@aztec/validator-ha-signer 0.0.1-commit.6d3c34e → 0.0.1-commit.7035c9bd6

package/src/db/lmdb.ts

@@ -0,0 +1,264 @@
+/**
+ * LMDB implementation of SlashingProtectionDatabase
+ *
+ * Provides local (single-node) double-signing protection using LMDB as the backend.
+ * Suitable for nodes that do NOT run in a high-availability multi-node setup.
+ *
+ * The LMDB store is single-writer, making setIfNotExists inherently atomic.
+ * This means we get crash-restart protection without needing an external database.
+ */
+import { SlotNumber } from '@aztec/foundation/branded-types';
+import { randomBytes } from '@aztec/foundation/crypto/random';
+import { EthAddress } from '@aztec/foundation/eth-address';
+import { type Logger, createLogger } from '@aztec/foundation/log';
+import type { DateProvider } from '@aztec/foundation/timer';
+import type { AztecAsyncKVStore, AztecAsyncMap } from '@aztec/kv-store';
+
+import type { SlashingProtectionDatabase, TryInsertOrGetResult } from '../types.js';
+import {
+  type CheckAndRecordParams,
+  DutyStatus,
+  DutyType,
+  type StoredDutyRecord,
+  getBlockIndexFromDutyIdentifier,
+  recordFromFields,
+} from './types.js';
+
+function dutyKey(
+  rollupAddress: string,
+  validatorAddress: string,
+  slot: string,
+  dutyType: string,
+  blockIndexWithinCheckpoint: number,
+): string {
+  return `${rollupAddress}:${validatorAddress}:${slot}:${dutyType}:${blockIndexWithinCheckpoint}`;
+}
+
+/**
+ * LMDB-backed implementation of SlashingProtectionDatabase.
+ *
+ * Provides single-node double-signing protection that survives crashes and restarts.
+ * Does not provide cross-node coordination (that requires the PostgreSQL implementation).
+ */
+export class LmdbSlashingProtectionDatabase implements SlashingProtectionDatabase {
+  public static readonly SCHEMA_VERSION = 1;
+
+  private readonly duties: AztecAsyncMap<string, StoredDutyRecord>;
+  private readonly log: Logger;
+
+  constructor(
+    private readonly store: AztecAsyncKVStore,
+    private readonly dateProvider: DateProvider,
+  ) {
+    this.log = createLogger('slashing-protection:lmdb');
+    this.duties = store.openMap<string, StoredDutyRecord>('signing-protection-duties');
+  }
+
+  /**
+   * Atomically try to insert a new duty record, or get the existing one if present.
+   *
+   * LMDB is single-writer so the read-then-write inside transactionAsync is naturally atomic.
+   */
+  public async tryInsertOrGetExisting(params: CheckAndRecordParams): Promise<TryInsertOrGetResult> {
+    const blockIndexWithinCheckpoint = getBlockIndexFromDutyIdentifier(params);
+    const key = dutyKey(
+      params.rollupAddress.toString(),
+      params.validatorAddress.toString(),
+      params.slot.toString(),
+      params.dutyType,
+      blockIndexWithinCheckpoint,
+    );
+
+    const lockToken = randomBytes(16).toString('hex');
+    const now = this.dateProvider.now();
+
+    const result = await this.store.transactionAsync(async () => {
+      const existing = await this.duties.getAsync(key);
+      if (existing) {
+        return { isNew: false as const, record: { ...existing, lockToken: '' } };
+      }
+
+      const newRecord: StoredDutyRecord = {
+        rollupAddress: params.rollupAddress.toString(),
+        validatorAddress: params.validatorAddress.toString(),
+        slot: params.slot.toString(),
+        blockNumber: params.blockNumber.toString(),
+        blockIndexWithinCheckpoint,
+        dutyType: params.dutyType,
+        status: DutyStatus.SIGNING,
+        messageHash: params.messageHash,
+        nodeId: params.nodeId,
+        lockToken,
+        startedAtMs: now,
+      };
+      await this.duties.set(key, newRecord);
+      return { isNew: true as const, record: newRecord };
+    });
+
+    if (result.isNew) {
+      this.log.debug(`Acquired lock for duty ${params.dutyType} at slot ${params.slot}`, {
+        validatorAddress: params.validatorAddress.toString(),
+        nodeId: params.nodeId,
+      });
+    }
+
+    return { isNew: result.isNew, record: recordFromFields(result.record) };
+  }
+
+  /**
+   * Update a duty to 'signed' status with the signature.
+   * Only succeeds if the lockToken matches.
+   */
+  public updateDutySigned(
+    rollupAddress: EthAddress,
+    validatorAddress: EthAddress,
+    slot: SlotNumber,
+    dutyType: DutyType,
+    signature: string,
+    lockToken: string,
+    blockIndexWithinCheckpoint: number,
+  ): Promise<boolean> {
+    const key = dutyKey(
+      rollupAddress.toString(),
+      validatorAddress.toString(),
+      slot.toString(),
+      dutyType,
+      blockIndexWithinCheckpoint,
+    );
+
+    return this.store.transactionAsync(async () => {
+      const existing = await this.duties.getAsync(key);
+      if (!existing) {
+        this.log.warn('Failed to update duty to signed: duty not found', {
+          rollupAddress: rollupAddress.toString(),
+          validatorAddress: validatorAddress.toString(),
+          slot: slot.toString(),
+          dutyType,
+          blockIndexWithinCheckpoint,
+        });
+        return false;
+      }
+
+      if (existing.lockToken !== lockToken) {
+        this.log.warn('Failed to update duty to signed: invalid token', {
+          rollupAddress: rollupAddress.toString(),
+          validatorAddress: validatorAddress.toString(),
+          slot: slot.toString(),
+          dutyType,
+          blockIndexWithinCheckpoint,
+        });
+        return false;
+      }
+
+      await this.duties.set(key, {
+        ...existing,
+        status: DutyStatus.SIGNED,
+        signature,
+        completedAtMs: this.dateProvider.now(),
+      });
+
+      return true;
+    });
+  }
+
+  /**
+   * Delete a duty record.
+   * Only succeeds if the lockToken matches.
+   */
+  public deleteDuty(
+    rollupAddress: EthAddress,
+    validatorAddress: EthAddress,
+    slot: SlotNumber,
+    dutyType: DutyType,
+    lockToken: string,
+    blockIndexWithinCheckpoint: number,
+  ): Promise<boolean> {
+    const key = dutyKey(
+      rollupAddress.toString(),
+      validatorAddress.toString(),
+      slot.toString(),
+      dutyType,
+      blockIndexWithinCheckpoint,
+    );
+
+    return this.store.transactionAsync(async () => {
+      const existing = await this.duties.getAsync(key);
+      if (!existing || existing.lockToken !== lockToken) {
+        this.log.warn('Failed to delete duty: invalid token or duty not found', {
+          rollupAddress: rollupAddress.toString(),
+          validatorAddress: validatorAddress.toString(),
+          slot: slot.toString(),
+          dutyType,
+          blockIndexWithinCheckpoint,
+        });
+        return false;
+      }
+
+      await this.duties.delete(key);
+      return true;
+    });
+  }
+
+  /**
+   * Cleanup own stuck duties (SIGNING status older than maxAgeMs).
+   */
+  public cleanupOwnStuckDuties(nodeId: string, maxAgeMs: number): Promise<number> {
+    const cutoffMs = this.dateProvider.now() - maxAgeMs;
+
+    return this.store.transactionAsync(async () => {
+      const keysToDelete: string[] = [];
+      for await (const [key, record] of this.duties.entriesAsync()) {
+        if (record.nodeId === nodeId && record.status === DutyStatus.SIGNING && record.startedAtMs < cutoffMs) {
+          keysToDelete.push(key);
+        }
+      }
+      for (const key of keysToDelete) {
+        await this.duties.delete(key);
+      }
+      return keysToDelete.length;
+    });
+  }
+
+  /**
+   * Cleanup duties with outdated rollup address.
+   *
+   * This is always a no-op for the LMDB implementation: the underlying store is created via
+   * DatabaseVersionManager (in factory.ts), which already resets the entire data directory at
+   * startup whenever the rollup address changes.
+   */
+  public cleanupOutdatedRollupDuties(_currentRollupAddress: EthAddress): Promise<number> {
+    return Promise.resolve(0);
+  }
+
+  /**
+   * Cleanup old signed duties older than maxAgeMs.
+   */
+  public cleanupOldDuties(maxAgeMs: number): Promise<number> {
+    const cutoffMs = this.dateProvider.now() - maxAgeMs;
+
+    return this.store.transactionAsync(async () => {
+      const keysToDelete: string[] = [];
+      for await (const [key, record] of this.duties.entriesAsync()) {
+        if (
+          record.status === DutyStatus.SIGNED &&
+          record.completedAtMs !== undefined &&
+          record.completedAtMs < cutoffMs
+        ) {
+          keysToDelete.push(key);
+        }
+      }
+      for (const key of keysToDelete) {
+        await this.duties.delete(key);
+      }
+      return keysToDelete.length;
+    });
+  }
+
+  /**
+   * Close the underlying LMDB store.
+   */
+  public async close(): Promise<void> {
+    await this.store.close();
+    this.log.debug('LMDB slashing protection database closed');
+  }
+}

package/src/db/postgres.ts

@@ -1,14 +1,18 @@
 /**
  * PostgreSQL implementation of SlashingProtectionDatabase
  */
+import { SlotNumber } from '@aztec/foundation/branded-types';
 import { randomBytes } from '@aztec/foundation/crypto/random';
 import { EthAddress } from '@aztec/foundation/eth-address';
 import { type Logger, createLogger } from '@aztec/foundation/log';
+import { makeBackoff, retry } from '@aztec/foundation/retry';
 
-import type { Pool, QueryResult } from 'pg';
+import type { QueryResult, QueryResultRow } from 'pg';
 
 import type { SlashingProtectionDatabase, TryInsertOrGetResult } from '../types.js';
 import {
+  CLEANUP_OLD_DUTIES,
+  CLEANUP_OUTDATED_ROLLUP_DUTIES,
   CLEANUP_OWN_STUCK_DUTIES,
   DELETE_DUTY,
   INSERT_OR_GET_DUTY,
@@ -16,6 +20,16 @@ import {
   UPDATE_DUTY_SIGNED,
 } from './schema.js';
 import type { CheckAndRecordParams, DutyRow, DutyType, InsertOrGetRow, ValidatorDutyRecord } from './types.js';
+import { getBlockIndexFromDutyIdentifier, recordFromFields } from './types.js';
+
+/**
+ * Minimal pool interface for database operations.
+ * Both pg.Pool and test adapters (e.g., PGlite) satisfy this interface.
+ */
+export interface QueryablePool {
+  query<R extends QueryResultRow = any>(text: string, values?: any[]): Promise<QueryResult<R>>;
+  end(): Promise<void>;
+}
 
 /**
  * PostgreSQL implementation of the slashing protection database
@@ -23,7 +37,7 @@ import type { CheckAndRecordParams, DutyRow, DutyType, InsertOrGetRow, Validator
 export class PostgresSlashingProtectionDatabase implements SlashingProtectionDatabase {
   private readonly log: Logger;
 
-  constructor(private readonly pool: Pool) {
+  constructor(private readonly pool: QueryablePool) {
     this.log = createLogger('slashing-protection:postgres');
   }
 
@@ -48,13 +62,13 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
       dbVersion = result.rows[0].version;
     } catch {
       throw new Error(
-        'Database schema not initialized. Please run migrations first: aztec migrate up --database-url <url>',
+        'Database schema not initialized. Please run migrations first: aztec migrate-ha-db up --database-url <url>',
       );
     }
 
     if (dbVersion < SCHEMA_VERSION) {
       throw new Error(
-        `Database schema version ${dbVersion} is outdated (expected ${SCHEMA_VERSION}). Please run migrations: aztec migrate up --database-url <url>`,
+        `Database schema version ${dbVersion} is outdated (expected ${SCHEMA_VERSION}). Please run migrations: aztec migrate-ha-db up --database-url <url>`,
       );
     }
 
@@ -72,24 +86,55 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
    *
    * @returns { isNew: true, record } if we successfully inserted and acquired the lock
    * @returns { isNew: false, record } if a record already exists. lock_token is empty if the record already exists.
+   *
+   * Retries if no rows are returned, which can happen under high concurrency
+   * when another transaction just committed the row but it's not yet visible.
    */
   async tryInsertOrGetExisting(params: CheckAndRecordParams): Promise<TryInsertOrGetResult> {
     // create a token for ownership verification
     const lockToken = randomBytes(16).toString('hex');
 
-    const result: QueryResult<InsertOrGetRow> = await this.pool.query(INSERT_OR_GET_DUTY, [
-      params.validatorAddress.toString(),
-      params.slot.toString(),
-      params.blockNumber.toString(),
-      params.dutyType,
-      params.messageHash,
-      params.nodeId,
-      lockToken,
-    ]);
+    // Use fast retries with custom backoff: 10ms, 20ms, 30ms (then stop)
+    const fastBackoff = makeBackoff([0.01, 0.02, 0.03]);
+
+    // Get the normalized block index using type-safe helper
+    const blockIndexWithinCheckpoint = getBlockIndexFromDutyIdentifier(params);
+
+    const result = await retry<QueryResult<InsertOrGetRow>>(
+      async () => {
+        const queryResult: QueryResult<InsertOrGetRow> = await this.pool.query(INSERT_OR_GET_DUTY, [
+          params.rollupAddress.toString(),
+          params.validatorAddress.toString(),
+          params.slot.toString(),
+          params.blockNumber.toString(),
+          blockIndexWithinCheckpoint,
+          params.dutyType,
+          params.messageHash,
+          params.nodeId,
+          lockToken,
+        ]);
+
+        // Throw error if no rows to trigger retry
+        if (queryResult.rows.length === 0) {
+          throw new Error('INSERT_OR_GET_DUTY returned no rows');
+        }
+
+        return queryResult;
+      },
+      `INSERT_OR_GET_DUTY for node ${params.nodeId}`,
+      fastBackoff,
+      this.log,
+      true,
+    );
 
     if (result.rows.length === 0) {
-      // This shouldn't happen - the query always returns either the inserted or existing row
-      throw new Error('INSERT_OR_GET_DUTY returned no rows');
+      // this should never happen as the retry function should throw if it still fails after retries
+      throw new Error('INSERT_OR_GET_DUTY returned no rows after retries');
+    }
+
+    if (result.rows.length > 1) {
+      // this should never happen if database constraints are correct (PRIMARY KEY should prevent duplicates)
+      throw new Error(`INSERT_OR_GET_DUTY returned ${result.rows.length} rows (expected exactly 1).`);
     }
 
     const row = result.rows[0];
@@ -106,25 +151,31 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
    * @returns true if the update succeeded, false if token didn't match or duty not found
    */
   async updateDutySigned(
+    rollupAddress: EthAddress,
     validatorAddress: EthAddress,
-    slot: bigint,
+    slot: SlotNumber,
     dutyType: DutyType,
     signature: string,
     lockToken: string,
+    blockIndexWithinCheckpoint: number,
   ): Promise<boolean> {
     const result = await this.pool.query(UPDATE_DUTY_SIGNED, [
       signature,
+      rollupAddress.toString(),
       validatorAddress.toString(),
       slot.toString(),
       dutyType,
+      blockIndexWithinCheckpoint,
       lockToken,
     ]);
 
     if (result.rowCount === 0) {
       this.log.warn('Failed to update duty to signed status: invalid token or duty not found', {
+        rollupAddress: rollupAddress.toString(),
         validatorAddress: validatorAddress.toString(),
         slot: slot.toString(),
         dutyType,
+        blockIndexWithinCheckpoint,
       });
       return false;
     }
@@ -139,23 +190,29 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
    * @returns true if the delete succeeded, false if token didn't match or duty not found
    */
   async deleteDuty(
+    rollupAddress: EthAddress,
     validatorAddress: EthAddress,
-    slot: bigint,
+    slot: SlotNumber,
     dutyType: DutyType,
     lockToken: string,
+    blockIndexWithinCheckpoint: number,
   ): Promise<boolean> {
     const result = await this.pool.query(DELETE_DUTY, [
+      rollupAddress.toString(),
       validatorAddress.toString(),
       slot.toString(),
       dutyType,
+      blockIndexWithinCheckpoint,
       lockToken,
     ]);
 
     if (result.rowCount === 0) {
       this.log.warn('Failed to delete duty: invalid token or duty not found', {
+        rollupAddress: rollupAddress.toString(),
         validatorAddress: validatorAddress.toString(),
         slot: slot.toString(),
         dutyType,
+        blockIndexWithinCheckpoint,
       });
       return false;
     }
@@ -163,23 +220,27 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
   }
 
   /**
-   * Convert a database row to a ValidatorDutyRecord
+   * Convert a database row to a ValidatorDutyRecord.
+   * Maps snake_case column names to StoredDutyRecord (camelCase, ms timestamps),
+   * then delegates to the shared recordFromFields() converter.
    */
   private rowToRecord(row: DutyRow): ValidatorDutyRecord {
-    return {
-      validatorAddress: EthAddress.fromString(row.validator_address),
-      slot: BigInt(row.slot),
-      blockNumber: BigInt(row.block_number),
+    return recordFromFields({
+      rollupAddress: row.rollup_address,
+      validatorAddress: row.validator_address,
+      slot: row.slot,
+      blockNumber: row.block_number,
+      blockIndexWithinCheckpoint: row.block_index_within_checkpoint,
       dutyType: row.duty_type,
       status: row.status,
       messageHash: row.message_hash,
       signature: row.signature ?? undefined,
       nodeId: row.node_id,
       lockToken: row.lock_token,
-      startedAt: row.started_at,
-      completedAt: row.completed_at ?? undefined,
+      startedAtMs: row.started_at.getTime(),
+      completedAtMs: row.completed_at?.getTime(),
       errorMessage: row.error_message ?? undefined,
-    };
+    });
   }
 
   /**
@@ -195,8 +256,29 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
    * @returns the number of duties cleaned up
    */
   async cleanupOwnStuckDuties(nodeId: string, maxAgeMs: number): Promise<number> {
-    const cutoff = new Date(Date.now() - maxAgeMs);
-    const result = await this.pool.query(CLEANUP_OWN_STUCK_DUTIES, [nodeId, cutoff]);
+    const result = await this.pool.query(CLEANUP_OWN_STUCK_DUTIES, [nodeId, maxAgeMs]);
+    return result.rowCount ?? 0;
+  }
+
+  /**
+   * Cleanup duties with outdated rollup address.
+   * Removes all duties where the rollup address doesn't match the current one.
+   * Used after a rollup upgrade to clean up duties for the old rollup.
+   * @returns the number of duties cleaned up
+   */
+  async cleanupOutdatedRollupDuties(currentRollupAddress: EthAddress): Promise<number> {
+    const result = await this.pool.query(CLEANUP_OUTDATED_ROLLUP_DUTIES, [currentRollupAddress.toString()]);
+    return result.rowCount ?? 0;
+  }
+
+  /**
+   * Cleanup old signed duties.
+   * Removes only signed duties older than the specified age.
+   * Does not remove 'signing' duties as they may be in progress.
+   * @returns the number of duties cleaned up
+   */
+  async cleanupOldDuties(maxAgeMs: number): Promise<number> {
+    const result = await this.pool.query(CLEANUP_OLD_DUTIES, [maxAgeMs]);
     return result.rowCount ?? 0;
   }
 }

package/src/db/schema.ts

@@ -16,11 +16,13 @@ export const SCHEMA_VERSION = 1;
  */
 export const CREATE_VALIDATOR_DUTIES_TABLE = `
 CREATE TABLE IF NOT EXISTS validator_duties (
+  rollup_address VARCHAR(42) NOT NULL,
   validator_address VARCHAR(42) NOT NULL,
   slot BIGINT NOT NULL,
   block_number BIGINT NOT NULL,
-  duty_type VARCHAR(30) NOT NULL CHECK (duty_type IN ('BLOCK_PROPOSAL', 'ATTESTATION', 'ATTESTATIONS_AND_SIGNERS')),
-  status VARCHAR(20) NOT NULL CHECK (status IN ('signing', 'signed', 'failed')),
+  block_index_within_checkpoint INTEGER NOT NULL DEFAULT 0,
+  duty_type VARCHAR(30) NOT NULL CHECK (duty_type IN ('BLOCK_PROPOSAL', 'CHECKPOINT_PROPOSAL', 'ATTESTATION', 'ATTESTATIONS_AND_SIGNERS', 'GOVERNANCE_VOTE', 'SLASHING_VOTE')),
+  status VARCHAR(20) NOT NULL CHECK (status IN ('signing', 'signed')),
   message_hash VARCHAR(66) NOT NULL,
   signature VARCHAR(132),
   node_id VARCHAR(255) NOT NULL,
@@ -29,7 +31,7 @@ CREATE TABLE IF NOT EXISTS validator_duties (
   completed_at TIMESTAMP,
   error_message TEXT,
 
-  PRIMARY KEY (validator_address, slot, duty_type),
+  PRIMARY KEY (rollup_address, validator_address, slot, duty_type, block_index_within_checkpoint),
   CHECK (completed_at IS NULL OR completed_at >= started_at)
 );
 `;
@@ -92,25 +94,33 @@ SELECT version FROM schema_version ORDER BY version DESC LIMIT 1;
  * returns the existing record instead.
  *
  * Returns the record with an `is_new` flag indicating whether we inserted or got existing.
+ *
+ * Note: In high concurrency scenarios, if the INSERT conflicts and another transaction
+ * just committed the row, there's a small window where the SELECT might not see it yet.
+ * The application layer should retry if no rows are returned.
  */
 export const INSERT_OR_GET_DUTY = `
 WITH inserted AS (
   INSERT INTO validator_duties (
+    rollup_address,
     validator_address,
     slot,
     block_number,
+    block_index_within_checkpoint,
     duty_type,
     status,
     message_hash,
     node_id,
     lock_token,
     started_at
-  ) VALUES ($1, $2, $3, $4, 'signing', $5, $6, $7, CURRENT_TIMESTAMP)
-  ON CONFLICT (validator_address, slot, duty_type) DO NOTHING
+  ) VALUES ($1, $2, $3, $4, $5, $6, 'signing', $7, $8, $9, CURRENT_TIMESTAMP)
+  ON CONFLICT (rollup_address, validator_address, slot, duty_type, block_index_within_checkpoint) DO NOTHING
   RETURNING
+    rollup_address,
     validator_address,
     slot,
     block_number,
+    block_index_within_checkpoint,
     duty_type,
     status,
     message_hash,
@@ -125,9 +135,11 @@ WITH inserted AS (
 SELECT * FROM inserted
 UNION ALL
 SELECT
+  rollup_address,
   validator_address,
   slot,
   block_number,
+  block_index_within_checkpoint,
   duty_type,
   status,
   message_hash,
@@ -139,9 +151,11 @@ SELECT
   error_message,
   FALSE as is_new
 FROM validator_duties
-WHERE validator_address = $1
-  AND slot = $2
-  AND duty_type = $4
+WHERE rollup_address = $1
+  AND validator_address = $2
+  AND slot = $3
+  AND duty_type = $6
+  AND block_index_within_checkpoint = $5
   AND NOT EXISTS (SELECT 1 FROM inserted);
 `;
 
@@ -153,11 +167,13 @@ UPDATE validator_duties
 SET status = 'signed',
     signature = $1,
     completed_at = CURRENT_TIMESTAMP
-WHERE validator_address = $2
-  AND slot = $3
-  AND duty_type = $4
+WHERE rollup_address = $2
+  AND validator_address = $3
+  AND slot = $4
+  AND duty_type = $5
+  AND block_index_within_checkpoint = $6
   AND status = 'signing'
-  AND lock_token = $5;
+  AND lock_token = $7;
 `;
 
 /**
@@ -166,11 +182,13 @@ WHERE validator_address = $2
  */
 export const DELETE_DUTY = `
 DELETE FROM validator_duties
-WHERE validator_address = $1
-  AND slot = $2
-  AND duty_type = $3
+WHERE rollup_address = $1
+  AND validator_address = $2
+  AND slot = $3
+  AND duty_type = $4
+  AND block_index_within_checkpoint = $5
   AND status = 'signing'
-  AND lock_token = $4;
+  AND lock_token = $6;
 `;
 
 /**
@@ -185,23 +203,34 @@ WHERE status = 'signed'
 
 /**
  * Query to clean up old duties (for maintenance)
- * Removes duties older than a specified timestamp
+ * Removes SIGNED duties older than a specified age (in milliseconds)
  */
 export const CLEANUP_OLD_DUTIES = `
 DELETE FROM validator_duties
-WHERE status IN ('signing', 'signed', 'failed')
-  AND started_at < $1;
+WHERE status = 'signed'
+  AND started_at < CURRENT_TIMESTAMP - ($1 || ' milliseconds')::INTERVAL;
 `;
 
 /**
  * Query to cleanup own stuck duties
  * Removes duties in 'signing' status for a specific node that are older than maxAgeMs
+ * Uses DB's CURRENT_TIMESTAMP to avoid clock skew issues between nodes
  */
 export const CLEANUP_OWN_STUCK_DUTIES = `
 DELETE FROM validator_duties
 WHERE node_id = $1
   AND status = 'signing'
-  AND started_at < $2;
+  AND started_at < CURRENT_TIMESTAMP - ($2 || ' milliseconds')::INTERVAL;
+`;
+
+/**
+ * Query to cleanup duties with outdated rollup address
+ * Removes all duties where the rollup address doesn't match the current one
+ * Used after a rollup upgrade to clean up duties for the old rollup
+ */
+export const CLEANUP_OUTDATED_ROLLUP_DUTIES = `
+DELETE FROM validator_duties
+WHERE rollup_address != $1;
 `;
 
 /**
@@ -220,9 +249,11 @@ export const DROP_SCHEMA_VERSION_TABLE = `DROP TABLE IF EXISTS schema_version;`;
  */
 export const GET_STUCK_DUTIES = `
 SELECT
+  rollup_address,
   validator_address,
   slot,
   block_number,
+  block_index_within_checkpoint,
   duty_type,
   status,
   message_hash,