feat: reenable function selectors + additional validation in public setup allowlist (backport #20909, #21122)#21129
Merged
spalladino merged 5 commits intobackport-to-v4-stagingfrom Mar 4, 2026
Conversation
…ort #21071) (#21085) ## Summary Backport of #21071 to v4. Adds `-g0` to zig cross-compilation presets to suppress DWARF debug info that inflates the build directory from 2.8 GB to 14.0 GB. Also unsets CFLAGS/CXXFLAGS for the lmdb external build to prevent `-g0` from interfering. ### Conflict resolution The `clang20` preset on v4 uses system `clang-20` (not zig), so the `-g0` addition to that preset was dropped — it only applies to zig's debug info behavior. The `zig-base` preset change (which all cross-compilation presets inherit) and the `lmdb.cmake` change applied cleanly. ClaudeBox log: http://ci.aztec-labs.com/df32ffacdebfa007-1
…ckport #20974) (#21055) ## Summary Backport of #20974 to v4. The checkpoint builder now tracks remaining L2 gas, DA gas, and blob fields in a checkpoint while building each block, and forwards them to the public processor. This means that a proposer will not propose blocks that overall exceed checkpoint limits, and validators will properly reject them. **Cherry-picked commits:** - feat(sequencer): set block building limits from checkpoint limits - feat(sequencer): only skip txs due to gas/blob limits during proposal building - fix(gas): saner defaults for da gas limit per tx - fix: fix spread when computing processor limits - fix(processor): check gas limits using used gas on reexecution - test: check that validators reject exceeded gas limits - chore: re-validate checkpoint limits before proposal and attestation - test: fix tests related to avm gas limits - fix(validator): do not check block-level limits on validation - chore: add inline comments **Conflict resolution:** - `timetable.ts`: Resolved log level conflict — v4 uses `createLogger` (always defined) so kept `this.log.info(` without optional chaining (matching PR's intent to upgrade from `verbose` to `info`). ClaudeBox log: http://ci.aztec-labs.com/2433a99083562757-1 --------- Co-authored-by: Santiago Palladino <santiago@aztec-labs.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Santiago Palladino <santiago@aztecprotocol.com>
… (#21115) ## Summary Manual backport of #21016 to v4. Replaces #21078 which had too many merge conflicts. - Adds `SEQ_MAX_TX_PER_CHECKPOINT` config to limit total transactions across all blocks in a checkpoint - Extracts `computeBlockLimits` as a free function from `SequencerClient` for deriving per-block limits from checkpoint limits - Adds `validateCheckpointStructure` for structural validation of checkpoints (block count, slot matching, archive chaining) - Extends `capLimitsByCheckpointBudgets` with TX count capping - Fixes `Checkpoint.random` to properly align global variables between header and blocks - Adds tests for `computeBlockLimits`, `validateCheckpointStructure`, and TX budget capping Adapted for v4 naming conventions (e.g. `txPublicSetupAllowList` vs `txPublicSetupAllowListExtend`). ## Test plan - [x] TypeScript compilation verified (no TS errors from changed files) - [ ] CI should pass (pre-existing v4 build infra issues with `private_kernel_reset_dimensions.json` are unrelated) - [ ] New unit tests: `computeBlockLimits`, `validateCheckpointStructure`, checkpoint TX budget capping, `maxTxsPerBlock` proposal validation ClaudeBox log: http://ci.aztec-labs.com/53d7ba930fa50e5d-1
…l msg sender) (backport #21122)
spalladino
approved these changes
Mar 4, 2026
ludamad
requested review from
IlyasRidhuan,
LeilaWang,
dbanks12,
fcarreiro,
jeanmon and
sirasistant
as code owners
alexghr
added a commit
that referenced
this pull request
Mar 5, 2026
BEGIN_COMMIT_OVERRIDE chore: chonk proof compression poc (#20645) feat: Update L1 to L2 message APIs (#20913) fix: adapt chonk proof compression for v4 Translator layout (#21067) fix: omit bigint priceBumpPercentage from IPC config in testbench worker (#21086) feat: standby mode for prover broker (#21098) fix(p2p): remove default block handler in favor of block handler (#21105) chore: prepare barretenberg-rs for crates.io publishing (#20496) feat: reenable function selectors + additional validation in public setup allowlist (backport #20909, #21122) (#21129) chore: remove stale aes comments (#21133) chore: remove auto-tag job (#21127) feat: calldata length validation of public setup function allowlist (#21139) feat: run AVM NAPI simulations on dedicated threads instead of libuv pool (#21138) feat: Remove non-protocol contracts from public setup allowlist (#21154) END_COMMIT_OVERRIDE --------- Co-authored-by: ledwards2225 <ledwards2225@users.noreply.github.com> Co-authored-by: PhilWindle <PhilWindle@users.noreply.github.com> Co-authored-by: ludamad <adam.domurad@gmail.com> Co-authored-by: mrzeszutko <mrzeszutko@users.noreply.github.com> Co-authored-by: spalladino <spalladino@users.noreply.github.com> Co-authored-by: johnathan79717 <johnathan79717@users.noreply.github.com> Co-authored-by: nventuro <nventuro@users.noreply.github.com> Co-authored-by: alexghr <alexghr@users.noreply.github.com> Co-authored-by: AztecBot <AztecBot@users.noreply.github.com> Co-authored-by: Martin Verzilli <martin@aztec-labs.com>
This was referenced Mar 5, 2026
ludamad
added a commit
that referenced
this pull request
Mar 10, 2026
BEGIN_COMMIT_OVERRIDE chore: chonk proof compression poc (#20645) feat: Update L1 to L2 message APIs (#20913) fix: adapt chonk proof compression for v4 Translator layout (#21067) fix: omit bigint priceBumpPercentage from IPC config in testbench worker (#21086) feat: standby mode for prover broker (#21098) fix(p2p): remove default block handler in favor of block handler (#21105) chore: prepare barretenberg-rs for crates.io publishing (#20496) feat: reenable function selectors + additional validation in public setup allowlist (backport #20909, #21122) (#21129) chore: remove stale aes comments (#21133) chore: remove auto-tag job (#21127) feat: calldata length validation of public setup function allowlist (#21139) feat: run AVM NAPI simulations on dedicated threads instead of libuv pool (#21138) feat: Remove non-protocol contracts from public setup allowlist (#21154) feat!: Expose offchain effects when simulating/sending txs (backport #20563) (#21110) chore: bump minor version (#21171) chore: backport #21161 (tally slashing pruning improvements) to v4 (#21166) chore: More updated Alpha configuration (backport #21155) (#21165) fix(p2p): report most severe failure in runValidations (#21185) feat: add ergonomic conversions for Noir's `Option<T>` (#21107) docs: clarifying Noir fields vs struct fields in event metadata (#21172) fix: bump lighthouse consensus client v7.1.0 -> v8.0.1 (#21170) fix: update dependencies (#20997) chore: New alpha-net environment (#20800) (#21202) chore: code decuplication + refactor (public setup allowlist) (#21200) feat: mask all ciphertext fields with Poseidon2-derived values (backport #21009) (#21140) chore: disable sponsored FPC in testnet (#21235) feat!: exposing pub event pagination on wallet (#21197) refactor(pxe): narrow tryGetPublicKeysAndPartialAddress return type (backport #21208) (#21236) feat: orchestrator enqueues via serial queue (#21247) feat: rollup mana limit gas validation (#21219) chore: deploy SPONSORED_FPC in test networks (#21254) fix(sequencer): fix log when not enough txs (#21297) END_COMMIT_OVERRIDE --------- Co-authored-by: ledwards2225 <ledwards2225@users.noreply.github.com> Co-authored-by: PhilWindle <PhilWindle@users.noreply.github.com> Co-authored-by: ludamad <adam.domurad@gmail.com> Co-authored-by: mrzeszutko <mrzeszutko@users.noreply.github.com> Co-authored-by: spalladino <spalladino@users.noreply.github.com> Co-authored-by: johnathan79717 <johnathan79717@users.noreply.github.com> Co-authored-by: nventuro <nventuro@users.noreply.github.com> Co-authored-by: alexghr <alexghr@users.noreply.github.com> Co-authored-by: AztecBot <AztecBot@users.noreply.github.com> Co-authored-by: Martin Verzilli <martin@aztec-labs.com> Co-authored-by: PhilWindle <60546371+PhilWindle@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: mverzilli <mverzilli@users.noreply.github.com> Co-authored-by: benesjan <benesjan@users.noreply.github.com> Co-authored-by: danielntmd <danielntmd@users.noreply.github.com> Co-authored-by: deffrian <deffrian@users.noreply.github.com> Co-authored-by: benesjan <janbenes1234@gmail.com>
ludamad
added a commit
that referenced
this pull request
Mar 11, 2026
BEGIN_COMMIT_OVERRIDE chore: chonk proof compression poc (#20645) feat: Update L1 to L2 message APIs (#20913) fix: adapt chonk proof compression for v4 Translator layout (#21067) fix: omit bigint priceBumpPercentage from IPC config in testbench worker (#21086) feat: standby mode for prover broker (#21098) fix(p2p): remove default block handler in favor of block handler (#21105) chore: prepare barretenberg-rs for crates.io publishing (#20496) feat: reenable function selectors + additional validation in public setup allowlist (backport #20909, #21122) (#21129) chore: remove stale aes comments (#21133) chore: remove auto-tag job (#21127) feat: calldata length validation of public setup function allowlist (#21139) feat: run AVM NAPI simulations on dedicated threads instead of libuv pool (#21138) feat: Remove non-protocol contracts from public setup allowlist (#21154) feat!: Expose offchain effects when simulating/sending txs (backport #20563) (#21110) chore: bump minor version (#21171) chore: backport #21161 (tally slashing pruning improvements) to v4 (#21166) chore: More updated Alpha configuration (backport #21155) (#21165) fix(p2p): report most severe failure in runValidations (#21185) feat: add ergonomic conversions for Noir's `Option<T>` (#21107) docs: clarifying Noir fields vs struct fields in event metadata (#21172) fix: bump lighthouse consensus client v7.1.0 -> v8.0.1 (#21170) fix: update dependencies (#20997) chore: New alpha-net environment (#20800) (#21202) chore: code decuplication + refactor (public setup allowlist) (#21200) feat: mask all ciphertext fields with Poseidon2-derived values (backport #21009) (#21140) chore: disable sponsored FPC in testnet (#21235) feat!: exposing pub event pagination on wallet (#21197) refactor(pxe): narrow tryGetPublicKeysAndPartialAddress return type (backport #21208) (#21236) feat: orchestrator enqueues via serial queue (#21247) feat: rollup mana limit gas validation (#21219) chore: deploy SPONSORED_FPC in test networks (#21254) fix(sequencer): fix log when not enough txs (#21297) fix: Simulate gas in n tps test. Set min txs per block to 1 (backport #21312) (#21329) fix(log): do not log validation error if unregistered handler (#21111) fix(node): fix index misalignment in findLeavesIndexes (#21327) fix: limit parallel blocks in prover to max AVM parallel simulations (#21320) fix: use native sha256 to speed up proving job id generation (#21292) fix(validator): wait for l1 sync before processing block proposals (#21336) fix(txpool): cap priority fee with max fees when computing priority (#21279) chore: reduce severity of errors due to HA node not acquiring signature (#21311) fix: (A-643) add buffer to maxFeePerBlobGas for gas estimation and fix bump loop truncation (#21323) END_COMMIT_OVERRIDE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Combined backport of #20909 and #21122 to v4.
#20909 re-enables function selector checking in the setup allowlist, and #21122 (which depends on it) adds
onlySelfandrejectNullMsgSendervalidation flags.Cherry-picked in order with conflict resolution for v4 compatibility.
ClaudeBox log: http://ci.aztec-labs.com/766112c90222bb64-2