alpenlabs · storopoli · May 22, 2026 · May 8, 2026 · May 8, 2026 · May 13, 2026
@@ -17,7 +17,7 @@ use strata_identifiers::Buf64;
 use strata_ledger_types::IStateAccessor;
 use strata_ol_chain_types_new::{OLBlock, SignedOLBlockHeader};
 use strata_ol_da::{GlobalStateDiff, LedgerDiff, OLDaPayloadV1, StateDiff};
-use strata_ol_stf::test_utils::{build_empty_chain, create_test_genesis_state};
+use strata_ol_stf::test_utils::{build_empty_chain, make_genesis_state};
 use strata_proofimpl_checkpoint::program::{CheckpointProgram, CheckpointProverInput};
 use tracing::info;
 use zkaleido::{ExecutionSummary, ZkVmHost, ZkVmProgram};
@@ -26,15 +26,15 @@ const SLOTS_PER_EPOCH: u64 = 9;
 const NUM_BLOCKS: usize = 10;
 
 fn prepare_checkpoint_input() -> CheckpointProverInput {
-    let mut state = create_test_genesis_state();
+    let mut state = make_genesis_state();
     let mut blocks = build_empty_chain(&mut state, NUM_BLOCKS, SLOTS_PER_EPOCH)
         .expect("build_empty_chain should succeed");
 
     // First block is the parent (genesis); remaining blocks are the proving batch.
     let parent = blocks.remove(0).into_header();
 
     // Rebuild start_state: execute just the genesis block to get state after genesis.
-    let mut start_state = create_test_genesis_state();
+    let mut start_state = make_genesis_state();
     let _ = build_empty_chain(&mut start_state, 1, SLOTS_PER_EPOCH)
         .expect("build_empty_chain should succeed");
 

@@ -611,7 +611,7 @@ mod tests {
     use strata_ol_state_support_types::MemoryStateBaseLayer;
     use strata_ol_state_types::OLState;
     use strata_ol_stf::{
-        test_utils::{create_test_genesis_state, execute_block},
+        test_utils::{execute_block, make_genesis_state},
         BlockComponents, BlockInfo, CompletedBlock,
     };
     use strata_predicate::PredicateKey;
@@ -954,7 +954,7 @@ mod tests {
     }
 
     fn execute_test_genesis() -> (ExecutedBlock, MemoryStateBaseLayer) {
-        let mut genesis_state = create_test_genesis_state();
+        let mut genesis_state = make_genesis_state();
         let genesis_manifest = AsmManifest::new(
             1,
             L1BlockId::from(Buf32::zero()),
@@ -1404,7 +1404,7 @@ mod tests {
     #[tokio::test]
     async fn stub_storage_round_trips_executed_blocks_and_epochs() {
         let storage = StubFcmStorage::new();
-        let state = create_test_genesis_state().state().clone();
+        let state = make_genesis_state().state().clone();
         let block = make_storage_block(0, OLBlockId::from(Buf32::zero()));
         let blkid = block.header().compute_blkid();
         let commitment = OLBlockCommitment::new(block.header().slot(), blkid);
@@ -1461,14 +1461,12 @@ mod tests {
 
         ctx.storage().put_executed_block(
             genesis,
-            create_test_genesis_state().state().clone(),
+            make_genesis_state().state().clone(),
             BlockStatus::Valid,
         );
         ctx.storage().put_ol_block(block);
-        ctx.storage().put_toplevel_ol_state(
-            block_commitment,
-            create_test_genesis_state().state().clone(),
-        );
+        ctx.storage()
+            .put_toplevel_ol_state(block_commitment, make_genesis_state().state().clone());
         ctx.storage().put_canonical_epoch_commitment(genesis_epoch);
 
         let mut fcm_state = init_fcm_service_state(PredicateKey::always_accept(), ctx.clone())

@@ -1,6 +1,6 @@
 use strata_acct_types::{AccountId, AccountSerial, AccountTypeId, AcctError, BitcoinAmount};
 use strata_codec::CodecError;
-use strata_identifiers::{Epoch, OLTxId, Slot};
+use strata_identifiers::{Epoch, L1Height, OLTxId, Slot};
 use strata_snark_acct_types::Seqno;
 use thiserror::Error;
 
@@ -84,7 +84,10 @@ pub type ExecResult<T> = Result<T, ExecError>;
 #[derive(Debug, Error)]
 pub enum ExecError {
     #[error("header epoch does not match state epoch (header {0}, state {1})")]
-    EpochMismatch(Epoch, Epoch),
+    HeaderEpochMismatch(Epoch, Epoch),
+
+    #[error("context epoch does not match state epoch (context {0}, state {1})")]
+    ContextEpochMismatch(Epoch, Epoch),
 
     /// Signature is invalid, for some purpose.
     #[error("signature for {0} is invalid")]
@@ -113,6 +116,22 @@ pub enum ExecError {
     #[error("chain integrity invalid")]
     ChainIntegrity,
 
+    #[error("ASM manifest height mismatch at index {index} (expected {expected}, actual {actual})")]
+    AsmManifestHeightMismatch {
+        expected: L1Height,
+        actual: L1Height,
+        index: usize,
+    },
+
+    #[error("ASM manifest height overflow")]
+    AsmManifestHeightOverflow,
+
+    #[error("epoch overflow")]
+    EpochOverflow,
+
+    #[error("slot overflow")]
+    SlotOverflow,
+
     #[error("tried to interact with nonexistent account ({0:?})")]
     UnknownAccount(AccountId),
 

@@ -33,14 +33,14 @@ impl<S: IStateAccessorMut> DaScheme<S> for OLDaSchemeV1 {
 mod tests {
     use strata_da_framework::DaCounter;
     use strata_ledger_types::IStateAccessor;
-    use strata_ol_stf::test_utils::create_test_genesis_state;
+    use strata_ol_stf::test_utils::make_genesis_state;
 
     use super::*;
     use crate::{GlobalStateDiff, LedgerDiff, StateDiff};
 
     #[test]
     fn test_ol_da_scheme_v1_apply_updates_global_slot() {
-        let mut state = create_test_genesis_state();
+        let mut state = make_genesis_state();
         let start_slot = state.cur_slot();
 
         let diff = StateDiff::new(

@@ -312,7 +312,7 @@ mod tests {
     use strata_identifiers::AccountSerial;
     use strata_ledger_types::{IStateAccessor, IStateAccessorMut, NewAccountData};
     use strata_ol_state_support_types::MemoryStateBaseLayer;
-    use strata_ol_stf::test_utils::create_test_genesis_state;
+    use strata_ol_stf::test_utils::make_genesis_state;
     use strata_predicate::PredicateKey;
 
     use super::*;
@@ -376,7 +376,7 @@ mod tests {
 
     #[test]
     fn test_ol_state_diff_poll_context_rejects_existing_new_account() {
-        let mut state = create_test_genesis_state();
+        let mut state = make_genesis_state();
         let account_id = test_account_id(2);
         let new_acct = NewAccountData::new(BitcoinAmount::from_sat(10), NewAccountTypeState::Empty);
         state
@@ -403,7 +403,7 @@ mod tests {
 
     #[test]
     fn test_ol_state_diff_apply_updates_balance() {
-        let mut state = create_test_genesis_state();
+        let mut state = make_genesis_state();
         let account_id = test_account_id(3);
         let new_acct =
             NewAccountData::new(BitcoinAmount::from_sat(1_000), NewAccountTypeState::Empty);
@@ -436,7 +436,7 @@ mod tests {
 
     #[test]
     fn test_ol_state_diff_apply_decreases_balance() {
-        let mut state = create_test_genesis_state();
+        let mut state = make_genesis_state();
         let account_id = test_account_id(30);
         let new_acct =
             NewAccountData::new(BitcoinAmount::from_sat(2_000), NewAccountTypeState::Empty);
@@ -468,7 +468,7 @@ mod tests {
 
     #[test]
     fn test_ol_state_diff_apply_updates_limbo_funds() {
-        let mut state = create_test_genesis_state();
+        let mut state = make_genesis_state();
         assert_eq!(state.limbo_funds(), BitcoinAmount::from_sat(0));
 
         let global_diff = GlobalStateDiff::new(
@@ -496,7 +496,7 @@ mod tests {
 
     #[test]
     fn test_ol_state_diff_apply_snark_seqno() {
-        let mut state = create_test_genesis_state();
+        let mut state = make_genesis_state();
         let account_id = test_account_id(4);
         let new_acct = NewAccountData::new(
             BitcoinAmount::from_sat(500),

@@ -30,6 +30,7 @@ tracing.workspace = true
 [dev-dependencies]
 ssz_primitives.workspace = true
 ssz_types.workspace = true
+strata-asm-proto-checkpoint-types.workspace = true
 strata-ol-params.workspace = true
 strata-ol-state-support-types.workspace = true
 strata-predicate.workspace = true

@@ -22,7 +22,10 @@ pub fn process_epoch_initial<S: IStateAccessor>(
     let state_cur_epoch = state.cur_epoch();
     let block_cur_epoch = context.cur_epoch();
     if block_cur_epoch != state_cur_epoch {
-        return Err(ExecError::ChainIntegrity);
+        return Err(ExecError::ContextEpochMismatch(
+            block_cur_epoch,
+            state_cur_epoch,
+        ));
     }
 
     // 3. Insert the previous terminal info into the MMR.
@@ -49,15 +52,18 @@ pub fn process_block_start<S: IStateAccessorMut>(
     // also error out on this when constructing blocks?
     let header_epoch = context.epoch();
     if let Some(ph) = context.parent_header() {
-        let exp_epoch = ph.epoch() + ph.is_terminal() as u32;
+        let exp_epoch = ph
+            .epoch()
+            .checked_add(u32::from(ph.is_terminal()))
+            .ok_or(ExecError::EpochOverflow)?;
         if context.epoch() != exp_epoch {
             return Err(ExecError::IncorrectEpoch(
                 ph.epoch(),
                 context.epoch(),
                 ph.is_terminal(),
             ));
         }
-        let exp_slot = ph.slot() + 1;
+        let exp_slot = ph.slot().checked_add(1).ok_or(ExecError::SlotOverflow)?;
         if context.slot() != exp_slot {
             return Err(ExecError::IncorrectSlot {
                 expected: exp_slot,
@@ -71,7 +77,7 @@ pub fn process_block_start<S: IStateAccessorMut>(
     // 2. Make sure that the current state epoch matches the header's epoch.
     let state_epoch = state.cur_epoch();
     if header_epoch != state_epoch {
-        return Err(ExecError::EpochMismatch(header_epoch, state_epoch));
+        return Err(ExecError::HeaderEpochMismatch(header_epoch, state_epoch));
     }
 
     // 3. Update the global state's current slot to match the block's slot

@@ -110,6 +110,17 @@ impl<'b> BlockContext<'b> {
         }
     }
 
+    #[cfg(test)]
+    pub(crate) fn new_unchecked(
+        block_info: &'b BlockInfo,
+        parent_header: Option<&'b OLBlockHeader>,
+    ) -> Self {
+        Self {
+            block_info,
+            parent_header,
+        }
+    }
+
     pub fn block_info(&self) -> &BlockInfo {
         self.block_info
     }

@@ -50,15 +50,19 @@ pub fn process_block_manifests<S: IStateAccessorMut>(
     for (i, mf) in mf_cont.manifests().iter().enumerate() {
         // New manifests in a segment are strictly after the state's current
         // last seen height.
-        let real_height = orig_l1_height + i as u32 + 1;
+        let real_height = next_manifest_height(orig_l1_height, i)?;
         if mf.height() != real_height {
             warn!(
                 expected_height = real_height,
                 got_height = mf.height(),
                 index = i,
                 "asm manifest height mismatch",
             );
-            return Err(ExecError::ChainIntegrity);
+            return Err(ExecError::AsmManifestHeightMismatch {
+                expected: real_height,
+                actual: mf.height(),
+                index: i,
+            });
         }
         trace!(
             height = real_height,
@@ -75,7 +79,9 @@ pub fn process_block_manifests<S: IStateAccessorMut>(
     }
 
     // 2. Finally, we can update the epoch to get it ready for the next epoch.
-    let new_epoch = terminating_epoch + 1;
+    let new_epoch = terminating_epoch
+        .checked_add(1)
+        .ok_or(ExecError::EpochOverflow)?;
     info!(
         from_epoch = terminating_epoch,
         to_epoch = new_epoch,
@@ -87,6 +93,14 @@ pub fn process_block_manifests<S: IStateAccessorMut>(
     Ok(())
 }
 
+fn next_manifest_height(last_l1_height: L1Height, index: usize) -> ExecResult<L1Height> {
+    let offset = L1Height::try_from(index).map_err(|_| ExecError::AsmManifestHeightOverflow)?;
+    last_l1_height
+        .checked_add(offset)
+        .and_then(|height| height.checked_add(1))
+        .ok_or(ExecError::AsmManifestHeightOverflow)
+}
+
 fn process_asm_manifest<S: IStateAccessorMut>(
     state: &mut S,
     real_height: L1Height,
@@ -283,3 +297,21 @@ fn process_ee_predicate_key_update<S: IStateAccessorMut>(
 
     Ok(())
 }
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn next_manifest_height_rejects_l1_height_overflow() {
+        assert_eq!(next_manifest_height(0, 0).expect("height should fit"), 1);
+
+        assert!(matches!(
+            next_manifest_height(L1Height::MAX, 0),
+            Err(ExecError::AsmManifestHeightOverflow)
+        ));
+        assert!(matches!(
+            next_manifest_height(L1Height::MAX - 1, 1),
+            Err(ExecError::AsmManifestHeightOverflow)
+        ));
+    }
+}
@@ -319,4 +319,48 @@ mod tests {
             "Sp1Groth16 verifier feature must be enabled for OL STF replay"
         );
     }
+
+    #[test]
+    fn test_is_all_done_requires_consuming_all_proofs() {
+        let acc_proofs: Vec<RawMerkleProof> = (0..2).map(|_| RawMerkleProof::new_zero()).collect();
+        let pred_proofs: Vec<ProofSatisfier> = (0..2)
+            .map(|i| ProofSatisfier {
+                proof: vec![i as u8]
+                    .try_into()
+                    .expect("proof should not exceed capacity"),
+            })
+            .collect();
+
+        let tx_proofs = TxProofs::new(
+            Some(ProofSatisfierList {
+                proofs: pred_proofs
+                    .try_into()
+                    .expect("proofs should not exceed capacity"),
+            }),
+            Some(RawMerkleProofList {
+                proofs: acc_proofs
+                    .try_into()
+                    .expect("proofs should not exceed capacity"),
+            }),
+        );
+        let mut tracker = TxProofsTracker::from_txproofs(&tx_proofs);
+
+        // Consume one from each stream and ensure exhaustion is still false.
+        tracker
+            .inc_next_acc_proof()
+            .expect("first acc inc should work");
+        tracker
+            .inc_next_pred_proof()
+            .expect("first pred inc should work");
+        assert!(!tracker.is_all_done(), "one proof in each stream remains");
+
+        // Consume remaining proofs and ensure tracker now reports exhausted.
+        tracker
+            .inc_next_acc_proof()
+            .expect("second acc inc should work");
+        tracker
+            .inc_next_pred_proof()
+            .expect("second pred inc should work");
+        assert!(tracker.is_all_done(), "all proofs should be consumed");
+    }
 }