feat: Consensus-based slashing proposer contract (#16357)

Implementation for the consensus-based slashing on L1 as discussed
[here](https://linear.app/aztec-labs/document/slashing-discussion-w33-8810b51b11b0#l1-consensus-db4c0919):

> Build a new SlashingProposer version that does not extend from
EmpireBase, but follows same logic on slashing rounds, execution delays,
and allowing votes from the current L2 proposer only.

> Each vote is now an array of proposed slashes. We define a
slashing-unit value, and every slash is a multiple of this unit. Slashes
are represented as a bit vector, where the i-th 4-bits (or 2, or 8,
depending on how much granularity we want) indicate how many
slashing-units proposer i is slashed. An expensive tallying function
computes the effective payload by iterating over all votes.

This still keeps the EmpireSlashProposer around. Next step will be to
let the `Slasher` choose which implementation to use, so we can keep
tests for both, and then rebase this on top of #16284 and tweak the
updated slasher client to use this new SlashProposer.

Other changes:
- Updates the `SlashProposer` to be `Ownable` by governance, who can
execute slash payloads.
- Modifies the `Slasher` deployment due to contract size limits (the
slasher no longer deploys the proposer, instead it needs to be
initialized after deployment with the proposer address).
- Renames `ExtRollupLibN` to have more descriptive names.
- Adds env var config for the new proposer flavor.
- Adds type-checking for L1 contract deployer on ts.

Author: AztecBot

l1-contracts/foundry.toml

@@ -26,8 +26,9 @@ gas_reports = [
   "Rollup",
   "RollupCore",
   "Slasher",
-  "SlashingProposer",
   "RollupWithPreheating",
+  "EmpireSlashingProposer",
+  "TallySlashingProposer",
 ]
 
 remappings = [

l1-contracts/src/core/Rollup.sol

@@ -38,8 +38,8 @@ import {
   Timestamp,
   Errors,
   CommitteeAttestations,
-  ExtRollupLib,
-  ExtRollupLib2,
+  RollupOperationsExtLib,
+  ValidatorOperationsExtLib,
   EthValue,
   STFLib,
   RollupStore,
@@ -93,7 +93,7 @@ contract Rollup is IStaking, IValidatorSelection, IRollup, RollupCore {
     BlockHeaderValidationFlags memory _flags
   ) external override(IRollup) {
     Timestamp currentTime = Timestamp.wrap(block.timestamp);
-    ExtRollupLib.validateHeaderWithAttestations(
+    RollupOperationsExtLib.validateHeaderWithAttestations(
       ValidateHeaderArgs({
         header: _header,
         digest: _digest,
@@ -134,7 +134,19 @@ contract Rollup is IStaking, IValidatorSelection, IRollup, RollupCore {
    * @return The committee size for the given timestamp
    */
   function getCommitteeCommitmentAt(Timestamp _ts) external override(IValidatorSelection) returns (bytes32, uint256) {
-    return ExtRollupLib2.getCommitteeCommitmentAt(getEpochAt(_ts));
+    return ValidatorOperationsExtLib.getCommitteeCommitmentAt(getEpochAt(_ts));
+  }
+
+  /**
+   * @notice Get the committee commitment a the given epoch
+   *
+   * @param _epoch - The epoch to get the committee for
+   *
+   * @return The committee commitment for the given epoch
+   * @return The committee size for the given epoch
+   */
+  function getEpochCommitteeCommitment(Epoch _epoch) external override(IValidatorSelection) returns (bytes32, uint256) {
+    return ValidatorOperationsExtLib.getCommitteeCommitmentAt(_epoch);
   }
 
   /**
@@ -163,11 +175,11 @@ contract Rollup is IStaking, IValidatorSelection, IRollup, RollupCore {
     override(IRollup)
     returns (Slot, uint256)
   {
-    return ExtRollupLib2.canProposeAtTime(_ts, _archive, _who);
+    return ValidatorOperationsExtLib.canProposeAtTime(_ts, _archive, _who);
   }
 
   function getTargetCommitteeSize() external view override(IValidatorSelection) returns (uint256) {
-    return ExtRollupLib2.getTargetCommitteeSize();
+    return ValidatorOperationsExtLib.getTargetCommitteeSize();
   }
 
   function getGenesisTime() external view override(IValidatorSelection) returns (Timestamp) {
@@ -267,7 +279,7 @@ contract Rollup is IStaking, IValidatorSelection, IRollup, RollupCore {
     bytes32[] calldata _fees,
     bytes calldata _blobPublicInputs
   ) external view override(IRollup) returns (bytes32[] memory) {
-    return ExtRollupLib.getEpochProofPublicInputs(_start, _end, _args, _fees, _blobPublicInputs);
+    return RollupOperationsExtLib.getEpochProofPublicInputs(_start, _end, _args, _fees, _blobPublicInputs);
   }
 
   /**
@@ -280,7 +292,7 @@ contract Rollup is IStaking, IValidatorSelection, IRollup, RollupCore {
     override(IRollup)
     returns (bytes32[] memory, bytes32, bytes[] memory)
   {
-    return ExtRollupLib.validateBlobs(_blobsInput, checkBlob);
+    return RollupOperationsExtLib.validateBlobs(_blobsInput, checkBlob);
   }
 
   /**
@@ -365,7 +377,7 @@ contract Rollup is IStaking, IValidatorSelection, IRollup, RollupCore {
    * @return The sample seed for the given timestamp
    */
   function getSampleSeedAt(Timestamp _ts) external view override(IValidatorSelection) returns (uint256) {
-    return ExtRollupLib2.getSampleSeedAt(getEpochAt(_ts));
+    return ValidatorOperationsExtLib.getSampleSeedAt(getEpochAt(_ts));
   }
 
   /**
@@ -374,7 +386,7 @@ contract Rollup is IStaking, IValidatorSelection, IRollup, RollupCore {
    * @return The sample seed for the current epoch
    */
   function getCurrentSampleSeed() external view override(IValidatorSelection) returns (uint256) {
-    return ExtRollupLib2.getSampleSeedAt(getCurrentEpoch());
+    return ValidatorOperationsExtLib.getSampleSeedAt(getCurrentEpoch());
   }
 
   /**
@@ -532,7 +544,7 @@ contract Rollup is IStaking, IValidatorSelection, IRollup, RollupCore {
    * @return The validator set for the given epoch
    */
   function getEpochCommittee(Epoch _epoch) public override(IValidatorSelection) returns (address[] memory) {
-    return ExtRollupLib2.getCommitteeAt(_epoch);
+    return ValidatorOperationsExtLib.getCommitteeAt(_epoch);
   }
 
   /**
@@ -557,7 +569,7 @@ contract Rollup is IStaking, IValidatorSelection, IRollup, RollupCore {
    * @return The address of the proposer
    */
   function getProposerAt(Timestamp _ts) public override(IValidatorSelection) returns (address) {
-    return ExtRollupLib2.getProposerAt(_ts.slotFromTimestamp());
+    return ValidatorOperationsExtLib.getProposerAt(_ts.slotFromTimestamp());
   }
 
   /**

l1-contracts/src/core/RollupCore.sol

@@ -15,9 +15,12 @@ import {IOutbox} from "@aztec/core/interfaces/messagebridge/IOutbox.sol";
 import {Constants} from "@aztec/core/libraries/ConstantsGen.sol";
 import {CommitteeAttestations} from "@aztec/core/libraries/rollup/AttestationLib.sol";
 import {Errors} from "@aztec/core/libraries/Errors.sol";
-import {ExtRollupLib} from "@aztec/core/libraries/rollup/ExtRollupLib.sol";
-import {ExtRollupLib2} from "@aztec/core/libraries/rollup/ExtRollupLib2.sol";
-import {ExtRollupLib3} from "@aztec/core/libraries/rollup/ExtRollupLib3.sol";
+import {RollupOperationsExtLib} from "@aztec/core/libraries/rollup/RollupOperationsExtLib.sol";
+import {ValidatorOperationsExtLib} from "@aztec/core/libraries/rollup/ValidatorOperationsExtLib.sol";
+import {RewardDeploymentExtLib} from "@aztec/core/libraries/rollup/RewardDeploymentExtLib.sol";
+import {TallySlasherDeploymentExtLib} from "@aztec/core/libraries/rollup/TallySlasherDeploymentExtLib.sol";
+import {EmpireSlasherDeploymentExtLib} from "@aztec/core/libraries/rollup/EmpireSlasherDeploymentExtLib.sol";
+import {SlasherFlavor} from "@aztec/core/interfaces/ISlasher.sol";
 import {EthValue, FeeLib} from "@aztec/core/libraries/rollup/FeeLib.sol";
 import {ProposeArgs} from "@aztec/core/libraries/rollup/ProposeLib.sol";
 import {STFLib, GenesisState} from "@aztec/core/libraries/rollup/STFLib.sol";
@@ -228,21 +231,44 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
     );
 
     Timestamp exitDelay = Timestamp.wrap(_config.exitDelaySeconds);
-    ISlasher slasher = ExtRollupLib3.deploySlasher(
-      address(this),
-      _config.slashingQuorum,
-      _config.slashingRoundSize,
-      _config.slashingLifetimeInRounds,
-      _config.slashingExecutionDelayInRounds,
-      _config.slashingVetoer
-    );
+
+    // Deploy slasher based on flavor
+    ISlasher slasher;
+
+    // We call one external library or another based on the slasher flavor
+    // This allows us to keep the slash flavors in separate external libraries so we do not exceed max contract size
+    if (_config.slasherFlavor == SlasherFlavor.TALLY) {
+      slasher = TallySlasherDeploymentExtLib.deployTallySlasher(
+        address(this),
+        _config.slashingVetoer,
+        _governance,
+        _config.slashingQuorum,
+        _config.slashingRoundSize,
+        _config.slashingLifetimeInRounds,
+        _config.slashingExecutionDelayInRounds,
+        _config.slashingUnit,
+        _config.targetCommitteeSize,
+        _config.aztecEpochDuration,
+        _config.slashingOffsetInRounds
+      );
+    } else {
+      slasher = EmpireSlasherDeploymentExtLib.deployEmpireSlasher(
+        address(this),
+        _config.slashingVetoer,
+        _governance,
+        _config.slashingQuorum,
+        _config.slashingRoundSize,
+        _config.slashingLifetimeInRounds,
+        _config.slashingExecutionDelayInRounds
+      );
+    }
 
     StakingLib.initialize(_stakingAsset, _gse, exitDelay, address(slasher), _config.stakingQueueConfig);
-    ExtRollupLib2.initializeValidatorSelection(_config.targetCommitteeSize);
+    ValidatorOperationsExtLib.initializeValidatorSelection(_config.targetCommitteeSize);
 
     // If no booster is specifically provided, deploy one.
     if (address(_config.rewardConfig.booster) == address(0)) {
-      _config.rewardConfig.booster = ExtRollupLib3.deployRewardBooster(_config.rewardBoostConfig);
+      _config.rewardConfig.booster = RewardDeploymentExtLib.deployRewardBooster(_config.rewardBoostConfig);
     }
 
     RewardLib.setConfig(_config.rewardConfig);
@@ -309,7 +335,7 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
    * @param _slasher The address of the new slasher contract
    */
   function setSlasher(address _slasher) external override(IStakingCore) onlyOwner {
-    ExtRollupLib2.setSlasher(_slasher);
+    ValidatorOperationsExtLib.setSlasher(_slasher);
   }
 
   /**
@@ -327,7 +353,7 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
    * @param _config New configuration including queue size limits and timing parameters
    */
   function updateStakingQueueConfig(StakingQueueConfig memory _config) external override(IStakingCore) onlyOwner {
-    ExtRollupLib2.updateStakingQueueConfig(_config);
+    ValidatorOperationsExtLib.updateStakingQueueConfig(_config);
   }
 
   /**
@@ -365,7 +391,7 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
    * @param _proposalId The ID of the proposal to vote on
    */
   function vote(uint256 _proposalId) external override(IStakingCore) {
-    ExtRollupLib2.vote(_proposalId);
+    ValidatorOperationsExtLib.vote(_proposalId);
   }
 
   /**
@@ -386,7 +412,7 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
     G1Point memory _proofOfPossession,
     bool _moveWithLatestRollup
   ) external override(IStakingCore) {
-    ExtRollupLib2.deposit(
+    ValidatorOperationsExtLib.deposit(
       _attester, _withdrawer, _publicKeyInG1, _publicKeyInG2, _proofOfPossession, _moveWithLatestRollup
     );
   }
@@ -397,7 +423,7 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
    *      This helps maintain a controlled growth rate of the validator set.
    */
   function flushEntryQueue() external override(IStakingCore) {
-    ExtRollupLib2.flushEntryQueue();
+    ValidatorOperationsExtLib.flushEntryQueue();
   }
 
   /**
@@ -409,7 +435,7 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
    * @return True if withdrawal was initiated, false if already initiated
    */
   function initiateWithdraw(address _attester, address _recipient) external override(IStakingCore) returns (bool) {
-    return ExtRollupLib2.initiateWithdraw(_attester, _recipient);
+    return ValidatorOperationsExtLib.initiateWithdraw(_attester, _recipient);
   }
 
   /**
@@ -418,7 +444,7 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
    * @param _attester The validator address whose withdrawal to finalize
    */
   function finaliseWithdraw(address _attester) external override(IStakingCore) {
-    ExtRollupLib2.finaliseWithdraw(_attester);
+    ValidatorOperationsExtLib.finaliseWithdraw(_attester);
   }
 
   /**
@@ -429,7 +455,7 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
    * @return True if slashing was successful
    */
   function slash(address _attester, uint256 _amount) external override(IStakingCore) returns (bool) {
-    return ExtRollupLib2.slash(_attester, _amount);
+    return ValidatorOperationsExtLib.slash(_attester, _amount);
   }
 
   /**
@@ -439,7 +465,7 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
    *      Pruning occurs at epoch boundaries and removes all blocks in unproven epochs.
    */
   function prune() external override(IRollupCore) {
-    ExtRollupLib.prune();
+    RollupOperationsExtLib.prune();
   }
 
   /**
@@ -450,7 +476,7 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
    * @param _args Contains the epoch range, public inputs, fees, attestations, and the ZK proof
    */
   function submitEpochRootProof(SubmitEpochRootProofArgs calldata _args) external override(IRollupCore) {
-    ExtRollupLib.submitEpochRootProof(_args);
+    RollupOperationsExtLib.submitEpochRootProof(_args);
   }
 
   /**
@@ -471,7 +497,7 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
     address[] calldata _signers,
     bytes calldata _blobInput
   ) external override(IRollupCore) {
-    ExtRollupLib.propose(_args, _attestations, _signers, _blobInput, checkBlob);
+    RollupOperationsExtLib.propose(_args, _attestations, _signers, _blobInput, checkBlob);
   }
 
   /**
@@ -489,7 +515,7 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
     address[] memory _committee,
     uint256 _invalidIndex
   ) external override(IRollupCore) {
-    ExtRollupLib2.invalidateBadAttestation(_blockNumber, _attestations, _committee, _invalidIndex);
+    ValidatorOperationsExtLib.invalidateBadAttestation(_blockNumber, _attestations, _committee, _invalidIndex);
   }
 
   /**
@@ -505,15 +531,16 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
     CommitteeAttestations memory _attestations,
     address[] memory _committee
   ) external override(IRollupCore) {
-    ExtRollupLib2.invalidateInsufficientAttestations(_blockNumber, _attestations, _committee);
+    ValidatorOperationsExtLib.invalidateInsufficientAttestations(_blockNumber, _attestations, _committee);
   }
 
   /**
    * @notice Sets up validator selection for the current epoch
    * @dev Can be called by anyone at the start of an epoch. Samples the committee and determines proposers for all
    *      slots in the epoch. Also stores a seed that is used for future sampling. The corresponding library
    *      functionality is automatically called when `RollupCore.propose(...)` is called (via the
-   *      `ExtRollupLib.propose(...)` -> `ProposeLib.propose(...)` -> `ValidatorSelectionLib.setupEpoch(...)`).
+   *      `RollupOperationsExtLib.propose(...)` -> `ProposeLib.propose(...)` ->
+   *      `ValidatorSelectionLib.setupEpoch(...)`).
    *
    *      If there are missed proposals then setupEpoch does not get called automatically. Since the next committee
    *      selection is computed based on the stored randao and the epoch number, failing to update the randao stored
@@ -526,7 +553,7 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
    *      generation impractical.
    */
   function setupEpoch() external override(IValidatorSelectionCore) {
-    ExtRollupLib2.setupEpoch();
+    ValidatorOperationsExtLib.setupEpoch();
   }
 
   /**
@@ -536,7 +563,7 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
    *      `setupEpoch` to update the randao checkpoints.
    */
   function checkpointRandao() public override(IValidatorSelectionCore) {
-    ExtRollupLib2.checkpointRandao();
+    ValidatorOperationsExtLib.checkpointRandao();
   }
 
   /**
@@ -555,7 +582,7 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
    * @return The number of validators that can be added in the next flush
    */
   function getEntryQueueFlushSize() public view override(IStakingCore) returns (uint256) {
-    return ExtRollupLib2.getEntryQueueFlushSize();
+    return ValidatorOperationsExtLib.getEntryQueueFlushSize();
   }
 
   /**

l1-contracts/src/core/interfaces/IRollup.sol

@@ -3,6 +3,7 @@
 pragma solidity >=0.8.27;
 
 import {IFeeJuicePortal} from "@aztec/core/interfaces/IFeeJuicePortal.sol";
+import {SlasherFlavor} from "@aztec/core/interfaces/ISlasher.sol";
 import {IVerifier} from "@aztec/core/interfaces/IVerifier.sol";
 import {IInbox} from "@aztec/core/interfaces/messagebridge/IInbox.sol";
 import {IOutbox} from "@aztec/core/interfaces/messagebridge/IOutbox.sol";
@@ -60,6 +61,9 @@ struct RollupConfigInput {
   uint256 slashingRoundSize;
   uint256 slashingLifetimeInRounds;
   uint256 slashingExecutionDelayInRounds;
+  uint256 slashingUnit;
+  uint256 slashingOffsetInRounds;
+  SlasherFlavor slasherFlavor;
   address slashingVetoer;
   uint256 manaTarget;
   uint256 exitDelaySeconds;

l1-contracts/src/core/interfaces/ISlasher.sol

@@ -4,7 +4,14 @@ pragma solidity >=0.8.27;
 
 import {IPayload} from "@aztec/governance/interfaces/IPayload.sol";
 
+enum SlasherFlavor {
+  EMPIRE,
+  TALLY
+}
+
 interface ISlasher {
+  event VetoedPayload(address indexed payload);
+
   function slash(IPayload _payload) external returns (bool);
   function vetoPayload(IPayload _payload) external returns (bool);
 }

l1-contracts/src/core/interfaces/IValidatorSelection.sol

@@ -27,6 +27,7 @@ interface IValidatorSelection is IValidatorSelectionCore, IEmperor {
   function getCommitteeAt(Timestamp _ts) external returns (address[] memory);
   function getCommitteeCommitmentAt(Timestamp _ts) external returns (bytes32, uint256);
   function getEpochCommittee(Epoch _epoch) external returns (address[] memory);
+  function getEpochCommitteeCommitment(Epoch _epoch) external returns (bytes32, uint256);
 
   // Stable
   function getCurrentEpoch() external view returns (Epoch);