feat: check max fees per gas (#10283)

Please read [contributing guidelines](CONTRIBUTING.md) and remove this
line.

noir-projects/noir-protocol-circuits/crates/private-kernel-lib/src/components/tail_to_public_output_validator.nr

@@ -9,9 +9,8 @@ use dep::types::{
         log_hash::ScopedLogHash,
         note_hash::ScopedNoteHash,
         nullifier::ScopedNullifier,
-        private_log::{PrivateLog, PrivateLogData},
         public_call_request::PublicCallRequest,
-        side_effect::{Counted, scoped::Scoped},
+        side_effect::Counted,
     },
     messaging::l2_to_l1_message::ScopedL2ToL1Message,
     utils::arrays::{

noir-projects/noir-protocol-circuits/crates/rollup-lib/src/abis/base_or_merge_rollup_public_inputs.nr

@@ -1,6 +1,5 @@
-use crate::abis::constant_rollup_data::ConstantRollupData;
 use dep::types::{
-    abis::sponge_blob::SpongeBlob,
+    abis::{constant_rollup_data::ConstantRollupData, sponge_blob::SpongeBlob},
     constants::BASE_OR_MERGE_PUBLIC_INPUTS_LENGTH,
     partial_state_reference::PartialStateReference,
     traits::{Deserialize, Empty, Serialize},

noir-projects/noir-protocol-circuits/crates/rollup-lib/src/abis/mod.nr

@@ -1,4 +1,3 @@
-pub(crate) mod constant_rollup_data;
 pub(crate) mod base_or_merge_rollup_public_inputs;
 pub(crate) mod block_root_or_block_merge_public_inputs;
 pub(crate) mod previous_rollup_data;

noir-projects/noir-protocol-circuits/crates/rollup-lib/src/base/components/constants.nr

@@ -1,5 +1,6 @@
-use crate::abis::constant_rollup_data::ConstantRollupData;
-use types::abis::combined_constant_data::CombinedConstantData;
+use types::abis::{
+    combined_constant_data::CombinedConstantData, constant_rollup_data::ConstantRollupData,
+};
 
 pub(crate) fn validate_combined_constant_data(
     constants: CombinedConstantData,

noir-projects/noir-protocol-circuits/crates/rollup-lib/src/base/components/mod.nr

@@ -3,3 +3,10 @@ pub(crate) mod constants;
 pub(crate) mod fees;
 pub(crate) mod nullifier_tree;
 pub(crate) mod public_data_tree;
+
+mod private_tube_data_validator;
+mod public_tube_data_validator;
+pub(crate) mod validate_tube_data;
+
+pub(crate) use private_tube_data_validator::PrivateTubeDataValidator;
+pub(crate) use public_tube_data_validator::PublicTubeDataValidator;

noir-projects/noir-protocol-circuits/crates/rollup-lib/src/base/components/private_tube_data_validator.nr

@@ -0,0 +1,28 @@
+use super::validate_tube_data::validate_max_fees_per_gas;
+use dep::types::abis::{constant_rollup_data::ConstantRollupData, tube::PrivateTubeData};
+
+pub struct PrivateTubeDataValidator {
+    pub data: PrivateTubeData,
+}
+
+// TODO: Move relevant verifications here.
+impl PrivateTubeDataValidator {
+    pub fn new(data: PrivateTubeData) -> Self {
+        PrivateTubeDataValidator { data }
+    }
+
+    pub fn verify_proof<let N: u32>(self, _allowed_previous_circuits: [u32; N]) {
+        if !dep::std::runtime::is_unconstrained() {
+            self.data.verify();
+            // TODO(#7410)
+            // self.data.vk_data.validate_in_vk_tree(self.data.public_inputs.constants.vk_tree_root, allowed_previous_circuits);
+        }
+    }
+
+    pub fn validate_with_rollup_data(self, constants: ConstantRollupData) {
+        validate_max_fees_per_gas(
+            self.data.public_inputs.constants.tx_context.gas_settings.max_fees_per_gas,
+            constants.global_variables.gas_fees,
+        );
+    }
+}

noir-projects/noir-protocol-circuits/crates/rollup-lib/src/base/components/public_tube_data_validator.nr

@@ -0,0 +1,28 @@
+use super::validate_tube_data::validate_max_fees_per_gas;
+use dep::types::abis::{constant_rollup_data::ConstantRollupData, tube::PublicTubeData};
+
+pub struct PublicTubeDataValidator {
+    pub data: PublicTubeData,
+}
+
+// TODO: Move relevant verifications here.
+impl PublicTubeDataValidator {
+    pub fn new(data: PublicTubeData) -> Self {
+        PublicTubeDataValidator { data }
+    }
+
+    pub fn verify_proof(self) {
+        if !dep::std::runtime::is_unconstrained() {
+            self.data.verify();
+            // TODO(#7410)
+            // self.tube_data.vk_data.validate_in_vk_tree(self.tube_data.public_inputs.constants.vk_tree_root, ALLOWED_PREVIOUS_CIRCUITS);
+        }
+    }
+
+    pub fn validate_with_rollup_data(self, constants: ConstantRollupData) {
+        validate_max_fees_per_gas(
+            self.data.public_inputs.constants.tx_context.gas_settings.max_fees_per_gas,
+            constants.global_variables.gas_fees,
+        );
+    }
+}

noir-projects/noir-protocol-circuits/crates/rollup-lib/src/base/components/validate_tube_data.nr

@@ -0,0 +1,12 @@
+use dep::types::abis::gas_fees::GasFees;
+
+pub fn validate_max_fees_per_gas(max_fees_per_gas: GasFees, gas_fees: GasFees) {
+    assert(
+        !max_fees_per_gas.fee_per_da_gas.lt(gas_fees.fee_per_da_gas),
+        "da gas is higher than the maximum specified by the tx",
+    );
+    assert(
+        !max_fees_per_gas.fee_per_l2_gas.lt(gas_fees.fee_per_l2_gas),
+        "l2 gas is higher than the maximum specified by the tx",
+    );
+}

noir-projects/noir-protocol-circuits/crates/rollup-lib/src/base/mod.nr

@@ -2,6 +2,7 @@ pub(crate) mod components;
 pub(crate) mod state_diff_hints;
 mod private_base_rollup;
 mod public_base_rollup;
+mod tests;
 
 pub use crate::abis::base_or_merge_rollup_public_inputs::BaseOrMergeRollupPublicInputs;
 pub use private_base_rollup::PrivateBaseRollupInputs;

noir-projects/noir-protocol-circuits/crates/rollup-lib/src/base/private_base_rollup.nr

@@ -1,26 +1,25 @@
 use crate::{
-    abis::{
-        base_or_merge_rollup_public_inputs::{BASE_ROLLUP_TYPE, BaseOrMergeRollupPublicInputs},
-        constant_rollup_data::ConstantRollupData,
-    },
+    abis::base_or_merge_rollup_public_inputs::{BASE_ROLLUP_TYPE, BaseOrMergeRollupPublicInputs},
     base::{
         components::{
             archive::perform_archive_membership_check, constants::validate_combined_constant_data,
             fees::compute_fee_payer_fee_juice_balance_leaf_slot,
-            nullifier_tree::nullifier_tree_batch_insert, public_data_tree::public_data_tree_insert,
+            nullifier_tree::nullifier_tree_batch_insert, PrivateTubeDataValidator,
+            public_data_tree::public_data_tree_insert,
         },
         state_diff_hints::PrivateBaseStateDiffHints,
     },
     components::{append_tx_effects_for_blob, compute_kernel_out_hash},
 };
 use dep::types::{
     abis::{
-        append_only_tree_snapshot::AppendOnlyTreeSnapshot,
+        append_only_tree_snapshot::AppendOnlyTreeSnapshot, constant_rollup_data::ConstantRollupData,
         nullifier_leaf_preimage::NullifierLeafPreimage, public_data_write::PublicDataWrite,
         sponge_blob::SpongeBlob, tube::PrivateTubeData,
     },
     constants::{
         ARCHIVE_HEIGHT, MAX_TOTAL_PUBLIC_DATA_UPDATE_REQUESTS_PER_TX, NOTE_HASH_SUBTREE_HEIGHT,
+        TUBE_VK_INDEX,
     },
     data::{hash::compute_public_data_tree_value, public_data_hint::PublicDataHint},
     hash::silo_l2_to_l1_message,
@@ -32,7 +31,7 @@ use dep::types::{
     traits::is_empty,
 };
 
-// global ALLOWED_PREVIOUS_CIRCUITS: [u32; 2] = [PRIVATE_KERNEL_EMPTY_INDEX, TUBE_VK_INDEX];
+global ALLOWED_PREVIOUS_CIRCUITS: [u32; 1] = [TUBE_VK_INDEX];
 
 pub struct PrivateBaseRollupInputs {
     tube_data: PrivateTubeData,
@@ -55,10 +54,14 @@ impl PrivateBaseRollupInputs {
     }
 
     pub fn execute(self) -> BaseOrMergeRollupPublicInputs {
-        if !dep::std::runtime::is_unconstrained() {
-            self.tube_data.verify();
-            // TODO(#7410)
-            // self.tube_data.vk_data.validate_in_vk_tree(self.tube_data.public_inputs.constants.vk_tree_root, ALLOWED_PREVIOUS_CIRCUITS);
+        // TODO(#10311): There should be an empty base rollup.
+        // There's at least 1 nullifier for a tx. So gas_used won't be empty if the previous circuit is private_tail.
+        let is_empty_tube = self.tube_data.public_inputs.gas_used.is_empty();
+
+        let tube_data_validator = PrivateTubeDataValidator::new(self.tube_data);
+        tube_data_validator.verify_proof(ALLOWED_PREVIOUS_CIRCUITS);
+        if !is_empty_tube {
+            tube_data_validator.validate_with_rollup_data(self.constants);
         }
 
         let transaction_fee = self.compute_transaction_fee();
@@ -223,10 +226,7 @@ impl PrivateBaseRollupInputs {
 
 mod tests {
     use crate::{
-        abis::{
-            base_or_merge_rollup_public_inputs::BaseOrMergeRollupPublicInputs,
-            constant_rollup_data::ConstantRollupData,
-        },
+        abis::base_or_merge_rollup_public_inputs::BaseOrMergeRollupPublicInputs,
         base::{
             components::fees::compute_fee_payer_fee_juice_balance_leaf_slot,
             private_base_rollup::PrivateBaseRollupInputs,
@@ -239,7 +239,8 @@ mod tests {
     use dep::types::{
         abis::{
             accumulated_data::CombinedAccumulatedData,
-            append_only_tree_snapshot::AppendOnlyTreeSnapshot, gas::Gas, gas_fees::GasFees,
+            append_only_tree_snapshot::AppendOnlyTreeSnapshot,
+            constant_rollup_data::ConstantRollupData, gas::Gas, gas_fees::GasFees,
             kernel_circuit_public_inputs::KernelCircuitPublicInputs,
             nullifier_leaf_preimage::NullifierLeafPreimage, public_data_write::PublicDataWrite,
             sponge_blob::SpongeBlob,
@@ -887,6 +888,8 @@ mod tests {
         builder.tube_data.set_gas_used(100, 200);
         builder.constants.global_variables.gas_fees.fee_per_da_gas = 1;
         builder.constants.global_variables.gas_fees.fee_per_l2_gas = 1;
+        builder.tube_data.tx_context.gas_settings.max_fees_per_gas.fee_per_da_gas = 1;
+        builder.tube_data.tx_context.gas_settings.max_fees_per_gas.fee_per_l2_gas = 1;
         let tx_fee = builder.compute_transaction_fee();
         // builder.transaction_fee = tx_fee;
         builder.tube_data.append_note_hashes_with_logs(NUM_NOTES);
@@ -1118,6 +1121,7 @@ mod tests {
 
         // Set gas
         builder.tube_data.gas_used = gas_used;
+        builder.tube_data.tx_context.gas_settings.max_fees_per_gas = gas_fees;
         builder.constants.global_variables.gas_fees = gas_fees;
 
         // Set fee payer
@@ -1167,6 +1171,7 @@ mod tests {
 
         // Set gas
         builder.tube_data.gas_used = gas_used;
+        builder.tube_data.tx_context.gas_settings.max_fees_per_gas = gas_fees;
         builder.constants.global_variables.gas_fees = gas_fees;
 
         // Set fee payer
@@ -1197,6 +1202,7 @@ mod tests {
 
         // Set gas
         builder.tube_data.gas_used = gas_used;
+        builder.tube_data.tx_context.gas_settings.max_fees_per_gas = gas_fees;
         builder.constants.global_variables.gas_fees = gas_fees;
 
         // Set fee payer

noir-projects/noir-protocol-circuits/crates/rollup-lib/src/base/public_base_rollup.nr

@@ -1,12 +1,10 @@
 use crate::{
-    abis::{
-        base_or_merge_rollup_public_inputs::{BASE_ROLLUP_TYPE, BaseOrMergeRollupPublicInputs},
-        constant_rollup_data::ConstantRollupData,
-    },
+    abis::base_or_merge_rollup_public_inputs::{BASE_ROLLUP_TYPE, BaseOrMergeRollupPublicInputs},
     base::{
         components::{
             archive::perform_archive_membership_check, constants::validate_combined_constant_data,
             nullifier_tree::nullifier_tree_batch_insert, public_data_tree::public_data_tree_insert,
+            PublicTubeDataValidator,
         },
         state_diff_hints::PublicBaseStateDiffHints,
     },
@@ -18,6 +16,7 @@ use dep::types::{
         append_only_tree_snapshot::AppendOnlyTreeSnapshot,
         avm_circuit_public_inputs::AvmProofData,
         combined_constant_data::CombinedConstantData,
+        constant_rollup_data::ConstantRollupData,
         log_hash::ScopedLogHash,
         nullifier_leaf_preimage::NullifierLeafPreimage,
         public_data_write::PublicDataWrite,
@@ -92,11 +91,9 @@ impl PublicBaseRollupInputs {
     }
 
     pub fn execute(self) -> BaseOrMergeRollupPublicInputs {
-        if !dep::std::runtime::is_unconstrained() {
-            self.tube_data.verify();
-            // TODO(#7410)
-            // self.tube_data.vk_data.validate_in_vk_tree([TUBE_VK_INDEX]);
-        }
+        let tube_data_validator = PublicTubeDataValidator::new(self.tube_data);
+        tube_data_validator.verify_proof();
+        tube_data_validator.validate_with_rollup_data(self.constants);
 
         // Warning: Fake verification! TODO(#8470)
         // if !dep::std::runtime::is_unconstrained() {
@@ -263,10 +260,7 @@ impl PublicBaseRollupInputs {
 
 mod tests {
     use crate::{
-        abis::{
-            base_or_merge_rollup_public_inputs::BaseOrMergeRollupPublicInputs,
-            constant_rollup_data::ConstantRollupData,
-        },
+        abis::base_or_merge_rollup_public_inputs::BaseOrMergeRollupPublicInputs,
         base::{
             public_base_rollup::PublicBaseRollupInputs, state_diff_hints::PublicBaseStateDiffHints,
         },
@@ -278,6 +272,7 @@ mod tests {
         abis::{
             accumulated_data::CombinedAccumulatedData,
             append_only_tree_snapshot::AppendOnlyTreeSnapshot,
+            constant_rollup_data::ConstantRollupData,
             nullifier_leaf_preimage::NullifierLeafPreimage, public_data_write::PublicDataWrite,
             sponge_blob::SpongeBlob,
         },
@@ -298,7 +293,11 @@ mod tests {
         merkle_tree::MembershipWitness,
         messaging::l2_to_l1_message::ScopedL2ToL1Message,
         partial_state_reference::PartialStateReference,
-        tests::{fixture_builder::FixtureBuilder, fixtures, merkle_tree_utils::NonEmptyMerkleTree},
+        tests::{
+            fixture_builder::FixtureBuilder,
+            fixtures::{self, merkle_tree::generate_full_sha_tree},
+            merkle_tree_utils::NonEmptyMerkleTree,
+        },
         traits::{Empty, is_empty},
         utils::{
             arrays::{array_concat, get_sorted_tuple::get_sorted_tuple},
@@ -1070,9 +1069,7 @@ mod tests {
         );
 
         // Since we fill the tree completely, we know to expect a full tree as below
-        let expected_tree = dep::types::merkle_tree::variable_merkle_tree::tests::generate_full_sha_tree(
-            siloed_l2_to_l1_msgs.storage(),
-        );
+        let expected_tree = generate_full_sha_tree(siloed_l2_to_l1_msgs.storage());
         assert_eq(out_hash, expected_tree.get_root());
     }
 

noir-projects/noir-protocol-circuits/crates/rollup-lib/src/base/tests/mod.nr

@@ -0,0 +1 @@
+mod private_tube_data_validator_builder;

noir-projects/noir-protocol-circuits/crates/rollup-lib/src/base/tests/private_tube_data_validator_builder/mod.nr

@@ -0,0 +1,24 @@
+mod validate_with_rollup_data;
+
+use crate::base::components::PrivateTubeDataValidator;
+use dep::types::tests::fixture_builder::FixtureBuilder;
+
+pub struct PrivateTubeDataValidatorBuilder {
+    pub tube_data: FixtureBuilder,
+    pub rollup_data: FixtureBuilder,
+}
+
+impl PrivateTubeDataValidatorBuilder {
+    pub fn new() -> Self {
+        PrivateTubeDataValidatorBuilder {
+            tube_data: FixtureBuilder::new(),
+            rollup_data: FixtureBuilder::new(),
+        }
+    }
+
+    pub fn validate_with_rollup_data(self) {
+        let tube_data = self.tube_data.to_private_tube_data();
+        let rollup_data = self.rollup_data.to_constant_rollup_data();
+        PrivateTubeDataValidator::new(tube_data).validate_with_rollup_data(rollup_data);
+    }
+}

noir-projects/noir-protocol-circuits/crates/rollup-lib/src/base/tests/private_tube_data_validator_builder/validate_with_rollup_data.nr

@@ -0,0 +1,27 @@
+use super::PrivateTubeDataValidatorBuilder;
+
+#[test]
+fn validate_with_rollup_data_success() {
+    let builder = PrivateTubeDataValidatorBuilder::new();
+    builder.validate_with_rollup_data();
+}
+
+#[test(should_fail_with = "da gas is higher than the maximum specified by the tx")]
+fn validate_with_rollup_data_not_enough_fee_per_da_gas_fails() {
+    let mut builder = PrivateTubeDataValidatorBuilder::new();
+
+    builder.tube_data.tx_context.gas_settings.max_fees_per_gas.fee_per_da_gas = 3;
+    builder.rollup_data.global_variables.gas_fees.fee_per_da_gas = 4;
+
+    builder.validate_with_rollup_data();
+}
+
+#[test(should_fail_with = "l2 gas is higher than the maximum specified by the tx")]
+fn validate_with_rollup_data_not_enough_fee_per_l2_gas_fails() {
+    let mut builder = PrivateTubeDataValidatorBuilder::new();
+
+    builder.tube_data.tx_context.gas_settings.max_fees_per_gas.fee_per_l2_gas = 3;
+    builder.rollup_data.global_variables.gas_fees.fee_per_l2_gas = 4;
+
+    builder.validate_with_rollup_data();
+}

noir-projects/noir-protocol-circuits/crates/types/src/abis/avm_circuit_public_inputs.nr

@@ -214,7 +214,7 @@ impl AvmProofData {
         );
 
         let mut result: [Field; 4] = [input_hash, 0, 0, 0];
-        for i in 0..DUMMY_AVM_VERIFIER_NUM_ITERATIONS {
+        for _i in 0..DUMMY_AVM_VERIFIER_NUM_ITERATIONS {
             result = poseidon2_permutation(result, 4);
         }
 

noir-projects/noir-protocol-circuits/crates/rollup-lib/src/abis/constant_rollup_data.nr → noir-projects/noir-protocol-circuits/crates/types/src/abis/constant_rollup_data.nr

@@ -1,4 +1,4 @@
-use dep::types::{
+use crate::{
     abis::{append_only_tree_snapshot::AppendOnlyTreeSnapshot, global_variables::GlobalVariables},
     constants::CONSTANT_ROLLUP_DATA_LENGTH,
     traits::{Deserialize, Empty, Serialize},

noir-projects/noir-protocol-circuits/crates/types/src/abis/mod.nr

@@ -13,6 +13,7 @@ pub mod nullifier_leaf_preimage;
 
 pub mod tx_constant_data;
 pub mod combined_constant_data;
+pub mod constant_rollup_data;
 
 pub mod side_effect;
 pub mod read_request;