feat(sequencer): catchup from base

[julienrbrt]

Closes: #3016

Opus did a pretty good job. I'll be improving it.

[github-actions]

The latest Buf updates on your PR. Results from workflow CI / buf-check (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	⏩ skipped	✅ passed	✅ passed	Feb 10, 2026, 4:21 PM

[claude]

Claude finished @julienrbrt's task in 1m 57s —— View job

---

Code Review Complete

I've completed a comprehensive review of the sequencer catch-up mechanism. While the overall architecture is sound and the syncer-side logic is well-implemented, there are critical issues that must be addressed before merging.

---

Critical Issues (Must Fix)

1. Non-Monotonic Block Timestamps During Catch-Up 🚨 HIGH PRIORITY

Location: pkg/sequencers/single/sequencer.go:365-371

Problem: The current implementation reuses the same DA epoch timestamp for all blocks produced within that epoch. This violates the fundamental blockchain requirement that timestamps must be strictly monotonic (each block's timestamp > previous block's timestamp).

Scenario:

// Epoch 100 has DA end time T = 12:00:00
// Sequencer produces 3 blocks from forced txs in this epoch:
Block N:   timestamp = 12:00:00  ✓
Block N+1: timestamp = 12:00:00  ✗ INVALID (same as parent)
Block N+2: timestamp = 12:00:00  ✗ INVALID (same as parent)

Additionally, if an empty DA epoch is encountered (no forced inclusion txs), currentDAEndTime is not updated, causing subsequent blocks to reuse stale timestamps from previous epochs.

Impact: Most execution layers (EVM, Cosmos SDK, etc.) will reject blocks with non-monotonic timestamps, causing the chain to halt. This is a denial of service condition.

Evidence from code:

// sequencer.go:365-371
timestamp := time.Now()
if c.catchingUp && !c.currentDAEndTime.IsZero() {
    timestamp = c.currentDAEndTime  // ❌ Reused for every block in the epoch
}

Recommended fix: Implement timestamp advancement for multiple blocks per epoch. Options:

1. Add a small increment (e.g., 1ms) for each subsequent block within the same epoch
2. Use currentDAEndTime + (blockIndex * increment) where blockIndex tracks position within epoch
3. Interpolate between epoch boundaries based on transaction count/position

---

2. Data Race on Catch-Up State Fields 🚨 MEDIUM-HIGH PRIORITY

Location: pkg/sequencers/single/sequencer.go:66-69 (field declarations)

Problem: The fields catchingUp (bool) and currentDAEndTime (time.Time) are accessed concurrently without synchronization:

• Written by: GetNextBatch() and fetchNextDAEpoch() (called from block production loop)
• Read by: IsCatchingUp() (can be called by RPC handlers, metrics collectors, or monitoring)

Impact:

• Reading catchingUp without synchronization = undefined behavior (Go data race)
• Reading time.Time (a struct) during concurrent writes can yield corrupted values, potentially causing panics or invalid timestamps
• Violates Go's memory model

Evidence:

// sequencer.go:66-69 - No atomic protection
catchingUp bool
currentDAEndTime time.Time

// sequencer.go:425 - Concurrent read
func (c *Sequencer) IsCatchingUp() bool {
    return c.catchingUp  // ❌ Unsynchronized read
}

Recommended fix: Use proper synchronization:

// Option 1: atomic.Bool + atomic.Pointer[time.Time]
catchingUp atomic.Bool
currentDAEndTime atomic.Pointer[time.Time]

// Option 2: sync.RWMutex protecting both fields
mu sync.RWMutex
catchingUp bool
currentDAEndTime time.Time

---

3. Magic Number Should Be Named Constant

Location: pkg/sequencers/single/sequencer.go:562 (though the Gemini comment references line 562, the logic appears around the epoch detection)

Problem: The catch-up detection logic uses epoch-based comparison but the Gemini reviewer mentioned a 30*time.Second threshold that isn't clearly visible in my reading. If there's time-based logic, it should be a named constant.

Recommendation: Define as package-level constant:

const (
    catchUpEpochThreshold = 1 // Number of epochs that triggers catch-up
)

---

Major Issues (Should Fix)

4. Incomplete Catch-Up State Management

Location: pkg/sequencers/single/sequencer.go:526-582 (updateCatchUpState)

Issue: The catch-up state is only evaluated once per sequencer lifecycle (line 528 early return if already catching up). This means:

• If GetLatestDAHeight() fails transiently, catch-up may never activate
• If DA advances rapidly during catch-up, the sequencer doesn't re-evaluate its position
• Error handling logs a warning but doesn't retry

Recommendation: Consider periodic re-evaluation or retry logic with backoff for the DA height query.

---

5. Checkpoint Persistence Timing

Location: pkg/sequencers/single/sequencer.go:347-350

Issue: Checkpoint is saved after every GetNextBatch call, even during catch-up when processing many epochs rapidly. This could cause:

• Excessive disk I/O during catch-up
• Potential performance bottleneck
• Database contention

Recommendation: Consider batching checkpoint updates or using async persistence during catch-up mode.

---

6. Test Logger Verbosity

Location: pkg/sequencers/single/sequencer_test.go:1245, 1309, 1457, 1676

Issue: Tests use zerolog.New(zerolog.NewConsoleWriter()) which clutters test output. Other tests in the same file correctly use zerolog.Nop() or zerolog.NewTestWriter(t).

Recommendation:

// Use this for production-like logging that only shows on failure:
logger := zerolog.New(zerolog.NewTestWriter(t))

// Or this if logs aren't needed:
logger := zerolog.Nop()

---

Minor Issues & Suggestions

7. Incomplete Error Context

Location: pkg/sequencers/single/sequencer.go:473

When RetrieveForcedIncludedTxs fails with an unexpected error, the error message could include more context about the sequencer state (current DA height, catch-up status) to aid debugging.

---

8. Documentation Clarity

Location: pkg/sequencers/single/sequencer.go:56-69 (struct comments)

The comments are excellent but could benefit from:

• Explicit statement about the timestamp monotonicity requirement (once fixed)
• Clear definition of what constitutes "more than one DA epoch" for catch-up triggering
• Documentation of thread-safety guarantees for each field

---

9. Missing Metrics

Consider adding metrics for catch-up mode:

• sequencer_catchup_active (gauge): 1 if catching up, 0 otherwise
• sequencer_catchup_epochs_replayed (counter): Total epochs replayed
• sequencer_catchup_duration_seconds (histogram): Time spent in catch-up mode

This would help operators monitor sequencer health and catch-up performance.

---

10. Syncer DA Height Advancement Logic

Location: block/internal/syncing/syncer.go:780-806

Positive: The incremental DA height advancement logic is well-designed and correctly handles the catch-up scenario. The comments clearly explain why we advance by one epoch at a time instead of jumping to event.DaHeight.

Suggestion: Consider adding a metric to track when this special catch-up advancement is triggered, as it's an important operational signal that a sequencer was restarted after extended downtime.

---

Positive Aspects ✅

1. Comprehensive test coverage - The test suite covers most edge cases (multi-epoch replay, HeightFromFuture exit, no forced inclusion, etc.)
2. Clear separation of concerns - Catch-up logic is well-isolated in the sequencer
3. Syncer compatibility - The syncer correctly handles catch-up blocks via incremental DA height advancement
4. Checkpoint mechanism - Proper crash recovery with TxIndex tracking
5. Documentation - Comments explaining the catch-up mechanism are thorough and helpful

---

Test Coverage Analysis

Coverage: 62.85% patch coverage with 39 lines missing coverage

High-value missing coverage:

• block/internal/syncing/syncer.go: 13 missing + 1 partial (lines related to DA height gap detection)
• block/internal/da/tracing.go: 10 missing (new tracing code)
• block/internal/da/client.go: 9 missing (GetLatestDAHeight implementation)
• pkg/sequencers/single/sequencer.go: 4 missing + 2 partials

Recommendation: Add integration tests that exercise:

• The syncer's DA height advancement during catch-up (currently only unit tested in sequencer)
• DA client GetLatestDAHeight error paths
• Edge case: sequencer produces empty blocks (no forced txs, no mempool) during catch-up

---

Architecture Assessment

Overall Design: The catch-up mechanism is architecturally sound. The approach of:

1. Detecting missed epochs via GetLatestDAHeight
2. Replaying epochs with forced-inclusion-only blocks
3. Using epoch timestamps for historical accuracy
4. Exiting on HeightFromFuture

...is correct and aligns with the goal of ensuring sequencer nodes produce identical blocks to base sequencing nodes during downtime.

Key Strength: The separation between sequencer catch-up (producing blocks) and syncer verification (consuming blocks) is clean and maintainable.

---

Recommendations

Priority 1 (Block Merge):

1. ✅ Fix timestamp monotonicity (Issue ABCI interface #1)
2. ✅ Fix data race on catch-up state (Issue Peer discovery #2)

Priority 2 (Before Release):

3. Add retry logic for GetLatestDAHeight failures
4. Optimize checkpoint persistence during catch-up
5. Standardize test loggers
6. Add catch-up metrics

Priority 3 (Nice to Have):

7. Add integration tests for syncer DA height advancement
8. Enhanced error context
9. Documentation improvements

---

Summary

The implementation demonstrates a good understanding of the problem and provides a solid foundation. However, the timestamp monotonicity issue is critical and will cause chain halts in production. The data race is also serious and violates Go's memory model.

Once these two issues are fixed, the PR will be in much better shape. The test coverage is good, and the architectural approach is sound.

Verdict: ❌ Request Changes - Critical issues must be addressed before merge.

---

[gemini-code-assist]

Summary of Changes

Hello @julienrbrt, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request implements a critical "catch-up" feature for the sequencer, designed to enhance its resilience and consistency following periods of inactivity or downtime. By intelligently replaying missed Data Availability (DA) epochs, the sequencer can resynchronize its state, ensuring that all forced inclusion transactions are processed in the correct order and with accurate timestamps, thereby maintaining a consistent view of the blockchain's history, even when operating in a decentralized environment. This mechanism allows the sequencer to seamlessly transition back to normal operation without compromising data integrity.

Highlights

• Sequencer Catch-up Mechanism: Introduced a new mechanism allowing the sequencer to "catch up" on missed Data Availability (DA) epochs after extended downtime.
• Forced Inclusion Priority: During catch-up, the sequencer temporarily processes only forced inclusion transactions, ensuring consistency with base sequencing nodes and temporarily skipping mempool transactions.
• DA Height Synchronization: Modified syncer.go to incrementally advance the DAHeight by one epoch during catch-up, preventing issues with forced inclusion transaction verification.
• Timestamp Alignment: Block timestamps generated during catch-up are now aligned with the DA epoch's end timestamp for historical accuracy.
• Comprehensive Testing: Added extensive unit tests covering various catch-up scenarios, including detection, mempool skipping, timestamp usage, exit conditions, and multi-epoch replay.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• block/internal/syncing/syncer.go
  • Updated the logic for DAHeight updates to handle large discrepancies between event.DaHeight and newState.DAHeight. When a significant gap (more than one epoch) is detected, newState.DAHeight is now advanced by exactly one epoch per block, rather than jumping directly to event.DaHeight. This ensures correct verification of forced inclusion transactions during sequencer catch-up.
  • Added detailed comments explaining the new DAHeight update strategy and its importance for catch-up blocks and forced inclusion verification.
• pkg/sequencers/single/sequencer.go
  • Added catchingUp (boolean) and currentDAEndTime (time.Time) to the Sequencer struct to manage the catch-up state and store the DA epoch's end timestamp.
  • Modified GetNextBatch to conditionally skip fetching transactions from the mempool when the sequencer is in catchingUp mode. This ensures that only forced inclusion transactions are included in batches during catch-up.
  • Updated GetNextBatch to use sequencer.currentDAEndTime as the block timestamp when catchingUp is true, aligning block timestamps with the historical DA epoch.
  • Introduced a public IsCatchingUp() method to query the sequencer's current catch-up status.
  • Modified fetchNextDAEpoch to store the forcedTxsEvent.Timestamp in currentDAEndTime and to call a new updateCatchUpState method to manage the catchingUp flag. It also now exits catch-up mode if StatusHeightFromFuture is returned by the DA client.
  • Implemented a new private method updateCatchUpState that determines whether the sequencer should be in catch-up mode based on the timestamp of the fetched DA epoch. It enters catch-up if the epoch timestamp is significantly in the past (more than one epoch's wall-clock duration) and exits if it's recent.
• pkg/sequencers/single/sequencer_test.go
  • Added a comprehensive suite of tests (TestSequencer_CatchUp_...) to validate the new catch-up functionality. These tests cover:
  • Detection of old epochs and entering catch-up mode.
  • Skipping mempool transactions during catch-up.
  • Using DA epoch timestamps for blocks during catch-up.
  • Exiting catch-up mode when the DA head is reached (either a recent epoch or HeightFromFuture).
  • Scenarios where catch-up is not triggered (recent epoch, no forced inclusion configured).
  • Multi-epoch replay scenarios.
  • Correct advancement of the internal checkpoint (DAHeight) during catch-up.

Activity

• The pull request addresses and closes issue https://github.com/evstack/ev-node/issues/3016.
• The author indicates that this work builds upon a previous attempt by "Opus", aiming for improvement.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[codecov]

Codecov Report

❌ Patch coverage is 62.85714% with 39 lines in your changes missing coverage. Please review.
✅ Project coverage is 61.89%. Comparing base (e83b64c) to head (42f0405).

Files with missing lines	Patch %	Lines
block/internal/syncing/syncer.go	22.22%	13 Missing and 1 partial ⚠️
block/internal/da/tracing.go	0.00%	10 Missing ⚠️
block/internal/da/client.go	0.00%	9 Missing ⚠️
pkg/sequencers/single/sequencer.go	91.17%	4 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3057      +/-   ##
==========================================
+ Coverage   61.83%   61.89%   +0.06%     
==========================================
  Files         111      111              
  Lines       11123    11223     +100     
==========================================
+ Hits         6878     6947      +69     
- Misses       3506     3537      +31     
  Partials      739      739              

Flag	Coverage Δ
combined	61.89% <62.85%> (+0.06%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[gemini-code-assist]

Code Review

This pull request introduces a robust catch-up mechanism for the sequencer, designed to handle restarts after extended downtime. While the overall approach for consuming and verifying catch-up blocks in the syncer, including the incremental advancement of DAHeight, is well-implemented and tested, the implementation of catch-up mode in the single sequencer has significant flaws. Specifically, it produces non-monotonic block timestamps when multiple blocks are generated for a single DA epoch or when empty epochs are encountered, which will likely cause the execution layer to reject blocks and halt the chain. Additionally, there is a data race on the new catch-up state fields due to a lack of synchronization primitives. Minor suggestions for code clarity and testing experience were also noted.

[gemini-code-assist]

During catch-up mode, the sequencer uses the timestamp from the last fetched DA epoch as the block timestamp. However, multiple blocks can be produced for a single DA epoch (e.g., if the epoch contains many transactions that don't fit in one block). In this case, all blocks produced for that epoch will have the exact same timestamp (c.currentDAEndTime). Furthermore, if an empty DA epoch is encountered, c.currentDAEndTime is not updated, causing the next block to reuse the timestamp from the previous non-empty epoch.

Most blockchain execution layers (like EVM) require that each new block has a timestamp strictly greater than its parent. If the sequencer produces multiple blocks with the same timestamp, the execution layer will reject them, halting the block production process and causing a Denial of Service.

[gemini-code-assist]

The fields catchingUp and currentDAEndTime are accessed concurrently without proper synchronization. GetNextBatch and fetchNextDAEpoch (which update these fields) can be called by the block production loop, while IsCatchingUp() can be called concurrently by other components (e.g., RPC, monitoring, or metrics).

In Go, concurrent read/write access to non-atomic fields is a data race, which leads to undefined behavior. Specifically, a race on time.Time (which is a struct) can result in a corrupted timestamp being read, potentially leading to invalid blocks and a Denial of Service.

[gemini-code-assist]

The value 30*time.Second is used as a minimum threshold for the catch-up logic. To improve readability and maintainability, consider defining this as a named constant at the package level, for example: const minCatchUpThreshold = 30 * time.Second, and using that constant here. This makes the intent of the value clearer and centralizes its definition.

[gemini-code-assist]

Using zerolog.New(zerolog.NewConsoleWriter()) in tests can lead to verbose output in the console during test runs. It's generally better to use a logger that integrates with the testing framework, such as zerolog.New(zerolog.NewTestWriter(t)), which only shows logs for failed tests, or zerolog.Nop() if logs are not needed. This practice is followed in other new tests in this file (e.g., TestSequencer_CatchUp_UsesDATimestamp). Applying this consistently would improve the developer experience. This comment also applies to lines 1309, 1457, and 1676.

Suggested change

	logger := zerolog.New(zerolog.NewConsoleWriter())
	logger := zerolog.New(zerolog.NewTestWriter(t))