refactor: staking queue config now includes max value (#16621)

With the changes for BLS keys to be included, the cost of the queue and
deposits was heavily impacted. however the upper limit of queue members
to consume was not altered. It is now a config value along with the rest
of the staking queue config.

The config is important as it pose a potential DOS. If there are
sufficient queue members it will be impossible to actually flush the
queue, so making it updatable is a sane way to deal with changing costs
of op-codes etc.

Also it can be used to put limits more easily on set growth.

Fixes an issue in the migration loading, and adds a test to showcase gas
costs related to additions.

Author: LHerskind

l1-contracts/.gitignore

@@ -36,5 +36,3 @@ gas_benchmark.diff
 /bench-out
 
 /coverage
-
-/script/registration_data.json

l1-contracts/foundry.toml

@@ -29,6 +29,7 @@ gas_reports = [
   "RollupWithPreheating",
   "EmpireSlashingProposer",
   "TallySlashingProposer",
+  "MultiAdder"
 ]
 
 remappings = [

l1-contracts/script/Migration.s.sol

@@ -12,9 +12,9 @@ import {TestERC20} from "@aztec/mock/TestERC20.sol";
 
 struct RegistrationData {
   address attester;
+  G1Point proofOfPossession;
   G1Point publicKeyInG1;
   G2Point publicKeyInG2;
-  G1Point proofOfPossession;
 }
 
 contract MigrationScript is Test {
@@ -46,7 +46,7 @@ contract MigrationScript is Test {
   function emulate() public {
     // If emulating we will deploy a rollup and other components ahead of time, otherwise
     // you should provide them by updating the values above.
-    RollupBuilder builder = new RollupBuilder(ME).setUpdateOwnerships(false).deploy();
+    RollupBuilder builder = new RollupBuilder(ME).setUpdateOwnerships(false).setCheckProofOfPossession(true).deploy();
 
     INSTANCE = IInstance(address(builder.getConfig().rollup));
     STAKING_ASSET = builder.getConfig().testERC20;
@@ -57,6 +57,20 @@ contract MigrationScript is Test {
     migrate();
   }
 
+  function print() public {
+    RegistrationData memory r = $registrations[0];
+    emit log_named_address("Attester", r.attester);
+    emit log_named_address("Withdrawer", WITHDRAWER);
+    emit log_named_bytes32("PublicKeyInG1.x", bytes32(r.publicKeyInG1.x));
+    emit log_named_bytes32("PublicKeyInG1.y", bytes32(r.publicKeyInG1.y));
+    emit log_named_bytes32("PublicKeyInG2.x0", bytes32(r.publicKeyInG2.x0));
+    emit log_named_bytes32("PublicKeyInG2.x1", bytes32(r.publicKeyInG2.x1));
+    emit log_named_bytes32("PublicKeyInG2.y0", bytes32(r.publicKeyInG2.y0));
+    emit log_named_bytes32("PublicKeyInG2.y1", bytes32(r.publicKeyInG2.y1));
+    emit log_named_bytes32("ProofOfPossession.x", bytes32(r.proofOfPossession.x));
+    emit log_named_bytes32("ProofOfPossession.y", bytes32(r.proofOfPossession.y));
+  }
+
   function migrate() public {
     uint256 activationThreshold = INSTANCE.getActivationThreshold();
 
@@ -69,6 +83,8 @@ contract MigrationScript is Test {
     uint256 end = $registrations.length;
     uint256 batchSize = 10;
 
+    uint256 sizeBefore = INSTANCE.getActiveAttesterCount() + INSTANCE.getEntryQueueLength();
+
     while (start < end) {
       uint256 batchEnd = start + batchSize;
       if (batchEnd > end) {
@@ -91,8 +107,11 @@ contract MigrationScript is Test {
       vm.startBroadcast(ME);
       ADDER.addValidators(args);
       vm.stopBroadcast();
-
       start = batchEnd;
     }
+
+    uint256 sizeAfter = INSTANCE.getActiveAttesterCount() + INSTANCE.getEntryQueueLength();
+
+    assertGe(sizeAfter, sizeBefore + end);
   }
 }

l1-contracts/script/registration_data.json

@@ -31,10 +31,6 @@ struct StakingQueue {
 }
 
 library StakingQueueLib {
-  // This is a HARD CAP. We will never attempt to flush more than this number of validators,
-  // because it starts to butt up against the block gas limit.
-  uint256 public constant MAX_QUEUE_FLUSH_SIZE = 150;
-
   function init(StakingQueue storage self) internal {
     self.first = 1;
     self.last = 1;

l1-contracts/src/core/libraries/StakingQueue.sol

@@ -22,28 +22,30 @@ type CompressedStakingQueueConfig is uint256;
  * possible to add validators. This can close the queue even if there are members in the validator set if a very high
  * `normalFlushSizeQuotient` is used.
  *
- * NOTE: We will NEVER flush more than `MAX_QUEUE_FLUSH_SIZE` validators: it is applied as a Max at the end of every
+ * NOTE: We will NEVER flush more than `maxQueueFlushSize` validators: it is applied as a Max at the end of every
  * calculation.
- * This is to prevent a situation where flushing the queue would exceed the block gas limit.
+ * This can be used to prevent a situation where flushing the queue would exceed the block gas limit.
  */
 struct StakingQueueConfig {
   uint256 bootstrapValidatorSetSize;
   uint256 bootstrapFlushSize;
   uint256 normalFlushSizeMin;
   uint256 normalFlushSizeQuotient;
+  uint256 maxQueueFlushSize;
 }
 
 library StakingQueueConfigLib {
   using SafeCast for uint256;
 
-  uint256 private constant MASK_64BIT = 0xFFFFFFFFFFFFFFFF;
+  uint256 private constant MASK_32BIT = 0xFFFFFFFF;
 
   function compress(StakingQueueConfig memory _config) internal pure returns (CompressedStakingQueueConfig) {
     uint256 value = 0;
-    value |= uint256(_config.normalFlushSizeQuotient.toUint64());
-    value |= uint256(_config.normalFlushSizeMin.toUint64()) << 64;
-    value |= uint256(_config.bootstrapFlushSize.toUint64()) << 128;
-    value |= uint256(_config.bootstrapValidatorSetSize.toUint64()) << 192;
+    value |= uint256(_config.maxQueueFlushSize.toUint32());
+    value |= uint256(_config.normalFlushSizeQuotient.toUint32()) << 32;
+    value |= uint256(_config.normalFlushSizeMin.toUint32()) << 64;
+    value |= uint256(_config.bootstrapFlushSize.toUint32()) << 96;
+    value |= uint256(_config.bootstrapValidatorSetSize.toUint32()) << 128;
 
     return CompressedStakingQueueConfig.wrap(value);
   }
@@ -52,10 +54,11 @@ library StakingQueueConfigLib {
     uint256 value = CompressedStakingQueueConfig.unwrap(_compressedConfig);
 
     return StakingQueueConfig({
-      bootstrapValidatorSetSize: (value >> 192) & MASK_64BIT,
-      bootstrapFlushSize: (value >> 128) & MASK_64BIT,
-      normalFlushSizeMin: (value >> 64) & MASK_64BIT,
-      normalFlushSizeQuotient: (value) & MASK_64BIT
+      bootstrapValidatorSetSize: (value >> 128) & MASK_32BIT,
+      bootstrapFlushSize: (value >> 96) & MASK_32BIT,
+      normalFlushSizeMin: (value >> 64) & MASK_32BIT,
+      normalFlushSizeQuotient: (value >> 32) & MASK_32BIT,
+      maxQueueFlushSize: value & MASK_32BIT
     });
   }
 }

l1-contracts/src/core/libraries/compressed-data/StakingQueueConfig.sol

@@ -303,7 +303,7 @@ library StakingLib {
    *      The function will revert if:
    *      - The current epoch is before nextFlushableEpoch (max 1 flush per epoch). This limit:
    *        1. Controls validator set growth by only allowing a fixed number of additions per epoch (we can flush at
-   *           most MAX_QUEUE_FLUSH_SIZE validators at once - hence the limit)
+   *           most maxQueueFlushSize validators at once - hence the limit)
    *        2. Aligns with committee selection which happens once per epoch anyway
    *        3. Groups validator additions into epoch-sized chunks for efficient binary searches (fewer snapshots in
    *           GSE)
@@ -509,7 +509,7 @@ library StakingLib {
    *      3. Normal phase: After the initial bootstrap and growth phases, returns a number proportional to the current
    *         set size for conservative steady-state growth, unless constrained by configuration (`normalFlushSizeMin`).
    *
-   *      All phases are subject to a hard cap of `MAX_QUEUE_FLUSH_SIZE`.
+   *      All phases are subject to a hard cap of `maxQueueFlushSize`.
    *
    *      The motivation for floodgates is that the whole system starts producing blocks with what is considered
    *      a sufficiently decentralized set of validators.
@@ -536,14 +536,14 @@ library StakingLib {
 
       // If growth:
       if (activeAttesterCount < config.bootstrapValidatorSetSize) {
-        return Math.min(config.bootstrapFlushSize, StakingQueueLib.MAX_QUEUE_FLUSH_SIZE);
+        return Math.min(config.bootstrapFlushSize, config.maxQueueFlushSize);
       }
     }
 
     // If normal:
     return Math.min(
       Math.max(activeAttesterCount / config.normalFlushSizeQuotient, config.normalFlushSizeMin),
-      StakingQueueLib.MAX_QUEUE_FLUSH_SIZE
+      config.maxQueueFlushSize
     );
   }
 

l1-contracts/src/core/libraries/rollup/StakingLib.sol

@@ -16,6 +16,7 @@ struct CheatDepositArgs {
 
 interface IMultiAdder {
   function addValidators(CheatDepositArgs[] memory _args) external;
+  function addValidators(CheatDepositArgs[] memory _args, bool _skipFlush) external;
 }
 
 contract MultiAdder is IMultiAdder {
@@ -32,7 +33,11 @@ contract MultiAdder is IMultiAdder {
     stakingAsset.approve(address(STAKING), type(uint256).max);
   }
 
-  function addValidators(CheatDepositArgs[] memory _args) external override(IMultiAdder) {
+  function addValidators(CheatDepositArgs[] memory _args) public override(IMultiAdder) {
+    addValidators(_args, false);
+  }
+
+  function addValidators(CheatDepositArgs[] memory _args, bool _skipFlush) public override(IMultiAdder) {
     require(msg.sender == OWNER, NotOwner());
     for (uint256 i = 0; i < _args.length; i++) {
       STAKING.deposit(
@@ -45,7 +50,7 @@ contract MultiAdder is IMultiAdder {
       );
     }
 
-    if (STAKING.getCurrentEpoch() >= STAKING.getNextFlushableEpoch()) {
+    if (!_skipFlush && STAKING.getCurrentEpoch() >= STAKING.getNextFlushableEpoch()) {
       STAKING.flushEntryQueue();
     }
   }

l1-contracts/src/mock/MultiAdder.sol

@@ -14,16 +14,18 @@ contract StakingQueueConfigTest is Test {
   using StakingQueueConfigLib for CompressedStakingQueueConfig;
 
   function test_compressAndDecompress(
-    uint64 _bootstrapValidatorSetSize,
-    uint64 _bootstrapFlushSize,
-    uint64 _normalFlushSizeMin,
-    uint64 _normalFlushSizeQuotient
+    uint32 _bootstrapValidatorSetSize,
+    uint32 _bootstrapFlushSize,
+    uint32 _normalFlushSizeMin,
+    uint32 _normalFlushSizeQuotient,
+    uint32 _maxQueueFlushSize
   ) public pure {
     StakingQueueConfig memory a = StakingQueueConfig({
       bootstrapValidatorSetSize: _bootstrapValidatorSetSize,
       bootstrapFlushSize: _bootstrapFlushSize,
       normalFlushSizeMin: _normalFlushSizeMin,
-      normalFlushSizeQuotient: _normalFlushSizeQuotient
+      normalFlushSizeQuotient: _normalFlushSizeQuotient,
+      maxQueueFlushSize: _maxQueueFlushSize
     });
 
     CompressedStakingQueueConfig b = a.compress();
@@ -33,5 +35,6 @@ contract StakingQueueConfigTest is Test {
     assertEq(c.bootstrapFlushSize, a.bootstrapFlushSize, "Bootstrap flush size");
     assertEq(c.normalFlushSizeMin, a.normalFlushSizeMin, "Normal flush size min");
     assertEq(c.normalFlushSizeQuotient, a.normalFlushSizeQuotient, "Normal flush size quotient");
+    assertEq(c.maxQueueFlushSize, a.maxQueueFlushSize, "Max queue flush size");
   }
 }

l1-contracts/test/compression/StakingQueueConfig.t.sol

@@ -31,6 +31,7 @@ library TestConstants {
   uint256 internal constant AZTEC_ENTRY_QUEUE_FLUSH_SIZE_QUOTIENT = 2;
   uint256 internal constant AZTEC_ENTRY_QUEUE_BOOTSTRAP_VALIDATOR_SET_SIZE = 0;
   uint256 internal constant AZTEC_ENTRY_QUEUE_BOOTSTRAP_FLUSH_SIZE = 0;
+  uint256 internal constant AZTEC_ENTRY_QUEUE_MAX_FLUSH_SIZE = 480;
   uint256 internal constant AZTEC_EXIT_DELAY_SECONDS = 2 * 24 * 60 * 60; // 2 days
   EthValue internal constant AZTEC_PROVING_COST_PER_MANA = EthValue.wrap(100);
 
@@ -81,7 +82,8 @@ library TestConstants {
       bootstrapValidatorSetSize: AZTEC_ENTRY_QUEUE_BOOTSTRAP_VALIDATOR_SET_SIZE,
       bootstrapFlushSize: AZTEC_ENTRY_QUEUE_BOOTSTRAP_FLUSH_SIZE,
       normalFlushSizeMin: AZTEC_ENTRY_QUEUE_FLUSH_SIZE_MIN,
-      normalFlushSizeQuotient: AZTEC_ENTRY_QUEUE_FLUSH_SIZE_QUOTIENT
+      normalFlushSizeQuotient: AZTEC_ENTRY_QUEUE_FLUSH_SIZE_QUOTIENT,
+      maxQueueFlushSize: AZTEC_ENTRY_QUEUE_MAX_FLUSH_SIZE
     });
   }