feat: ensuring PXE respects synced block (#17031)

Until know we didn't check that the functions fetching info from Aztec
Node with block number on the input respect the PXE's view of the
network - refuse to obtain info from a newer block than the one synced
by PXE.

In this PR I add the checks in those functions and I test it all behaves
as expected. This should make the behavior of PXE more robust - you will
not be able to receive info from an Aztec Node whose legitimacy you will
not be able to prove against the anchor block (which seems like a very
important property).

Author: benesjan

yarn-project/pxe/src/contract_function_simulator/pxe_oracle_interface.test.ts

@@ -937,6 +937,57 @@ describe('PXEOracleInterface', () => {
     });
   });
 
+  describe('Respects synced block number', () => {
+    const syncedBlockNumber = 100;
+    let contractAddress: AztecAddress;
+    let nullifier: Fr;
+    let leafSlot: Fr;
+
+    beforeEach(async () => {
+      contractAddress = await AztecAddress.random();
+      nullifier = Fr.random();
+      leafSlot = Fr.random();
+      await setSyncedBlockNumber(syncedBlockNumber);
+    });
+
+    it('throws when getting low nullifier membership witness for future block', async () => {
+      await expect(
+        pxeOracleInterface.getLowNullifierMembershipWitness(syncedBlockNumber + 1, nullifier),
+      ).rejects.toThrow(`Block number ${syncedBlockNumber + 1} is higher than current block ${syncedBlockNumber}`);
+    });
+
+    it('throws when getting block for future block number', async () => {
+      await expect(pxeOracleInterface.getBlock(syncedBlockNumber + 1)).rejects.toThrow(
+        `Block number ${syncedBlockNumber + 1} is higher than current block ${syncedBlockNumber}`,
+      );
+    });
+
+    it('throws when getting public data witness for future block', async () => {
+      await expect(pxeOracleInterface.getPublicDataWitness(syncedBlockNumber + 1, leafSlot)).rejects.toThrow(
+        `Block number ${syncedBlockNumber + 1} is higher than current block ${syncedBlockNumber}`,
+      );
+    });
+
+    it('throws when getting public storage for future block', async () => {
+      await expect(
+        pxeOracleInterface.getPublicStorageAt(syncedBlockNumber + 1, contractAddress, leafSlot),
+      ).rejects.toThrow(`Block number ${syncedBlockNumber + 1} is higher than current block ${syncedBlockNumber}`);
+    });
+  });
+
+  describe('getBlockHeader', () => {
+    it('returns the synced block header and not header from aztec node', async () => {
+      const blockNumber = 42;
+      const header = BlockHeader.empty({
+        globalVariables: GlobalVariables.empty({ blockNumber }),
+      });
+      await syncDataProvider.setHeader(header);
+
+      const result = await pxeOracleInterface.getBlockHeader();
+      expect(result).toEqual(header);
+    });
+  });
+
   const setSyncedBlockNumber = (blockNumber: number) => {
     return syncDataProvider.setHeader(
       BlockHeader.empty({

yarn-project/pxe/src/contract_function_simulator/pxe_oracle_interface.ts

@@ -203,22 +203,38 @@ export class PXEOracleInterface implements ExecutionDataProvider {
     return this.aztecNode.getNullifierMembershipWitness(blockNumber, nullifier);
   }
 
-  public getLowNullifierMembershipWitness(
+  public async getLowNullifierMembershipWitness(
     blockNumber: number,
     nullifier: Fr,
   ): Promise<NullifierMembershipWitness | undefined> {
+    const header = await this.getBlockHeader();
+    if (blockNumber > header.globalVariables.blockNumber) {
+      throw new Error(`Block number ${blockNumber} is higher than current block ${header.globalVariables.blockNumber}`);
+    }
     return this.aztecNode.getLowNullifierMembershipWitness(blockNumber, nullifier);
   }
 
   public async getBlock(blockNumber: number): Promise<L2Block | undefined> {
+    const header = await this.getBlockHeader();
+    if (blockNumber > header.globalVariables.blockNumber) {
+      throw new Error(`Block number ${blockNumber} is higher than current block ${header.globalVariables.blockNumber}`);
+    }
     return await this.aztecNode.getBlock(blockNumber);
   }
 
   public async getPublicDataWitness(blockNumber: number, leafSlot: Fr): Promise<PublicDataWitness | undefined> {
+    const header = await this.getBlockHeader();
+    if (blockNumber > header.globalVariables.blockNumber) {
+      throw new Error(`Block number ${blockNumber} is higher than current block ${header.globalVariables.blockNumber}`);
+    }
     return await this.aztecNode.getPublicDataWitness(blockNumber, leafSlot);
   }
 
   public async getPublicStorageAt(blockNumber: number, contract: AztecAddress, slot: Fr): Promise<Fr> {
+    const header = await this.getBlockHeader();
+    if (blockNumber > header.globalVariables.blockNumber) {
+      throw new Error(`Block number ${blockNumber} is higher than current block ${header.globalVariables.blockNumber}`);
+    }
     return await this.aztecNode.getPublicStorageAt(blockNumber, contract, slot);
   }