updates

Author: julienrbrt

block/internal/syncing/syncer.go

@@ -749,6 +749,11 @@ func (s *Syncer) TrySyncNextBlock(ctx context.Context, event *common.DAHeightEve
 	}
 
 	// Verify forced inclusion transactions if configured
+	// TODO: Eventually move VerifyForcedInclusionTxs to a the DA retriever, so verification happens in the background
+	// This would allow to verify P2P blocks once the node is caught up with DA. This is tricky to implement because for
+	// P2P blocks, the DA hints are not yet available when synced to the head.
+	// Another scenario is to setup DA only nodes, made to alert others nodes when the DA layer becomes malicious.
+	// The flow below allows that.
 	if event.Source == common.SourceDA {
 		if err := s.VerifyForcedInclusionTxs(ctx, currentState.DAHeight, data); err != nil {
 			s.logger.Error().Err(err).Uint64("height", nextHeight).Msg("forced inclusion verification failed")

docs/adr/adr-019-forced-inclusion-mechanism.md

@@ -686,7 +686,7 @@ based_sequencer = true # Use based sequencer
 
 ### Full Node Verification Flow
 
-1. Receive block from DA or P2P
+1. Receive block from DA
 2. Before applying block:
    a. Fetch forced inclusion txs from DA at block's DA height (epoch-based)
    b. Build map of transactions in block
@@ -699,6 +699,8 @@ based_sequencer = true # Use based sequencer
    h. If txs within grace period: keep in pending queue, allow block
 3. Apply block if verification passes
 
+NOTE: P2P nodes only do not proceed to any verification. This is because DA inclusion happens later than block productions, and thus DA hints are added later to broadcasted blocks.
+
 **Grace Period Example** (with base grace period = 1 epoch, `DAEpochForcedInclusion = 50`):
 
 - Forced tx appears in epoch ending at DA height 100
@@ -722,18 +724,6 @@ based_sequencer = true # Use based sequencer
 
 Every `DAEpochForcedInclusion` DA blocks
 
-### Security Considerations
-
-1. **Malicious Proposer Detection**: Full nodes reject blocks missing forced transactions
-2. **No Timing Attacks**: Epoch boundaries are deterministic, no time-based logic
-3. **Blob Size Limits**: Two-tier size validation prevents DoS
-   - Absolute limit (1.5MB): Blobs exceeding this are permanently rejected
-   - Batch limit (`MaxBytes`): Ensures no batch exceeds DA submission limits
-4. **Graceful Degradation**: Continues operation if forced inclusion not configured
-5. **Height Validation**: Handles "height from future" errors without state corruption
-6. **Transaction Preservation**: No valid transactions are lost due to size constraints
-7. **Strict MaxBytes Enforcement**: Batches NEVER exceed `req.MaxBytes`, preventing DA layer rejections
-
 **Attack Vectors**:
 
 ### Security Considerations
@@ -774,11 +764,9 @@ Accepted and Implemented
 ### Negative
 
 1. **Increased Latency**: Forced transactions subject to epoch boundaries
-2. **DA Dependency**: Requires DA layer to support multiple namespaces
+2. **DA Dependency**: Requires DA layer to be enabled on nodes for verification
 3. **Higher DA Costs**: Users pay DA posting fees for forced inclusion
-4. **Additional Complexity**: New component (DA Retriever) and verification logic with grace period tracking
-5. **Epoch Configuration**: Requires setting `DAEpochForcedInclusion` in genesis (consensus parameter)
-6. **Grace Period Adjustment**: Grace period is dynamically adjusted based on block fullness to balance censorship detection with operational reliability
+4. **Epoch Configuration**: Requires setting `DAEpochForcedInclusion` in genesis (consensus parameter)
 
 ### Neutral
 

test/e2e/evm_force_inclusion_e2e_test.go

@@ -401,8 +401,6 @@ func setupFullNodeWithForceInclusionCheck(t *testing.T, sut *SystemUnderTest, fu
 // Note: This test simulates the scenario by having the sequencer configured to
 // listen to the wrong namespace, while we submit directly to the correct namespace.
 func TestEvmSyncerMaliciousSequencerForceInclusionE2E(t *testing.T) {
-	t.Skip() // Unskip once https://github.com/evstack/ev-node/pull/2963 is merged
-
 	sut := NewSystemUnderTest(t)
 	workDir := t.TempDir()
 	sequencerHome := filepath.Join(workDir, "sequencer")
@@ -413,6 +411,7 @@ func TestEvmSyncerMaliciousSequencerForceInclusionE2E(t *testing.T) {
 	t.Log("Malicious sequencer started listening to WRONG forced inclusion namespace")
 	t.Log("NOTE: Sequencer listens to 'wrong-namespace', won't see txs on 'forced-inc'")
 
+	// TODO: disable P2P based on the limitations describes in the ADR.
 	sequencerP2PAddress := getNodeP2PAddress(t, sut, sequencerHome, endpoints.RollkitRPCPort)
 	t.Logf("Sequencer P2P address: %s", sequencerP2PAddress)