feat: Slash lists, store expiration, veto checks

Adds some missing features to slashing:

- Adds support for the slashValidatorNever and slashValidatorAlways
  config settings (now EthAddress lists) so that validators in those
lists are never/always slashed. All validators in the local keystore are
automatically added to the "never" list.

- Checks if a slash payload is vetoed before trying to execute it, to
  avoid running an unnecessary simulation. This is handled on the
slasher client directly.

- Adds expiration for offenses and payloads to avoid cluttering the
  local stores. Removes unused slashPayloadTtl setting.

- Avoids posting committee addresses during executeRound for committees
  that are not slashed, in order to save calldata gas.

Author: spalladino

yarn-project/aztec-node/src/aztec-node/server.ts

@@ -108,7 +108,7 @@ import {
   getTelemetryClient,
   trackSpan,
 } from '@aztec/telemetry-client';
-import { ValidatorClient, createValidatorClient } from '@aztec/validator-client';
+import { NodeKeystoreAdapter, ValidatorClient, createValidatorClient } from '@aztec/validator-client';
 import { createWorldStateSynchronizer } from '@aztec/world-state';
 
 import { createPublicClient, fallback, http } from 'viem';
@@ -373,13 +373,19 @@ export class AztecNodeService implements AztecNode, AztecNodeAdmin, Traceable {
     if (!config.disableValidator) {
       // We create a slasher only if we have a sequencer, since all slashing actions go through the sequencer publisher
       // as they are executed when the node is selected as proposer.
+      const validatorAddresses = keyStoreManager
+        ? NodeKeystoreAdapter.fromKeyStoreManager(keyStoreManager).getAddresses()
+        : [];
+
       slasherClient = await createSlasher(
         config,
         config.l1Contracts,
         getPublicClient(config),
         watchers,
         dateProvider,
         epochCache,
+        validatorAddresses,
+        undefined, // logger
       );
       await slasherClient.start();
 

yarn-project/aztec-node/src/sentinel/sentinel.test.ts

@@ -45,13 +45,9 @@ describe('sentinel', () => {
   let epoch: bigint;
   let ts: bigint;
   let l1Constants: L1RollupConstants;
-  const config: Pick<
-    SlasherConfig,
-    'slashInactivityTargetPercentage' | 'slashInactivityPenalty' | 'slashPayloadTtlSeconds'
-  > = {
+  const config: Pick<SlasherConfig, 'slashInactivityTargetPercentage' | 'slashInactivityPenalty'> = {
     slashInactivityPenalty: 100n,
     slashInactivityTargetPercentage: 0.8,
-    slashPayloadTtlSeconds: 60 * 60,
   };
 
   beforeEach(async () => {
@@ -466,10 +462,7 @@ class TestSentinel extends Sentinel {
     archiver: L2BlockSource,
     p2p: P2PClient,
     store: SentinelStore,
-    config: Pick<
-      SlasherConfig,
-      'slashInactivityTargetPercentage' | 'slashInactivityPenalty' | 'slashPayloadTtlSeconds'
-    >,
+    config: Pick<SlasherConfig, 'slashInactivityTargetPercentage' | 'slashInactivityPenalty'>,
     protected override blockStream: L2BlockStream,
   ) {
     super(epochCache, archiver, p2p, store, config);

yarn-project/aztec-node/src/sentinel/sentinel.ts

@@ -44,10 +44,7 @@ export class Sentinel extends (EventEmitter as new () => WatcherEmitter) impleme
     protected archiver: L2BlockSource,
     protected p2p: P2PClient,
     protected store: SentinelStore,
-    protected config: Pick<
-      SlasherConfig,
-      'slashInactivityTargetPercentage' | 'slashInactivityPenalty' | 'slashPayloadTtlSeconds'
-    >,
+    protected config: Pick<SlasherConfig, 'slashInactivityTargetPercentage' | 'slashInactivityPenalty'>,
     protected logger = createLogger('node:sentinel'),
   ) {
     super();

yarn-project/aztec/src/cli/chain_l2_config.ts

@@ -69,7 +69,6 @@ export const testnetIgnitionL2ChainConfig: L2ChainConfig = {
   provingCostPerMana: 0n,
 
   slasherFlavor: 'none',
-  slashPayloadTtlSeconds: 0,
   slashAmountSmall: 0n,
   slashAmountMedium: 0n,
   slashAmountLarge: 0n,
@@ -153,7 +152,6 @@ export const alphaTestnetL2ChainConfig: L2ChainConfig = {
   slashAmountLarge: DefaultL1ContractsConfig.slashAmountLarge,
 
   // Slashing stuff
-  slashPayloadTtlSeconds: 36 * 32 * 6 * 6, // 6 rounds (a bit longer than lifetime)
   slashMinPenaltyPercentage: 0.5,
   slashMaxPenaltyPercentage: 2.0,
   slashInactivityTargetPercentage: 0.7,
@@ -325,7 +323,6 @@ export async function enrichEnvironmentWithChainConfig(networkName: NetworkNames
   enrichEthAddressVar('AZTEC_SLASHING_VETOER', config.slashingVetoer.toString());
 
   // Slashing
-  enrichVar('SLASH_PAYLOAD_TTL_SECONDS', config.slashPayloadTtlSeconds.toString());
   enrichVar('SLASH_MIN_PENALTY_PERCENTAGE', config.slashMinPenaltyPercentage.toString());
   enrichVar('SLASH_MAX_PENALTY_PERCENTAGE', config.slashMaxPenaltyPercentage.toString());
   enrichVar('SLASH_PRUNE_PENALTY', config.slashPrunePenalty.toString());

yarn-project/end-to-end/src/e2e_p2p/data_withholding_slash.test.ts

@@ -62,6 +62,7 @@ describe('e2e_p2p_data_withholding_slash', () => {
         slashAmountSmall: slashingUnit,
         slashAmountMedium: slashingUnit * 2n,
         slashAmountLarge: slashingUnit * 3n,
+        slashSelfAllowed: true,
         minTxsPerBlock: 0,
       },
     });

yarn-project/end-to-end/src/e2e_p2p/slash_veto_demo.test.ts

@@ -83,6 +83,7 @@ describe('veto slash', () => {
         aztecEpochDuration: EPOCH_DURATION,
         validatorReexecute: false,
         sentinelEnabled: true,
+        slashSelfAllowed: true,
         slashingOffsetInRounds: SLASH_OFFSET_IN_ROUNDS,
         slashAmountSmall: SLASHING_UNIT,
         slashAmountMedium: SLASHING_UNIT * 2n,

yarn-project/end-to-end/src/e2e_p2p/valid_epoch_pruned.test.ts

@@ -49,6 +49,7 @@ describe('e2e_p2p_valid_epoch_pruned', () => {
         aztecProofSubmissionEpochs: 0, // reorg as soon as epoch ends
         slashingQuorum,
         slashingRoundSize,
+        slashSelfAllowed: true,
         slashAmountSmall: slashingUnit,
         slashAmountMedium: slashingUnit * 2n,
         slashAmountLarge: slashingUnit * 3n,

yarn-project/ethereum/src/contracts/index.ts

@@ -11,3 +11,4 @@ export * from './registry.js';
 export * from './rollup.js';
 export * from './empire_slashing_proposer.js';
 export * from './tally_slashing_proposer.js';
+export * from './slasher_contract.js';

yarn-project/ethereum/src/contracts/rollup.ts

@@ -27,6 +27,7 @@ import type { ViemClient } from '../types.js';
 import { formatViemError } from '../utils.js';
 import { EmpireSlashingProposerContract } from './empire_slashing_proposer.js';
 import { GSEContract } from './gse.js';
+import { SlasherContract } from './slasher_contract.js';
 import { TallySlashingProposerContract } from './tally_slashing_proposer.js';
 import { checkBlockTag } from './utils.js';
 
@@ -267,6 +268,14 @@ export class RollupContract {
     return this.rollup.read.getSlasher();
   }
 
+  /**
+   * Returns a SlasherContract instance for interacting with the slasher contract.
+   */
+  async getSlasherContract(): Promise<SlasherContract> {
+    const slasherAddress = await this.getSlasher();
+    return new SlasherContract(this.client, EthAddress.fromString(slasherAddress));
+  }
+
   getOwner() {
     return this.rollup.read.owner();
   }

yarn-project/ethereum/src/contracts/slasher_contract.ts

@@ -0,0 +1,67 @@
+import { EthAddress } from '@aztec/foundation/eth-address';
+import { createLogger } from '@aztec/foundation/log';
+import { SlasherAbi } from '@aztec/l1-artifacts/SlasherAbi';
+
+import { type GetContractReturnType, getContract } from 'viem';
+
+import type { ViemClient } from '../types.js';
+
+/**
+ * Typescript wrapper around the Slasher contract.
+ */
+export class SlasherContract {
+  private contract: GetContractReturnType<typeof SlasherAbi, ViemClient>;
+
+  constructor(
+    private readonly client: ViemClient,
+    private readonly address: EthAddress,
+    private readonly log = createLogger('slasher-contract'),
+  ) {
+    this.contract = getContract({
+      address: this.address.toString(),
+      abi: SlasherAbi,
+      client: this.client,
+    });
+  }
+
+  /**
+   * Checks if a slash payload is vetoed.
+   * @param payloadAddress - The address of the payload to check
+   * @returns True if the payload is vetoed, false otherwise
+   */
+  public async isPayloadVetoed(payloadAddress: EthAddress): Promise<boolean> {
+    try {
+      return await this.contract.read.vetoedPayloads([payloadAddress.toString()]);
+    } catch (error) {
+      this.log.error(`Error checking if payload ${payloadAddress} is vetoed`, error);
+      throw error;
+    }
+  }
+
+  /**
+   * Gets the current vetoer address.
+   * @returns The vetoer address
+   */
+  public async getVetoer(): Promise<EthAddress> {
+    const vetoer = await this.contract.read.VETOER();
+    return EthAddress.fromString(vetoer);
+  }
+
+  /**
+   * Gets the current governance address.
+   * @returns The governance address
+   */
+  public async getGovernance(): Promise<EthAddress> {
+    const governance = await this.contract.read.GOVERNANCE();
+    return EthAddress.fromString(governance);
+  }
+
+  /**
+   * Gets the current proposer address.
+   * @returns The proposer address
+   */
+  public async getProposer(): Promise<EthAddress> {
+    const proposer = await this.contract.read.PROPOSER();
+    return EthAddress.fromString(proposer);
+  }
+}