feat: Change slash votes from 4 to 2 bits

To reduce gas costs. Also bumps settings in tests to get better
benchmarks.

```
$ FORGE_GAS_REPORT=true forge test --mp test/governance/scenario/slashing/TallySlashing.t.sol --mt Small | grep executeRound
1614818
```

Author: spalladino

l1-contracts/src/core/slashing/TallySlashingProposer.sol

@@ -36,8 +36,8 @@ import {SafeCast} from "@oz/utils/math/SafeCast.sol";
  *      1. Time is divided into rounds (ROUND_SIZE slots each).
  *      2. During each round, block proposers can submit votes indicating which validators from the epochs that span
  *         SLASH_OFFSET_IN_ROUNDS rounds ago should be slashed.
- *      3. Votes are encoded as bytes where the i-th nibble (4 bits) represents the slash amount (0-15 slash units) for
- *         the i-th validator slashed in the round.
+ *      3. Votes are encoded as bytes where each 2-bit pair represents the slash amount (0-3 slash units) for
+ *         the corresponding validator slashed in the round.
  *      4. After a round ends, there is an execution delay period for review so the VETOER in the Slasher can veto the
  *         expected payload address if needed.
  *      5. Once the delay passes, anyone can call executeRound() to tally votes and execute slashing.
@@ -121,7 +121,7 @@ contract TallySlashingProposer is EIP712 {
   /**
    * @notice Contains all vote data for a single round
    * @dev Stores up to MAX_ROUND_SIZE votes as bytes arrays. Each vote encodes slash amounts
-   *      for all validators in the round using 4-bit nibbles per validator.
+   *      for all validators in the round using 2 bits per validator.
    * @param votes Array of encoded vote data, one entry per proposer vote in the round
    */
   struct RoundVotes {
@@ -180,7 +180,7 @@ contract TallySlashingProposer is EIP712 {
 
   /**
    * @notice Base amount of stake to slash per slashing unit (in wei)
-   * @dev Validators can be voted to be slashed by 1-15 units, multiplied by this base amount
+   * @dev Validators can be voted to be slashed by 1-3 units, multiplied by this base amount
    */
   uint256 public immutable SLASHING_UNIT;
 
@@ -323,12 +323,12 @@ contract TallySlashingProposer is EIP712 {
   /**
    * @notice Submit a vote for slashing validators from SLASH_OFFSET_IN_ROUNDS rounds ago
    * @dev Only the current block proposer can submit votes, enforced via EIP-712 signature verification.
-   *      Each byte in the votes encodes slash amounts for 2 validators using 4-bit nibbles (0-15 units each).
+   *      Each byte in the votes encodes slash amounts for 4 validators using 2 bits each (0-3 units each).
    *      The vote includes the current slot number to prevent replay attacks.
    *
-   * @param _votes Encoded voting data where each byte represents slash amounts for 2 validators.
-   *               Lower 4 bits for first validator, upper 4 bits for second validator in each byte.
-   *               Length must equal (COMMITTEE_SIZE * ROUND_SIZE_IN_EPOCHS) / 2 bytes.
+   * @param _votes Encoded voting data where each byte represents slash amounts for 4 validators.
+   *               Bits 0-1 for first validator, bits 2-3 for second, bits 4-5 for third, bits 6-7 for fourth.
+   *               Length must equal (COMMITTEE_SIZE * ROUND_SIZE_IN_EPOCHS) / 4 bytes.
    * @param _sig EIP-712 signature from the current proposer proving authorization to vote.
    *             Signature covers the vote data and current slot number.
    *
@@ -356,8 +356,8 @@ contract TallySlashingProposer is EIP712 {
     bytes32 digest = getVoteSignatureDigest(_votes, slot);
     require(_sig.verify(proposer, digest), Errors.TallySlashingProposer__InvalidSignature());
 
-    // Each byte encodes 2 validators (4 bits each), so each validator is represented as a nibble in the byte array.
-    uint256 expectedLength = COMMITTEE_SIZE * ROUND_SIZE_IN_EPOCHS / 2;
+    // Each byte encodes 4 validators (2 bits each), so each validator is represented as 2 bits in the byte array.
+    uint256 expectedLength = COMMITTEE_SIZE * ROUND_SIZE_IN_EPOCHS / 4;
     require(
       _votes.length == expectedLength, Errors.TallySlashingProposer__InvalidVoteLength(expectedLength, _votes.length)
     );
@@ -676,28 +676,41 @@ contract TallySlashingProposer is EIP712 {
 
     // Create a 2D voting tally matrix: tallyMatrix[validatorIndex][slashAmountInUnits] = voteCount
     // - First dimension: validator index (0 to COMMITTEE_SIZE * ROUND_SIZE_IN_EPOCHS - 1)
-    // - Second dimension: slash amount in units (0-15, where 0 means no slash)
-    // Each validator can be voted to be slashed by 1-15 units (0 represents no slashing)
-    uint256[16][] memory tallyMatrix = new uint256[16][](COMMITTEE_SIZE * ROUND_SIZE_IN_EPOCHS);
+    // - Second dimension: slash amount in units (0-3, where 0 means no slash)
+    // Each validator can be voted to be slashed by 1-3 units (0 represents no slashing)
+    uint256[4][] memory tallyMatrix = new uint256[4][](COMMITTEE_SIZE * ROUND_SIZE_IN_EPOCHS);
 
     // Process all votes cast during this round to populate the tally matrix
-    // Vote encoding: each byte contains 2 validator votes using 4-bit nibbles
-    // - Lower 4 bits (0x0F): slash amount for validator at index (j * 2)
-    // - Upper 4 bits (0xF0): slash amount for validator at index (j * 2 + 1)
+    // Vote encoding: each byte contains 4 validator votes using 2 bits each
+    // - Bits 0-1 (0x03): slash amount for validator at index (j * 4)
+    // - Bits 2-3 (0x0C): slash amount for validator at index (j * 4 + 1)
+    // - Bits 4-5 (0x30): slash amount for validator at index (j * 4 + 2)
+    // - Bits 6-7 (0xC0): slash amount for validator at index (j * 4 + 3)
     for (uint256 i = 0; i < voteCount; i++) {
       // Load the i-th votes from this round from storage into memory
       bytes memory currentVote = _getRoundVotes(roundNumber).votes[i];
       for (uint256 j = 0; j < currentVote.length; j++) {
-        // Extract lower 4 bits for first validator in the byte
-        uint8 validatorSlash = uint8(currentVote[j]) & 0x0F;
-        if (validatorSlash > 0) {
-          tallyMatrix[j * 2][validatorSlash]++;
+        uint8 currentByte = uint8(currentVote[j]);
+
+        // Extract 2 bits for each of the 4 validators in this byte
+        uint8 validatorSlash0 = currentByte & 0x03;
+        if (validatorSlash0 > 0) {
+          tallyMatrix[j * 4][validatorSlash0]++;
+        }
+
+        uint8 validatorSlash1 = (currentByte >> 2) & 0x03;
+        if (validatorSlash1 > 0) {
+          tallyMatrix[j * 4 + 1][validatorSlash1]++;
+        }
+
+        uint8 validatorSlash2 = (currentByte >> 4) & 0x03;
+        if (validatorSlash2 > 0) {
+          tallyMatrix[j * 4 + 2][validatorSlash2]++;
         }
 
-        // Extract upper 4 bits for second validator in the byte
-        validatorSlash = (uint8(currentVote[j]) >> 4) & 0x0F;
-        if (validatorSlash > 0) {
-          tallyMatrix[j * 2 + 1][validatorSlash]++;
+        uint8 validatorSlash3 = (currentByte >> 6) & 0x03;
+        if (validatorSlash3 > 0) {
+          tallyMatrix[j * 4 + 3][validatorSlash3]++;
         }
       }
     }
@@ -712,10 +725,10 @@ contract TallySlashingProposer is EIP712 {
     for (uint256 i = 0; i < tallyMatrix.length; i++) {
       uint256 voteCountForValidator = 0;
 
-      // Check slash amounts from highest (15 units) to lowest (1 unit)
+      // Check slash amounts from highest (3 units) to lowest (1 unit)
       // Cumulative voting: a vote for N units counts as votes for N-1, N-2, ..., 1 units
-      // This means if someone votes to slash 5 units, it also counts as votes for 1-4 units
-      for (uint256 j = 15; j > 0; j--) {
+      // This means if someone votes to slash 3 units, it also counts as votes for 1-2 units
+      for (uint256 j = 3; j > 0; j--) {
         voteCountForValidator += tallyMatrix[i][j];
 
         // Check if this slash amount has reached quorum

l1-contracts/test/benchmark/happy.t.sol

@@ -391,16 +391,18 @@ contract BenchmarkRollupTest is FeeModelTestPoints, DecoderBase {
    * @return Encoded vote data
    */
   function createTallyVoteData(uint256 _size) internal returns (bytes memory) {
-    require(_size % 2 == 0, "Vote data must have even number of validators");
+    require(_size % 4 == 0, "Vote data must have multiple of 4 validators");
 
     bytes32 seed = keccak256(abi.encode(_size, block.timestamp));
 
-    bytes memory voteData = new bytes(_size / 2);
+    bytes memory voteData = new bytes(_size / 4);
 
-    for (uint256 i = 0; i < _size; i += 2) {
-      uint8 firstValidator = uint8(uint256(keccak256(abi.encode(seed, i)))) & 0x0F;
-      uint8 secondValidator = uint8(uint256(keccak256(abi.encode(seed, i + 1)))) & 0x0F;
-      voteData[i / 2] = bytes1((secondValidator << 4) | firstValidator);
+    for (uint256 i = 0; i < _size; i += 4) {
+      uint8 validator0 = uint8(uint256(keccak256(abi.encode(seed, i)))) & 0x03; // 2 bits
+      uint8 validator1 = uint8(uint256(keccak256(abi.encode(seed, i + 1)))) & 0x03; // 2 bits
+      uint8 validator2 = uint8(uint256(keccak256(abi.encode(seed, i + 2)))) & 0x03; // 2 bits
+      uint8 validator3 = uint8(uint256(keccak256(abi.encode(seed, i + 3)))) & 0x03; // 2 bits
+      voteData[i / 4] = bytes1((validator3 << 6) | (validator2 << 4) | (validator1 << 2) | validator0);
     }
 
     return voteData;

l1-contracts/test/builder/RollupBuilder.sol

@@ -224,6 +224,16 @@ contract RollupBuilder is Test {
     return this;
   }
 
+  function setEntryQueueFlushSizeMin(uint256 _flushSizeMin) public returns (RollupBuilder) {
+    config.rollupConfigInput.stakingQueueConfig.normalFlushSizeMin = _flushSizeMin;
+    return this;
+  }
+
+  function setEntryQueueFlushSizeQuotient(uint256 _flushSizeQuotient) public returns (RollupBuilder) {
+    config.rollupConfigInput.stakingQueueConfig.normalFlushSizeQuotient = _flushSizeQuotient;
+    return this;
+  }
+
   function setValidators(CheatDepositArgs[] memory _validators) public returns (RollupBuilder) {
     for (uint256 i = 0; i < _validators.length; i++) {
       config.validators.push(_validators[i]);

l1-contracts/test/governance/scenario/slashing/TallySlashing.t.sol

@@ -50,10 +50,11 @@ contract SlashingTest is TestBase {
   uint256[] internal validatorKeys;
   address[] internal validatorAddresses;
 
-  uint256 constant VALIDATOR_COUNT = 4;
-  uint256 constant COMMITTEE_SIZE = 4;
-  uint256 constant HOW_MANY_SLASHED = 4;
-  uint256 constant ROUND_SIZE_IN_EPOCHS = 1;
+  uint256 constant VALIDATOR_COUNT = 128;
+  uint256 constant COMMITTEE_SIZE = 48;
+  uint256 constant HOW_MANY_SLASHED = 1;
+  uint256 constant ROUND_SIZE_IN_EPOCHS = 2;
+  uint256 constant EPOCH_DURATION = 32;
   uint256 constant INITIAL_EPOCH = 6 + ROUND_SIZE_IN_EPOCHS;
 
   function _getProposerKey() internal returns (uint256) {
@@ -88,22 +89,24 @@ contract SlashingTest is TestBase {
     SlashRound votingRound = slashingProposer.getCurrentRound();
 
     // Create votes - for tally slashing we need to encode votes as bytes
-    // Each validator gets a slash amount between 1-15 units
+    // Each validator gets a slash amount between 1-3 units
     // For simplicity, we'll vote to slash all validators by the same amount
     uint256 slashUnits = _slashAmount / slashingProposer.SLASHING_UNIT();
     if (slashUnits == 0) slashUnits = 1; // Minimum 1 unit
-    if (slashUnits > 15) slashUnits = 15; // Maximum 15 units
+    if (slashUnits > 3) slashUnits = 3; // Maximum 3 units
 
-    // Calculate expected vote length: (COMMITTEE_SIZE * ROUND_SIZE_IN_EPOCHS) / 2
+    // Calculate expected vote length: (COMMITTEE_SIZE * ROUND_SIZE_IN_EPOCHS) / 4
     uint256 totalValidators = slashingProposer.COMMITTEE_SIZE() * slashingProposer.ROUND_SIZE_IN_EPOCHS();
-    uint256 voteLength = totalValidators / 2;
+    uint256 voteLength = totalValidators / 4;
     bytes memory votes = new bytes(voteLength);
 
-    // Encode votes: each byte contains 2 validator votes (4 bits each)
+    // Encode votes: each byte contains 4 validator votes (2 bits each)
     for (uint256 i = 0; i < voteLength; i++) {
-      uint8 vote1 = (i * 2 < _howMany) ? uint8(slashUnits) : 0;
-      uint8 vote2 = (i * 2 + 1 < _howMany) ? uint8(slashUnits) : 0;
-      votes[i] = bytes1((vote2 << 4) | vote1);
+      uint8 vote1 = (i * 4 < _howMany) ? uint8(slashUnits) : 0;
+      uint8 vote2 = (i * 4 + 1 < _howMany) ? uint8(slashUnits) : 0;
+      uint8 vote3 = (i * 4 + 2 < _howMany) ? uint8(slashUnits) : 0;
+      uint8 vote4 = (i * 4 + 3 < _howMany) ? uint8(slashUnits) : 0;
+      votes[i] = bytes1((vote4 << 6) | (vote3 << 4) | (vote2 << 2) | vote1);
     }
 
     // Cast votes in multiple slots to reach quorum
@@ -160,7 +163,7 @@ contract SlashingTest is TestBase {
     ).setSlashingLifetimeInRounds(_slashingLifetimeInRounds).setSlashingExecutionDelayInRounds(
       _slashingExecutionDelayInRounds
     ).setSlasherFlavor(SlasherFlavor.TALLY).setSlashingRoundSize(roundSize).setSlashingQuorum(roundSize / 2 + 1)
-      .setSlashingOffsetInRounds(2);
+      .setSlashingOffsetInRounds(2).setEpochDuration(EPOCH_DURATION).setEntryQueueFlushSizeMin(VALIDATOR_COUNT);
     builder.deploy();
 
     rollup = builder.getConfig().rollup;
@@ -174,7 +177,7 @@ contract SlashingTest is TestBase {
       address(rollup),
       block.timestamp,
       TestConstants.AZTEC_SLOT_DURATION,
-      TestConstants.AZTEC_EPOCH_DURATION,
+      EPOCH_DURATION,
       TestConstants.AZTEC_PROOF_SUBMISSION_EPOCHS
     );
 
@@ -194,7 +197,7 @@ contract SlashingTest is TestBase {
 
     _setupCommitteeForSlashing(_lifetimeInRounds, _executionDelayInRounds);
     address[] memory attesters = rollup.getEpochCommittee(Epoch.wrap(INITIAL_EPOCH));
-    uint96 slashAmount = 10e18;
+    uint96 slashAmount = 20e18;
     SlashRound firstSlashingRound = _createSlashingVotes(slashAmount, attesters.length);
 
     uint256 firstExecutableSlot =
@@ -221,9 +224,8 @@ contract SlashingTest is TestBase {
     _lifetimeInRounds = bound(_lifetimeInRounds, _executionDelayInRounds + 1, 127); // Must be < ROUNDABOUT_SIZE
 
     _setupCommitteeForSlashing(_lifetimeInRounds, _executionDelayInRounds);
-    address[] memory attesters = rollup.getEpochCommittee(Epoch.wrap(INITIAL_EPOCH));
-    uint96 slashAmount = 10e18;
-    SlashRound firstSlashingRound = _createSlashingVotes(slashAmount, attesters.length);
+    uint96 slashAmount = 20e18;
+    SlashRound firstSlashingRound = _createSlashingVotes(slashAmount, COMMITTEE_SIZE);
 
     uint256 firstExecutableSlot =
       (SlashRound.unwrap(firstSlashingRound) + _executionDelayInRounds + 1) * slashingProposer.ROUND_SIZE();
@@ -232,8 +234,9 @@ contract SlashingTest is TestBase {
     _jumpToSlot = bound(_jumpToSlot, firstExecutableSlot, lastExecutableSlot);
 
     timeCheater.cheat__jumpToSlot(_jumpToSlot);
-    uint256[] memory stakes = new uint256[](attesters.length);
-    for (uint256 i = 0; i < attesters.length; i++) {
+    address[] memory attesters = rollup.getEpochCommittee(slashingProposer.getSlashTargetEpoch(firstSlashingRound, 0));
+    uint256[] memory stakes = new uint256[](COMMITTEE_SIZE);
+    for (uint256 i = 0; i < COMMITTEE_SIZE; i++) {
       AttesterView memory attesterView = rollup.getAttesterView(attesters[i]);
       stakes[i] = attesterView.effectiveBalance;
       assertTrue(attesterView.status == Status.VALIDATING, "Invalid status");
@@ -264,7 +267,7 @@ contract SlashingTest is TestBase {
 
     _setupCommitteeForSlashing(_lifetimeInRounds, _executionDelayInRounds);
     address[] memory attesters = rollup.getEpochCommittee(Epoch.wrap(INITIAL_EPOCH));
-    uint96 slashAmount = 10e18;
+    uint96 slashAmount = 20e18;
     SlashRound firstSlashingRound = _createSlashingVotes(slashAmount, attesters.length);
 
     // For tally slashing, we need to predict the payload address and veto it
@@ -327,10 +330,16 @@ contract SlashingTest is TestBase {
     // Execute the slash
     slashingProposer.executeRound(firstSlashingRound, committees);
 
+    // Calculate actual slash amount (limited by max 3 units)
+    uint256 slashUnits = slashAmount1 / slashingProposer.SLASHING_UNIT();
+    if (slashUnits == 0) slashUnits = 1; // Minimum 1 unit
+    if (slashUnits > 3) slashUnits = 3; // Maximum 3 units
+    uint256 actualSlashAmount = slashUnits * slashingProposer.SLASHING_UNIT();
+
     // Check balances
     for (uint256 i = 0; i < howManyToSlash; i++) {
       AttesterView memory attesterView = rollup.getAttesterView(attesters[i]);
-      assertEq(attesterView.effectiveBalance, stakes[i] - slashAmount1);
+      assertEq(attesterView.effectiveBalance, stakes[i] - actualSlashAmount);
       assertEq(attesterView.exit.amount, 0, "Invalid stake");
       assertTrue(attesterView.status == Status.VALIDATING, "Invalid status");
     }

l1-contracts/test/harnesses/TestConstants.sol

@@ -25,7 +25,7 @@ library TestConstants {
   uint256 internal constant AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS = 0;
   uint256 internal constant AZTEC_SLASHING_OFFSET_IN_ROUNDS = 2;
   address internal constant AZTEC_SLASHING_VETOER = address(0);
-  uint256 internal constant AZTEC_SLASHING_UNIT = 5e18;
+  uint256 internal constant AZTEC_SLASHING_UNIT = 20e18;
   uint256 internal constant AZTEC_MANA_TARGET = 100_000_000;
   uint256 internal constant AZTEC_ENTRY_QUEUE_FLUSH_SIZE_MIN = 4;
   uint256 internal constant AZTEC_ENTRY_QUEUE_FLUSH_SIZE_QUOTIENT = 2;