apollo_consensus_orchestrator: add SNIP-35 fee_proposal validation

[sirandreww-starkware]

No description provided.

[sirandreww-starkware]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• apollo_consensus_orchestrator: tmp dirty tests for SNIP-35 (NOT FOR MERGE) #13857
• apollo_l1_gas_price,apollo_l1_gas_price_config: move exchange_rate_decimals const to config #13881
• apollo_consensus_orchestrator: add SNIP-35 proposer-validator symmetry tests #13856
• apollo_consensus_orchestrator: add SNIP-35 module edge case tests #13855
• apollo_consensus_orchestrator: add SNIP-35 e2e test #13821
• apollo_consensus_manager: wire STRK/USD oracle into consensus manager #13820
• apollo_consensus_orchestrator: add SNIP-35 fee_proposal validation #13819 👈 (View in Graphite)
• apollo_consensus_orchestrator: wire SNIP-35 fee_proposal into build_proposal #13818
• apollo_consensus_orchestrator: add fee_actual floor to EIP-1559 gas price calculation #13824
• apollo_consensus_orchestrator: add SNIP-35 fee_proposals sliding window #13817
• apollo_consensus_orchestrator,apollo_consensus_manager: add strk_exchange_rate_oracle field to deps #13823
• apollo_consensus_orchestrator: add SNIP-35 metrics #13816
• apollo_consensus_orchestrator: add SNIP-35 module tests #13815
• apollo_consensus_orchestrator: add SNIP-35 module #13854
• starknet_api: include fee_proposal_fri in proposal commitment hash #13814 : 1 other dependent PR (#13908 )
• apollo_storage: add fee_proposal_fri migrators and bump blocks version to 6.1 #13936 : 1 other dependent PR (#13934 )
• starknet_api: add fee_proposal_fri to BlockHeaderWithoutHash and PartialBlockHashComponents #13822
• apollo_protobuf: add fee_proposal_fri to ProposalInit #13812 : 2 other dependent PRs (#13811 , #13935 )
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[reviewable-StarkWare]

This change is 

[cursor]

PR Summary

High Risk
Adds new consensus-critical validation rules for fee_proposal_fri (version gating and bounds vs. sliding-window fee_actual), which can cause validators to reject proposals if nodes disagree on window state or margins.

Overview
Adds SNIP-35 validation for ProposalInit.fee_proposal_fri: it must be present for Starknet >= V0_14_3 and absent before, and when a sliding-window fee_actual is available it must fall within the configured parts-per-thousand margin.

Threads fee_actual (computed from the node’s fee-proposal window) through SequencerConsensusContext into ProposalInitValidation, and updates tests/helpers to populate the new field and to provide a default fee_proposal_fri for LATEST versions.

^{Reviewed by Cursor Bugbot for commit a965ac1. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 040849d. Configure here.}

[cursor]

Duplicated fee bounds formula risks future inconsistency

Medium Severity

The lower/upper bound computation in the validator (validate_proposal.rs) is copy-pasted from the proposer path in compute_fee_proposal (snip35/mod.rs). Both use the same saturating_mul/division formula with PPT_DENOMINATOR and margin_ppt. If the bounds formula is ever updated in one location but not the other, honest proposers would be rejected by validators — a consensus-breaking bug. Extracting a shared helper (e.g., returning (lower, upper)) from the snip35 module would eliminate this risk.

 

^{Reviewed by Cursor Bugbot for commit 040849d. Configure here.}