feat: Remove non-protocol contracts from public setup allowlist#21154
Merged
spalladino merged 6 commits intomerge-train/spartanfrom Mar 5, 2026
Merged
feat: Remove non-protocol contracts from public setup allowlist#21154spalladino merged 6 commits intomerge-train/spartanfrom
spalladino merged 6 commits intomerge-train/spartanfrom
Conversation
Contributor
Author
|
@AztecProtocol/devrel heads-up: this will require the documentation to be updated |
spalladino
approved these changes
Mar 5, 2026
Contributor
spalladino
left a comment
spalladino
left a comment
There was a problem hiding this comment.
Looks good, left just a few suggestions on the comments.
Let's merge as soon as these go in, and then push a separate PR to:
- Remove duplication of the token whitelisted functions (they are in 3 different places in the codebase)
- Leverage the
ContractArtifactso we can extract the exact function signature from it rather than hardcoding it, in case arguments change in the future (same for flags if they are present in the abi). This applies to both token contract and the protocol/canonical ones.
noir-projects/noir-contracts/contracts/fees/fpc_contract/src/main.nr
Outdated
Show resolved
Hide resolved
Co-authored-by: Santiago Palladino <santiago@aztecprotocol.com>
Co-authored-by: Santiago Palladino <santiago@aztecprotocol.com>
…ain.nr Co-authored-by: Santiago Palladino <santiago@aztecprotocol.com>
Co-authored-by: Santiago Palladino <santiago@aztecprotocol.com>
Co-authored-by: Santiago Palladino <santiago@aztecprotocol.com>
AztecBot
pushed a commit
that referenced
this pull request
Mar 5, 2026
## Summary Removes non-protocol contracts (Token class-based entries) from the default public setup allowlist for alpha. Token class IDs change with aztec-nr releases, making the allowlist hard to maintain—and FPC-based fee payment with custom tokens won't be supported on mainnet alpha. - **Removed Token entries from the default allowlist** (`allowed_public_setup.ts`): only protocol contracts (AuthRegistry, FeeJuice) remain in the hardcoded defaults - **Extended `parseAllowList` to support validation flags**: new optional flags segment (`os`, `rn`, `cl=N`) so node operators who manually re-add entries get proper `onlySelf`, `rejectNullMsgSender`, and `calldataLength` validation - **Updated e2e tests to manually extend the allowlist**: `FeesTest` and `ClientFlowsBenchmark` now compute Token allowlist entries and pass them via `txPublicSetupAllowListExtend` - **Updated local network node** (`local-network.ts`): computes Token allowlist entries at startup so FPC-based fee payments continue to work in local development and CI - **Deprecated `PublicFeePaymentMethod` and `PrivateFeePaymentMethod`** in aztec.js with `@deprecated` JSDoc tags - **Added CLI wallet deprecation warnings** for `fpc-public` and `fpc-private` payment methods - **Added warning comment to FPC Noir contract** clarifying it's a reference implementation that won't work on mainnet alpha - **Updated v4 changelog** with the breaking change, new flag syntax documentation, and migration guidance ## Test plan - [x] Unit tests: `p2p/src/config.test.ts` (11 tests including 4 new flag parsing tests) - [x] Unit tests: `p2p/src/msg_validators/tx_validator/phases_validator.test.ts` (23 tests) - [x] E2E tests: all 8 fee test suites (26 tests total) — public_payments, private_payments, failures, account_init, gas_estimation, sponsored_payments, fee_juice_payments, fee_settings - [ ] E2E: `e2e_local_network_example.test.ts` (requires running local network — unchanged, validated via local-network.ts code review) - [x] Alert `@AztecProtocol/devrel` to update docs Fixes A-606
Collaborator
|
✅ Successfully backported to backport-to-v4-staging #21064. |
alexghr
added a commit
that referenced
this pull request
Mar 5, 2026
BEGIN_COMMIT_OVERRIDE chore: chonk proof compression poc (#20645) feat: Update L1 to L2 message APIs (#20913) fix: adapt chonk proof compression for v4 Translator layout (#21067) fix: omit bigint priceBumpPercentage from IPC config in testbench worker (#21086) feat: standby mode for prover broker (#21098) fix(p2p): remove default block handler in favor of block handler (#21105) chore: prepare barretenberg-rs for crates.io publishing (#20496) feat: reenable function selectors + additional validation in public setup allowlist (backport #20909, #21122) (#21129) chore: remove stale aes comments (#21133) chore: remove auto-tag job (#21127) feat: calldata length validation of public setup function allowlist (#21139) feat: run AVM NAPI simulations on dedicated threads instead of libuv pool (#21138) feat: Remove non-protocol contracts from public setup allowlist (#21154) END_COMMIT_OVERRIDE --------- Co-authored-by: ledwards2225 <ledwards2225@users.noreply.github.com> Co-authored-by: PhilWindle <PhilWindle@users.noreply.github.com> Co-authored-by: ludamad <adam.domurad@gmail.com> Co-authored-by: mrzeszutko <mrzeszutko@users.noreply.github.com> Co-authored-by: spalladino <spalladino@users.noreply.github.com> Co-authored-by: johnathan79717 <johnathan79717@users.noreply.github.com> Co-authored-by: nventuro <nventuro@users.noreply.github.com> Co-authored-by: alexghr <alexghr@users.noreply.github.com> Co-authored-by: AztecBot <AztecBot@users.noreply.github.com> Co-authored-by: Martin Verzilli <martin@aztec-labs.com>
This was referenced Mar 5, 2026
spalladino
pushed a commit
that referenced
this pull request
Mar 6, 2026
## Summary Follow-up to #21154, addressing review feedback to deduplicate code and use contract artifacts instead of hardcoded signature strings. - **New `buildAllowedElement` helper** (`@aztec/p2p/msg_validators`): Builds an `AllowedElement` from a `ContractArtifact` + function name, deriving both the selector (via `FunctionSelector.fromNameAndParameters`) and calldata length from the artifact. Eliminates all hardcoded `FunctionSelector.fromSignature(...)` calls. - **Refactored protocol allowlist** (`allowed_public_setup.ts`): Uses `buildAllowedElement` with `AuthRegistryArtifact` and `FeeJuiceArtifact` instead of manually constructing selectors and calldata lengths. - **Deduplicated token allowlist** into a single shared `getTokenAllowedSetupFunctions()` in `@aztec/aztec/testing`, removing three identical copies from `local-network.ts`, `fees_test.ts`, and `client_flows_benchmark.ts`. - **Refactored `fee_payer_balance.ts`**: Replaced hardcoded `fromSignature('_increase_public_balance((Field),u128)')` with artifact-derived selector using `FeeJuiceArtifact`. - **Left `public_fee_payment_method.ts` and `private_fee_payment_method.ts` as-is**: These deprecated classes in `aztec.js` would require adding contract artifact dependencies or API changes to refactor. Net result: **-154 lines** removed across 3 duplicated functions and hardcoded selectors, **+73 lines** added for the shared helper and single source of truth.
AztecBot
pushed a commit
that referenced
this pull request
Mar 6, 2026
## Summary Follow-up to #21154, addressing review feedback to deduplicate code and use contract artifacts instead of hardcoded signature strings. - **New `buildAllowedElement` helper** (`@aztec/p2p/msg_validators`): Builds an `AllowedElement` from a `ContractArtifact` + function name, deriving both the selector (via `FunctionSelector.fromNameAndParameters`) and calldata length from the artifact. Eliminates all hardcoded `FunctionSelector.fromSignature(...)` calls. - **Refactored protocol allowlist** (`allowed_public_setup.ts`): Uses `buildAllowedElement` with `AuthRegistryArtifact` and `FeeJuiceArtifact` instead of manually constructing selectors and calldata lengths. - **Deduplicated token allowlist** into a single shared `getTokenAllowedSetupFunctions()` in `@aztec/aztec/testing`, removing three identical copies from `local-network.ts`, `fees_test.ts`, and `client_flows_benchmark.ts`. - **Refactored `fee_payer_balance.ts`**: Replaced hardcoded `fromSignature('_increase_public_balance((Field),u128)')` with artifact-derived selector using `FeeJuiceArtifact`. - **Left `public_fee_payment_method.ts` and `private_fee_payment_method.ts` as-is**: These deprecated classes in `aztec.js` would require adding contract artifact dependencies or API changes to refactor. Net result: **-154 lines** removed across 3 duplicated functions and hardcoded selectors, **+73 lines** added for the shared helper and single source of truth.
github-merge-queue bot
pushed a commit
that referenced
this pull request
Mar 6, 2026
BEGIN_COMMIT_OVERRIDE test: update proving-real test to mbps (#20991) chore: epoch proving log analyzer (#21033) chore: update pause script to allow resume (#21032) feat: price bump for RPC transaction replacement (#20806) refactor: remove update checker, retain version checks (#20898) fix: (A-592) p2p client proposal tx collector test (#20998) refactor: use publishers-per-pod in deployments (#21039) chore: web3signer refreshes keystore (#21045) feat(sequencer): set block building limits from checkpoint limits (#20974) chore(e2e): fix e2e bot L1 tx nonce reuse (#21052) feat: Update L1 to L2 message APIs (#20913) fix: (A-589) epochs l1 reorgs test (#20999) feat(sequencer): add SEQ_MAX_TX_PER_CHECKPOINT config (#21016) fix: drop --pid=host from docker_isolate (#21081) feat: standby mode for prover broker (#21098) fix(p2p): remove default block handler in favor of block handler (#21105) feat(validator): add VALIDATOR_ env vars for independent block limits (#21060) refactor(p2p): decouple proposal validators from base class via composition (#21075) feat: additional validation in public setup allowlist (onlySelf + null msg sender) (#21122) fix: (A-591) aztecProofSubmissionEpochs incorrectly named as aztecProofSubmissionWindow (#21108) refactor(sequencer): rename SEQ_GAS_PER_BLOCK_ALLOCATION_MULTIPLIER to SEQ_PER_BLOCK_ALLOCATION_MULTIPLIER (#21125) fix: unbound variable in check_doc_references.sh with set -u (#21126) feat: calldata length validation of public setup function allowlist (#21139) fix: include mismatched values in tx metadata validation errors (#21147) feat: single-node implementation of slash-protection signer (#20894) feat: Remove non-protocol contracts from public setup allowlist (#21154) chore: More updated Alpha configuration (#21155) chore: tally slashing pruning improvements (#21161) fix: update dependencies (#20997) fix: omit bigint priceBumpPercentage from IPC config in testbench worker (#21169) refactor(p2p): (A-588) maintain sorted array in tx pool instead of sorting on read (#21079) fix(p2p): report most severe failure in runValidations (#21185) fix: use dedicated L1 account for bot bridge resume tests to avoid nonce race (#21148) fix: parse error.message in formatViemError (#21163) fix: bump lighthouse consensus client v7.1.0 -> v8.0.1 (#21170) chore: code decuplication + refactor (public setup allowlist) (#21200) END_COMMIT_OVERRIDE
ludamad
added a commit
that referenced
this pull request
Mar 10, 2026
BEGIN_COMMIT_OVERRIDE chore: chonk proof compression poc (#20645) feat: Update L1 to L2 message APIs (#20913) fix: adapt chonk proof compression for v4 Translator layout (#21067) fix: omit bigint priceBumpPercentage from IPC config in testbench worker (#21086) feat: standby mode for prover broker (#21098) fix(p2p): remove default block handler in favor of block handler (#21105) chore: prepare barretenberg-rs for crates.io publishing (#20496) feat: reenable function selectors + additional validation in public setup allowlist (backport #20909, #21122) (#21129) chore: remove stale aes comments (#21133) chore: remove auto-tag job (#21127) feat: calldata length validation of public setup function allowlist (#21139) feat: run AVM NAPI simulations on dedicated threads instead of libuv pool (#21138) feat: Remove non-protocol contracts from public setup allowlist (#21154) feat!: Expose offchain effects when simulating/sending txs (backport #20563) (#21110) chore: bump minor version (#21171) chore: backport #21161 (tally slashing pruning improvements) to v4 (#21166) chore: More updated Alpha configuration (backport #21155) (#21165) fix(p2p): report most severe failure in runValidations (#21185) feat: add ergonomic conversions for Noir's `Option<T>` (#21107) docs: clarifying Noir fields vs struct fields in event metadata (#21172) fix: bump lighthouse consensus client v7.1.0 -> v8.0.1 (#21170) fix: update dependencies (#20997) chore: New alpha-net environment (#20800) (#21202) chore: code decuplication + refactor (public setup allowlist) (#21200) feat: mask all ciphertext fields with Poseidon2-derived values (backport #21009) (#21140) chore: disable sponsored FPC in testnet (#21235) feat!: exposing pub event pagination on wallet (#21197) refactor(pxe): narrow tryGetPublicKeysAndPartialAddress return type (backport #21208) (#21236) feat: orchestrator enqueues via serial queue (#21247) feat: rollup mana limit gas validation (#21219) chore: deploy SPONSORED_FPC in test networks (#21254) fix(sequencer): fix log when not enough txs (#21297) END_COMMIT_OVERRIDE --------- Co-authored-by: ledwards2225 <ledwards2225@users.noreply.github.com> Co-authored-by: PhilWindle <PhilWindle@users.noreply.github.com> Co-authored-by: ludamad <adam.domurad@gmail.com> Co-authored-by: mrzeszutko <mrzeszutko@users.noreply.github.com> Co-authored-by: spalladino <spalladino@users.noreply.github.com> Co-authored-by: johnathan79717 <johnathan79717@users.noreply.github.com> Co-authored-by: nventuro <nventuro@users.noreply.github.com> Co-authored-by: alexghr <alexghr@users.noreply.github.com> Co-authored-by: AztecBot <AztecBot@users.noreply.github.com> Co-authored-by: Martin Verzilli <martin@aztec-labs.com> Co-authored-by: PhilWindle <60546371+PhilWindle@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: mverzilli <mverzilli@users.noreply.github.com> Co-authored-by: benesjan <benesjan@users.noreply.github.com> Co-authored-by: danielntmd <danielntmd@users.noreply.github.com> Co-authored-by: deffrian <deffrian@users.noreply.github.com> Co-authored-by: benesjan <janbenes1234@gmail.com>
ludamad
added a commit
that referenced
this pull request
Mar 11, 2026
BEGIN_COMMIT_OVERRIDE chore: chonk proof compression poc (#20645) feat: Update L1 to L2 message APIs (#20913) fix: adapt chonk proof compression for v4 Translator layout (#21067) fix: omit bigint priceBumpPercentage from IPC config in testbench worker (#21086) feat: standby mode for prover broker (#21098) fix(p2p): remove default block handler in favor of block handler (#21105) chore: prepare barretenberg-rs for crates.io publishing (#20496) feat: reenable function selectors + additional validation in public setup allowlist (backport #20909, #21122) (#21129) chore: remove stale aes comments (#21133) chore: remove auto-tag job (#21127) feat: calldata length validation of public setup function allowlist (#21139) feat: run AVM NAPI simulations on dedicated threads instead of libuv pool (#21138) feat: Remove non-protocol contracts from public setup allowlist (#21154) feat!: Expose offchain effects when simulating/sending txs (backport #20563) (#21110) chore: bump minor version (#21171) chore: backport #21161 (tally slashing pruning improvements) to v4 (#21166) chore: More updated Alpha configuration (backport #21155) (#21165) fix(p2p): report most severe failure in runValidations (#21185) feat: add ergonomic conversions for Noir's `Option<T>` (#21107) docs: clarifying Noir fields vs struct fields in event metadata (#21172) fix: bump lighthouse consensus client v7.1.0 -> v8.0.1 (#21170) fix: update dependencies (#20997) chore: New alpha-net environment (#20800) (#21202) chore: code decuplication + refactor (public setup allowlist) (#21200) feat: mask all ciphertext fields with Poseidon2-derived values (backport #21009) (#21140) chore: disable sponsored FPC in testnet (#21235) feat!: exposing pub event pagination on wallet (#21197) refactor(pxe): narrow tryGetPublicKeysAndPartialAddress return type (backport #21208) (#21236) feat: orchestrator enqueues via serial queue (#21247) feat: rollup mana limit gas validation (#21219) chore: deploy SPONSORED_FPC in test networks (#21254) fix(sequencer): fix log when not enough txs (#21297) fix: Simulate gas in n tps test. Set min txs per block to 1 (backport #21312) (#21329) fix(log): do not log validation error if unregistered handler (#21111) fix(node): fix index misalignment in findLeavesIndexes (#21327) fix: limit parallel blocks in prover to max AVM parallel simulations (#21320) fix: use native sha256 to speed up proving job id generation (#21292) fix(validator): wait for l1 sync before processing block proposals (#21336) fix(txpool): cap priority fee with max fees when computing priority (#21279) chore: reduce severity of errors due to HA node not acquiring signature (#21311) fix: (A-643) add buffer to maxFeePerBlobGas for gas estimation and fix bump loop truncation (#21323) END_COMMIT_OVERRIDE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Removes non-protocol contracts (Token class-based entries) from the default public setup allowlist for alpha. Token class IDs change with aztec-nr releases, making the allowlist hard to maintain—and FPC-based fee payment with custom tokens won't be supported on mainnet alpha.
allowed_public_setup.ts): only protocol contracts (AuthRegistry, FeeJuice) remain in the hardcoded defaultsparseAllowListto support validation flags: new optional flags segment (os,rn,cl=N) so node operators who manually re-add entries get properonlySelf,rejectNullMsgSender, andcalldataLengthvalidationFeesTestandClientFlowsBenchmarknow compute Token allowlist entries and pass them viatxPublicSetupAllowListExtendlocal-network.ts): computes Token allowlist entries at startup so FPC-based fee payments continue to work in local development and CIPublicFeePaymentMethodandPrivateFeePaymentMethodin aztec.js with@deprecatedJSDoc tagsfpc-publicandfpc-privatepayment methodsTest plan
p2p/src/config.test.ts(11 tests including 4 new flag parsing tests)p2p/src/msg_validators/tx_validator/phases_validator.test.ts(23 tests)e2e_local_network_example.test.ts(requires running local network — unchanged, validated via local-network.ts code review)@AztecProtocol/devrelto update docsFixes A-606