Skip to content

feat: rollup mana limit gas validation#21219

Merged
spalladino merged 5 commits intomerge-train/spartanfrom
mr/gas-limit-validation-block-limit
Mar 9, 2026
Merged

feat: rollup mana limit gas validation#21219
spalladino merged 5 commits intomerge-train/spartanfrom
mr/gas-limit-validation-block-limit

Conversation

@mrzeszutko
Copy link
Contributor

@mrzeszutko mrzeszutko commented Mar 6, 2026
edited
Loading

Summary

Transactions whose gas limits exceed the block or checkpoint mana limit are currently silently dropped during block building, causing users' .wait() calls to hang indefinitely. This PR adds early rejection at the gossip, RPC, and pending pool entry points by validating both L2 and DA gas limits against protocol limits and operator-configured validator block gas limits.

Changes

Promote rollupManaLimit to L1RollupConstants

  • Added rollupManaLimit: number to the L1RollupConstants type, EmptyL1RollupConstants (defaults to Number.MAX_SAFE_INTEGER), and the Zod schema
  • Removed the ad-hoc & { rollupManaLimit?: number } extensions from the archiver, sequencer, and block-builder types — they now get it from the base type
  • Updated EpochCache.create() and RollupContract.getRollupConstants() to fetch and include rollupManaLimit from L1

Validate L2 and DA gas limits at tx entry points

  • GasLimitsValidator now accepts { rollupManaLimit?, maxBlockL2Gas?, maxBlockDAGas?, bindings? }:
    • Effective L2 limit = min(MAX_PROCESSABLE_L2_GAS, rollupManaLimit, maxBlockL2Gas)
    • Effective DA limit = min(MAX_PROCESSABLE_DA_GAS_PER_CHECKPOINT, maxBlockDAGas)
    • rollupManaLimit applies to L2 gas only (not DA)
  • GasTxValidator forwards these options to its inner GasLimitsValidator
  • All factory functions (createFirstStageTxValidationsForGossipedTransactions, createTxValidatorForAcceptingTxsOverRPC, createTxValidatorForTransactionsEnteringPendingTxPool) accept and pass through the limits

Use validator block gas limits for tx validation

The existing VALIDATOR_MAX_L2_BLOCK_GAS and VALIDATOR_MAX_DA_BLOCK_GAS env vars (introduced in #21060 for block proposal validation) are now also used for tx acceptance validation. Derived block limits (from the sequencer timetable) are only used for proposals — not for validation.

  • P2P config: Added validateMaxL2BlockGas and validateMaxDABlockGas fields reading the existing VALIDATOR_MAX_L2_BLOCK_GAS / VALIDATOR_MAX_DA_BLOCK_GAS env vars
  • Gossip path (libp2p_service.ts): Passes rollupManaLimit from L1 constants and validator block gas limits from P2P config
  • RPC path (aztec-node/server.ts): Passes rollupManaLimit from L1 constants and validator block gas limits from node config
  • Pending pool migration (client/factory.ts): Passes rollupManaLimit and validator block gas limits from config

Unit tests

Tests in gas_validator.test.ts covering:

  • Rejection when exceeding rollupManaLimit (L2), maxBlockL2Gas, or maxBlockDAGas
  • Min-of-all-limits behavior (L2)
  • Acceptance at exactly the effective L2 and DA limits
  • Fallback to MAX_PROCESSABLE_L2_GAS / MAX_PROCESSABLE_DA_GAS_PER_CHECKPOINT when no additional limits are set
  • Forwarding L2 and DA limits through GasTxValidator

Notes

  • When VALIDATOR_MAX_L2_BLOCK_GAS / VALIDATOR_MAX_DA_BLOCK_GAS are not set, only the protocol-level limits (MAX_PROCESSABLE_L2_GAS, MAX_PROCESSABLE_DA_GAS_PER_CHECKPOINT) and rollupManaLimit (L2 only) are enforced
  • No new env vars — reuses the existing VALIDATOR_MAX_L2_BLOCK_GAS and VALIDATOR_MAX_DA_BLOCK_GAS from feat(validator): add VALIDATOR_ env vars for independent block limits #21060
  • ~20 test files updated to include rollupManaLimit in their L1RollupConstants objects

Fixes A-68
Fixes A-639

@spalladino
Copy link
Contributor

spalladino commented Mar 6, 2026
edited
Loading

We shouldn't go the deriveMaxBlockL2Gas route. Instead. we should use the validator block gas limits introduced in #21060 (if set). The derived limit should only be used for proposals.

Also, it'd be good to extend this check to DA limits as well since we're at it.

@mrzeszutko mrzeszutko marked this pull request as draft March 9, 2026 09:15
@mrzeszutko mrzeszutko marked this pull request as ready for review March 9, 2026 11:19
@mrzeszutko mrzeszutko requested a review from spalladino March 9, 2026 12:42
@spalladino spalladino enabled auto-merge (squash) March 9, 2026 13:38
@spalladino spalladino merged commit f473c6c into merge-train/spartan Mar 9, 2026
24 checks passed
@spalladino spalladino deleted the mr/gas-limit-validation-block-limit branch March 9, 2026 13:45
@AztecBot AztecBot mentioned this pull request Mar 9, 2026
Merged
AztecBot pushed a commit that referenced this pull request Mar 9, 2026
@mrzeszutko
feat: rollup mana limit gas validation (#21219)
bf85b69 
## Summary

Transactions whose gas limits exceed the block or checkpoint mana limit are currently silently dropped during block building, causing users' `.wait()` calls to hang indefinitely. This PR adds early rejection at the gossip, RPC, and pending pool entry points by validating both L2 and DA gas limits against protocol limits and operator-configured validator block gas limits.

## Changes

### Promote `rollupManaLimit` to `L1RollupConstants`

- Added `rollupManaLimit: number` to the `L1RollupConstants` type, `EmptyL1RollupConstants` (defaults to `Number.MAX_SAFE_INTEGER`), and the Zod schema
- Removed the ad-hoc `& { rollupManaLimit?: number }` extensions from the archiver, sequencer, and block-builder types — they now get it from the base type
- Updated `EpochCache.create()` and `RollupContract.getRollupConstants()` to fetch and include `rollupManaLimit` from L1

### Validate L2 and DA gas limits at tx entry points

- `GasLimitsValidator` now accepts `{ rollupManaLimit?, maxBlockL2Gas?, maxBlockDAGas?, bindings? }`:
  - Effective L2 limit = `min(MAX_PROCESSABLE_L2_GAS, rollupManaLimit, maxBlockL2Gas)`
  - Effective DA limit = `min(MAX_PROCESSABLE_DA_GAS_PER_CHECKPOINT, maxBlockDAGas)`
  - `rollupManaLimit` applies to L2 gas only (not DA)
- `GasTxValidator` forwards these options to its inner `GasLimitsValidator`
- All factory functions (`createFirstStageTxValidationsForGossipedTransactions`, `createTxValidatorForAcceptingTxsOverRPC`, `createTxValidatorForTransactionsEnteringPendingTxPool`) accept and pass through the limits

### Use validator block gas limits for tx validation

The existing `VALIDATOR_MAX_L2_BLOCK_GAS` and `VALIDATOR_MAX_DA_BLOCK_GAS` env vars (introduced in #21060 for block proposal validation) are now also used for tx acceptance validation. Derived block limits (from the sequencer timetable) are only used for proposals — not for validation.

- **P2P config**: Added `validateMaxL2BlockGas` and `validateMaxDABlockGas` fields reading the existing `VALIDATOR_MAX_L2_BLOCK_GAS` / `VALIDATOR_MAX_DA_BLOCK_GAS` env vars
- **Gossip path** (`libp2p_service.ts`): Passes `rollupManaLimit` from L1 constants and validator block gas limits from P2P config
- **RPC path** (`aztec-node/server.ts`): Passes `rollupManaLimit` from L1 constants and validator block gas limits from node config
- **Pending pool migration** (`client/factory.ts`): Passes `rollupManaLimit` and validator block gas limits from config

### Unit tests

Tests in `gas_validator.test.ts` covering:
- Rejection when exceeding `rollupManaLimit` (L2), `maxBlockL2Gas`, or `maxBlockDAGas`
- Min-of-all-limits behavior (L2)
- Acceptance at exactly the effective L2 and DA limits
- Fallback to `MAX_PROCESSABLE_L2_GAS` / `MAX_PROCESSABLE_DA_GAS_PER_CHECKPOINT` when no additional limits are set
- Forwarding L2 and DA limits through `GasTxValidator`

## Notes

- When `VALIDATOR_MAX_L2_BLOCK_GAS` / `VALIDATOR_MAX_DA_BLOCK_GAS` are not set, only the protocol-level limits (`MAX_PROCESSABLE_L2_GAS`, `MAX_PROCESSABLE_DA_GAS_PER_CHECKPOINT`) and `rollupManaLimit` (L2 only) are enforced
- No new env vars — reuses the existing `VALIDATOR_MAX_L2_BLOCK_GAS` and `VALIDATOR_MAX_DA_BLOCK_GAS` from #21060
- ~20 test files updated to include `rollupManaLimit` in their `L1RollupConstants` objects

Fixes A-68
Fixes A-639
@AztecBot
Copy link
Collaborator

AztecBot commented Mar 9, 2026

✅ Successfully backported to backport-to-v4-staging #21187.

@AztecBot AztecBot mentioned this pull request Mar 9, 2026
Merged
AztecBot pushed a commit that referenced this pull request Mar 10, 2026
@ludamad
feat: merge-train/spartan (#21248)
3b4768d 
BEGIN_COMMIT_OVERRIDE
fix: (A-623) increase committee timeout in scenario smoke test (#21193)
feat: orchestrator enqueues via serial queue (#21247)
feat: rollup mana limit gas validation (#21219)
fix: make e2e HA test more deterministic (#21199)
chore: fix chonk_browser lint warning (#21265)
chore: deploy SPONSORED_FPC in test networks (#21254)
fix: (A-635) e2e bot flake on nonce mismatch (#21288)
chore: deflake duplicate attestations and proposals slash tests (#21294)
fix(sequencer): fix log when not enough txs (#21297)
chore: send env var to pods (#21307)
END_COMMIT_OVERRIDE
ludamad added a commit that referenced this pull request Mar 10, 2026
@AztecBot @ledwards2225
@PhilWindle @ludamad @mrzeszutko @spalladino @johnathan79717 @nventuro @alexghr @mverzilli @claude @benesjan @danielntmd @deffrian
chore: Accumulated backports to v4 (#21187)
4e7f820 
BEGIN_COMMIT_OVERRIDE
chore: chonk proof compression poc (#20645)
feat: Update L1 to L2 message APIs (#20913)
fix: adapt chonk proof compression for v4 Translator layout (#21067)
fix: omit bigint priceBumpPercentage from IPC config in testbench worker
(#21086)
feat: standby mode for prover broker (#21098)
fix(p2p): remove default block handler in favor of block handler
(#21105)
chore: prepare barretenberg-rs for crates.io publishing (#20496)
feat: reenable function selectors + additional validation in public
setup allowlist (backport #20909, #21122) (#21129)
chore: remove stale aes comments (#21133)
chore: remove auto-tag job (#21127)
feat: calldata length validation of public setup function allowlist
(#21139)
feat: run AVM NAPI simulations on dedicated threads instead of libuv
pool (#21138)
feat: Remove non-protocol contracts from public setup allowlist (#21154)
feat!: Expose offchain effects when simulating/sending txs (backport
#20563) (#21110)
chore: bump minor version (#21171)
chore: backport #21161 (tally slashing pruning improvements) to v4
(#21166)
chore: More updated Alpha configuration (backport #21155) (#21165)
fix(p2p): report most severe failure in runValidations (#21185)
feat: add ergonomic conversions for Noir's `Option<T>` (#21107)
docs: clarifying Noir fields vs struct fields in event metadata (#21172)
fix: bump lighthouse consensus client v7.1.0 -> v8.0.1 (#21170)
fix: update dependencies (#20997)
chore: New alpha-net environment (#20800) (#21202)
chore: code decuplication + refactor (public setup allowlist) (#21200)
feat: mask all ciphertext fields with Poseidon2-derived values (backport
#21009) (#21140)
chore: disable sponsored FPC in testnet (#21235)
feat!: exposing pub event pagination on wallet (#21197)
refactor(pxe): narrow tryGetPublicKeysAndPartialAddress return type
(backport #21208) (#21236)
feat: orchestrator enqueues via serial queue (#21247)
feat: rollup mana limit gas validation (#21219)
chore: deploy SPONSORED_FPC in test networks (#21254)
fix(sequencer): fix log when not enough txs (#21297)
END_COMMIT_OVERRIDE

---------

Co-authored-by: ledwards2225 <ledwards2225@users.noreply.github.com>
Co-authored-by: PhilWindle <PhilWindle@users.noreply.github.com>
Co-authored-by: ludamad <adam.domurad@gmail.com>
Co-authored-by: mrzeszutko <mrzeszutko@users.noreply.github.com>
Co-authored-by: spalladino <spalladino@users.noreply.github.com>
Co-authored-by: johnathan79717 <johnathan79717@users.noreply.github.com>
Co-authored-by: nventuro <nventuro@users.noreply.github.com>
Co-authored-by: alexghr <alexghr@users.noreply.github.com>
Co-authored-by: AztecBot <AztecBot@users.noreply.github.com>
Co-authored-by: Martin Verzilli <martin@aztec-labs.com>
Co-authored-by: PhilWindle <60546371+PhilWindle@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: mverzilli <mverzilli@users.noreply.github.com>
Co-authored-by: benesjan <benesjan@users.noreply.github.com>
Co-authored-by: danielntmd <danielntmd@users.noreply.github.com>
Co-authored-by: deffrian <deffrian@users.noreply.github.com>
Co-authored-by: benesjan <janbenes1234@gmail.com>
@AztecBot AztecBot mentioned this pull request Mar 11, 2026
Merged
ludamad added a commit that referenced this pull request Mar 11, 2026
@ludamad
chore: Accumulated backports to v4 (#21355)
79156c4 
BEGIN_COMMIT_OVERRIDE
chore: chonk proof compression poc (#20645)
feat: Update L1 to L2 message APIs (#20913)
fix: adapt chonk proof compression for v4 Translator layout (#21067)
fix: omit bigint priceBumpPercentage from IPC config in testbench worker
(#21086)
feat: standby mode for prover broker (#21098)
fix(p2p): remove default block handler in favor of block handler
(#21105)
chore: prepare barretenberg-rs for crates.io publishing (#20496)
feat: reenable function selectors + additional validation in public
setup allowlist (backport #20909, #21122) (#21129)
chore: remove stale aes comments (#21133)
chore: remove auto-tag job (#21127)
feat: calldata length validation of public setup function allowlist
(#21139)
feat: run AVM NAPI simulations on dedicated threads instead of libuv
pool (#21138)
feat: Remove non-protocol contracts from public setup allowlist (#21154)
feat!: Expose offchain effects when simulating/sending txs (backport
#20563) (#21110)
chore: bump minor version (#21171)
chore: backport #21161 (tally slashing pruning improvements) to v4
(#21166)
chore: More updated Alpha configuration (backport #21155) (#21165)
fix(p2p): report most severe failure in runValidations (#21185)
feat: add ergonomic conversions for Noir's `Option<T>` (#21107)
docs: clarifying Noir fields vs struct fields in event metadata (#21172)
fix: bump lighthouse consensus client v7.1.0 -> v8.0.1 (#21170)
fix: update dependencies (#20997)
chore: New alpha-net environment (#20800) (#21202)
chore: code decuplication + refactor (public setup allowlist) (#21200)
feat: mask all ciphertext fields with Poseidon2-derived values (backport
#21009) (#21140)
chore: disable sponsored FPC in testnet (#21235)
feat!: exposing pub event pagination on wallet (#21197)
refactor(pxe): narrow tryGetPublicKeysAndPartialAddress return type
(backport #21208) (#21236)
feat: orchestrator enqueues via serial queue (#21247)
feat: rollup mana limit gas validation (#21219)
chore: deploy SPONSORED_FPC in test networks (#21254)
fix(sequencer): fix log when not enough txs (#21297)
fix: Simulate gas in n tps test. Set min txs per block to 1 (backport
#21312) (#21329)
fix(log): do not log validation error if unregistered handler (#21111)
fix(node): fix index misalignment in findLeavesIndexes (#21327)
fix: limit parallel blocks in prover to max AVM parallel simulations
(#21320)
fix: use native sha256 to speed up proving job id generation (#21292)
fix(validator): wait for l1 sync before processing block proposals
(#21336)
fix(txpool): cap priority fee with max fees when computing priority
(#21279)
chore: reduce severity of errors due to HA node not acquiring signature
(#21311)
fix: (A-643) add buffer to maxFeePerBlobGas for gas estimation and fix
bump loop truncation (#21323)
END_COMMIT_OVERRIDE
@AztecBot AztecBot mentioned this pull request Mar 11, 2026
Open
github-merge-queue bot pushed a commit that referenced this pull request Mar 11, 2026
@ludamad
feat: merge-train/spartan (#21248)
0299e8a 
BEGIN_COMMIT_OVERRIDE
fix: (A-623) increase committee timeout in scenario smoke test (#21193)
feat: orchestrator enqueues via serial queue (#21247)
feat: rollup mana limit gas validation (#21219)
fix: make e2e HA test more deterministic (#21199)
chore: fix chonk_browser lint warning (#21265)
chore: deploy SPONSORED_FPC in test networks (#21254)
fix: (A-635) e2e bot flake on nonce mismatch (#21288)
chore: deflake duplicate attestations and proposals slash tests (#21294)
fix(sequencer): fix log when not enough txs (#21297)
chore: send env var to pods (#21307)
fix: Simulate gas in n tps test. Set min txs per block to 1 (#21312)
fix: update dependabot dependencies (#21238)
test: run nightly bench of block capacity (#20726)
fix: update block_capacity test to use new send() result types (#21345)
fix(node): fix index misalignment in findLeavesIndexes (#21327)
fix(log): do not log validation error if unregistered handler (#21111)
fix: limit parallel blocks in prover to max AVM parallel simulations
(#21320)
fix: use native sha256 to speed up proving job id generation (#21292)
chore: remove v4-devnet-1 (#21044)
fix(validator): wait for l1 sync before processing block proposals
(#21336)
fix(txpool): cap priority fee with max fees when computing priority
(#21279)
chore: Properly compute finalized block (#21156)
fix: remove extra argument in KVArchiverDataStore constructor call
(#21361)
chore: revert l2 slot time 72 -> 36 on scenario network (#21291)
fix(archiver): do not error if proposed block matches checkpointed
(#21367)
fix(claude): rule to not append echo exit (#21368)
chore: reduce severity of errors due to HA node not acquiring signature
(#21311)
fix: make reqresp batch retry test deterministic (#21322)
fix: (A-643) add buffer to maxFeePerBlobGas for gas estimation and fix
bump loop truncation (#21323)
fix(e2e): use L2 priority fee in deploy_method same-block test (#21373)
fix: reqresp flake & add logging (#21334)
END_COMMIT_OVERRIDE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spalladino spalladino spalladino approved these changes

Assignees

No one assigned

Labels

backport-to-v4

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mrzeszutko @spalladino @AztecBot