fix(sequencer): override full parent checkpoint cell in pipelined simulation (#23073)

## Motivation

When proposer pipelining is enabled, the sequencer simulates `propose()`
for checkpoint K one slot ahead while K-1 has not yet landed on L1. The
previous override only patched `tips.pending`, `archives[K-1]`, and
(sometimes) the fee header, leaving the rest of
`tempCheckpointLogs[K-1]` at storage zero. With `slotNumber` zeroed,
`canPruneAtTime` falsely declared the proof window expired, the contract
returned `proven` from `getEffectivePendingCheckpointNumber`, and the
precheck reverted with `Rollup__InvalidArchive` — surfacing as a
`proposer-rollup-check-failed` storm whenever a checkpoint took an extra
L1 block to land.

Additionally, fixes a bug in L2-to-L1 messages related to how the
`outHash` is computed by the proposer (see "include parent
checkpointOutHash when pipelining same-epoch builds").

Also adds sanity checks to `checkSync` to guard against race conditions
when querying archiver data.

## Approach

The simulated `tempCheckpointLogs[K-1]` cell is now byte-faithful with
what L1 will see once K-1 actually lands: header hash, out hash, payload
digest, slot number, and fee header. `blobCommitmentsHash` and
`attestationsHash` are intentionally left out — the propose path never
asserts on them. The override is built through a single per-cell helper
that throws on `slotNumber > uint32`, mirroring the on-chain
`SafeCast.toUint32`.

## Changes

- **stdlib (`checkpoint/digest.ts`)**: new shared
`computeCheckpointPayloadDigest` helper. Archiver migrated to it.
- **ethereum (`rollup.ts` / `chain_state_override.ts`)**: replaces
`makeFeeHeaderOverride` with `makeTempCheckpointLogOverride`
(all-required) and `makeTempCheckpointLogPartialOverride` (subset).
Extends `PendingCheckpointOverrideState` and
`SimulationOverridesBuilder` with
`withPendingHeaderHash/OutHash/PayloadDigest/SlotNumber`. Plan
translation now goes through the partial helper so a missing fee header
no longer suppresses the rest.
- **sequencer-client**: `buildPipelinedParentSimulationOverridesPlan`
takes a `signatureContext`, populates the new fields when
`proposedCheckpointData` matches the parent, and guards against stale
entries. The inline override in `Sequencer` is consolidated through the
helper, with a defensive archive fallback when `proposedCheckpointData`
is absent. `CheckpointProposalJob` threads the signature context
through.
- **end-to-end (`epochs_mbps.parallel.test`)**: switches the test to the
pipelined-MBPS timing (12s L1 / 72s L2 / 5500ms blocks,
`enableProposerPipelining: true`, `perBlockAllocationMultiplier: 8`) and
asserts there are no `proposer-rollup-check-failed` events under normal
operation.
- **.test_patterns.yml**: marks the L2-to-L1-messages variant of the
test as `skip: true` for an unrelated `Tx dropped by P2P node` flake
under the new pipelined timing — tracked as a follow-up.
- **tests**: new unit tests for `makeTempCheckpointLogOverride`
(storage-slot round-trip via `getCheckpoint`, slot-overflow throw,
partial-emission), `withPending*` builders, and the
populated/empty/stale-checkpoint paths in
`buildPipelinedParentSimulationOverridesPlan`.

Author: spalladino

yarn-project/archiver/src/l1/calldata_retriever.ts

@@ -7,7 +7,7 @@ import { EthAddress } from '@aztec/foundation/eth-address';
 import type { Logger } from '@aztec/foundation/log';
 import { RollupAbi } from '@aztec/l1-artifacts';
 import { CommitteeAttestation } from '@aztec/stdlib/block';
-import { ConsensusPayload, getHashedSignaturePayloadTypedData } from '@aztec/stdlib/p2p';
+import { computeCheckpointPayloadDigest } from '@aztec/stdlib/checkpoint';
 import { CheckpointHeader } from '@aztec/stdlib/rollup';
 
 import {
@@ -473,13 +473,12 @@ export class CalldataRetriever {
 
   /** Computes the keccak256 payload digest from the checkpoint header, archive root, and fee asset price modifier. */
   private computePayloadDigest(header: CheckpointHeader, archiveRoot: Fr, feeAssetPriceModifier: bigint): Hex {
-    const consensusPayload = new ConsensusPayload(
+    return computeCheckpointPayloadDigest({
       header,
       archiveRoot,
       feeAssetPriceModifier,
-      this.getSignatureContext(),
-    );
-    return getHashedSignaturePayloadTypedData(consensusPayload).toString();
+      signatureContext: this.getSignatureContext(),
+    }).toString();
   }
 
   /**

yarn-project/end-to-end/src/e2e_epochs/epochs_mbps.parallel.test.ts

@@ -30,7 +30,7 @@ import { sendL1ToL2Message } from '../fixtures/l1_to_l2_messaging.js';
 import { type EndToEndContext, getPrivateKeyFromIndex } from '../fixtures/utils.js';
 import { TestWallet } from '../test-wallet/test_wallet.js';
 import { proveInteraction } from '../test-wallet/utils.js';
-import { EpochsTestContext } from './epochs_test.js';
+import { EpochsTestContext, type TrackedSequencerEvent } from './epochs_test.js';
 
 jest.setTimeout(1000 * 60 * 20);
 
@@ -61,6 +61,7 @@ describe('e2e_epochs/epochs_mbps', () => {
   let crossChainContract: TestContract | undefined;
   let wallet: TestWallet;
   let from: AztecAddress;
+  let failEvents: TrackedSequencerEvent[];
 
   /**
    * Creates validators and sets up the test context with MBPS configuration.
@@ -81,30 +82,28 @@ describe('e2e_epochs/epochs_mbps', () => {
     });
 
     // Setup context with the given set of validators and MBPS configuration.
-    // Timing calculation for 3 blocks per checkpoint with 8s sub-slots:
-    // - initializationOffset ≈ 0.5s (test mode with ethereumSlotDuration < 8)
-    // - 3 blocks × 8s = 24s
-    // - checkpointFinalization = 0.5s (assemble) + 0 (p2p in test) + 2s (L1 publish) = 2.5s
-    // - finalBlockDuration = 8s
-    // - Total: 0.5 + 24 + 8 + 2.5 = 35s → use 36s for margin
+    // Pipelining is enabled, so we adopt the wider timing used by the dedicated
+    // epochs_mbps.pipeline.parallel test (72s L2 slots, 12s L1 slots, 5500ms blocks).
+    // The tighter 36s/4s timing produces CheckpointNumberNotSequentialError on non-proposer
+    // nodes when the pipelined proposer races ahead of L1 confirmation (see A-914).
     test = await EpochsTestContext.setup({
       numberOfAccounts: 0,
       initialValidators: validators,
+      enableProposerPipelining: true,
       mockGossipSubNetwork: true,
       disableAnvilTestWatcher: true,
       startProverNode: true,
+      // Mirrors the pipeline-MBPS sibling: more blocks per slot needs a larger per-block gas
+      // allocation multiplier so each block can fit non-trivial txs.
+      perBlockAllocationMultiplier: 8,
       aztecEpochDuration: 4,
       enforceTimeTable: true,
-      // L1 slot duration - using < 8 to enable test mode optimizations
-      ethereumSlotDuration: 4,
-      // L2 slot duration - should fit 3 blocks (8s each) + overhead
-      aztecSlotDuration: 36,
-      // Block duration of 8s as specified
-      blockDurationMs: 8000,
-      // L1 publishing time
-      l1PublishingTime: 2,
-      // Reduce attestation propagation time for tests
-      attestationPropagationTime: 0.5,
+      // L1 slot duration - mirrors the pipeline-MBPS test for headroom on the parent's L1 tx
+      ethereumSlotDuration: 12,
+      // L2 slot duration - should fit several blocks (5.5s each) with pipelining overhead
+      aztecSlotDuration: 72,
+      // Block duration of 5.5s, matches the pipeline sibling
+      blockDurationMs: 5500,
       // Committee size of 3
       aztecTargetCommitteeSize: 3,
       // Additional options (minTxsPerBlock, maxTxsPerBlock, etc.)
@@ -125,6 +124,10 @@ describe('e2e_epochs/epochs_mbps', () => {
       test.createValidatorNode([privateKey], { dontStartSequencer: true }),
     );
     logger.warn(`Started ${NODE_COUNT} validator nodes.`, { validators: validators.map(v => v.attester.toString()) });
+    ({ failEvents } = test.watchSequencerEvents(
+      nodes.map(n => n.getSequencer()!),
+      i => ({ validator: validators[i].attester }),
+    ));
 
     // Point the wallet at a validator node. The initial node-0 has all validator keys in its config,
     // so it rejects block proposals from validators thinking they come from itself. By redirecting
@@ -185,6 +188,11 @@ describe('e2e_epochs/epochs_mbps', () => {
 
   /** Waits until a specific multi-block checkpoint is proven, verifying that proving succeeds with MBPS blocks. */
   async function waitForProvenCheckpoint(targetCheckpoint: CheckpointNumber) {
+    test.assertNoFailuresFromSequencers(failEvents);
+
+    logger.warn(`Stopping validator sequencers before waiting for checkpoint ${targetCheckpoint} to be proven`);
+    await Promise.all(nodes.map(n => n.getSequencer()?.stop()));
+
     const provenTimeout = test.L2_SLOT_DURATION_IN_S * test.epochDuration * 4;
     logger.warn(`Waiting for checkpoint ${targetCheckpoint} to be proven (timeout=${provenTimeout}s)`);
     await test.waitUntilProvenCheckpointNumber(targetCheckpoint, provenTimeout);

yarn-project/ethereum/src/contracts/chain_state_override.test.ts

@@ -1,4 +1,5 @@
-import { CheckpointNumber } from '@aztec/foundation/branded-types';
+import { CheckpointNumber, SlotNumber } from '@aztec/foundation/branded-types';
+import { Buffer32 } from '@aztec/foundation/buffer';
 import { Fr } from '@aztec/foundation/curves/bn254';
 
 import { SimulationOverridesBuilder } from './chain_state_override.js';
@@ -64,4 +65,28 @@ describe('SimulationOverridesBuilder', () => {
     const plan = builder.build();
     expect(plan?.chainTipsOverride).toEqual({ pending: CheckpointNumber(7), proven: CheckpointNumber(3) });
   });
+
+  it('attaches temp checkpoint log fields under the configured pending checkpoint', () => {
+    const headerHash = Fr.random();
+    const outHash = Fr.random();
+    const payloadDigest = Buffer32.random();
+    const slotNumber = SlotNumber(42);
+    const plan = new SimulationOverridesBuilder()
+      .withChainTips({ pending: CheckpointNumber(7) })
+      .withPendingTempCheckpointLogFields({ headerHash, outHash, payloadDigest, slotNumber })
+      .build();
+
+    expect(plan?.pendingCheckpointState).toEqual({ headerHash, outHash, payloadDigest, slotNumber });
+  });
+
+  it('throws when withPendingTempCheckpointLogFields is called without a pending chain-tip override', () => {
+    expect(() =>
+      new SimulationOverridesBuilder().withPendingTempCheckpointLogFields({
+        headerHash: Fr.random(),
+        outHash: Fr.random(),
+        payloadDigest: Buffer32.random(),
+        slotNumber: SlotNumber(42),
+      }),
+    ).toThrow(/withChainTips\(\{ pending \}\) must be called/);
+  });
 });

yarn-project/ethereum/src/contracts/chain_state_override.ts

@@ -1,14 +1,25 @@
 import { toHex as toPaddedHex } from '@aztec/foundation/bigint-buffer';
-import type { CheckpointNumber } from '@aztec/foundation/branded-types';
+import type { CheckpointNumber, SlotNumber } from '@aztec/foundation/branded-types';
+import type { Buffer32 } from '@aztec/foundation/buffer';
 import type { Fr } from '@aztec/foundation/curves/bn254';
 
 import type { StateOverride } from 'viem';
 
 import { type FeeHeader, RollupContract } from './rollup.js';
 
+/**
+ * Override values for the pending checkpoint that the simulation should treat as already applied.
+ * Every field is optional at plan-building time so callers can populate them incrementally; whatever
+ * is present at translation time is forwarded to the partial `tempCheckpointLogs` helper so the
+ * load-bearing `slotNumber` can land even if other fields could not be derived locally.
+ */
 export type PendingCheckpointOverrideState = {
   archive?: Fr;
   feeHeader?: FeeHeader;
+  headerHash?: Fr;
+  outHash?: Fr;
+  payloadDigest?: Buffer32;
+  slotNumber?: SlotNumber;
 };
 
 export type ChainTipsOverride = {
@@ -75,6 +86,22 @@ export class SimulationOverridesBuilder {
     return this;
   }
 
+  /**
+   * Overrides the locally-derivable `tempCheckpointLogs` cell fields for the configured pending
+   * checkpoint. Callers populate these together because they all come from the same proposed
+   * checkpoint payload — there is no use case for setting them independently.
+   */
+  public withPendingTempCheckpointLogFields(fields: {
+    headerHash: Fr;
+    outHash: Fr;
+    payloadDigest: Buffer32;
+    slotNumber: SlotNumber;
+  }): this {
+    this.assertPendingCheckpointNumber();
+    this.pendingCheckpointState = { ...(this.pendingCheckpointState ?? {}), ...fields };
+    return this;
+  }
+
   /** Disables blob checking for simulations that cannot provide DA inputs. */
   public withoutBlobCheck(): this {
     this.disableBlobCheck = true;
@@ -128,10 +155,16 @@ export async function buildSimulationOverridesStateOverride(
     );
   }
 
-  if (plan.pendingCheckpointState?.feeHeader) {
+  if (plan.pendingCheckpointState) {
     rollupStateDiff.push(
       ...extractRollupStateDiff(
-        await rollup.makeFeeHeaderOverride(plan.chainTipsOverride!.pending!, plan.pendingCheckpointState.feeHeader),
+        await rollup.makeTempCheckpointLogOverride(plan.chainTipsOverride!.pending!, {
+          headerHash: plan.pendingCheckpointState.headerHash,
+          outHash: plan.pendingCheckpointState.outHash,
+          payloadDigest: plan.pendingCheckpointState.payloadDigest,
+          slotNumber: plan.pendingCheckpointState.slotNumber,
+          feeHeader: plan.pendingCheckpointState.feeHeader,
+        }),
       ),
     );
   }

yarn-project/ethereum/src/contracts/rollup.test.ts

@@ -1,5 +1,6 @@
 import { getPublicClient } from '@aztec/ethereum/client';
-import { CheckpointNumber } from '@aztec/foundation/branded-types';
+import { CheckpointNumber, SlotNumber } from '@aztec/foundation/branded-types';
+import { Buffer32 } from '@aztec/foundation/buffer';
 import { Fr } from '@aztec/foundation/curves/bn254';
 import { EthAddress } from '@aztec/foundation/eth-address';
 import { createLogger } from '@aztec/foundation/log';
@@ -392,6 +393,108 @@ describe('Rollup', () => {
     });
   });
 
+  describe('makeTempCheckpointLogOverride', () => {
+    const fields = {
+      headerHash: Fr.random(),
+      outHash: Fr.random(),
+      payloadDigest: Buffer32.random(),
+      slotNumber: SlotNumber(42),
+      feeHeader: {
+        manaUsed: 12345n,
+        excessMana: 67890n,
+        ethPerFeeAsset: 1_000_000_000_000n,
+        congestionCost: 99999n,
+        proverCost: 55555n,
+      } as FeeHeader,
+    };
+
+    function getDiffMap(
+      checkpointNumber: CheckpointNumber,
+      override: Awaited<ReturnType<RollupContract['makeTempCheckpointLogOverride']>>,
+    ) {
+      const map = new Map<string, string>();
+      for (const entry of override) {
+        for (const diff of entry.stateDiff ?? []) {
+          map.set(diff.slot.toLowerCase(), diff.value.toLowerCase());
+        }
+      }
+      const slotFor = async (field: TempCheckpointLogField) =>
+        `0x${(await rollup.getTempCheckpointLogStorageSlot(checkpointNumber, field)).toString(16).padStart(64, '0')}`.toLowerCase();
+      return { map, slotFor };
+    }
+
+    it('emits one diff entry per required field at the expected storage slot', async () => {
+      const checkpointNumber = CheckpointNumber(7);
+      const override = await rollup.makeTempCheckpointLogOverride(checkpointNumber, fields);
+      const { map, slotFor } = getDiffMap(checkpointNumber, override);
+
+      expect(override).toHaveLength(1);
+      expect(override[0].stateDiff).toHaveLength(5);
+      expect(map.get(await slotFor(TempCheckpointLogField.HeaderHash))).toBe(
+        fields.headerHash.toString().toLowerCase(),
+      );
+      expect(map.get(await slotFor(TempCheckpointLogField.OutHash))).toBe(fields.outHash.toString().toLowerCase());
+      expect(map.get(await slotFor(TempCheckpointLogField.PayloadDigest))).toBe(
+        fields.payloadDigest.toString().toLowerCase(),
+      );
+      expect(map.get(await slotFor(TempCheckpointLogField.SlotNumber))).toBe(
+        `0x${BigInt(fields.slotNumber).toString(16).padStart(64, '0')}`.toLowerCase(),
+      );
+      expect(map.get(await slotFor(TempCheckpointLogField.FeeHeader))).toBe(
+        `0x${RollupContract.compressFeeHeader(fields.feeHeader).toString(16).padStart(64, '0')}`.toLowerCase(),
+      );
+    });
+
+    it('throws when slotNumber overflows uint32 (matches L1 SafeCast.toUint32 semantics)', async () => {
+      const checkpointNumber = CheckpointNumber(3);
+      const slotNumber = SlotNumber(0xdeadbeef + 0x1_0000_0000);
+      await expect(rollup.makeTempCheckpointLogOverride(checkpointNumber, { ...fields, slotNumber })).rejects.toThrow(
+        /does not fit in uint32/,
+      );
+    });
+
+    it('partial override emits only the supplied fields', async () => {
+      const checkpointNumber = CheckpointNumber(13);
+      const override = await rollup.makeTempCheckpointLogOverride(checkpointNumber, {
+        slotNumber: SlotNumber(7),
+      });
+      const { map, slotFor } = getDiffMap(checkpointNumber, override);
+      expect(override[0].stateDiff).toHaveLength(1);
+      expect(map.get(await slotFor(TempCheckpointLogField.SlotNumber))).toBe(
+        `0x${7n.toString(16).padStart(64, '0')}`.toLowerCase(),
+      );
+    });
+
+    it('partial override returns an empty array when no fields are supplied', async () => {
+      const override = await rollup.makeTempCheckpointLogOverride(CheckpointNumber(13), {});
+      expect(override).toEqual([]);
+    });
+
+    it('round-trips slot, header hash, and fee header through getCheckpoint', async () => {
+      // Reset tips so checkpoint 0 is in range, then build an override and read it back through the contract.
+      await cheatCodes.store(
+        EthAddress.fromString(rollupAddress),
+        RollupContract.chainTipsStorageSlot,
+        RollupContract.packChainTips(0n, 0n),
+      );
+
+      const checkpointNumber = CheckpointNumber(0);
+      const override = await rollup.makeTempCheckpointLogOverride(checkpointNumber, fields);
+
+      const { result } = await publicClient.simulateContract({
+        address: rollupAddress,
+        abi: RollupAbi as Abi,
+        functionName: 'getCheckpoint',
+        args: [BigInt(checkpointNumber)],
+        stateOverride: override,
+      });
+      const checkpoint = result as { headerHash: `0x${string}`; outHash: `0x${string}`; slotNumber: bigint };
+      expect(checkpoint.headerHash.toLowerCase()).toBe(fields.headerHash.toString().toLowerCase());
+      expect(checkpoint.outHash.toLowerCase()).toBe(fields.outHash.toString().toLowerCase());
+      expect(checkpoint.slotNumber).toBe(BigInt(fields.slotNumber));
+    });
+  });
+
   describe('getSlashingProposer', () => {
     it('returns a slashing proposer', async () => {
       const slashingProposer = await rollup.getSlashingProposer();