@aztec/validator-client 5.0.0-private.20260319 → 5.0.0-rc.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dest/validator.js CHANGED
@@ -1,42 +1,37 @@
1
1
  import { getBlobsPerL1Block } from '@aztec/blob-lib';
2
- import { validateFeeAssetPriceModifier } from '@aztec/ethereum/contracts';
3
- import { BlockNumber, SlotNumber } from '@aztec/foundation/branded-types';
4
- import { TimeoutError } from '@aztec/foundation/error';
2
+ import { CheckpointNumber } from '@aztec/foundation/branded-types';
3
+ import { FifoSet } from '@aztec/foundation/fifo-set';
5
4
  import { createLogger } from '@aztec/foundation/log';
6
- import { retryUntil } from '@aztec/foundation/retry';
7
5
  import { RunningPromise } from '@aztec/foundation/running-promise';
8
6
  import { sleep } from '@aztec/foundation/sleep';
9
7
  import { DateProvider } from '@aztec/foundation/timer';
10
8
  import { AuthRequest, AuthResponse, BlockProposalValidator, ReqRespSubProtocol } from '@aztec/p2p';
11
- import { OffenseType, WANT_TO_SLASH_EVENT } from '@aztec/slasher';
12
- import { validateCheckpoint } from '@aztec/stdlib/checkpoint';
13
- import { getEpochAtSlot, getTimestampForSlot } from '@aztec/stdlib/epoch-helpers';
14
- import { accumulateCheckpointOutHashes } from '@aztec/stdlib/messaging';
9
+ import { OffenseType, WANT_TO_CLEAR_SLASH_EVENT, WANT_TO_SLASH_EVENT, getOffenseTypeName } from '@aztec/slasher';
10
+ import { getEpochAtSlot } from '@aztec/stdlib/epoch-helpers';
11
+ import { ConsensusTimetable } from '@aztec/stdlib/timetable';
15
12
  import { AttestationTimeoutError } from '@aztec/stdlib/validators';
16
13
  import { getTelemetryClient } from '@aztec/telemetry-client';
17
14
  import { createHASigner, createLocalSignerWithProtection, createSignerFromSharedDb } from '@aztec/validator-ha-signer/factory';
18
15
  import { DutyType } from '@aztec/validator-ha-signer/types';
19
16
  import { EventEmitter } from 'events';
20
- import { BlockProposalHandler } from './block_proposal_handler.js';
17
+ import { DEFAULT_MAX_GOSSIP_CLOCK_DISPARITY_MS } from './config.js';
21
18
  import { ValidationService } from './duties/validation_service.js';
22
19
  import { HAKeyStore } from './key_store/ha_key_store.js';
23
20
  import { NodeKeystoreAdapter } from './key_store/node_keystore_adapter.js';
24
21
  import { ValidatorMetrics } from './metrics.js';
22
+ import { ProposalHandler, SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT, SLASHABLE_CHECKPOINT_PROPOSAL_VALIDATION_RESULT } from './proposal_handler.js';
25
23
  // We maintain a set of proposers who have proposed invalid blocks.
26
24
  // Just cap the set to avoid unbounded growth.
27
25
  const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
28
- // What errors from the block proposal handler result in slashing
29
- const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
30
- 'state_mismatch',
31
- 'failed_txs'
32
- ];
26
+ const MAX_TRACKED_INVALID_CHECKPOINT_PROPOSALS = 1000;
27
+ const MAX_TRACKED_BAD_ATTESTATIONS = 10_000;
33
28
  /**
34
29
  * Validator Client
35
30
  */ export class ValidatorClient extends EventEmitter {
36
31
  keyStore;
37
32
  epochCache;
38
33
  p2pClient;
39
- blockProposalHandler;
34
+ proposalHandler;
40
35
  blockSource;
41
36
  checkpointsBuilder;
42
37
  worldState;
@@ -57,14 +52,18 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
57
52
  epochCacheUpdateLoop;
58
53
  /** Tracks the last epoch in which each attester successfully submitted at least one attestation. */ lastAttestedEpochByAttester;
59
54
  proposersOfInvalidBlocks;
55
+ invalidCheckpointProposalOffenseKeys;
56
+ oversizedProposalOffenseKeys;
57
+ badAttestationOffenseKeys;
60
58
  /** Tracks the last checkpoint proposal we attested to, to prevent equivocation. */ lastAttestedProposal;
61
- constructor(keyStore, epochCache, p2pClient, blockProposalHandler, blockSource, checkpointsBuilder, worldState, l1ToL2MessageSource, config, blobClient, slashingProtectionSigner, dateProvider = new DateProvider(), telemetry = getTelemetryClient(), log = createLogger('validator')){
62
- super(), this.keyStore = keyStore, this.epochCache = epochCache, this.p2pClient = p2pClient, this.blockProposalHandler = blockProposalHandler, this.blockSource = blockSource, this.checkpointsBuilder = checkpointsBuilder, this.worldState = worldState, this.l1ToL2MessageSource = l1ToL2MessageSource, this.config = config, this.blobClient = blobClient, this.slashingProtectionSigner = slashingProtectionSigner, this.dateProvider = dateProvider, this.hasRegisteredHandlers = false, this.lastAttestedEpochByAttester = new Map(), this.proposersOfInvalidBlocks = new Set();
59
+ constructor(keyStore, epochCache, p2pClient, proposalHandler, blockSource, checkpointsBuilder, worldState, l1ToL2MessageSource, config, blobClient, slashingProtectionSigner, dateProvider = new DateProvider(), telemetry = getTelemetryClient(), log = createLogger('validator')){
60
+ super(), this.keyStore = keyStore, this.epochCache = epochCache, this.p2pClient = p2pClient, this.proposalHandler = proposalHandler, this.blockSource = blockSource, this.checkpointsBuilder = checkpointsBuilder, this.worldState = worldState, this.l1ToL2MessageSource = l1ToL2MessageSource, this.config = config, this.blobClient = blobClient, this.slashingProtectionSigner = slashingProtectionSigner, this.dateProvider = dateProvider, this.hasRegisteredHandlers = false, this.lastAttestedEpochByAttester = new Map(), this.proposersOfInvalidBlocks = FifoSet.withLimit(MAX_PROPOSERS_OF_INVALID_BLOCKS), this.invalidCheckpointProposalOffenseKeys = FifoSet.withLimit(MAX_TRACKED_INVALID_CHECKPOINT_PROPOSALS), this.oversizedProposalOffenseKeys = FifoSet.withLimit(MAX_TRACKED_INVALID_CHECKPOINT_PROPOSALS), this.badAttestationOffenseKeys = FifoSet.withLimit(MAX_TRACKED_BAD_ATTESTATIONS);
63
61
  // Create child logger with fisherman prefix if in fisherman mode
64
62
  this.log = config.fishermanMode ? log.createChild('[FISHERMAN]') : log;
65
63
  this.tracer = telemetry.getTracer('Validator');
66
64
  this.metrics = new ValidatorMetrics(telemetry);
67
- this.validationService = new ValidationService(keyStore, this.log.createChild('validation-service'));
65
+ this.validationService = new ValidationService(keyStore, this.getSignatureContext(), this.log.createChild('validation-service'));
66
+ this.proposalHandler.setCheckpointProposalValidationFailureCallback((proposal, result, proposalInfo)=>this.handleInvalidCheckpointProposal(proposal, result, proposalInfo));
68
67
  // Refresh epoch cache every second to trigger alert if participation in committee changes
69
68
  this.epochCacheUpdateLoop = new RunningPromise(this.handleEpochCommitteeUpdate.bind(this), this.log, 1000);
70
69
  const myAddresses = this.getValidatorAddresses();
@@ -114,13 +113,24 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
114
113
  this.log.error(`Error updating epoch committee`, err);
115
114
  }
116
115
  }
117
- static async new(config, checkpointsBuilder, worldState, epochCache, p2pClient, blockSource, l1ToL2MessageSource, txProvider, keyStoreManager, blobClient, dateProvider = new DateProvider(), telemetry = getTelemetryClient(), slashingProtectionDb) {
116
+ static async new(config, checkpointsBuilder, worldState, epochCache, p2pClient, blockSource, l1ToL2MessageSource, txProvider, keyStoreManager, blobClient, reexecutionTracker, dateProvider = new DateProvider(), telemetry = getTelemetryClient(), slashingProtectionDb) {
118
117
  const metrics = new ValidatorMetrics(telemetry);
119
- const blockProposalValidator = new BlockProposalValidator(epochCache, {
118
+ const consensusTimetable = new ConsensusTimetable({
119
+ l1Constants: epochCache.getL1Constants(),
120
+ blockDuration: config.blockDurationMs / 1000
121
+ });
122
+ const blockProposalValidator = new BlockProposalValidator(epochCache, consensusTimetable, {
120
123
  txsPermitted: !config.disableTransactions,
121
- maxTxsPerBlock: config.validateMaxTxsPerBlock
124
+ maxTxsPerBlock: config.validateMaxTxsPerBlock,
125
+ maxBlocksPerCheckpoint: config.maxBlocksPerCheckpoint,
126
+ skipSlotValidation: config.skipProposalSlotValidation,
127
+ signatureContext: {
128
+ chainId: config.l1ChainId,
129
+ rollupAddress: config.rollupAddress
130
+ },
131
+ clockDisparityMs: config.maxGossipClockDisparityMs ?? DEFAULT_MAX_GOSSIP_CLOCK_DISPARITY_MS
122
132
  });
123
- const blockProposalHandler = new BlockProposalHandler(checkpointsBuilder, worldState, blockSource, l1ToL2MessageSource, txProvider, blockProposalValidator, epochCache, config, metrics, dateProvider, telemetry);
133
+ const proposalHandler = new ProposalHandler(checkpointsBuilder, worldState, blockSource, l1ToL2MessageSource, txProvider, blockProposalValidator, epochCache, consensusTimetable, config, blobClient, reexecutionTracker, metrics, dateProvider, telemetry, undefined);
124
134
  const nodeKeystoreAdapter = NodeKeystoreAdapter.fromKeyStoreManager(keyStoreManager);
125
135
  let slashingProtectionSigner;
126
136
  if (slashingProtectionDb) {
@@ -149,18 +159,24 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
149
159
  }));
150
160
  }
151
161
  const validatorKeyStore = new HAKeyStore(nodeKeystoreAdapter, slashingProtectionSigner);
152
- const validator = new ValidatorClient(validatorKeyStore, epochCache, p2pClient, blockProposalHandler, blockSource, checkpointsBuilder, worldState, l1ToL2MessageSource, config, blobClient, slashingProtectionSigner, dateProvider, telemetry);
162
+ const validator = new ValidatorClient(validatorKeyStore, epochCache, p2pClient, proposalHandler, blockSource, checkpointsBuilder, worldState, l1ToL2MessageSource, config, blobClient, slashingProtectionSigner, dateProvider, telemetry);
153
163
  return validator;
154
164
  }
155
165
  getValidatorAddresses() {
156
166
  return this.keyStore.getAddresses().filter((addr)=>!this.config.disabledValidators.some((disabled)=>disabled.equals(addr)));
157
167
  }
158
- getBlockProposalHandler() {
159
- return this.blockProposalHandler;
168
+ getProposalHandler() {
169
+ return this.proposalHandler;
160
170
  }
161
171
  signWithAddress(addr, msg, context) {
162
172
  return this.keyStore.signTypedDataWithAddress(addr, msg, context);
163
173
  }
174
+ getSignatureContext() {
175
+ return {
176
+ chainId: this.config.l1ChainId,
177
+ rollupAddress: this.config.rollupAddress
178
+ };
179
+ }
164
180
  getCoinbaseForAttestor(attestor) {
165
181
  return this.keyStore.getCoinbaseAddress(attestor);
166
182
  }
@@ -170,16 +186,23 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
170
186
  getConfig() {
171
187
  return this.config;
172
188
  }
189
+ hasProposalEquivocation(slotNumber) {
190
+ return this.proposalHandler.hasProposalEquivocation(slotNumber);
191
+ }
192
+ hasInvalidProposals(slotNumber) {
193
+ return this.proposalHandler.hasInvalidProposals(slotNumber);
194
+ }
173
195
  updateConfig(config) {
174
196
  this.config = {
175
197
  ...this.config,
176
198
  ...config
177
199
  };
200
+ this.proposalHandler.updateConfig(config);
178
201
  }
179
202
  reloadKeystore(newManager) {
180
203
  const newAdapter = NodeKeystoreAdapter.fromKeyStoreManager(newManager);
181
204
  this.keyStore = new HAKeyStore(newAdapter, this.slashingProtectionSigner);
182
- this.validationService = new ValidationService(this.keyStore, this.log.createChild('validation-service'));
205
+ this.validationService = new ValidationService(this.keyStore, this.getSignatureContext(), this.log.createChild('validation-service'));
183
206
  }
184
207
  async start() {
185
208
  if (this.epochCacheUpdateLoop.isRunning()) {
@@ -212,15 +235,22 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
212
235
  // The checkpoint is received as CheckpointProposalCore since the lastBlock is extracted
213
236
  // and processed separately via the block handler above.
214
237
  const checkpointHandler = (checkpoint, proposalSender)=>this.attestToCheckpointProposal(checkpoint, proposalSender);
215
- this.p2pClient.registerCheckpointProposalHandler(checkpointHandler);
238
+ this.p2pClient.registerValidatorCheckpointProposalHandler(checkpointHandler);
216
239
  // Duplicate proposal handler - triggers slashing for equivocation
217
240
  this.p2pClient.registerDuplicateProposalCallback((info)=>{
218
241
  this.handleDuplicateProposal(info);
219
242
  });
243
+ // Oversized proposal handler - triggers slashing for proposals beyond the per-checkpoint block limit
244
+ this.p2pClient.registerOversizedProposalCallback((info)=>{
245
+ this.handleOversizedProposal(info);
246
+ });
220
247
  // Duplicate attestation handler - triggers slashing for attestation equivocation
221
248
  this.p2pClient.registerDuplicateAttestationCallback((info)=>{
222
249
  this.handleDuplicateAttestation(info);
223
250
  });
251
+ this.p2pClient.registerCheckpointAttestationCallback((attestation)=>{
252
+ this.handleCheckpointAttestation(attestation);
253
+ });
224
254
  const myAddresses = this.getValidatorAddresses();
225
255
  this.p2pClient.registerThisValidatorAddresses(myAddresses);
226
256
  await this.p2pClient.addReqRespSubProtocol(ReqRespSubProtocol.AUTH, this.handleAuthRequest.bind(this));
@@ -260,11 +290,8 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
260
290
  txHashes: proposal.txHashes.map((t)=>t.toString()),
261
291
  fishermanMode: this.config.fishermanMode || false
262
292
  });
263
- // Reexecute txs if we are part of the committee, or if slashing is enabled, or if we are configured to always reexecute.
264
- // In fisherman mode, we always reexecute to validate proposals.
265
- const { validatorReexecute, slashBroadcastedInvalidBlockPenalty, alwaysReexecuteBlockProposals, fishermanMode } = this.config;
266
- const shouldReexecute = fishermanMode || slashBroadcastedInvalidBlockPenalty > 0n && validatorReexecute || partOfCommittee && validatorReexecute || alwaysReexecuteBlockProposals || this.blobClient.canUpload();
267
- const validationResult = await this.blockProposalHandler.handleBlockProposal(proposal, proposalSender, !!shouldReexecute && !escapeHatchOpen);
293
+ // Reexecute outside the escape hatch so slashing observers can detect invalid proposals even when penalties are 0.
294
+ const validationResult = await this.proposalHandler.handleBlockProposal(proposal, proposalSender, !escapeHatchOpen);
268
295
  if (!validationResult.isValid) {
269
296
  const reason = validationResult.reason || 'unknown';
270
297
  this.log.warn(`Block proposal validation failed: ${reason}`, proposalInfo);
@@ -282,10 +309,14 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
282
309
  // Node issues so we can't validate
283
310
  this.metrics.incFailedAttestationsNodeIssue(1, reason, partOfCommittee);
284
311
  }
285
- // Slash invalid block proposals (can happen even when not in committee)
286
- if (!escapeHatchOpen && validationResult.reason && SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT.includes(validationResult.reason) && slashBroadcastedInvalidBlockPenalty > 0n) {
287
- this.log.warn(`Slashing proposer for invalid block proposal`, proposalInfo);
312
+ if (!escapeHatchOpen && validationResult.reason && SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT.includes(validationResult.reason)) {
313
+ this.log.info(`Detected invalid block proposal offense`, {
314
+ ...proposalInfo,
315
+ amount: this.config.slashBroadcastedInvalidBlockPenalty,
316
+ offenseType: getOffenseTypeName(OffenseType.BROADCASTED_INVALID_BLOCK_PROPOSAL)
317
+ });
288
318
  this.slashInvalidBlock(proposal);
319
+ this.markInvalidProposalSlot(proposal.slotNumber);
289
320
  }
290
321
  return false;
291
322
  }
@@ -314,49 +345,43 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
314
345
  this.log.warn(`Escape hatch open for slot ${proposalSlotNumber}, skipping checkpoint attestation handling`);
315
346
  return undefined;
316
347
  }
317
- // Reject proposals with invalid signatures
318
- if (!proposer) {
319
- this.log.warn(`Received checkpoint proposal with invalid signature for proposal slot ${proposalSlotNumber}`);
348
+ // Early-out for equivocation: refuses if we've already attested to a higher slot.
349
+ if (!this.shouldAttestToSlot(proposalSlotNumber)) {
320
350
  return undefined;
321
351
  }
322
352
  // Ignore proposals from ourselves (may happen in HA setups)
323
- if (this.getValidatorAddresses().some((addr)=>addr.equals(proposer))) {
324
- this.log.debug(`Ignoring block proposal from self for slot ${proposalSlotNumber}`, {
353
+ if (proposer && this.getValidatorAddresses().some((addr)=>addr.equals(proposer))) {
354
+ this.log.debug(`Not attesting to block proposal from self for slot ${proposalSlotNumber}`, {
325
355
  proposer: proposer.toString(),
326
356
  proposalSlotNumber
327
357
  });
328
358
  return undefined;
329
359
  }
330
- // Validate fee asset price modifier is within allowed range
331
- if (!validateFeeAssetPriceModifier(proposal.feeAssetPriceModifier)) {
332
- this.log.warn(`Received checkpoint proposal with invalid feeAssetPriceModifier ${proposal.feeAssetPriceModifier} for slot ${proposalSlotNumber}`);
333
- return undefined;
334
- }
335
360
  // Check that I have any address in the committee where this checkpoint will land before attesting
336
361
  const inCommittee = await this.epochCache.filterInCommittee(proposalSlotNumber, this.getValidatorAddresses());
337
362
  const partOfCommittee = inCommittee.length > 0;
338
363
  const proposalInfo = {
339
364
  proposalSlotNumber,
340
365
  archive: proposal.archive.toString(),
341
- proposer: proposer.toString()
366
+ proposer: proposer?.toString()
342
367
  };
343
368
  this.log.info(`Received checkpoint proposal for slot ${proposalSlotNumber}`, {
344
369
  ...proposalInfo,
345
370
  fishermanMode: this.config.fishermanMode || false
346
371
  });
347
- // Validate the checkpoint proposal before attesting (unless skipCheckpointProposalValidation is set)
372
+ // Validate the checkpoint proposal before attesting (unless skipCheckpointProposalValidation is set).
373
+ // Uses the cached result from the all-nodes callback if available (avoids double validation).
374
+ let checkpointNumber;
348
375
  if (this.config.skipCheckpointProposalValidation) {
349
376
  this.log.warn(`Skipping checkpoint proposal validation for slot ${proposalSlotNumber}`, proposalInfo);
377
+ checkpointNumber = CheckpointNumber(0);
350
378
  } else {
351
- const validationResult = await this.validateCheckpointProposal(proposal, proposalInfo);
379
+ const validationResult = await this.proposalHandler.handleCheckpointProposal(proposal, proposalInfo);
352
380
  if (!validationResult.isValid) {
353
381
  this.log.warn(`Checkpoint proposal validation failed: ${validationResult.reason}`, proposalInfo);
354
382
  return undefined;
355
383
  }
356
- }
357
- // Upload blobs to filestore if we can (fire and forget)
358
- if (this.blobClient.canUpload()) {
359
- void this.uploadBlobsForCheckpoint(proposal, proposalInfo);
384
+ checkpointNumber = validationResult.checkpointNumber;
360
385
  }
361
386
  // Check that I have any address in current committee before attesting
362
387
  // In fisherman mode, we still create attestations for validation even if not in committee
@@ -403,7 +428,7 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
403
428
  });
404
429
  return undefined;
405
430
  }
406
- return await this.createCheckpointAttestationsFromProposal(proposal, attestors);
431
+ return await this.createCheckpointAttestationsFromProposal(proposal, attestors, checkpointNumber);
407
432
  }
408
433
  /**
409
434
  * Checks if we should attest to a slot based on equivocation prevention rules.
@@ -420,180 +445,24 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
420
445
  }
421
446
  return true;
422
447
  }
423
- async createCheckpointAttestationsFromProposal(proposal, attestors = []) {
448
+ async createCheckpointAttestationsFromProposal(proposal, attestors = [], checkpointNumber) {
424
449
  // Equivocation check: must happen right before signing to minimize the race window
425
450
  if (!this.shouldAttestToSlot(proposal.slotNumber)) {
426
451
  return undefined;
427
452
  }
428
- const attestations = await this.validationService.attestToCheckpointProposal(proposal, attestors);
453
+ const attestations = await this.validationService.attestToCheckpointProposal(proposal, attestors, checkpointNumber);
429
454
  // Track the proposal we attested to (to prevent equivocation)
430
455
  this.lastAttestedProposal = proposal;
431
456
  await this.p2pClient.addOwnCheckpointAttestations(attestations);
432
457
  return attestations;
433
458
  }
434
459
  /**
435
- * Validates a checkpoint proposal by building the full checkpoint and comparing it with the proposal.
436
- * @returns Validation result with isValid flag and reason if invalid.
437
- */ async validateCheckpointProposal(proposal, proposalInfo) {
438
- const slot = proposal.slotNumber;
439
- // Timeout block syncing at the start of the next slot
440
- const config = this.checkpointsBuilder.getConfig();
441
- const nextSlotTimestampSeconds = Number(getTimestampForSlot(SlotNumber(slot + 1), config));
442
- const timeoutSeconds = Math.max(1, nextSlotTimestampSeconds - Math.floor(this.dateProvider.now() / 1000));
443
- // Wait for last block to sync by archive
444
- let lastBlockHeader;
445
- try {
446
- lastBlockHeader = await retryUntil(async ()=>{
447
- await this.blockSource.syncImmediate();
448
- return this.blockSource.getBlockHeaderByArchive(proposal.archive);
449
- }, `waiting for block with archive ${proposal.archive.toString()} for slot ${slot}`, timeoutSeconds, 0.5);
450
- } catch (err) {
451
- if (err instanceof TimeoutError) {
452
- this.log.warn(`Timed out waiting for block with archive matching checkpoint proposal`, proposalInfo);
453
- return {
454
- isValid: false,
455
- reason: 'last_block_not_found'
456
- };
457
- }
458
- this.log.error(`Error fetching last block for checkpoint proposal`, err, proposalInfo);
459
- return {
460
- isValid: false,
461
- reason: 'block_fetch_error'
462
- };
463
- }
464
- if (!lastBlockHeader) {
465
- this.log.warn(`Last block not found for checkpoint proposal`, proposalInfo);
466
- return {
467
- isValid: false,
468
- reason: 'last_block_not_found'
469
- };
470
- }
471
- // Get all full blocks for the slot and checkpoint
472
- const blocks = await this.blockSource.getBlocksForSlot(slot);
473
- if (blocks.length === 0) {
474
- this.log.warn(`No blocks found for slot ${slot}`, proposalInfo);
475
- return {
476
- isValid: false,
477
- reason: 'no_blocks_for_slot'
478
- };
479
- }
480
- // Ensure the last block for this slot matches the archive in the checkpoint proposal
481
- if (!blocks.at(-1)?.archive.root.equals(proposal.archive)) {
482
- this.log.warn(`Last block archive mismatch for checkpoint proposal`, proposalInfo);
483
- return {
484
- isValid: false,
485
- reason: 'last_block_archive_mismatch'
486
- };
487
- }
488
- this.log.debug(`Found ${blocks.length} blocks for slot ${slot}`, {
489
- ...proposalInfo,
490
- blockNumbers: blocks.map((b)=>b.number)
491
- });
492
- // Get checkpoint constants from first block
493
- const firstBlock = blocks[0];
494
- const constants = this.extractCheckpointConstants(firstBlock);
495
- const checkpointNumber = firstBlock.checkpointNumber;
496
- // Get L1-to-L2 messages for this checkpoint
497
- const l1ToL2Messages = await this.l1ToL2MessageSource.getL1ToL2Messages(checkpointNumber);
498
- // Collect the out hashes of all the checkpoints before this one in the same epoch
499
- const epoch = getEpochAtSlot(slot, this.epochCache.getL1Constants());
500
- const previousCheckpointOutHashes = (await this.blockSource.getCheckpointsDataForEpoch(epoch)).filter((c)=>c.checkpointNumber < checkpointNumber).map((c)=>c.checkpointOutHash);
501
- // Fork world state at the block before the first block
502
- const parentBlockNumber = BlockNumber(firstBlock.number - 1);
503
- const fork = await this.worldState.fork(parentBlockNumber);
504
- try {
505
- // Create checkpoint builder with all existing blocks
506
- const checkpointBuilder = await this.checkpointsBuilder.openCheckpoint(checkpointNumber, constants, proposal.feeAssetPriceModifier, l1ToL2Messages, previousCheckpointOutHashes, fork, blocks, this.log.getBindings());
507
- // Complete the checkpoint to get computed values
508
- const computedCheckpoint = await checkpointBuilder.completeCheckpoint();
509
- // Compare checkpoint header with proposal
510
- if (!computedCheckpoint.header.equals(proposal.checkpointHeader)) {
511
- this.log.warn(`Checkpoint header mismatch`, {
512
- ...proposalInfo,
513
- computed: computedCheckpoint.header.toInspect(),
514
- proposal: proposal.checkpointHeader.toInspect()
515
- });
516
- return {
517
- isValid: false,
518
- reason: 'checkpoint_header_mismatch'
519
- };
520
- }
521
- // Compare archive root with proposal
522
- if (!computedCheckpoint.archive.root.equals(proposal.archive)) {
523
- this.log.warn(`Archive root mismatch`, {
524
- ...proposalInfo,
525
- computed: computedCheckpoint.archive.root.toString(),
526
- proposal: proposal.archive.toString()
527
- });
528
- return {
529
- isValid: false,
530
- reason: 'archive_mismatch'
531
- };
532
- }
533
- // Check that the accumulated epoch out hash matches the value in the proposal.
534
- // The epoch out hash is the accumulated hash of all checkpoint out hashes in the epoch.
535
- const checkpointOutHash = computedCheckpoint.getCheckpointOutHash();
536
- const computedEpochOutHash = accumulateCheckpointOutHashes([
537
- ...previousCheckpointOutHashes,
538
- checkpointOutHash
539
- ]);
540
- const proposalEpochOutHash = proposal.checkpointHeader.epochOutHash;
541
- if (!computedEpochOutHash.equals(proposalEpochOutHash)) {
542
- this.log.warn(`Epoch out hash mismatch`, {
543
- proposalEpochOutHash: proposalEpochOutHash.toString(),
544
- computedEpochOutHash: computedEpochOutHash.toString(),
545
- checkpointOutHash: checkpointOutHash.toString(),
546
- previousCheckpointOutHashes: previousCheckpointOutHashes.map((h)=>h.toString()),
547
- ...proposalInfo
548
- });
549
- return {
550
- isValid: false,
551
- reason: 'out_hash_mismatch'
552
- };
553
- }
554
- // Final round of validations on the checkpoint, just in case.
555
- try {
556
- validateCheckpoint(computedCheckpoint, {
557
- rollupManaLimit: this.checkpointsBuilder.getConfig().rollupManaLimit,
558
- maxDABlockGas: this.config.validateMaxDABlockGas,
559
- maxL2BlockGas: this.config.validateMaxL2BlockGas,
560
- maxTxsPerBlock: this.config.validateMaxTxsPerBlock,
561
- maxTxsPerCheckpoint: this.config.validateMaxTxsPerCheckpoint
562
- });
563
- } catch (err) {
564
- this.log.warn(`Checkpoint validation failed: ${err}`, proposalInfo);
565
- return {
566
- isValid: false,
567
- reason: 'checkpoint_validation_failed'
568
- };
569
- }
570
- this.log.verbose(`Checkpoint proposal validation successful for slot ${slot}`, proposalInfo);
571
- return {
572
- isValid: true
573
- };
574
- } finally{
575
- await fork.close();
576
- }
577
- }
578
- /**
579
- * Extract checkpoint global variables from a block.
580
- */ extractCheckpointConstants(block) {
581
- const gv = block.header.globalVariables;
582
- return {
583
- chainId: gv.chainId,
584
- version: gv.version,
585
- slotNumber: gv.slotNumber,
586
- timestamp: gv.timestamp,
587
- coinbase: gv.coinbase,
588
- feeRecipient: gv.feeRecipient,
589
- gasFees: gv.gasFees
590
- };
591
- }
592
- /**
593
460
  * Uploads blobs for a checkpoint to the filestore (fire and forget).
594
461
  */ async uploadBlobsForCheckpoint(proposal, proposalInfo) {
595
462
  try {
596
- const lastBlockHeader = await this.blockSource.getBlockHeaderByArchive(proposal.archive);
463
+ const lastBlockHeader = (await this.blockSource.getBlockData({
464
+ archive: proposal.archive
465
+ }))?.header;
597
466
  if (!lastBlockHeader) {
598
467
  this.log.warn(`Failed to get last block header for blob upload`, proposalInfo);
599
468
  return;
@@ -621,11 +490,6 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
621
490
  this.log.warn(`Cannot slash proposal with invalid signature`);
622
491
  return;
623
492
  }
624
- // Trim the set if it's too big.
625
- if (this.proposersOfInvalidBlocks.size > MAX_PROPOSERS_OF_INVALID_BLOCKS) {
626
- // remove oldest proposer. `values` is guaranteed to be in insertion order.
627
- this.proposersOfInvalidBlocks.delete(this.proposersOfInvalidBlocks.values().next().value);
628
- }
629
493
  this.proposersOfInvalidBlocks.add(proposer.toString());
630
494
  this.emit(WANT_TO_SLASH_EVENT, [
631
495
  {
@@ -636,17 +500,122 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
636
500
  }
637
501
  ]);
638
502
  }
503
+ handleInvalidCheckpointProposal(proposal, result, proposalInfo) {
504
+ if (!SLASHABLE_CHECKPOINT_PROPOSAL_VALIDATION_RESULT[result.reason]) {
505
+ return;
506
+ }
507
+ // The slot is already marked invalid by the all-nodes checkpoint handler that invokes this callback,
508
+ // so we only emit the proposer slash event here.
509
+ if (this.slashInvalidCheckpointProposal(proposal)) {
510
+ this.log.info(`Detected invalid checkpoint proposal offense`, {
511
+ ...proposalInfo,
512
+ reason: result.reason,
513
+ amount: this.config.slashBroadcastedInvalidCheckpointProposalPenalty,
514
+ offenseType: getOffenseTypeName(OffenseType.BROADCASTED_INVALID_CHECKPOINT_PROPOSAL)
515
+ });
516
+ }
517
+ }
518
+ slashInvalidCheckpointProposal(proposal) {
519
+ const proposer = proposal.getSender();
520
+ if (!proposer) {
521
+ this.log.warn(`Cannot slash checkpoint proposal with invalid signature`, {
522
+ slotNumber: proposal.slotNumber,
523
+ archive: proposal.archive.toString()
524
+ });
525
+ return false;
526
+ }
527
+ const offenseType = OffenseType.BROADCASTED_INVALID_CHECKPOINT_PROPOSAL;
528
+ const offenseKey = `${proposer.toString()}:${offenseType}:${proposal.slotNumber}`;
529
+ if (!this.invalidCheckpointProposalOffenseKeys.addIfAbsent(offenseKey)) {
530
+ return false;
531
+ }
532
+ this.emit(WANT_TO_SLASH_EVENT, [
533
+ {
534
+ validator: proposer,
535
+ amount: this.config.slashBroadcastedInvalidCheckpointProposalPenalty,
536
+ offenseType,
537
+ epochOrSlot: BigInt(proposal.slotNumber)
538
+ }
539
+ ]);
540
+ return true;
541
+ }
542
+ markInvalidProposalSlot(slotNumber) {
543
+ this.proposalHandler.markInvalidProposalSlot(slotNumber);
544
+ }
545
+ handleCheckpointAttestation(attestation) {
546
+ const slotNumber = attestation.slotNumber;
547
+ if (!this.proposalHandler.hasInvalidProposals(slotNumber) || this.proposalHandler.hasProposalEquivocation(slotNumber)) {
548
+ return;
549
+ }
550
+ const attester = attestation.getSender();
551
+ if (!attester) {
552
+ this.log.warn(`Cannot slash checkpoint attestation with invalid signature`, {
553
+ slotNumber,
554
+ archive: attestation.archive.toString()
555
+ });
556
+ return;
557
+ }
558
+ this.slashAttestedToInvalidCheckpointProposal(slotNumber, attester);
559
+ }
560
+ slashAttestedToInvalidCheckpointProposal(slotNumber, attester) {
561
+ const offenseKey = `${attester.toString()}:${OffenseType.ATTESTED_TO_INVALID_CHECKPOINT_PROPOSAL}:${slotNumber}`;
562
+ if (!this.badAttestationOffenseKeys.addIfAbsent(offenseKey)) {
563
+ return;
564
+ }
565
+ this.log.info(`Detected attestation to invalid checkpoint proposal offense`, {
566
+ attester: attester.toString(),
567
+ slotNumber,
568
+ amount: this.config.slashAttestInvalidCheckpointProposalPenalty,
569
+ offenseType: getOffenseTypeName(OffenseType.ATTESTED_TO_INVALID_CHECKPOINT_PROPOSAL)
570
+ });
571
+ this.emit(WANT_TO_SLASH_EVENT, [
572
+ {
573
+ validator: attester,
574
+ amount: this.config.slashAttestInvalidCheckpointProposalPenalty,
575
+ offenseType: OffenseType.ATTESTED_TO_INVALID_CHECKPOINT_PROPOSAL,
576
+ epochOrSlot: BigInt(slotNumber)
577
+ }
578
+ ]);
579
+ }
580
+ /**
581
+ * Handle detection of an oversized block proposal: one whose index within its checkpoint lands at or
582
+ * beyond the consensus per-checkpoint block limit. A single signed proposal at an illegal index is
583
+ * self-contained evidence, so emit an invalid-block-proposal slash event for the proposer, deduped per
584
+ * (proposer, slot) since the p2p layer reports every oversized proposal it stores.
585
+ */ handleOversizedProposal(info) {
586
+ const { slot, proposer } = info;
587
+ const offenseType = OffenseType.BROADCASTED_INVALID_BLOCK_PROPOSAL;
588
+ if (!this.oversizedProposalOffenseKeys.addIfAbsent(`${proposer.toString()}:${offenseType}:${slot}`)) {
589
+ return;
590
+ }
591
+ this.log.info(`Detected oversized block proposal offense from ${proposer.toString()} at slot ${slot}`, {
592
+ proposer: proposer.toString(),
593
+ slot,
594
+ amount: this.config.slashBroadcastedInvalidBlockPenalty,
595
+ offenseType: getOffenseTypeName(offenseType)
596
+ });
597
+ this.emit(WANT_TO_SLASH_EVENT, [
598
+ {
599
+ validator: proposer,
600
+ amount: this.config.slashBroadcastedInvalidBlockPenalty,
601
+ offenseType,
602
+ epochOrSlot: BigInt(slot)
603
+ }
604
+ ]);
605
+ }
639
606
  /**
640
607
  * Handle detection of a duplicate proposal (equivocation).
641
608
  * Emits a slash event when a proposer sends multiple proposals for the same position.
642
609
  */ handleDuplicateProposal(info) {
643
610
  const { slot, proposer, type } = info;
644
- this.log.warn(`Triggering slash event for duplicate ${type} proposal from ${proposer.toString()} at slot ${slot}`, {
611
+ this.proposalHandler.markProposalEquivocation(slot);
612
+ this.log.info(`Detected duplicate ${type} proposal offense from ${proposer.toString()} at slot ${slot}`, {
645
613
  proposer: proposer.toString(),
646
614
  slot,
647
- type
615
+ type,
616
+ amount: this.config.slashDuplicateProposalPenalty,
617
+ offenseType: getOffenseTypeName(OffenseType.DUPLICATE_PROPOSAL)
648
618
  });
649
- // Emit slash event
650
619
  this.emit(WANT_TO_SLASH_EVENT, [
651
620
  {
652
621
  validator: proposer,
@@ -655,15 +624,23 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
655
624
  epochOrSlot: BigInt(slot)
656
625
  }
657
626
  ]);
627
+ this.emit(WANT_TO_CLEAR_SLASH_EVENT, [
628
+ {
629
+ offenseType: OffenseType.ATTESTED_TO_INVALID_CHECKPOINT_PROPOSAL,
630
+ epochOrSlot: BigInt(slot)
631
+ }
632
+ ]);
658
633
  }
659
634
  /**
660
635
  * Handle detection of a duplicate attestation (equivocation).
661
636
  * Emits a slash event when an attester signs attestations for different proposals at the same slot.
662
637
  */ handleDuplicateAttestation(info) {
663
638
  const { slot, attester } = info;
664
- this.log.warn(`Triggering slash event for duplicate attestation from ${attester.toString()} at slot ${slot}`, {
639
+ this.log.info(`Detected duplicate attestation offense from ${attester.toString()} at slot ${slot}`, {
665
640
  attester: attester.toString(),
666
- slot
641
+ slot,
642
+ amount: this.config.slashDuplicateAttestationPenalty,
643
+ offenseType: getOffenseTypeName(OffenseType.DUPLICATE_ATTESTATION)
667
644
  });
668
645
  this.emit(WANT_TO_SLASH_EVENT, [
669
646
  {
@@ -674,7 +651,7 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
674
651
  }
675
652
  ]);
676
653
  }
677
- async createBlockProposal(blockHeader, indexWithinCheckpoint, inHash, archive, txs, proposerAddress, options = {}) {
654
+ async createBlockProposal(blockHeader, checkpointNumber, indexWithinCheckpoint, inHash, archive, txs, proposerAddress, options = {}) {
678
655
  // Validate that we're not creating a proposal for an older or equal position
679
656
  if (this.lastProposedBlock) {
680
657
  const lastSlot = this.lastProposedBlock.slotNumber;
@@ -685,14 +662,14 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
685
662
  }
686
663
  }
687
664
  this.log.info(`Assembling block proposal for block ${blockHeader.globalVariables.blockNumber} slot ${blockHeader.globalVariables.slotNumber}`);
688
- const newProposal = await this.validationService.createBlockProposal(blockHeader, indexWithinCheckpoint, inHash, archive, txs, proposerAddress, {
665
+ const newProposal = await this.validationService.createBlockProposal(blockHeader, checkpointNumber, indexWithinCheckpoint, inHash, archive, txs, proposerAddress, {
689
666
  ...options,
690
- broadcastInvalidBlockProposal: this.config.broadcastInvalidBlockProposal
667
+ broadcastInvalidBlockProposal: options.broadcastInvalidBlockProposal || this.config.broadcastInvalidBlockProposal
691
668
  });
692
669
  this.lastProposedBlock = newProposal;
693
670
  return newProposal;
694
671
  }
695
- async createCheckpointProposal(checkpointHeader, archive, feeAssetPriceModifier, lastBlockInfo, proposerAddress, options = {}) {
672
+ async createCheckpointProposal(checkpointHeader, archive, checkpointNumber, feeAssetPriceModifier, lastBlockProposal, proposerAddress, options = {}) {
696
673
  // Validate that we're not creating a proposal for an older or equal slot
697
674
  if (this.lastProposedCheckpoint) {
698
675
  const lastSlot = this.lastProposedCheckpoint.slotNumber;
@@ -702,23 +679,30 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
702
679
  }
703
680
  }
704
681
  this.log.info(`Assembling checkpoint proposal for slot ${checkpointHeader.slotNumber}`);
705
- const newProposal = await this.validationService.createCheckpointProposal(checkpointHeader, archive, feeAssetPriceModifier, lastBlockInfo, proposerAddress, options);
682
+ const newProposal = await this.validationService.createCheckpointProposal(checkpointHeader, archive, checkpointNumber, feeAssetPriceModifier, lastBlockProposal, proposerAddress, options);
706
683
  this.lastProposedCheckpoint = newProposal;
684
+ // Self-record this slot's outcome on the re-execution tracker. Proposers don't run their
685
+ // own proposals through `handleCheckpointProposal`, so without this call the proposer's
686
+ // sentinel would see no outcome for slots it proposed and would mis-attribute itself as
687
+ // inactive. We pass the locally-computed `archive` (not `newProposal.archive`, which may
688
+ // be intentionally corrupted under test-only flags); from the proposer's local-view
689
+ // perspective the work it just completed is valid by definition.
690
+ this.proposalHandler.recordOwnCheckpointProposalAsValid(checkpointHeader.slotNumber, archive, checkpointNumber);
707
691
  return newProposal;
708
692
  }
709
693
  async broadcastBlockProposal(proposal) {
710
694
  await this.p2pClient.broadcastProposal(proposal);
711
695
  }
712
- async signAttestationsAndSigners(attestationsAndSigners, proposer, slot, blockNumber) {
713
- return await this.validationService.signAttestationsAndSigners(attestationsAndSigners, proposer, slot, blockNumber);
696
+ async signAttestationsAndSigners(attestationsAndSigners, proposer, slot, checkpointNumber) {
697
+ return await this.validationService.signAttestationsAndSigners(attestationsAndSigners, proposer, slot, checkpointNumber);
714
698
  }
715
- async collectOwnAttestations(proposal) {
699
+ async collectOwnAttestations(proposal, checkpointNumber) {
716
700
  const slot = proposal.slotNumber;
717
701
  const inCommittee = await this.epochCache.filterInCommittee(slot, this.getValidatorAddresses());
718
702
  this.log.debug(`Collecting ${inCommittee.length} self-attestations for slot ${slot}`, {
719
703
  inCommittee
720
704
  });
721
- const attestations = await this.createCheckpointAttestationsFromProposal(proposal, inCommittee);
705
+ const attestations = await this.createCheckpointAttestationsFromProposal(proposal, inCommittee, checkpointNumber);
722
706
  if (!attestations) {
723
707
  return [];
724
708
  }
@@ -730,7 +714,7 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
730
714
  });
731
715
  return attestations;
732
716
  }
733
- async collectAttestations(proposal, required, deadline) {
717
+ async collectAttestations(proposal, required, deadline, checkpointNumber) {
734
718
  // Wait and poll the p2pClient's attestation pool for this checkpoint until we have enough attestations
735
719
  const slot = proposal.slotNumber;
736
720
  this.log.debug(`Collecting ${required} attestations for slot ${slot} with deadline ${deadline.toISOString()}`);
@@ -738,28 +722,20 @@ const SLASHABLE_BLOCK_PROPOSAL_VALIDATION_RESULT = [
738
722
  this.log.error(`Deadline ${deadline.toISOString()} for collecting ${required} attestations for slot ${slot} is in the past`);
739
723
  throw new AttestationTimeoutError(0, required, slot);
740
724
  }
741
- await this.collectOwnAttestations(proposal);
742
- const proposalId = proposal.archive.toString();
725
+ await this.collectOwnAttestations(proposal, checkpointNumber);
726
+ const proposalPayloadHash = proposal.getPayloadHash();
743
727
  const myAddresses = this.getValidatorAddresses();
744
728
  let attestations = [];
745
729
  while(true){
746
- // Filter out attestations with a mismatching archive. This should NOT happen since we have verified
747
- // the proposer signature (ie our own) before accepting the attestation into the pool via the p2p client.
748
- const collectedAttestations = (await this.p2pClient.getCheckpointAttestationsForSlot(slot, proposalId)).filter((attestation)=>{
749
- if (!attestation.archive.equals(proposal.archive)) {
750
- this.log.warn(`Received attestation for slot ${slot} with mismatched archive from ${attestation.getSender()?.toString()}`, {
751
- attestationArchive: attestation.archive.toString(),
752
- proposalArchive: proposal.archive.toString()
753
- });
754
- return false;
755
- }
756
- return true;
757
- });
730
+ // The pool already filters by proposal payload hash; if any attestation slips through with a
731
+ // mismatched payload hash, drop it defensively. Equivocations are emitted as separate slash
732
+ // events from libp2p_service.
733
+ const collectedAttestations = await this.p2pClient.getCheckpointAttestationsForSlot(slot, proposalPayloadHash);
758
734
  // Log new attestations we collected
759
735
  const oldSenders = attestations.map((attestation)=>attestation.getSender());
760
736
  for (const collected of collectedAttestations){
761
737
  const collectedSender = collected.getSender();
762
- // Skip attestations with invalid signatures
738
+ // Skip attestations with invalid signatures. Should not happen as we don't add invalid attestations to our pool.
763
739
  if (!collectedSender) {
764
740
  this.log.warn(`Skipping attestation with invalid signature for slot ${slot}`);
765
741
  continue;