@aztec/validator-client 0.0.1-commit.dbf9cec → 0.0.1-commit.df81a97b5

package/src/factory.ts

@@ -7,6 +7,7 @@ import type { L2BlockSink, L2BlockSource } from '@aztec/stdlib/block';
 import type { ValidatorClientFullConfig, WorldStateSynchronizer } from '@aztec/stdlib/interfaces/server';
 import type { L1ToL2MessageSource } from '@aztec/stdlib/messaging';
 import type { TelemetryClient } from '@aztec/telemetry-client';
+import type { SlashingProtectionDatabase } from '@aztec/validator-ha-signer/types';
 
 import { BlockProposalHandler } from './block_proposal_handler.js';
 import type { FullNodeCheckpointsBuilder } from './checkpoint_builder.js';
@@ -29,6 +30,7 @@ export function createBlockProposalHandler(
   const metrics = new ValidatorMetrics(deps.telemetry);
   const blockProposalValidator = new BlockProposalValidator(deps.epochCache, {
     txsPermitted: !config.disableTransactions,
+    maxTxsPerBlock: config.validateMaxTxsPerBlock ?? config.validateMaxTxsPerCheckpoint,
   });
   return new BlockProposalHandler(
     deps.checkpointsBuilder,
@@ -58,6 +60,7 @@ export function createValidatorClient(
     epochCache: EpochCache;
     keyStoreManager: KeystoreManager | undefined;
     blobClient: BlobClientInterface;
+    slashingProtectionDb?: SlashingProtectionDatabase;
   },
 ) {
   if (config.disableValidator || !deps.keyStoreManager) {
@@ -78,5 +81,6 @@ export function createValidatorClient(
     deps.blobClient,
     deps.dateProvider,
     deps.telemetry,
+    deps.slashingProtectionDb,
   );
 }

package/src/key_store/ha_key_store.ts

@@ -240,7 +240,7 @@ export class HAKeyStore implements ExtendedValidatorKeyStore {
     }
 
     if (error instanceof SlashingProtectionError) {
-      this.log.warn(`Duty already signed by another node with different payload`, {
+      this.log.info(`Duty already signed by another node with different payload`, {
         dutyType: context.dutyType,
         slot: context.slot,
         existingMessageHash: error.existingMessageHash,

package/src/metrics.ts

@@ -1,3 +1,5 @@
+import type { EpochNumber } from '@aztec/foundation/branded-types';
+import type { EthAddress } from '@aztec/foundation/eth-address';
 import type { BlockProposal } from '@aztec/stdlib/p2p';
 import {
   Attributes,
@@ -16,6 +18,8 @@ export class ValidatorMetrics {
   private successfulAttestationsCount: UpDownCounter;
   private failedAttestationsBadProposalCount: UpDownCounter;
   private failedAttestationsNodeIssueCount: UpDownCounter;
+  private currentEpoch: Gauge;
+  private attestedEpochCount: UpDownCounter;
 
   private reexMana: Histogram;
   private reexTx: Histogram;
@@ -64,6 +68,10 @@ export class ValidatorMetrics {
       },
     );
 
+    this.currentEpoch = meter.createGauge(Metrics.VALIDATOR_CURRENT_EPOCH);
+
+    this.attestedEpochCount = createUpDownCounterWithDefault(meter, Metrics.VALIDATOR_ATTESTED_EPOCH_COUNT);
+
     this.reexMana = meter.createHistogram(Metrics.VALIDATOR_RE_EXECUTION_MANA);
 
     this.reexTx = meter.createHistogram(Metrics.VALIDATOR_RE_EXECUTION_TX_COUNT);
@@ -110,4 +118,14 @@ export class ValidatorMetrics {
       [Attributes.IS_COMMITTEE_MEMBER]: inCommittee,
     });
   }
+
+  /** Update the gauge tracking the current epoch number (proxy for total epochs elapsed). */
+  public setCurrentEpoch(epoch: EpochNumber) {
+    this.currentEpoch.record(Number(epoch));
+  }
+
+  /** Increment the count of epochs in which the given attester submitted at least one attestation. */
+  public incAttestedEpochCount(attester: EthAddress) {
+    this.attestedEpochCount.add(1, { [Attributes.ATTESTER_ADDRESS]: attester.toString() });
+  }
 }

package/src/validator.ts

@@ -24,6 +24,7 @@ import { AuthRequest, AuthResponse, BlockProposalValidator, ReqRespSubProtocol }
 import { OffenseType, WANT_TO_SLASH_EVENT, type Watcher, type WatcherEmitter } from '@aztec/slasher';
 import type { AztecAddress } from '@aztec/stdlib/aztec-address';
 import type { CommitteeAttestationsAndSigners, L2Block, L2BlockSink, L2BlockSource } from '@aztec/stdlib/block';
+import { validateCheckpoint } from '@aztec/stdlib/checkpoint';
 import { getEpochAtSlot, getTimestampForSlot } from '@aztec/stdlib/epoch-helpers';
 import type {
   CreateCheckpointProposalLastBlockData,
@@ -45,8 +46,12 @@ import type { CheckpointHeader } from '@aztec/stdlib/rollup';
 import type { BlockHeader, CheckpointGlobalVariables, Tx } from '@aztec/stdlib/tx';
 import { AttestationTimeoutError } from '@aztec/stdlib/validators';
 import { type TelemetryClient, type Tracer, getTelemetryClient } from '@aztec/telemetry-client';
-import { createHASigner } from '@aztec/validator-ha-signer/factory';
-import { DutyType, type SigningContext } from '@aztec/validator-ha-signer/types';
+import {
+  createHASigner,
+  createLocalSignerWithProtection,
+  createSignerFromSharedDb,
+} from '@aztec/validator-ha-signer/factory';
+import { DutyType, type SigningContext, type SlashingProtectionDatabase } from '@aztec/validator-ha-signer/types';
 import type { ValidatorHASigner } from '@aztec/validator-ha-signer/validator-ha-signer';
 
 import { EventEmitter } from 'events';
@@ -89,6 +94,8 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
 
   private lastEpochForCommitteeUpdateLoop: EpochNumber | undefined;
   private epochCacheUpdateLoop: RunningPromise;
+  /** Tracks the last epoch in which each attester successfully submitted at least one attestation. */
+  private lastAttestedEpochByAttester: Map<string, EpochNumber> = new Map();
 
   private proposersOfInvalidBlocks: Set<string> = new Set();
 
@@ -106,7 +113,7 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     private l1ToL2MessageSource: L1ToL2MessageSource,
     private config: ValidatorClientFullConfig,
     private blobClient: BlobClientInterface,
-    private haSigner: ValidatorHASigner | undefined,
+    private slashingProtectionSigner: ValidatorHASigner,
     private dateProvider: DateProvider = new DateProvider(),
     telemetry: TelemetryClient = getTelemetryClient(),
     log = createLogger('validator'),
@@ -160,6 +167,7 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
         this.log.trace(`No committee found for slot`);
         return;
       }
+      this.metrics.setCurrentEpoch(epoch);
       if (epoch !== this.lastEpochForCommitteeUpdateLoop) {
         const me = this.getValidatorAddresses();
         const committeeSet = new Set(committee.map(v => v.toString()));
@@ -193,10 +201,12 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     blobClient: BlobClientInterface,
     dateProvider: DateProvider = new DateProvider(),
     telemetry: TelemetryClient = getTelemetryClient(),
+    slashingProtectionDb?: SlashingProtectionDatabase,
   ) {
     const metrics = new ValidatorMetrics(telemetry);
     const blockProposalValidator = new BlockProposalValidator(epochCache, {
       txsPermitted: !config.disableTransactions,
+      maxTxsPerBlock: config.validateMaxTxsPerBlock,
     });
     const blockProposalHandler = new BlockProposalHandler(
       checkpointsBuilder,
@@ -213,18 +223,33 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     );
 
     const nodeKeystoreAdapter = NodeKeystoreAdapter.fromKeyStoreManager(keyStoreManager);
-    let validatorKeyStore: ExtendedValidatorKeyStore = nodeKeystoreAdapter;
-    let haSigner: ValidatorHASigner | undefined;
-    if (config.haSigningEnabled) {
+    let slashingProtectionSigner: ValidatorHASigner;
+    if (slashingProtectionDb) {
+      // Shared database mode: use a pre-existing database (e.g. for testing HA setups).
+      ({ signer: slashingProtectionSigner } = createSignerFromSharedDb(slashingProtectionDb, config, {
+        telemetryClient: telemetry,
+        dateProvider,
+      }));
+    } else if (config.haSigningEnabled) {
+      // Multi-node HA mode: use PostgreSQL-backed distributed locking.
       // If maxStuckDutiesAgeMs is not explicitly set, compute it from Aztec slot duration
       const haConfig = {
         ...config,
         maxStuckDutiesAgeMs: config.maxStuckDutiesAgeMs ?? epochCache.getL1Constants().slotDuration * 2 * 1000,
       };
-      const { signer } = await createHASigner(haConfig, { telemetryClient: telemetry, dateProvider });
-      haSigner = signer;
-      validatorKeyStore = new HAKeyStore(nodeKeystoreAdapter, signer);
+      ({ signer: slashingProtectionSigner } = await createHASigner(haConfig, {
+        telemetryClient: telemetry,
+        dateProvider,
+      }));
+    } else {
+      // Single-node mode: use LMDB-backed local signing protection.
+      // This prevents double-signing if the node crashes and restarts mid-proposal.
+      ({ signer: slashingProtectionSigner } = await createLocalSignerWithProtection(config, {
+        telemetryClient: telemetry,
+        dateProvider,
+      }));
     }
+    const validatorKeyStore: ExtendedValidatorKeyStore = new HAKeyStore(nodeKeystoreAdapter, slashingProtectionSigner);
 
     const validator = new ValidatorClient(
       validatorKeyStore,
@@ -237,7 +262,7 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
       l1ToL2MessageSource,
       config,
       blobClient,
-      haSigner,
+      slashingProtectionSigner,
       dateProvider,
       telemetry,
     );
@@ -276,24 +301,8 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
   }
 
   public reloadKeystore(newManager: KeystoreManager): void {
-    if (this.config.haSigningEnabled && !this.haSigner) {
-      this.log.warn(
-        'HA signing is enabled in config but was not initialized at startup. ' +
-          'Restart the node to enable HA signing.',
-      );
-    } else if (!this.config.haSigningEnabled && this.haSigner) {
-      this.log.warn(
-        'HA signing was disabled via config update but the HA signer is still active. ' +
-          'Restart the node to fully disable HA signing.',
-      );
-    }
-
     const newAdapter = NodeKeystoreAdapter.fromKeyStoreManager(newManager);
-    if (this.haSigner) {
-      this.keyStore = new HAKeyStore(newAdapter, this.haSigner);
-    } else {
-      this.keyStore = newAdapter;
-    }
+    this.keyStore = new HAKeyStore(newAdapter, this.slashingProtectionSigner);
     this.validationService = new ValidationService(this.keyStore, this.log.createChild('validation-service'));
   }
 
@@ -380,13 +389,12 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
       return false;
     }
 
-    // Ignore proposals from ourselves (may happen in HA setups)
+    // Log self-proposals from HA peers (same validator key on different nodes)
     if (this.getValidatorAddresses().some(addr => addr.equals(proposer))) {
-      this.log.warn(`Ignoring block proposal from self for slot ${slotNumber}`, {
+      this.log.verbose(`Processing block proposal from HA peer for slot ${slotNumber}`, {
         proposer: proposer.toString(),
         slotNumber,
       });
-      return false;
     }
 
     // Check if we're in the committee (for metrics purposes)
@@ -418,9 +426,10 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     );
 
     if (!validationResult.isValid) {
-      this.log.warn(`Block proposal validation failed: ${validationResult.reason}`, proposalInfo);
-
       const reason = validationResult.reason || 'unknown';
+
+      this.log.warn(`Block proposal validation failed: ${reason}`, proposalInfo);
+
       // Classify failure reason: bad proposal vs node issue
       const badProposalReasons: BlockProposalValidationFailureReason[] = [
         'invalid_proposal',
@@ -475,26 +484,26 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     proposal: CheckpointProposalCore,
     _proposalSender: PeerId,
   ): Promise<CheckpointAttestation[] | undefined> {
-    const slotNumber = proposal.slotNumber;
+    const proposalSlotNumber = proposal.slotNumber;
     const proposer = proposal.getSender();
 
     // If escape hatch is open for this slot's epoch, do not attest.
-    if (await this.epochCache.isEscapeHatchOpenAtSlot(slotNumber)) {
-      this.log.warn(`Escape hatch open for slot ${slotNumber}, skipping checkpoint attestation handling`);
+    if (await this.epochCache.isEscapeHatchOpenAtSlot(proposalSlotNumber)) {
+      this.log.warn(`Escape hatch open for slot ${proposalSlotNumber}, skipping checkpoint attestation handling`);
       return undefined;
     }
 
     // Reject proposals with invalid signatures
     if (!proposer) {
-      this.log.warn(`Received checkpoint proposal with invalid signature for slot ${slotNumber}`);
+      this.log.warn(`Received checkpoint proposal with invalid signature for proposal slot ${proposalSlotNumber}`);
       return undefined;
     }
 
     // Ignore proposals from ourselves (may happen in HA setups)
     if (this.getValidatorAddresses().some(addr => addr.equals(proposer))) {
-      this.log.warn(`Ignoring block proposal from self for slot ${slotNumber}`, {
+      this.log.debug(`Ignoring block proposal from self for slot ${proposalSlotNumber}`, {
         proposer: proposer.toString(),
-        slotNumber,
+        proposalSlotNumber,
       });
       return undefined;
     }
@@ -502,30 +511,28 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     // Validate fee asset price modifier is within allowed range
     if (!validateFeeAssetPriceModifier(proposal.feeAssetPriceModifier)) {
       this.log.warn(
-        `Received checkpoint proposal with invalid feeAssetPriceModifier ${proposal.feeAssetPriceModifier} for slot ${slotNumber}`,
+        `Received checkpoint proposal with invalid feeAssetPriceModifier ${proposal.feeAssetPriceModifier} for slot ${proposalSlotNumber}`,
       );
       return undefined;
     }
 
-    // Check that I have any address in current committee before attesting
-    const inCommittee = await this.epochCache.filterInCommittee(slotNumber, this.getValidatorAddresses());
+    // Check that I have any address in the committee where this checkpoint will land before attesting
+    const inCommittee = await this.epochCache.filterInCommittee(proposalSlotNumber, this.getValidatorAddresses());
     const partOfCommittee = inCommittee.length > 0;
 
     const proposalInfo = {
-      slotNumber,
+      proposalSlotNumber,
       archive: proposal.archive.toString(),
       proposer: proposer.toString(),
-      txCount: proposal.txHashes.length,
     };
-    this.log.info(`Received checkpoint proposal for slot ${slotNumber}`, {
+    this.log.info(`Received checkpoint proposal for slot ${proposalSlotNumber}`, {
       ...proposalInfo,
-      txHashes: proposal.txHashes.map(t => t.toString()),
       fishermanMode: this.config.fishermanMode || false,
     });
 
     // Validate the checkpoint proposal before attesting (unless skipCheckpointProposalValidation is set)
     if (this.config.skipCheckpointProposalValidation) {
-      this.log.warn(`Skipping checkpoint proposal validation for slot ${slotNumber}`, proposalInfo);
+      this.log.warn(`Skipping checkpoint proposal validation for slot ${proposalSlotNumber}`, proposalInfo);
     } else {
       const validationResult = await this.validateCheckpointProposal(proposal, proposalInfo);
       if (!validationResult.isValid) {
@@ -547,14 +554,28 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     }
 
     // Provided all of the above checks pass, we can attest to the proposal
-    this.log.info(`${partOfCommittee ? 'Attesting to' : 'Validated'} checkpoint proposal for slot ${slotNumber}`, {
-      ...proposalInfo,
-      inCommittee: partOfCommittee,
-      fishermanMode: this.config.fishermanMode || false,
-    });
+    this.log.info(
+      `${partOfCommittee ? 'Attesting to' : 'Validated'} checkpoint proposal for slot ${proposalSlotNumber}`,
+      {
+        ...proposalInfo,
+        inCommittee: partOfCommittee,
+        fishermanMode: this.config.fishermanMode || false,
+      },
+    );
 
     this.metrics.incSuccessfulAttestations(inCommittee.length);
 
+    // Track epoch participation per attester: count each (attester, epoch) pair at most once
+    const proposalEpoch = getEpochAtSlot(proposalSlotNumber, this.epochCache.getL1Constants());
+    for (const attester of inCommittee) {
+      const key = attester.toString();
+      const lastEpoch = this.lastAttestedEpochByAttester.get(key);
+      if (lastEpoch === undefined || proposalEpoch > lastEpoch) {
+        this.lastAttestedEpochByAttester.set(key, proposalEpoch);
+        this.metrics.incAttestedEpochCount(attester);
+      }
+    }
+
     // Determine which validators should attest
     let attestors: EthAddress[];
     if (partOfCommittee) {
@@ -573,7 +594,7 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
 
     if (this.config.fishermanMode) {
       // bail out early and don't save attestations to the pool in fisherman mode
-      this.log.info(`Creating checkpoint attestations for slot ${slotNumber}`, {
+      this.log.info(`Creating checkpoint attestations for slot ${proposalSlotNumber}`, {
         ...proposalInfo,
         attestors: attestors.map(a => a.toString()),
       });
@@ -751,6 +772,20 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
         return { isValid: false, reason: 'out_hash_mismatch' };
       }
 
+      // Final round of validations on the checkpoint, just in case.
+      try {
+        validateCheckpoint(computedCheckpoint, {
+          rollupManaLimit: this.checkpointsBuilder.getConfig().rollupManaLimit,
+          maxDABlockGas: this.config.validateMaxDABlockGas,
+          maxL2BlockGas: this.config.validateMaxL2BlockGas,
+          maxTxsPerBlock: this.config.validateMaxTxsPerBlock,
+          maxTxsPerCheckpoint: this.config.validateMaxTxsPerCheckpoint,
+        });
+      } catch (err) {
+        this.log.warn(`Checkpoint validation failed: ${err}`, proposalInfo);
+        return { isValid: false, reason: 'checkpoint_validation_failed' };
+      }
+
       this.log.verbose(`Checkpoint proposal validation successful for slot ${slot}`, proposalInfo);
       return { isValid: true };
     } finally {