fix: Validate txs protocol and vk tree roots (#13891) (#13903)

The `protocolContractTreeRoot` in txs was not checked by nodes when
receiving a tx. This would lead to failures when trying to prove an
epoch that contained such a tx.

This PR adds a check to the tx metadata validator to check the protocol
contract tree root. And since we're at it, we also check the protocol
circuits tree root, so we can fail a tx earlier without having to verify
the entire proof.

This is a cherry-pick of #13891 onto alpha-tesnet

Author: spalladino

yarn-project/aztec-node/package.json

@@ -74,6 +74,7 @@
     "@aztec/l1-artifacts": "workspace:^",
     "@aztec/merkle-tree": "workspace:^",
     "@aztec/node-lib": "workspace:^",
+    "@aztec/noir-protocol-circuits-types": "workspace:^",
     "@aztec/p2p": "workspace:^",
     "@aztec/protocol-contracts": "workspace:^",
     "@aztec/prover-client": "workspace:^",

yarn-project/aztec-node/src/aztec-node/server.test.ts

@@ -1,7 +1,9 @@
 import { TestCircuitVerifier } from '@aztec/bb-prover';
 import { EthAddress } from '@aztec/foundation/eth-address';
 import { Fr } from '@aztec/foundation/fields';
+import { getVKTreeRoot } from '@aztec/noir-protocol-circuits-types/vk-tree';
 import type { P2P } from '@aztec/p2p';
+import { protocolContractTreeRoot } from '@aztec/protocol-contracts';
 import { computeFeePayerBalanceLeafSlot } from '@aztec/protocol-contracts/fee-juice';
 import type { GlobalVariableBuilder } from '@aztec/sequencer-client';
 import { AztecAddress } from '@aztec/stdlib/aztec-address';
@@ -14,7 +16,15 @@ import { RollupValidationRequests } from '@aztec/stdlib/kernel';
 import type { L1ToL2MessageSource } from '@aztec/stdlib/messaging';
 import { mockTx } from '@aztec/stdlib/testing';
 import { MerkleTreeId, PublicDataTreeLeaf, PublicDataTreeLeafPreimage } from '@aztec/stdlib/trees';
-import { BlockHeader, GlobalVariables, MaxBlockNumber, TX_ERROR_INVALID_BLOCK_NUMBER } from '@aztec/stdlib/tx';
+import {
+  BlockHeader,
+  GlobalVariables,
+  MaxBlockNumber,
+  TX_ERROR_DUPLICATE_NULLIFIER_IN_TX,
+  TX_ERROR_INCORRECT_L1_CHAIN_ID,
+  TX_ERROR_INCORRECT_ROLLUP_VERSION,
+  TX_ERROR_INVALID_BLOCK_NUMBER,
+} from '@aztec/stdlib/tx';
 
 import { readFileSync } from 'fs';
 import { type MockProxy, mock } from 'jest-mock-extended';
@@ -41,6 +51,10 @@ describe('aztec node', () => {
       numberOfNonRevertiblePublicCallRequests: 0,
       numberOfRevertiblePublicCallRequests: 0,
       feePayer,
+      chainId,
+      version: rollupVersion,
+      vkTreeRoot: getVKTreeRoot(),
+      protocolContractTreeRoot,
     });
   };
 
@@ -131,10 +145,6 @@ describe('aztec node', () => {
   describe('tx validation', () => {
     it('tests that the node correctly validates double spends', async () => {
       const txs = await Promise.all([mockTxForRollup(0x10000), mockTxForRollup(0x20000)]);
-      txs.forEach(tx => {
-        tx.data.constants.txContext.chainId = chainId;
-        tx.data.constants.txContext.version = rollupVersion;
-      });
       const doubleSpendTx = txs[0];
       const doubleSpendWithExistingTx = txs[1];
       lastBlockNumber += 1;
@@ -144,7 +154,10 @@ describe('aztec node', () => {
       // We push a duplicate nullifier that was created in the same transaction
       doubleSpendTx.data.forRollup!.end.nullifiers[1] = doubleSpendTx.data.forRollup!.end.nullifiers[0];
 
-      expect(await node.isValidTx(doubleSpendTx)).toEqual({ result: 'invalid', reason: ['Duplicate nullifier in tx'] });
+      expect(await node.isValidTx(doubleSpendTx)).toEqual({
+        result: 'invalid',
+        reason: [TX_ERROR_DUPLICATE_NULLIFIER_IN_TX],
+      });
 
       expect(await node.isValidTx(doubleSpendWithExistingTx)).toEqual({ result: 'valid' });
 
@@ -169,37 +182,26 @@ describe('aztec node', () => {
 
     it('tests that the node correctly validates chain id', async () => {
       const tx = await mockTxForRollup(0x10000);
-      tx.data.constants.txContext.chainId = chainId;
-      tx.data.constants.txContext.version = rollupVersion;
-
       expect(await node.isValidTx(tx)).toEqual({ result: 'valid' });
 
       // We make the chain id on the tx not equal to the configured chain id
       tx.data.constants.txContext.chainId = new Fr(1n + chainId.toBigInt());
 
-      expect(await node.isValidTx(tx)).toEqual({ result: 'invalid', reason: ['Incorrect chain id'] });
+      expect(await node.isValidTx(tx)).toEqual({ result: 'invalid', reason: [TX_ERROR_INCORRECT_L1_CHAIN_ID] });
     });
 
     it('tests that the node correctly validates rollup version', async () => {
       const tx = await mockTxForRollup(0x10000);
-      tx.data.constants.txContext.chainId = chainId;
-      tx.data.constants.txContext.version = rollupVersion;
-
       expect(await node.isValidTx(tx)).toEqual({ result: 'valid' });
 
       // We make the chain id on the tx not equal to the configured chain id
       tx.data.constants.txContext.version = new Fr(1n + rollupVersion.toBigInt());
 
-      expect(await node.isValidTx(tx)).toEqual({ result: 'invalid', reason: ['Incorrect rollup version'] });
+      expect(await node.isValidTx(tx)).toEqual({ result: 'invalid', reason: [TX_ERROR_INCORRECT_ROLLUP_VERSION] });
     });
 
     it('tests that the node correctly validates max block numbers', async () => {
       const txs = await Promise.all([mockTxForRollup(0x10000), mockTxForRollup(0x20000), mockTxForRollup(0x30000)]);
-      txs.forEach(tx => {
-        tx.data.constants.txContext.chainId = chainId;
-        tx.data.constants.txContext.version = rollupVersion;
-      });
-
       const noMaxBlockNumberMetadata = txs[0];
       const invalidMaxBlockNumberMetadata = txs[1];
       const validMaxBlockNumberMetadata = txs[2];
@@ -226,19 +228,19 @@ describe('aztec node', () => {
     });
   });
 
-  describe('Node Info', () => {
-    it('returns the correct node version', async () => {
-      const releasePleaseVersionFile = readFileSync(
-        resolve(dirname(fileURLToPath(import.meta.url)), '../../../../.release-please-manifest.json'),
-      ).toString();
-      const releasePleaseVersion = JSON.parse(releasePleaseVersionFile)['.'];
-
-      const nodeInfo = await node.getNodeInfo();
-      expect(nodeInfo.nodeVersion).toBe(releasePleaseVersion);
+  describe('getters', () => {
+    describe('node info', () => {
+      it('returns the correct node version', async () => {
+        const releasePleaseVersionFile = readFileSync(
+          resolve(dirname(fileURLToPath(import.meta.url)), '../../../../.release-please-manifest.json'),
+        ).toString();
+        const releasePleaseVersion = JSON.parse(releasePleaseVersionFile)['.'];
+
+        const nodeInfo = await node.getNodeInfo();
+        expect(nodeInfo.nodeVersion).toBe(releasePleaseVersion);
+      });
     });
-  });
 
-  describe('getters', () => {
     describe('getBlockHeader', () => {
       let initialHeader: BlockHeader;
       let header1: BlockHeader;

yarn-project/aztec-node/tsconfig.json

@@ -39,6 +39,9 @@
     {
       "path": "../node-lib"
     },
+    {
+      "path": "../noir-protocol-circuits-types"
+    },
     {
       "path": "../p2p"
     },

yarn-project/p2p/src/msg_validators/tx_validator/metadata_validator.test.ts

@@ -3,8 +3,10 @@ import { mockTx, mockTxForRollup } from '@aztec/stdlib/testing';
 import type { AnyTx, Tx } from '@aztec/stdlib/tx';
 import {
   MaxBlockNumber,
-  TX_ERROR_INCORRECT_CHAIN_ID,
+  TX_ERROR_INCORRECT_L1_CHAIN_ID,
+  TX_ERROR_INCORRECT_PROTOCOL_CONTRACT_TREE_ROOT,
   TX_ERROR_INCORRECT_ROLLUP_VERSION,
+  TX_ERROR_INCORRECT_VK_TREE_ROOT,
   TX_ERROR_INVALID_BLOCK_NUMBER,
 } from '@aztec/stdlib/tx';
 
@@ -14,13 +16,25 @@ describe('MetadataTxValidator', () => {
   let blockNumber: Fr;
   let chainId: Fr;
   let rollupVersion: Fr;
+  let vkTreeRoot: Fr;
+  let protocolContractTreeRoot: Fr;
+
+  let seed: number = 1;
   let validator: MetadataTxValidator<AnyTx>;
 
   beforeEach(() => {
     chainId = new Fr(1);
     blockNumber = new Fr(42);
     rollupVersion = new Fr(2);
-    validator = new MetadataTxValidator(chainId, rollupVersion, blockNumber);
+    vkTreeRoot = new Fr(3);
+    protocolContractTreeRoot = new Fr(4);
+    validator = new MetadataTxValidator({
+      l1ChainId: chainId,
+      rollupVersion,
+      blockNumber,
+      vkTreeRoot,
+      protocolContractTreeRoot,
+    });
   });
 
   const expectValid = async (tx: Tx) => {
@@ -31,37 +45,33 @@ describe('MetadataTxValidator', () => {
     await expect(validator.validateTx(tx)).resolves.toEqual({ result: 'invalid', reason: [reason] });
   };
 
-  it('allows only transactions for the right chain', async () => {
-    const goodTxs = await Promise.all([mockTx(1), mockTxForRollup(2)]);
-    const badTxs = await Promise.all([mockTx(3), mockTxForRollup(4)]);
+  const makeTxs = async () => {
+    const opts = { chainId, version: rollupVersion, vkTreeRoot, protocolContractTreeRoot };
+    const tx1 = await mockTx(seed++, opts);
+    const tx2 = await mockTxForRollup(seed++, opts);
 
-    goodTxs.forEach(tx => {
-      tx.data.constants.txContext.chainId = chainId;
-      tx.data.constants.txContext.version = rollupVersion;
-    });
+    return [tx1, tx2];
+  };
+
+  it('allows only transactions for the right chain', async () => {
+    const goodTxs = await makeTxs();
+    const badTxs = await makeTxs();
 
     badTxs.forEach(tx => {
       tx.data.constants.txContext.chainId = chainId.add(new Fr(1));
-      tx.data.constants.txContext.version = rollupVersion;
     });
 
     await expectValid(goodTxs[0]);
     await expectValid(goodTxs[1]);
-    await expectInvalid(badTxs[0], TX_ERROR_INCORRECT_CHAIN_ID);
-    await expectInvalid(badTxs[1], TX_ERROR_INCORRECT_CHAIN_ID);
+    await expectInvalid(badTxs[0], TX_ERROR_INCORRECT_L1_CHAIN_ID);
+    await expectInvalid(badTxs[1], TX_ERROR_INCORRECT_L1_CHAIN_ID);
   });
 
   it('allows only transactions for the right rollup', async () => {
-    const goodTxs = await Promise.all([mockTx(1), mockTxForRollup(2)]);
-    const badTxs = await Promise.all([mockTx(3), mockTxForRollup(4)]);
-
-    goodTxs.forEach(tx => {
-      tx.data.constants.txContext.chainId = chainId;
-      tx.data.constants.txContext.version = rollupVersion;
-    });
+    const goodTxs = await makeTxs();
+    const badTxs = await makeTxs();
 
     badTxs.forEach(tx => {
-      tx.data.constants.txContext.chainId = chainId;
       tx.data.constants.txContext.version = rollupVersion.add(Fr.ONE);
     });
 
@@ -71,28 +81,35 @@ describe('MetadataTxValidator', () => {
     await expectInvalid(badTxs[1], TX_ERROR_INCORRECT_ROLLUP_VERSION);
   });
 
+  it('allows only transactions with the right roots', async () => {
+    const goodTxs = await makeTxs();
+    const badTxs = await makeTxs();
+
+    badTxs[0].data.constants.vkTreeRoot = vkTreeRoot.add(new Fr(1));
+    badTxs[1].data.constants.protocolContractTreeRoot = protocolContractTreeRoot.add(new Fr(1));
+
+    await expectValid(goodTxs[0]);
+    await expectValid(goodTxs[1]);
+    await expectInvalid(badTxs[0], TX_ERROR_INCORRECT_VK_TREE_ROOT);
+    await expectInvalid(badTxs[1], TX_ERROR_INCORRECT_PROTOCOL_CONTRACT_TREE_ROOT);
+  });
+
   it.each([42, 43])('allows txs with valid max block number', async maxBlockNumber => {
-    const goodTx = await mockTxForRollup(1);
-    goodTx.data.constants.txContext.chainId = chainId;
-    goodTx.data.constants.txContext.version = rollupVersion;
+    const [goodTx] = await makeTxs();
     goodTx.data.rollupValidationRequests.maxBlockNumber = new MaxBlockNumber(true, new Fr(maxBlockNumber));
 
     await expectValid(goodTx);
   });
 
   it('allows txs with unset max block number', async () => {
-    const goodTx = await mockTxForRollup(1);
-    goodTx.data.constants.txContext.chainId = chainId;
-    goodTx.data.constants.txContext.version = rollupVersion;
+    const [goodTx] = await makeTxs();
     goodTx.data.rollupValidationRequests.maxBlockNumber = new MaxBlockNumber(false, Fr.ZERO);
 
     await expectValid(goodTx);
   });
 
   it('rejects txs with lower max block number', async () => {
-    const badTx = await mockTxForRollup(1);
-    badTx.data.constants.txContext.chainId = chainId;
-    badTx.data.constants.txContext.version = rollupVersion;
+    const [badTx] = await makeTxs();
     badTx.data.rollupValidationRequests.maxBlockNumber = new MaxBlockNumber(true, blockNumber.sub(new Fr(1)));
 
     await expectInvalid(badTx, TX_ERROR_INVALID_BLOCK_NUMBER);

yarn-project/p2p/src/msg_validators/tx_validator/metadata_validator.ts

@@ -2,8 +2,10 @@ import type { Fr } from '@aztec/foundation/fields';
 import { createLogger } from '@aztec/foundation/log';
 import {
   type AnyTx,
-  TX_ERROR_INCORRECT_CHAIN_ID,
+  TX_ERROR_INCORRECT_L1_CHAIN_ID,
+  TX_ERROR_INCORRECT_PROTOCOL_CONTRACT_TREE_ROOT,
   TX_ERROR_INCORRECT_ROLLUP_VERSION,
+  TX_ERROR_INCORRECT_VK_TREE_ROOT,
   TX_ERROR_INVALID_BLOCK_NUMBER,
   Tx,
   type TxValidationResult,
@@ -13,28 +15,62 @@ import {
 export class MetadataTxValidator<T extends AnyTx> implements TxValidator<T> {
   #log = createLogger('p2p:tx_validator:tx_metadata');
 
-  constructor(private chainId: Fr, private rollupVersion: Fr, private blockNumber: Fr) {}
+  constructor(
+    private values: { l1ChainId: Fr; rollupVersion: Fr; blockNumber: Fr; vkTreeRoot: Fr; protocolContractTreeRoot: Fr },
+  ) {}
 
   async validateTx(tx: T): Promise<TxValidationResult> {
     const errors = [];
-    if (!(await this.#hasCorrectChainId(tx))) {
-      errors.push(TX_ERROR_INCORRECT_CHAIN_ID);
+    if (!(await this.#hasCorrectL1ChainId(tx))) {
+      errors.push(TX_ERROR_INCORRECT_L1_CHAIN_ID);
     }
     if (!(await this.#hasCorrectRollupVersion(tx))) {
       errors.push(TX_ERROR_INCORRECT_ROLLUP_VERSION);
     }
     if (!(await this.#isValidForBlockNumber(tx))) {
       errors.push(TX_ERROR_INVALID_BLOCK_NUMBER);
     }
+    if (!(await this.#hasCorrectVkTreeRoot(tx))) {
+      errors.push(TX_ERROR_INCORRECT_VK_TREE_ROOT);
+    }
+    if (!(await this.#hasCorrectProtocolContractTreeRoot(tx))) {
+      errors.push(TX_ERROR_INCORRECT_PROTOCOL_CONTRACT_TREE_ROOT);
+    }
     return errors.length > 0 ? { result: 'invalid', reason: errors } : { result: 'valid' };
   }
 
-  async #hasCorrectChainId(tx: T): Promise<boolean> {
-    if (!tx.data.constants.txContext.chainId.equals(this.chainId)) {
+  async #hasCorrectVkTreeRoot(tx: T): Promise<boolean> {
+    // This gets implicitly tested in the proof validator, but we can get a much cheaper check here by looking early at the vk.
+    if (!tx.data.constants.vkTreeRoot.equals(this.values.vkTreeRoot)) {
+      this.#log.warn(
+        `Rejecting tx ${await Tx.getHash(
+          tx,
+        )} because of incorrect vk tree root ${tx.data.constants.vkTreeRoot.toString()} != ${this.values.vkTreeRoot.toString()}`,
+      );
+      return false;
+    } else {
+      return true;
+    }
+  }
+
+  async #hasCorrectProtocolContractTreeRoot(tx: T): Promise<boolean> {
+    if (!tx.data.constants.protocolContractTreeRoot.equals(this.values.protocolContractTreeRoot)) {
+      this.#log.warn(
+        `Rejecting tx ${await Tx.getHash(
+          tx,
+        )} because of incorrect protocol contract tree root ${tx.data.constants.protocolContractTreeRoot.toString()} != ${this.values.protocolContractTreeRoot.toString()}`,
+      );
+      return false;
+    }
+    return true;
+  }
+
+  async #hasCorrectL1ChainId(tx: T): Promise<boolean> {
+    if (!tx.data.constants.txContext.chainId.equals(this.values.l1ChainId)) {
       this.#log.warn(
         `Rejecting tx ${await Tx.getHash(
           tx,
-        )} because of incorrect chain ${tx.data.constants.txContext.chainId.toNumber()} != ${this.chainId.toNumber()}`,
+        )} because of incorrect L1 chain ${tx.data.constants.txContext.chainId.toNumber()} != ${this.values.l1ChainId.toNumber()}`,
       );
       return false;
     } else {
@@ -45,11 +81,11 @@ export class MetadataTxValidator<T extends AnyTx> implements TxValidator<T> {
   async #isValidForBlockNumber(tx: T): Promise<boolean> {
     const maxBlockNumber = tx.data.rollupValidationRequests.maxBlockNumber;
 
-    if (maxBlockNumber.isSome && maxBlockNumber.value < this.blockNumber) {
+    if (maxBlockNumber.isSome && maxBlockNumber.value < this.values.blockNumber) {
       this.#log.warn(
         `Rejecting tx ${await Tx.getHash(tx)} for low max block number. Tx max block number: ${
           maxBlockNumber.value
-        }, current block number: ${this.blockNumber}.`,
+        }, current block number: ${this.values.blockNumber}.`,
       );
       return false;
     } else {
@@ -58,11 +94,11 @@ export class MetadataTxValidator<T extends AnyTx> implements TxValidator<T> {
   }
 
   async #hasCorrectRollupVersion(tx: T): Promise<boolean> {
-    if (!tx.data.constants.txContext.version.equals(this.rollupVersion)) {
+    if (!tx.data.constants.txContext.version.equals(this.values.rollupVersion)) {
       this.#log.warn(
         `Rejecting tx ${await Tx.getHash(
           tx,
-        )} because of incorrect rollup version ${tx.data.constants.txContext.version.toNumber()} != ${this.rollupVersion.toNumber()}`,
+        )} because of incorrect rollup version ${tx.data.constants.txContext.version.toNumber()} != ${this.values.rollupVersion.toNumber()}`,
       );
       return false;
     } else {