globalVariables, processedTxs, {
+        expectedEndState: opts.expectedEndState,
+      });
+
+      this.contractsDB.commitCheckpoint();
+
+      this.log.debug('Built block within checkpoint', {
+        header: block.header.toInspect(),
+        processedTxs: processedTxs.map(tx => tx.hash.toString()),
+        failedTxs: failedTxs.map(tx => tx.tx.txHash.toString()),
+      });
+
+      return {
+        block,
+        publicProcessorDuration,
+        numTxs: processedTxs.length,
+        failedTxs,
+        usedTxs,
+      };
+    } catch (err) {
+      // Revert all changes to contracts db
+      this.contractsDB.revertCheckpoint();
+      // If we reached the point of committing the checkpoint, this does nothing
+      // Otherwise it reverts any changes made to the fork for this failed block
+      await forkCheckpoint.revert();
+      throw err;
+    }
   }
 
   /** Completes the checkpoint and returns it. */
@@ -147,9 +177,68 @@ export class CheckpointBuilder implements ICheckpointBlockBuilder {
     return this.checkpointBuilder.clone().completeCheckpoint();
   }
 
+  /**
+   * Caps per-block gas and blob field limits by remaining checkpoint-level budgets.
+   * When building a proposal (isBuildingProposal=true), computes a fair share of remaining budget
+   * across remaining blocks scaled by the multiplier. When validating, only caps by per-block limit
+   * and remaining checkpoint budget (no redistribution or multiplier).
+   */
+  protected capLimitsByCheckpointBudgets(
+    opts: BlockBuilderOptions,
+  ): Pick<PublicProcessorLimits, 'maxBlockGas' | 'maxBlobFields' | 'maxTransactions'> {
+    const existingBlocks = this.checkpointBuilder.getBlocks();
+
+    // Remaining L2 gas (mana)
+    // IMPORTANT: This assumes mana is computed solely based on L2 gas used in transactions.
+    // This may change in the future.
+    const usedMana = sum(existingBlocks.map(b => b.header.totalManaUsed.toNumber()));
+    const remainingMana = this.config.rollupManaLimit - usedMana;
+
+    // Remaining DA gas
+    const usedDAGas = sum(existingBlocks.map(b => b.computeDAGasUsed())) ?? 0;
+    const remainingDAGas = MAX_PROCESSABLE_DA_GAS_PER_CHECKPOINT - usedDAGas;
+
+    // Remaining blob fields (block blob fields include both tx data and block-end overhead)
+    const usedBlobFields = sum(existingBlocks.map(b => b.toBlobFields().length));
+    const totalBlobCapacity = BLOBS_PER_CHECKPOINT * FIELDS_PER_BLOB - NUM_CHECKPOINT_END_MARKER_FIELDS;
+    const isFirstBlock = existingBlocks.length === 0;
+    const blockEndOverhead = getNumBlockEndBlobFields(isFirstBlock);
+    const maxBlobFieldsForTxs = totalBlobCapacity - usedBlobFields - blockEndOverhead;
+
+    // Remaining txs
+    const usedTxs = sum(existingBlocks.map(b => b.body.txEffects.length));
+    const remainingTxs = Math.max(0, (this.config.maxTxsPerCheckpoint ?? Infinity) - usedTxs);
+
+    // Cap by per-block limit + remaining checkpoint budget
+    let cappedL2Gas = Math.min(opts.maxBlockGas?.l2Gas ?? Infinity, remainingMana);
+    let cappedDAGas = Math.min(opts.maxBlockGas?.daGas ?? Infinity, remainingDAGas);
+    let cappedBlobFields = Math.min(opts.maxBlobFields ?? Infinity, maxBlobFieldsForTxs);
+    let cappedMaxTransactions = Math.min(opts.maxTransactions ?? Infinity, remainingTxs);
+
+    // Proposer mode: further cap by fair share of remaining budget across remaining blocks
+    if (opts.isBuildingProposal) {
+      const remainingBlocks = Math.max(1, opts.maxBlocksPerCheckpoint - existingBlocks.length);
+      const multiplier = opts.perBlockAllocationMultiplier;
+
+      cappedL2Gas = Math.min(cappedL2Gas, Math.ceil((remainingMana / remainingBlocks) * multiplier));
+      cappedDAGas = Math.min(cappedDAGas, Math.ceil((remainingDAGas / remainingBlocks) * multiplier));
+      cappedBlobFields = Math.min(cappedBlobFields, Math.ceil((maxBlobFieldsForTxs / remainingBlocks) * multiplier));
+      cappedMaxTransactions = Math.min(cappedMaxTransactions, Math.ceil((remainingTxs / remainingBlocks) * multiplier));
+    }
+
+    return {
+      maxBlockGas: new Gas(cappedDAGas, cappedL2Gas),
+      maxBlobFields: cappedBlobFields,
+      maxTransactions: Number.isFinite(cappedMaxTransactions) ? cappedMaxTransactions : undefined,
+    };
+  }
+
   protected async makeBlockBuilderDeps(globalVariables: GlobalVariables, fork: MerkleTreeWriteOperations) {
-    const txPublicSetupAllowList = this.config.txPublicSetupAllowList ?? (await getDefaultAllowedSetupFunctions());
-    const contractsDB = new PublicContractsDB(this.contractDataSource, this.log.getBindings());
+    const txPublicSetupAllowList = [
+      ...(await getDefaultAllowedSetupFunctions()),
+      ...(this.config.txPublicSetupAllowListExtend ?? []),
+    ];
+    const contractsDB = this.contractsDB;
     const guardedFork = new GuardedMerkleTreeOperations(fork);
 
     const collectDebugLogs = this.debugLogStore.isEnabled;

package/src/config.ts

@@ -6,7 +6,7 @@ import {
   secretValueConfigHelper,
 } from '@aztec/foundation/config';
 import { EthAddress } from '@aztec/foundation/eth-address';
-import { validatorHASignerConfigMappings } from '@aztec/stdlib/ha-signing';
+import { localSignerConfigMappings, validatorHASignerConfigMappings } from '@aztec/stdlib/ha-signing';
 import type { ValidatorClientConfig } from '@aztec/stdlib/interfaces/server';
 
 export type { ValidatorClientConfig };
@@ -77,6 +77,27 @@ export const validatorClientConfigMappings: ConfigMappingsType<ValidatorClientCo
     description: 'Agree to attest to equivocated checkpoint proposals (for testing purposes only)',
     ...booleanConfigHelper(false),
   },
+  validateMaxL2BlockGas: {
+    env: 'VALIDATOR_MAX_L2_BLOCK_GAS',
+    description: 'Maximum L2 block gas for validation. Proposals exceeding this limit are rejected.',
+    parseEnv: (val: string) => (val ? parseInt(val, 10) : undefined),
+  },
+  validateMaxDABlockGas: {
+    env: 'VALIDATOR_MAX_DA_BLOCK_GAS',
+    description: 'Maximum DA block gas for validation. Proposals exceeding this limit are rejected.',
+    parseEnv: (val: string) => (val ? parseInt(val, 10) : undefined),
+  },
+  validateMaxTxsPerBlock: {
+    env: 'VALIDATOR_MAX_TX_PER_BLOCK',
+    description: 'Maximum transactions per block for validation. Proposals exceeding this limit are rejected.',
+    parseEnv: (val: string) => (val ? parseInt(val, 10) : undefined),
+  },
+  validateMaxTxsPerCheckpoint: {
+    env: 'VALIDATOR_MAX_TX_PER_CHECKPOINT',
+    description: 'Maximum transactions per checkpoint for validation. Proposals exceeding this limit are rejected.',
+    parseEnv: (val: string) => (val ? parseInt(val, 10) : undefined),
+  },
+  ...localSignerConfigMappings,
   ...validatorHASignerConfigMappings,
 };
 

package/src/duties/validation_service.ts

@@ -150,16 +150,10 @@ export class ValidationService {
     );
 
     // TODO(spy/ha): Use checkpointNumber instead of blockNumber once CheckpointHeader includes it.
-    // Currently using lastBlock.blockNumber as a proxy for checkpoint identification in HA signing.
+    // CheckpointProposalCore doesn't have lastBlock info, so use 0 as a proxy.
     // blockNumber is NOT used for the primary key so it's safe to use here.
     // See CheckpointHeader TODO and SigningContext types documentation.
-    let blockNumber: BlockNumber;
-    try {
-      blockNumber = proposal.blockNumber;
-    } catch {
-      // Checkpoint proposal may not have lastBlock, use 0 as fallback
-      blockNumber = BlockNumber(0);
-    }
+    const blockNumber = BlockNumber(0);
     const context: SigningContext = {
       slot: proposal.slotNumber,
       blockNumber,
@@ -183,7 +177,7 @@ export class ValidationService {
       } else {
         const error = result.reason;
         if (error instanceof DutyAlreadySignedError || error instanceof SlashingProtectionError) {
-          this.log.info(
+          this.log.verbose(
             `Attestation for slot ${proposal.slotNumber} by ${attestors[i]} already signed by another High-Availability node`,
           );
           // Continue with remaining attestors