fix(sequencer): enforce build-frame deadlines and align attestation/publish windows#23776
Merged
Merged
Conversation
spalladino
force-pushed
the
spl/timetable-frame-fixes
branch
from
f282249 to
0308462
Compare
PhilWindle
approved these changes
Jun 2, 2026
…ublish windows Under proposer pipelining the checkpoint proposal job passed `targetSlot` to `setState` for build-frame states, which made `Sequencer.setState` measure the state deadlines a full Aztec slot too late (frame B), so they never fired. Measure build-frame deadlines against `slotNow` (the build slot). Also align the timing windows around L1 geometry: - Base the checkpoint attestation/publish deadlines and the p2p attestation acceptance window on `ethereumSlotDuration` (12s before the last L1 block of the target slot) rather than the configurable `l1PublishingTime`. This unifies the deadline with the publisher's send lead, which already targets one Ethereum slot before the target slot start. - Validators keep validating/attesting checkpoint proposals until the L1 publish deadline instead of the target-slot start. Adds regression coverage for the frame bug (build-frame states must be measured against the build slot) and for the realigned attestation/publish windows.
spalladino
force-pushed
the
spl/timetable-frame-fixes
branch
from
0308462 to
3929940
Compare
Collaborator
Flakey Tests🤖 says: This CI run detected 2 tests that failed, but were tolerated due to a .test_patterns.yml entry. |
danielntmd
pushed a commit
to danielntmd/aztec-packages
that referenced
this pull request
Jun 4, 2026
BEGIN_COMMIT_OVERRIDE chore: deploy next-net and reuse contracts (AztecProtocol#23761) chore: turn on autoscaling (AztecProtocol#23706) chore: rename staging-public to staging (AztecProtocol#23767) chore(p2p): use sync hash for tx validation hashing (AztecProtocol#23768) test(e2e): wait warmup slots in slashing tests (AztecProtocol#23719) feat(api)!: make getTxReceipt the single tx-lookup API (AztecProtocol#23660) fix: cap cloned n_tps fees within sponsored FPC balance (AztecProtocol#23770) fix: protect HA validator Postgres from cluster scale-down (AztecProtocol#23772) refactor: remove non-pipelining sequencer code path (AztecProtocol#23665) feat(archiver): add getL2ToL1MembershipWitness node RPC (AztecProtocol#23646) fix(p2p)!: revamp BLOCK_TXS validations (AztecProtocol#23778) chore: name the bots (AztecProtocol#23795) fix(e2e): ensure BBSync init (AztecProtocol#23793) fix(p2p)!: fix BLOCK_TXS response under proposer equivocation (AztecProtocol#23786) fix: reconnect L1 port-forward after epoch-boundary sleep in n_tps_prove (AztecProtocol#23800) chore: add empty vscode settings for yarn-project (AztecProtocol#23808) fix(sequencer): only warn about missing proposed checkpoint once overdue (AztecProtocol#23807) fix: refresh n_tps fee quotes during sustained benchmark (AztecProtocol#23797) fix(sequencer): enforce build-frame deadlines and align attestation/publish windows (AztecProtocol#23776) END_COMMIT_OVERRIDE
spalladino
added a commit
that referenced
this pull request
Jun 4, 2026
## Motivation `v5-next` was cut from `next` at cbc99df (Jun 1), so PRs merged to `merge-train/spartan` after the cut never flowed into it. This backports all of them (authored by @spalladino and @fcarreiro) to keep v5-next current with the spartan train. ## Approach Each PR is cherry-picked from its squashed merge commit on `merge-train/spartan`, in merge order, preserving the original commit message and PR number — one commit per backported PR. All 11 applied cleanly with no conflicts; patches are identical to the originals (verified via `git patch-id`), and `bootstrap.sh build yarn-project` passes on the result. Labeled `ci-no-squash` to preserve the per-PR commits. ## Backported PRs - #23768 — chore(p2p): use sync hash for tx validation hashing - #23719 — test(e2e): wait warmup slots in slashing tests - #23660 — feat(api)!: make getTxReceipt the single tx-lookup API - #23665 — refactor: remove non-pipelining sequencer code path - #23646 — feat(archiver): add getL2ToL1MembershipWitness node RPC - #23778 — fix(p2p)!: revamp BLOCK_TXS validations - #23786 — fix(p2p)!: fix BLOCK_TXS response under proposer equivocation - #23808 — chore: add empty vscode settings for yarn-project - #23807 — fix(sequencer): only warn about missing proposed checkpoint once overdue - #23776 — fix(sequencer): enforce build-frame deadlines and align attestation/publish windows - #23818 — chore(p2p): BlockTxsRequest comment Note #23660, #23778, and #23786 are breaking changes (node RPC + tx-effect db format, and p2p wire format respectively), as they were on `next`.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes timing bugs in block building and validation, now that proposer pipelining is the only production mode. Found via an audit of the sequencer timetable, checkpoint proposal job, validator client, proposal handler, and p2p proposal/attestation validators.
The frame bug (main fix)
Under pipelining the proposer job runs with
slotNow = N-1(build slot) andtargetSlot = N. The job passedtargetSlottosetStatefor build-frame states, soSequencer.setStatemeasured theassertTimeLeftdeadlines againstgetSlotStartBuildTimestamp(targetSlot)— one full Aztec slot (72s) later than the build frame. The build-frame deadlines (INITIALIZING_CHECKPOINT,CREATING_BLOCK,ASSEMBLING_CHECKPOINT,COLLECTING_ATTESTATIONS,PUBLISHING_CHECKPOINT, …) were therefore checked ~72s too late and never fired. Now these states are measured againstslotNow.targetSlotis still used for headers, signing, andsendRequestsAt.Aligning the attestation / publish windows around L1 geometry
ethereumSlotDuration— one Ethereum slot (12s) before the last L1 block of the target slot, the latest a checkpoint can be submitted and still land on L1 in its slot. Previously the deadline used the configurablel1PublishingTimeand the p2p window was only2 * p2pPropagationTime(~4.5s into the target slot). This also unifies the deadline with the publisher's send lead (sendRequestsAtalready targets one Ethereum slot before the target slot start).validateCheckpointProposal) keep validating/attesting checkpoint proposals until that L1 publish deadline instead of the target-slot start, so attestations stay useful right up to the proposer's real publish cutoff. Block-proposal re-execution deadlines are intentionally left at the target-slot start.Why no test caught the frame bug
The job timing test built the job with
slotNow === targetSlot(so the two frames coincided) and stubbedsetStateFnwith a no-op, mocking away the veryassertTimeLeftenforcement where the frame matters. This PR adds:slotNow), not the target slot.setStateFn: a checkpoint whose assembly crosses the build-frame deadline is now correctly abandoned. Both fail on the pre-fix code and pass after the fix.l1PublishingTime != ethereumSlotDurationcase proving the deadline is now Ethereum-slot-based).No constants were removed and no broader cleanup was done; that is deferred.
Test plan
yarn buildgreen; touched packages lint/format clean.@aztec/stdlibtimetable,@aztec/sequencer-client(incl.timetable,checkpoint_proposal_job.timing,sequencer-publisher),@aztec/validator-client(incl.proposal_handler,validator), and@aztec/p2pmsg_validatorssuites pass.