Use post-block checkpoints for proposer attestation source and target (#268)

## Motivation

A bug was found during devnet3 testing in the Qlean client (C++
implementation) where **finality was lagging more than 3 slots behind
head**. The root cause was identified through structured log analysis:
the proposer's attestation was computed **before** the block was
imported into fork choice, causing the attestation to carry stale
`source` (justified) and `target` checkpoint values.

### The ordering bug across clients

When a proposer builds a block containing attestations that advance
justification/finalization, the state transition updates these
checkpoints. The question is: does the proposer's own attestation
reflect the **pre-import** or **post-import** checkpoint values?

**Qlean (buggy ordering):**
```
produceBlockWithSignatures
  ├─ produceAttestation          ← attestation BEFORE import
  │   ├─ getHead                 ← stale head
  │   └─ getLatestJustified      ← stale justified
  └─ onBlock                     ← import updates head/justified
```

**Zeam (correct ordering):**
```
validator.maybeDoProposal
  ├─ chain.produceBlock
  │   ├─ forkChoice.onBlock      ← import FIRST
  │   └─ forkChoice.updateHead   ← head/justified updated
  └─ chain.constructAttestationData
      ├─ forkChoice.getHead      ← fresh head
      └─ forkChoice.getLatestJustified  ← fresh justified
```

**ethlambda (was buggy, same as Qlean):**
```
propose_block()
  ├─ produce_block_with_signatures()   ← build block
  ├─ Attestation { source: store.latest_justified(), ... }  ← stale!
  ├─ sign attestation
  ├─ assemble SignedBlockWithAttestation
  └─ process_block() → on_block()      ← import AFTER attestation
```

### Why we can't just reorder

In ethlambda (and Qlean), the proposer attestation is embedded inside
`SignedBlockWithAttestation` → `BlockWithAttestation`. It's part of the
block's hash tree root and required for signature verification during
import. So unlike Zeam's architecture (where block and attestation are
separate), we **cannot** import the block first and then create the
attestation — it's a chicken-and-egg problem.

## Description

The fix exploits the fact that `build_block()` already runs the full
state transition to compute `state_root`. The resulting `post_state`
contains `latest_justified` and `latest_finalized` after processing the
block's attestations — but these values were previously discarded.

### Changes

1. **`PostBlockCheckpoints` struct** — carries the two checkpoints
(`justified` + `finalized`) from `build_block` back to the caller.

2. **`build_block` / `produce_block_with_signatures`** — return
`PostBlockCheckpoints` alongside the block, extracted from the
post-state transition result. No extra computation — just plumbing
values that were already computed.

3. **`get_attestation_target_with_checkpoints`** — parameterized version
of `get_attestation_target` that accepts justified/finalized checkpoints
instead of reading from the store. The existing `get_attestation_target`
becomes a thin wrapper that delegates with store values.

4. **`propose_block`** — uses `post_checkpoints.justified` as `source`
and calls `get_attestation_target_with_checkpoints` with post-block
checkpoints for `target`.

### Behavior

- **When block has no attestations** (or attestations don't advance
justification): `post_state.latest_justified ==
head_state.latest_justified`, so behavior is identical to before. No
regression.
- **When block attestations advance justification**: proposer's
attestation now correctly reflects the post-import justified checkpoint,
preventing finality lag.

## How to Test

```bash
make fmt    # passes
make lint   # passes
make test   # all 97 tests pass
```

Full devnet validation is recommended to verify finality behavior under
load.

---------

Co-authored-by: Tomás Grüner <47506558+MegaRedHand@users.noreply.github.com>

Author: pablodeymo

crates/blockchain/src/lib.rs

@@ -213,14 +213,16 @@ impl BlockChainServer {
         info!(%slot, %validator_id, "We are the proposer for this slot");
 
         // Build the block with attestation signatures
-        let Ok((block, attestation_signatures)) =
+        let Ok((block, attestation_signatures, post_checkpoints)) =
             store::produce_block_with_signatures(&mut self.store, slot, validator_id)
                 .inspect_err(|err| error!(%slot, %validator_id, %err, "Failed to build block"))
         else {
             return;
         };
 
-        // Create proposer's attestation (attests to the new block)
+        // Create proposer's attestation using post-block checkpoints because
+        // the block's attestations may have advanced justification/finalization
+        // but the block hasn't been imported into the store yet.
         let proposer_attestation = Attestation {
             validator_id,
             data: AttestationData {
@@ -229,8 +231,12 @@ impl BlockChainServer {
                     root: block.hash_tree_root(),
                     slot: block.slot,
                 },
-                target: store::get_attestation_target(&self.store),
-                source: self.store.latest_justified(),
+                target: store::get_attestation_target_with_checkpoints(
+                    &self.store,
+                    post_checkpoints.justified,
+                    post_checkpoints.finalized,
+                ),
+                source: post_checkpoints.justified,
             },
         };
 

crates/blockchain/src/store.rs

@@ -35,6 +35,17 @@ const JUSTIFICATION_LOOKBACK_SLOTS: u64 = 3;
 /// See: https://github.com/lambdaclass/ethlambda/issues/259
 const MAX_ATTESTATION_PROOF_BYTES: usize = 9 * 1024 * 1024;
 
+/// Post-block checkpoints extracted from the state transition in `build_block`.
+///
+/// When building a block, the state transition processes attestations that may
+/// advance justification/finalization. These checkpoints reflect the post-state
+/// values, which the proposer needs for its attestation (since the block hasn't
+/// been imported into the store yet).
+pub struct PostBlockCheckpoints {
+    pub justified: Checkpoint,
+    pub finalized: Checkpoint,
+}
+
 /// Accept new aggregated payloads, promoting them to known for fork choice.
 fn accept_new_attestations(store: &mut Store, log_tree: bool) {
     store.promote_new_aggregated_payloads();
@@ -621,6 +632,28 @@ fn on_block_core(
 ///
 /// NOTE: this assumes that we have all the blocks from the head back to the latest finalized.
 pub fn get_attestation_target(store: &Store) -> Checkpoint {
+    get_attestation_target_with_checkpoints(
+        store,
+        store.latest_justified(),
+        store.latest_finalized(),
+    )
+}
+
+/// Calculate target checkpoint using the provided justified and finalized checkpoints
+/// instead of reading them from the store.
+///
+/// This is needed by the proposer, whose block hasn't been imported yet but whose
+/// state transition may have advanced justification/finalization.
+///
+/// Note: the walk-back still starts from `store.head()` (the pre-import head), not
+/// the new block. This is correct because the new block is only 1 slot ahead with less than 2/3 of votes — the
+/// walk-back immediately reaches the same chain. The important fix is using the
+/// post-state justified/finalized for the justifiability check and clamping guard.
+pub fn get_attestation_target_with_checkpoints(
+    store: &Store,
+    justified: Checkpoint,
+    finalized: Checkpoint,
+) -> Checkpoint {
     // Start from current head
     let mut target_block_root = store.head();
     let mut target_header = store
@@ -647,7 +680,7 @@ pub fn get_attestation_target(store: &Store) -> Checkpoint {
         }
     }
 
-    let finalized_slot = store.latest_finalized().slot;
+    let finalized_slot = finalized.slot;
 
     // Ensure target is in justifiable slot range
     //
@@ -661,7 +694,7 @@ pub fn get_attestation_target(store: &Store) -> Checkpoint {
             .get_block_header(&target_block_root)
             .expect("parent block exists");
     }
-    // Guard: clamp target to latest_justified (not in the spec).
+    // Guard: clamp target to justified (not in the spec).
     //
     // The spec's walk-back has no lower bound, so it can produce attestations
     // where target.slot < source.slot (source = latest_justified). These would
@@ -673,14 +706,13 @@ pub fn get_attestation_target(store: &Store) -> Checkpoint {
     // justified checkpoint.
     //
     // See https://github.com/blockblaz/zeam/blob/697c293879e922942965cdb1da3c6044187ae00e/pkgs/node/src/forkchoice.zig#L654-L659
-    let latest_justified = store.latest_justified();
-    if target_header.slot < latest_justified.slot {
+    if target_header.slot < justified.slot {
         warn!(
             target_slot = target_header.slot,
-            justified_slot = latest_justified.slot,
+            justified_slot = justified.slot,
             "Attestation target walked behind justified source, clamping to justified"
         );
-        return latest_justified;
+        return justified;
     }
 
     Checkpoint {
@@ -757,7 +789,7 @@ pub fn produce_block_with_signatures(
     store: &mut Store,
     slot: u64,
     validator_index: u64,
-) -> Result<(Block, Vec<AggregatedSignatureProof>), StoreError> {
+) -> Result<(Block, Vec<AggregatedSignatureProof>, PostBlockCheckpoints), StoreError> {
     // Get parent block and state to build upon
     let head_root = get_proposal_head(store, slot);
     let head_state = store
@@ -782,7 +814,7 @@ pub fn produce_block_with_signatures(
 
     let known_block_roots = store.get_block_roots();
 
-    let (block, signatures) = build_block(
+    let (block, signatures, post_checkpoints) = build_block(
         &head_state,
         slot,
         validator_index,
@@ -791,7 +823,7 @@ pub fn produce_block_with_signatures(
         &aggregated_payloads,
     )?;
 
-    Ok((block, signatures))
+    Ok((block, signatures, post_checkpoints))
 }
 
 /// Errors that can occur during Store operations.
@@ -999,7 +1031,7 @@ fn build_block(
     parent_root: H256,
     known_block_roots: &HashSet<H256>,
     aggregated_payloads: &HashMap<H256, (AttestationData, Vec<AggregatedSignatureProof>)>,
-) -> Result<(Block, Vec<AggregatedSignatureProof>), StoreError> {
+) -> Result<(Block, Vec<AggregatedSignatureProof>, PostBlockCheckpoints), StoreError> {
     let mut aggregated_attestations: Vec<AggregatedAttestation> = Vec::new();
     let mut aggregated_signatures: Vec<AggregatedSignatureProof> = Vec::new();
     let mut accumulated_proof_bytes: usize = 0;
@@ -1099,7 +1131,12 @@ fn build_block(
     process_block(&mut post_state, &final_block)?;
     final_block.state_root = post_state.hash_tree_root();
 
-    Ok((final_block, aggregated_signatures))
+    let post_checkpoints = PostBlockCheckpoints {
+        justified: post_state.latest_justified,
+        finalized: post_state.latest_finalized,
+    };
+
+    Ok((final_block, aggregated_signatures, post_checkpoints))
 }
 
 /// Verify all signatures in a signed block.
@@ -1415,7 +1452,7 @@ mod tests {
         }
 
         // Build the block; this should succeed (the bug: no size guard)
-        let (block, signatures) = build_block(
+        let (block, signatures, _post_checkpoints) = build_block(
             &head_state,
             slot,
             proposer_index,