Fix advance loop to handle multiple window advances after extended outages

The previous loop returned an error after a single failed advance, but
a node that was offline for more than one window (65,536 slots) needs
multiple advances. Now detects true key exhaustion by comparing the
prepared interval before and after advance_preparation().

Author: pablodeymo

crates/blockchain/src/key_manager.rs

@@ -105,11 +105,13 @@ impl KeyManager {
 
         // Advance XMSS key preparation window if the slot is outside the current window.
         // Each bottom tree covers 65,536 slots; the window holds 2 at a time.
+        // Multiple advances may be needed if the node was offline for an extended period.
         if !secret_key.is_prepared_for(slot) {
             info!(validator_id, slot, "Advancing XMSS key preparation window");
             while !secret_key.is_prepared_for(slot) {
+                let before = secret_key.get_prepared_interval();
                 secret_key.advance_preparation();
-                if !secret_key.is_prepared_for(slot) {
+                if secret_key.get_prepared_interval() == before {
                     return Err(KeyManagerError::SigningError(format!(
                         "XMSS key exhausted for validator {validator_id}: \
                          slot {slot} is beyond the key's activation interval"

crates/common/types/src/signature.rs

@@ -1,3 +1,5 @@
+use std::ops::Range;
+
 use leansig::{
     serialization::Serializable,
     signature::{SignatureScheme, SignatureSchemeSecretKey as _, SigningError},
@@ -106,6 +108,11 @@ impl ValidatorSecretKey {
         self.inner.get_prepared_interval().contains(&(slot as u64))
     }
 
+    /// Returns the slot range currently covered by the prepared window.
+    pub fn get_prepared_interval(&self) -> Range<u64> {
+        self.inner.get_prepared_interval()
+    }
+
     /// Advance the prepared window forward by one bottom tree.
     ///
     /// Each call slides the window by sqrt(LIFETIME) = 65,536 slots.