@aztec/validator-client 4.1.2 → 4.2.0-aztecnr-rc.2

package/dest/validator.js

@@ -1,20 +1,27 @@
+import { getBlobsPerL1Block } from '@aztec/blob-lib';
+import { validateFeeAssetPriceModifier } from '@aztec/ethereum/contracts';
+import { BlockNumber, SlotNumber } from '@aztec/foundation/branded-types';
+import { TimeoutError } from '@aztec/foundation/error';
 import { createLogger } from '@aztec/foundation/log';
+import { retryUntil } from '@aztec/foundation/retry';
 import { RunningPromise } from '@aztec/foundation/running-promise';
 import { sleep } from '@aztec/foundation/sleep';
 import { DateProvider } from '@aztec/foundation/timer';
 import { AuthRequest, AuthResponse, BlockProposalValidator, ReqRespSubProtocol } from '@aztec/p2p';
 import { OffenseType, WANT_TO_SLASH_EVENT } from '@aztec/slasher';
-import { getEpochAtSlot } from '@aztec/stdlib/epoch-helpers';
+import { validateCheckpoint } from '@aztec/stdlib/checkpoint';
+import { getEpochAtSlot, getTimestampForSlot } from '@aztec/stdlib/epoch-helpers';
+import { accumulateCheckpointOutHashes } from '@aztec/stdlib/messaging';
 import { AttestationTimeoutError } from '@aztec/stdlib/validators';
 import { getTelemetryClient } from '@aztec/telemetry-client';
-import { createHASigner } from '@aztec/validator-ha-signer/factory';
+import { createHASigner, createSignerFromSharedDb } from '@aztec/validator-ha-signer/factory';
 import { DutyType } from '@aztec/validator-ha-signer/types';
 import { EventEmitter } from 'events';
+import { BlockProposalHandler } from './block_proposal_handler.js';
 import { ValidationService } from './duties/validation_service.js';
 import { HAKeyStore } from './key_store/ha_key_store.js';
 import { NodeKeystoreAdapter } from './key_store/node_keystore_adapter.js';
 import { ValidatorMetrics } from './metrics.js';
-import { ProposalHandler } from './proposal_handler.js';
 // We maintain a set of proposers who have proposed invalid blocks.
 // Just cap the set to avoid unbounded growth.
 const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
@@ -29,7 +36,11 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
     keyStore;
     epochCache;
     p2pClient;
-    proposalHandler;
+    blockProposalHandler;
+    blockSource;
+    checkpointsBuilder;
+    worldState;
+    l1ToL2MessageSource;
     config;
     blobClient;
     haSigner;
@@ -47,8 +58,8 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
     /** Tracks the last epoch in which each attester successfully submitted at least one attestation. */ lastAttestedEpochByAttester;
     proposersOfInvalidBlocks;
     /** Tracks the last checkpoint proposal we attested to, to prevent equivocation. */ lastAttestedProposal;
-    constructor(keyStore, epochCache, p2pClient, proposalHandler, config, blobClient, haSigner, dateProvider = new DateProvider(), telemetry = getTelemetryClient(), log = createLogger('validator')){
-        super(), this.keyStore = keyStore, this.epochCache = epochCache, this.p2pClient = p2pClient, this.proposalHandler = proposalHandler, this.config = config, this.blobClient = blobClient, this.haSigner = haSigner, this.dateProvider = dateProvider, this.hasRegisteredHandlers = false, this.lastAttestedEpochByAttester = new Map(), this.proposersOfInvalidBlocks = new Set();
+    constructor(keyStore, epochCache, p2pClient, blockProposalHandler, blockSource, checkpointsBuilder, worldState, l1ToL2MessageSource, config, blobClient, haSigner, dateProvider = new DateProvider(), telemetry = getTelemetryClient(), log = createLogger('validator')){
+        super(), this.keyStore = keyStore, this.epochCache = epochCache, this.p2pClient = p2pClient, this.blockProposalHandler = blockProposalHandler, this.blockSource = blockSource, this.checkpointsBuilder = checkpointsBuilder, this.worldState = worldState, this.l1ToL2MessageSource = l1ToL2MessageSource, this.config = config, this.blobClient = blobClient, this.haSigner = haSigner, this.dateProvider = dateProvider, this.hasRegisteredHandlers = false, this.lastAttestedEpochByAttester = new Map(), this.proposersOfInvalidBlocks = new Set();
         // Create child logger with fisherman prefix if in fisherman mode
         this.log = config.fishermanMode ? log.createChild('[FISHERMAN]') : log;
         this.tracer = telemetry.getTracer('Validator');
@@ -103,17 +114,22 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
             this.log.error(`Error updating epoch committee`, err);
         }
     }
-    static async new(config, checkpointsBuilder, worldState, epochCache, p2pClient, blockSource, l1ToL2MessageSource, txProvider, keyStoreManager, blobClient, dateProvider = new DateProvider(), telemetry = getTelemetryClient()) {
+    static async new(config, checkpointsBuilder, worldState, epochCache, p2pClient, blockSource, l1ToL2MessageSource, txProvider, keyStoreManager, blobClient, dateProvider = new DateProvider(), telemetry = getTelemetryClient(), slashingProtectionDb) {
         const metrics = new ValidatorMetrics(telemetry);
         const blockProposalValidator = new BlockProposalValidator(epochCache, {
             txsPermitted: !config.disableTransactions,
             maxTxsPerBlock: config.validateMaxTxsPerBlock
         });
-        const proposalHandler = new ProposalHandler(checkpointsBuilder, worldState, blockSource, l1ToL2MessageSource, txProvider, blockProposalValidator, epochCache, config, blobClient, metrics, dateProvider, telemetry);
+        const blockProposalHandler = new BlockProposalHandler(checkpointsBuilder, worldState, blockSource, l1ToL2MessageSource, txProvider, blockProposalValidator, epochCache, config, metrics, dateProvider, telemetry);
         const nodeKeystoreAdapter = NodeKeystoreAdapter.fromKeyStoreManager(keyStoreManager);
         let validatorKeyStore = nodeKeystoreAdapter;
         let haSigner;
-        if (config.haSigningEnabled) {
+        if (slashingProtectionDb) {
+            // Shared database mode: use a pre-existing database (e.g. for testing HA setups).
+            const { signer } = createSignerFromSharedDb(slashingProtectionDb, config);
+            haSigner = signer;
+            validatorKeyStore = new HAKeyStore(nodeKeystoreAdapter, signer);
+        } else if (config.haSigningEnabled) {
             // If maxStuckDutiesAgeMs is not explicitly set, compute it from Aztec slot duration
             const haConfig = {
                 ...config,
@@ -123,14 +139,14 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
             haSigner = signer;
             validatorKeyStore = new HAKeyStore(nodeKeystoreAdapter, signer);
         }
-        const validator = new ValidatorClient(validatorKeyStore, epochCache, p2pClient, proposalHandler, config, blobClient, haSigner, dateProvider, telemetry);
+        const validator = new ValidatorClient(validatorKeyStore, epochCache, p2pClient, blockProposalHandler, blockSource, checkpointsBuilder, worldState, l1ToL2MessageSource, config, blobClient, haSigner, dateProvider, telemetry);
         return validator;
     }
     getValidatorAddresses() {
         return this.keyStore.getAddresses().filter((addr)=>!this.config.disabledValidators.some((disabled)=>disabled.equals(addr)));
     }
-    getProposalHandler() {
-        return this.proposalHandler;
+    getBlockProposalHandler() {
+        return this.blockProposalHandler;
     }
     signWithAddress(addr, msg, context) {
         return this.keyStore.signTypedDataWithAddress(addr, msg, context);
@@ -247,7 +263,7 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
         // In fisherman mode, we always reexecute to validate proposals.
         const { validatorReexecute, slashBroadcastedInvalidBlockPenalty, alwaysReexecuteBlockProposals, fishermanMode } = this.config;
         const shouldReexecute = fishermanMode || slashBroadcastedInvalidBlockPenalty > 0n && validatorReexecute || partOfCommittee && validatorReexecute || alwaysReexecuteBlockProposals || this.blobClient.canUpload();
-        const validationResult = await this.proposalHandler.handleBlockProposal(proposal, proposalSender, !!shouldReexecute && !escapeHatchOpen);
+        const validationResult = await this.blockProposalHandler.handleBlockProposal(proposal, proposalSender, !!shouldReexecute && !escapeHatchOpen);
         if (!validationResult.isValid) {
             const reason = validationResult.reason || 'unknown';
             this.log.warn(`Block proposal validation failed: ${reason}`, proposalInfo);
@@ -297,36 +313,50 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
             this.log.warn(`Escape hatch open for slot ${slotNumber}, skipping checkpoint attestation handling`);
             return undefined;
         }
+        // Reject proposals with invalid signatures
+        if (!proposer) {
+            this.log.warn(`Received checkpoint proposal with invalid signature for slot ${slotNumber}`);
+            return undefined;
+        }
         // Ignore proposals from ourselves (may happen in HA setups)
-        if (proposer && this.getValidatorAddresses().some((addr)=>addr.equals(proposer))) {
+        if (this.getValidatorAddresses().some((addr)=>addr.equals(proposer))) {
             this.log.debug(`Ignoring block proposal from self for slot ${slotNumber}`, {
                 proposer: proposer.toString(),
                 slotNumber
             });
             return undefined;
         }
-        // Check that I have any address in the committee where this checkpoint will land before attesting
+        // Validate fee asset price modifier is within allowed range
+        if (!validateFeeAssetPriceModifier(proposal.feeAssetPriceModifier)) {
+            this.log.warn(`Received checkpoint proposal with invalid feeAssetPriceModifier ${proposal.feeAssetPriceModifier} for slot ${slotNumber}`);
+            return undefined;
+        }
+        // Check that I have any address in current committee before attesting
         const inCommittee = await this.epochCache.filterInCommittee(slotNumber, this.getValidatorAddresses());
         const partOfCommittee = inCommittee.length > 0;
         const proposalInfo = {
             slotNumber,
             archive: proposal.archive.toString(),
-            proposer: proposer?.toString()
+            proposer: proposer.toString()
         };
         this.log.info(`Received checkpoint proposal for slot ${slotNumber}`, {
             ...proposalInfo,
             fishermanMode: this.config.fishermanMode || false
         });
-        // Validate the checkpoint proposal and upload blobs (unless skipCheckpointProposalValidation is set)
+        // Validate the checkpoint proposal before attesting (unless skipCheckpointProposalValidation is set)
         if (this.config.skipCheckpointProposalValidation) {
             this.log.warn(`Skipping checkpoint proposal validation for slot ${slotNumber}`, proposalInfo);
         } else {
-            const validationResult = await this.proposalHandler.handleCheckpointProposal(proposal, proposalInfo);
+            const validationResult = await this.validateCheckpointProposal(proposal, proposalInfo);
             if (!validationResult.isValid) {
                 this.log.warn(`Checkpoint proposal validation failed: ${validationResult.reason}`, proposalInfo);
                 return undefined;
             }
         }
+        // Upload blobs to filestore if we can (fire and forget)
+        if (this.blobClient.canUpload()) {
+            void this.uploadBlobsForCheckpoint(proposal, proposalInfo);
+        }
         // Check that I have any address in current committee before attesting
         // In fisherman mode, we still create attestations for validation even if not in committee
         if (!partOfCommittee && !this.config.fishermanMode) {
@@ -400,6 +430,189 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
         await this.p2pClient.addOwnCheckpointAttestations(attestations);
         return attestations;
     }
+    /**
+   * Validates a checkpoint proposal by building the full checkpoint and comparing it with the proposal.
+   * @returns Validation result with isValid flag and reason if invalid.
+   */ async validateCheckpointProposal(proposal, proposalInfo) {
+        const slot = proposal.slotNumber;
+        // Timeout block syncing at the start of the next slot
+        const config = this.checkpointsBuilder.getConfig();
+        const nextSlotTimestampSeconds = Number(getTimestampForSlot(SlotNumber(slot + 1), config));
+        const timeoutSeconds = Math.max(1, nextSlotTimestampSeconds - Math.floor(this.dateProvider.now() / 1000));
+        // Wait for last block to sync by archive
+        let lastBlockHeader;
+        try {
+            lastBlockHeader = await retryUntil(async ()=>{
+                await this.blockSource.syncImmediate();
+                return this.blockSource.getBlockHeaderByArchive(proposal.archive);
+            }, `waiting for block with archive ${proposal.archive.toString()} for slot ${slot}`, timeoutSeconds, 0.5);
+        } catch (err) {
+            if (err instanceof TimeoutError) {
+                this.log.warn(`Timed out waiting for block with archive matching checkpoint proposal`, proposalInfo);
+                return {
+                    isValid: false,
+                    reason: 'last_block_not_found'
+                };
+            }
+            this.log.error(`Error fetching last block for checkpoint proposal`, err, proposalInfo);
+            return {
+                isValid: false,
+                reason: 'block_fetch_error'
+            };
+        }
+        if (!lastBlockHeader) {
+            this.log.warn(`Last block not found for checkpoint proposal`, proposalInfo);
+            return {
+                isValid: false,
+                reason: 'last_block_not_found'
+            };
+        }
+        // Get all full blocks for the slot and checkpoint
+        const blocks = await this.blockSource.getBlocksForSlot(slot);
+        if (blocks.length === 0) {
+            this.log.warn(`No blocks found for slot ${slot}`, proposalInfo);
+            return {
+                isValid: false,
+                reason: 'no_blocks_for_slot'
+            };
+        }
+        // Ensure the last block for this slot matches the archive in the checkpoint proposal
+        if (!blocks.at(-1)?.archive.root.equals(proposal.archive)) {
+            this.log.warn(`Last block archive mismatch for checkpoint proposal`, proposalInfo);
+            return {
+                isValid: false,
+                reason: 'last_block_archive_mismatch'
+            };
+        }
+        this.log.debug(`Found ${blocks.length} blocks for slot ${slot}`, {
+            ...proposalInfo,
+            blockNumbers: blocks.map((b)=>b.number)
+        });
+        // Get checkpoint constants from first block
+        const firstBlock = blocks[0];
+        const constants = this.extractCheckpointConstants(firstBlock);
+        const checkpointNumber = firstBlock.checkpointNumber;
+        // Get L1-to-L2 messages for this checkpoint
+        const l1ToL2Messages = await this.l1ToL2MessageSource.getL1ToL2Messages(checkpointNumber);
+        // Collect the out hashes of all the checkpoints before this one in the same epoch
+        const epoch = getEpochAtSlot(slot, this.epochCache.getL1Constants());
+        const previousCheckpointOutHashes = (await this.blockSource.getCheckpointsDataForEpoch(epoch)).filter((c)=>c.checkpointNumber < checkpointNumber).map((c)=>c.checkpointOutHash);
+        // Fork world state at the block before the first block
+        const parentBlockNumber = BlockNumber(firstBlock.number - 1);
+        const fork = await this.worldState.fork(parentBlockNumber);
+        try {
+            // Create checkpoint builder with all existing blocks
+            const checkpointBuilder = await this.checkpointsBuilder.openCheckpoint(checkpointNumber, constants, proposal.feeAssetPriceModifier, l1ToL2Messages, previousCheckpointOutHashes, fork, blocks, this.log.getBindings());
+            // Complete the checkpoint to get computed values
+            const computedCheckpoint = await checkpointBuilder.completeCheckpoint();
+            // Compare checkpoint header with proposal
+            if (!computedCheckpoint.header.equals(proposal.checkpointHeader)) {
+                this.log.warn(`Checkpoint header mismatch`, {
+                    ...proposalInfo,
+                    computed: computedCheckpoint.header.toInspect(),
+                    proposal: proposal.checkpointHeader.toInspect()
+                });
+                return {
+                    isValid: false,
+                    reason: 'checkpoint_header_mismatch'
+                };
+            }
+            // Compare archive root with proposal
+            if (!computedCheckpoint.archive.root.equals(proposal.archive)) {
+                this.log.warn(`Archive root mismatch`, {
+                    ...proposalInfo,
+                    computed: computedCheckpoint.archive.root.toString(),
+                    proposal: proposal.archive.toString()
+                });
+                return {
+                    isValid: false,
+                    reason: 'archive_mismatch'
+                };
+            }
+            // Check that the accumulated epoch out hash matches the value in the proposal.
+            // The epoch out hash is the accumulated hash of all checkpoint out hashes in the epoch.
+            const checkpointOutHash = computedCheckpoint.getCheckpointOutHash();
+            const computedEpochOutHash = accumulateCheckpointOutHashes([
+                ...previousCheckpointOutHashes,
+                checkpointOutHash
+            ]);
+            const proposalEpochOutHash = proposal.checkpointHeader.epochOutHash;
+            if (!computedEpochOutHash.equals(proposalEpochOutHash)) {
+                this.log.warn(`Epoch out hash mismatch`, {
+                    proposalEpochOutHash: proposalEpochOutHash.toString(),
+                    computedEpochOutHash: computedEpochOutHash.toString(),
+                    checkpointOutHash: checkpointOutHash.toString(),
+                    previousCheckpointOutHashes: previousCheckpointOutHashes.map((h)=>h.toString()),
+                    ...proposalInfo
+                });
+                return {
+                    isValid: false,
+                    reason: 'out_hash_mismatch'
+                };
+            }
+            // Final round of validations on the checkpoint, just in case.
+            try {
+                validateCheckpoint(computedCheckpoint, {
+                    rollupManaLimit: this.checkpointsBuilder.getConfig().rollupManaLimit,
+                    maxDABlockGas: this.config.validateMaxDABlockGas,
+                    maxL2BlockGas: this.config.validateMaxL2BlockGas,
+                    maxTxsPerBlock: this.config.validateMaxTxsPerBlock,
+                    maxTxsPerCheckpoint: this.config.validateMaxTxsPerCheckpoint
+                });
+            } catch (err) {
+                this.log.warn(`Checkpoint validation failed: ${err}`, proposalInfo);
+                return {
+                    isValid: false,
+                    reason: 'checkpoint_validation_failed'
+                };
+            }
+            this.log.verbose(`Checkpoint proposal validation successful for slot ${slot}`, proposalInfo);
+            return {
+                isValid: true
+            };
+        } finally{
+            await fork.close();
+        }
+    }
+    /**
+   * Extract checkpoint global variables from a block.
+   */ extractCheckpointConstants(block) {
+        const gv = block.header.globalVariables;
+        return {
+            chainId: gv.chainId,
+            version: gv.version,
+            slotNumber: gv.slotNumber,
+            timestamp: gv.timestamp,
+            coinbase: gv.coinbase,
+            feeRecipient: gv.feeRecipient,
+            gasFees: gv.gasFees
+        };
+    }
+    /**
+   * Uploads blobs for a checkpoint to the filestore (fire and forget).
+   */ async uploadBlobsForCheckpoint(proposal, proposalInfo) {
+        try {
+            const lastBlockHeader = await this.blockSource.getBlockHeaderByArchive(proposal.archive);
+            if (!lastBlockHeader) {
+                this.log.warn(`Failed to get last block header for blob upload`, proposalInfo);
+                return;
+            }
+            const blocks = await this.blockSource.getBlocksForSlot(proposal.slotNumber);
+            if (blocks.length === 0) {
+                this.log.warn(`No blocks found for blob upload`, proposalInfo);
+                return;
+            }
+            const blobFields = blocks.flatMap((b)=>b.toBlobFields());
+            const blobs = await getBlobsPerL1Block(blobFields);
+            await this.blobClient.sendBlobsToFilestore(blobs);
+            this.log.debug(`Uploaded ${blobs.length} blobs to filestore for checkpoint at slot ${proposal.slotNumber}`, {
+                ...proposalInfo,
+                numBlobs: blobs.length
+            });
+        } catch (err) {
+            this.log.warn(`Failed to upload blobs for checkpoint: ${err}`, proposalInfo);
+        }
+    }
     slashInvalidBlock(proposal) {
         const proposer = proposal.getSender();
         // Skip if signature is invalid (shouldn't happen since we validate earlier)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aztec/validator-client",
-  "version": "4.1.2",
+  "version": "4.2.0-aztecnr-rc.2",
   "main": "dest/index.js",
   "type": "module",
   "exports": {
@@ -64,30 +64,30 @@
     ]
   },
   "dependencies": {
-    "@aztec/blob-client": "4.1.2",
-    "@aztec/blob-lib": "4.1.2",
-    "@aztec/constants": "4.1.2",
-    "@aztec/epoch-cache": "4.1.2",
-    "@aztec/ethereum": "4.1.2",
-    "@aztec/foundation": "4.1.2",
-    "@aztec/node-keystore": "4.1.2",
-    "@aztec/noir-protocol-circuits-types": "4.1.2",
-    "@aztec/p2p": "4.1.2",
-    "@aztec/protocol-contracts": "4.1.2",
-    "@aztec/prover-client": "4.1.2",
-    "@aztec/simulator": "4.1.2",
-    "@aztec/slasher": "4.1.2",
-    "@aztec/stdlib": "4.1.2",
-    "@aztec/telemetry-client": "4.1.2",
-    "@aztec/validator-ha-signer": "4.1.2",
+    "@aztec/blob-client": "4.2.0-aztecnr-rc.2",
+    "@aztec/blob-lib": "4.2.0-aztecnr-rc.2",
+    "@aztec/constants": "4.2.0-aztecnr-rc.2",
+    "@aztec/epoch-cache": "4.2.0-aztecnr-rc.2",
+    "@aztec/ethereum": "4.2.0-aztecnr-rc.2",
+    "@aztec/foundation": "4.2.0-aztecnr-rc.2",
+    "@aztec/node-keystore": "4.2.0-aztecnr-rc.2",
+    "@aztec/noir-protocol-circuits-types": "4.2.0-aztecnr-rc.2",
+    "@aztec/p2p": "4.2.0-aztecnr-rc.2",
+    "@aztec/protocol-contracts": "4.2.0-aztecnr-rc.2",
+    "@aztec/prover-client": "4.2.0-aztecnr-rc.2",
+    "@aztec/simulator": "4.2.0-aztecnr-rc.2",
+    "@aztec/slasher": "4.2.0-aztecnr-rc.2",
+    "@aztec/stdlib": "4.2.0-aztecnr-rc.2",
+    "@aztec/telemetry-client": "4.2.0-aztecnr-rc.2",
+    "@aztec/validator-ha-signer": "4.2.0-aztecnr-rc.2",
     "koa": "^2.16.1",
     "koa-router": "^13.1.1",
     "tslib": "^2.4.0",
     "viem": "npm:@aztec/viem@2.38.2"
   },
   "devDependencies": {
-    "@aztec/archiver": "4.1.2",
-    "@aztec/world-state": "4.1.2",
+    "@aztec/archiver": "4.2.0-aztecnr-rc.2",
+    "@aztec/world-state": "4.2.0-aztecnr-rc.2",
     "@electric-sql/pglite": "^0.3.14",
     "@jest/globals": "^30.0.0",
     "@types/jest": "^30.0.0",