test(e2e): fix race in broadcasted_invalid_block_proposal_slash under pipelining (#23302)

## Summary

Fixes the `e2e_p2p_broadcasted_invalid_block_proposal_slash` failure
that has been blocking the `merge-train/spartan` train (run
https://github.com/AztecProtocol/aztec-packages/actions/runs/25896899879,
test log http://ci.aztec-labs.com/2bf4e2cd2d9e7944).

The test creates the malicious proposer first (auto-starting its
sequencer) and only later creates the honest nodes and waits for P2P
mesh. Under `enableProposerPipelining: true` (turned on for this test by
#23070), the malicious proposer is selected for the very next slot,
builds + broadcasts the invalid proposal one slot ahead, and lands the
broadcast before the honest validators have joined the mesh. They then
reject it at the gossipsub `checkpoint_proposal_validator` with
`Penalizing peer for invalid slot number` (since their target slot has
already moved past), so the `state_mismatch` slashing path never runs.
The malicious sequencer then gets stuck on the failed publish (`Awaiting
pending L1 payload submission`) and never proposes again before the test
times out on `awaitOffenseDetected`.

This is the same race that #23070 fixed in
`duplicate_proposal_slash.test.ts`; the same pattern is applied here:

- Create both the invalid proposer and the honest nodes with
`dontStartSequencer: true`.
- After P2P mesh connectivity + committee formation, use
`advanceToEpochBeforeProposer` to land one epoch before an epoch where
the invalid proposer is scheduled.
- Start all sequencers, then `advanceToEpoch(targetEpoch, { offset:
-AZTEC_SLOT_DURATION })` so the malicious slot fires while every node is
online and at the same wall-clock slot.
- After `awaitOffenseDetected` on one node, poll `getSlashOffenses`
across **all** nodes for `BROADCASTED_INVALID_BLOCK_PROPOSAL` — under
pipelining a given receiver may have already advanced past the build
slot when the proposal arrives, so we need to catch whichever node was
still in the build slot.

The on-chain slash assertion (`rollup.listenToSlash`) is preserved
unchanged.

Full failure analysis:
https://gist.github.com/AztecBot/39b69c1117f419145938ccd2c198f8e9

## Test plan

- CI: `e2e_p2p_broadcasted_invalid_block_proposal_slash` passes on
`merge-train/spartan`.
- Local `./bootstrap.sh ci` / `fast` / `build` are not runnable in this
container (no Docker socket and `$HOME` not writable for the container
UID — `yarn install` fails on `corepack` mkdir, parallel-bootstrap can't
create `~/.parallel`). Fix is a direct port of a pattern already
shipping green on `next` via the sibling
`duplicate_proposal_slash.test.ts`.


ClaudeBox log: https://claudebox.work/s/06a4929a1971beaf?run=1

Author: AztecBot

yarn-project/end-to-end/src/e2e_p2p/broadcasted_invalid_block_proposal_slash.test.ts

@@ -1,4 +1,5 @@
 import type { AztecNodeService } from '@aztec/aztec-node';
+import type { TestAztecNodeService } from '@aztec/aztec-node/test';
 import { EthAddress } from '@aztec/aztec.js/addresses';
 import { EpochNumber } from '@aztec/foundation/branded-types';
 import { promiseWithResolvers } from '@aztec/foundation/promise';
@@ -13,7 +14,7 @@ import path from 'path';
 import { shouldCollectMetrics } from '../fixtures/fixtures.js';
 import { createNodes } from '../fixtures/setup_p2p_test.js';
 import { P2PNetworkTest } from './p2p_network.js';
-import { awaitCommitteeExists, awaitOffenseDetected } from './shared.js';
+import { advanceToEpochBeforeProposer, awaitCommitteeExists, awaitOffenseDetected } from './shared.js';
 
 const TEST_TIMEOUT = 1_000_000;
 
@@ -114,10 +115,14 @@ describe('e2e_p2p_broadcasted_invalid_block_proposal_slash', () => {
 
     t.logger.warn('Creating nodes');
 
-    // Create first node that broadcasts invalid proposals
+    // Create first node that broadcasts invalid proposals. Keep its sequencer stopped until
+    // every node has joined the P2P mesh; otherwise (under proposer pipelining) the invalid
+    // proposer can publish its sole bad block to slot N before the honest nodes are connected,
+    // and they will reject the proposal as "invalid slot number" instead of slashing it.
     const invalidProposerConfig = {
       ...t.ctx.aztecNodeConfig,
       broadcastInvalidBlockProposal: true,
+      dontStartSequencer: true,
     };
     const invalidProposerNodes = await createNodes(
       invalidProposerConfig,
@@ -134,9 +139,9 @@ describe('e2e_p2p_broadcasted_invalid_block_proposal_slash', () => {
     const invalidProposerAddress = invalidProposerNodes[0].getSequencer()!.validatorAddresses![0];
     t.logger.warn(`Invalid proposer address: ${invalidProposerAddress.toString()}`);
 
-    // Create remaining honest nodes
+    // Create remaining honest nodes, also with sequencers stopped, for the same reason.
     const honestNodes = await createNodes(
-      t.ctx.aztecNodeConfig,
+      { ...t.ctx.aztecNodeConfig, dontStartSequencer: true },
       t.ctx.dateProvider,
       t.bootstrapNodeEnr,
       NUM_VALIDATORS - 1,
@@ -149,42 +154,39 @@ describe('e2e_p2p_broadcasted_invalid_block_proposal_slash', () => {
 
     nodes = [...invalidProposerNodes, ...honestNodes];
 
-    // Wait for P2P mesh to be fully formed before proceeding
+    // Wait for P2P mesh to be fully formed before starting sequencers
     await t.waitForP2PMeshConnectivity(nodes, NUM_VALIDATORS);
 
     await awaitCommitteeExists({ rollup, logger: t.logger });
 
-    const startSlot = await rollup.getSlotNumber();
-    const proposerEarliestSlot = startSlot + 1;
-
-    // Wait until the bad proposer has had a slot
-    await retryUntil(
-      async () => {
-        const currentSlot = await rollup.getSlotNumber();
-        return currentSlot >= proposerEarliestSlot;
-      },
-      'Wait for next slot...',
-      TEST_TIMEOUT / 1000,
-      ETHEREUM_SLOT_DURATION,
-    );
-
-    await retryUntil(
-      async () => {
-        const currentProposer = await rollup.getCurrentProposer();
-        if (!currentProposer.equals(invalidProposerAddress)) {
-          t.logger.info(
-            `Current proposer: ${currentProposer}, waiting for malicious proposer ${invalidProposerAddress} to get a slot...`,
-          );
-          return false;
-        }
-        return true;
-      },
-      'Wait for malicious proposer slot...',
-      TEST_TIMEOUT / 1000,
-      ETHEREUM_SLOT_DURATION,
-    );
+    // Find an epoch where the invalid proposer is selected, stopping one epoch before so
+    // we have time to start sequencers before the target epoch arrives.
+    const epochCache = (honestNodes[0] as TestAztecNodeService).epochCache;
+    const { targetEpoch } = await advanceToEpochBeforeProposer({
+      epochCache,
+      cheatCodes: t.ctx.cheatCodes.rollup,
+      targetProposer: invalidProposerAddress,
+      logger: t.logger,
+    });
 
-    const offenses = await awaitOffenseDetected({
+    // Start all sequencers while still one epoch before the target
+    t.logger.warn('Starting all sequencers');
+    await Promise.all(nodes.map(n => n.getSequencer()!.start()));
+
+    // Now warp to one slot before the target epoch — sequencers are already running.
+    // Under proposer pipelining, the invalid proposer begins building for the first slot
+    // of the target epoch one slot earlier; warping to the start of the epoch would force
+    // the bad proposal to serialize past the slot boundary, after which honest receivers
+    // reject it as late.
+    t.logger.warn(`Advancing to one slot before target epoch ${targetEpoch}`);
+    await t.ctx.cheatCodes.rollup.advanceToEpoch(targetEpoch, { offset: -AZTEC_SLOT_DURATION });
+
+    // Wait for offense to be detected. Under proposer pipelining, the invalid block proposal is
+    // broadcast at the slot boundary while a receiver's wall clock may have already advanced
+    // past the build slot — when that happens, the honest node rejects the gossip with "invalid
+    // slot number" before slashing logic runs. Collect offenses from every node so we catch
+    // whichever node managed to process the proposal while still in the build slot.
+    await awaitOffenseDetected({
       epochDuration: t.ctx.aztecNodeConfig.aztecEpochDuration,
       logger: t.logger,
       nodeAdmin: nodes[1], // Use honest node to check for offenses
@@ -193,10 +195,23 @@ describe('e2e_p2p_broadcasted_invalid_block_proposal_slash', () => {
       timeoutSeconds: AZTEC_SLOT_DURATION * 16,
     });
 
-    // Check offense is correct
-    expect(offenses).toHaveLength(1);
-    expect(offenses[0].offenseType).toEqual(OffenseType.BROADCASTED_INVALID_BLOCK_PROPOSAL);
-    expect(offenses[0].validator.toString()).toEqual(t.validators[0].attester.toString());
+    const invalidBlockOffenses = await retryUntil(
+      async () => {
+        const allOffenses = (await Promise.all(nodes.map(n => n.getSlashOffenses('all')))).flat();
+        const filtered = allOffenses.filter(o => o.offenseType === OffenseType.BROADCASTED_INVALID_BLOCK_PROPOSAL);
+        if (filtered.length > 0) {
+          return filtered;
+        }
+      },
+      'broadcasted invalid block proposal offense',
+      AZTEC_SLOT_DURATION * 4,
+    );
+
+    t.logger.warn(`Collected broadcasted invalid block proposal offenses`, { invalidBlockOffenses });
+    expect(invalidBlockOffenses.length).toBeGreaterThan(0);
+    for (const offense of invalidBlockOffenses) {
+      expect(offense.validator.toString()).toEqual(invalidProposerAddress.toString());
+    }
 
     // Check slash is recorded on chain
     const slashPromise = promiseWithResolvers<{ amount: bigint; attester: EthAddress }>();