James feedback

Add gossip for payload envelope
Add gossip for payload attestation (#16333 )
2026-02-10 21:14:58 -05:00 · 2026-02-10 15:18:36 -08:00 · 2026-02-10 10:19:12 -08:00 · 2026-02-10 16:17:22 +00:00
35 changed files with 2154 additions and 83 deletions
--- a/beacon-chain/blockchain/BUILD.bazel
+++ b/beacon-chain/blockchain/BUILD.bazel
@@ -27,6 +27,8 @@ go_library(
        "receive_blob.go",
        "receive_block.go",
        "receive_data_column.go",
+        "receive_execution_payload_envelope.go",
+        "receive_payload_attestation_message.go",
        "service.go",
        "setup_forkchoice.go",
        "tracked_proposer.go",
--- a/beacon-chain/blockchain/receive_execution_payload_envelope.go
+++ b/beacon-chain/blockchain/receive_execution_payload_envelope.go
@@ -0,0 +1,19 @@
+package blockchain
+
+import (
+	"context"
+
+	"github.com/OffchainLabs/prysm/v7/consensus-types/interfaces"
+)
+
+// ExecutionPayloadEnvelopeReceiver interface defines the methods of chain service for receiving
+// validated execution payload envelopes.
+type ExecutionPayloadEnvelopeReceiver interface {
+	ReceiveExecutionPayloadEnvelope(context.Context, interfaces.ROSignedExecutionPayloadEnvelope) error
+}
+
+// ReceiveExecutionPayloadEnvelope accepts a signed execution payload envelope.
+func (s *Service) ReceiveExecutionPayloadEnvelope(_ context.Context, _ interfaces.ROSignedExecutionPayloadEnvelope) error {
+	// TODO: wire into execution payload envelope processing pipeline.
+	return nil
+}
--- a/beacon-chain/blockchain/receive_payload_attestation_message.go
+++ b/beacon-chain/blockchain/receive_payload_attestation_message.go
@@ -0,0 +1,19 @@
+package blockchain
+
+import (
+	"context"
+
+	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
+)
+
+// PayloadAttestationReceiver interface defines the methods of chain service for receiving
+// validated payload attestation messages.
+type PayloadAttestationReceiver interface {
+	ReceivePayloadAttestationMessage(context.Context, *ethpb.PayloadAttestationMessage) error
+}
+
+// ReceivePayloadAttestationMessage accepts a payload attestation message.
+func (s *Service) ReceivePayloadAttestationMessage(ctx context.Context, a *ethpb.PayloadAttestationMessage) error {
+	// TODO: Handle payload attestation message processing once Gloas is fully wired.
+	return nil
+}
--- a/beacon-chain/blockchain/testing/mock.go
+++ b/beacon-chain/blockchain/testing/mock.go
@@ -757,6 +757,16 @@ func (c *ChainService) ReceiveDataColumns(dcs []blocks.VerifiedRODataColumn) err
 	return nil
 }

+// ReceivePayloadAttestationMessage implements the same method in the chain service.
+func (c *ChainService) ReceivePayloadAttestationMessage(_ context.Context, _ *ethpb.PayloadAttestationMessage) error {
+	return nil
+}
+
+// ReceiveExecutionPayloadEnvelope implements the same method in the chain service.
+func (c *ChainService) ReceiveExecutionPayloadEnvelope(_ context.Context, _ interfaces.ROSignedExecutionPayloadEnvelope) error {
+	return nil
+}
+
 // DependentRootForEpoch mocks the same method in the chain service
 func (c *ChainService) DependentRootForEpoch(_ [32]byte, _ primitives.Epoch) ([32]byte, error) {
 	return c.TargetRoot, nil
--- a/beacon-chain/cache/BUILD.bazel
+++ b/beacon-chain/cache/BUILD.bazel
@@ -17,6 +17,7 @@ go_library(
        "error.go",
        "interfaces.go",
        "log.go",
+        "payload_attestation.go",
        "payload_id.go",
        "proposer_indices.go",
        "proposer_indices_disabled.go",  # keep
@@ -76,6 +77,7 @@ go_test(
        "checkpoint_state_test.go",
        "committee_fuzz_test.go",
        "committee_test.go",
+        "payload_attestation_test.go",
        "payload_id_test.go",
        "private_access_test.go",
        "proposer_indices_test.go",
--- a/beacon-chain/cache/payload_attestation.go
+++ b/beacon-chain/cache/payload_attestation.go
@@ -0,0 +1,53 @@
+package cache
+
+import (
+	"sync"
+
+	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
+)
+
+// PayloadAttestationCache tracks seen payload attestation messages for a single slot.
+type PayloadAttestationCache struct {
+	slot primitives.Slot
+	seen map[primitives.ValidatorIndex]struct{}
+	mu   sync.RWMutex
+}
+
+// Seen returns true if a vote for the given slot has already been
+// processed for this validator index.
+func (p *PayloadAttestationCache) Seen(slot primitives.Slot, idx primitives.ValidatorIndex) bool {
+	p.mu.RLock()
+	defer p.mu.RUnlock()
+	if p.slot != slot {
+		return false
+	}
+	if p.seen == nil {
+		return false
+	}
+	_, ok := p.seen[idx]
+	return ok
+}
+
+// Add marks the given slot and validator index as seen.
+// This function assumes that the message has already been validated.
+func (p *PayloadAttestationCache) Add(slot primitives.Slot, idx primitives.ValidatorIndex) error {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+	if p.slot != slot {
+		p.slot = slot
+		p.seen = make(map[primitives.ValidatorIndex]struct{})
+	}
+	if p.seen == nil {
+		p.seen = make(map[primitives.ValidatorIndex]struct{})
+	}
+	p.seen[idx] = struct{}{}
+	return nil
+}
+
+// Clear clears the internal cache.
+func (p *PayloadAttestationCache) Clear() {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+	p.slot = 0
+	p.seen = nil
+}
--- a/beacon-chain/cache/payload_attestation_test.go
+++ b/beacon-chain/cache/payload_attestation_test.go
@@ -0,0 +1,48 @@
+package cache_test
+
+import (
+	"testing"
+
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/cache"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
+	"github.com/stretchr/testify/require"
+)
+
+func TestPayloadAttestationCache_SeenAndAdd(t *testing.T) {
+	var c cache.PayloadAttestationCache
+	slot1 := primitives.Slot(1)
+	slot2 := primitives.Slot(2)
+	idx1 := primitives.ValidatorIndex(3)
+	idx2 := primitives.ValidatorIndex(4)
+
+	require.False(t, c.Seen(slot1, idx1))
+
+	require.NoError(t, c.Add(slot1, idx1))
+	require.True(t, c.Seen(slot1, idx1))
+	require.False(t, c.Seen(slot1, idx2))
+	require.False(t, c.Seen(slot2, idx1))
+
+	require.NoError(t, c.Add(slot1, idx2))
+	require.True(t, c.Seen(slot1, idx1))
+	require.True(t, c.Seen(slot1, idx2))
+
+	require.NoError(t, c.Add(slot2, idx1))
+	require.True(t, c.Seen(slot2, idx1))
+	require.False(t, c.Seen(slot1, idx1))
+	require.False(t, c.Seen(slot1, idx2))
+}
+
+func TestPayloadAttestationCache_Clear(t *testing.T) {
+	var c cache.PayloadAttestationCache
+	slot := primitives.Slot(10)
+	idx := primitives.ValidatorIndex(42)
+
+	require.NoError(t, c.Add(slot, idx))
+	require.True(t, c.Seen(slot, idx))
+
+	c.Clear()
+	require.False(t, c.Seen(slot, idx))
+
+	require.NoError(t, c.Add(slot, idx))
+	require.True(t, c.Seen(slot, idx))
+}
--- a/beacon-chain/core/gloas/payload_attestation.go
+++ b/beacon-chain/core/gloas/payload_attestation.go
@@ -77,7 +77,7 @@ func ProcessPayloadAttestations(ctx context.Context, st state.BeaconState, body

 // indexedPayloadAttestation converts a payload attestation into its indexed form.
 func indexedPayloadAttestation(ctx context.Context, st state.ReadOnlyBeaconState, att *eth.PayloadAttestation) (*consensus_types.IndexedPayloadAttestation, error) {
-	committee, err := payloadCommittee(ctx, st, att.Data.Slot)
+	committee, err := PayloadCommittee(ctx, st, att.Data.Slot)
 	if err != nil {
 		return nil, err
 	}
@@ -96,7 +96,7 @@ func indexedPayloadAttestation(ctx context.Context, st state.ReadOnlyBeaconState
 	}, nil
 }

-// payloadCommittee returns the payload timeliness committee for a given slot for the state.
+// PayloadCommittee returns the payload timeliness committee for a given slot for the state.
 //
 //	<spec fn="get_ptc" fork="gloas" hash="ae15f761">
 //	def get_ptc(state: BeaconState, slot: Slot) -> Vector[ValidatorIndex, PTC_SIZE]:
@@ -115,7 +115,7 @@ func indexedPayloadAttestation(ctx context.Context, st state.ReadOnlyBeaconState
 //	        state, indices, seed, size=PTC_SIZE, shuffle_indices=False
 //	    )
 //	</spec>
-func payloadCommittee(ctx context.Context, st state.ReadOnlyBeaconState, slot primitives.Slot) ([]primitives.ValidatorIndex, error) {
+func PayloadCommittee(ctx context.Context, st state.ReadOnlyBeaconState, slot primitives.Slot) ([]primitives.ValidatorIndex, error) {
 	epoch := slots.ToEpoch(slot)
 	seed, err := ptcSeed(st, epoch, slot)
 	if err != nil {
--- a/beacon-chain/p2p/gossip_topic_mappings.go
+++ b/beacon-chain/p2p/gossip_topic_mappings.go
@@ -25,6 +25,8 @@ var gossipTopicMappings = map[string]func() proto.Message{
 	LightClientOptimisticUpdateTopicFormat:    func() proto.Message { return &ethpb.LightClientOptimisticUpdateAltair{} },
 	LightClientFinalityUpdateTopicFormat:      func() proto.Message { return &ethpb.LightClientFinalityUpdateAltair{} },
 	DataColumnSubnetTopicFormat:               func() proto.Message { return &ethpb.DataColumnSidecar{} },
+	PayloadAttestationMessageTopicFormat:      func() proto.Message { return &ethpb.PayloadAttestationMessage{} },
+	ExecutionPayloadEnvelopeTopicFormat:       func() proto.Message { return &ethpb.SignedExecutionPayloadEnvelope{} },
 }

 // GossipTopicMappings is a function to return the assigned data type
@@ -144,4 +146,7 @@ func init() {

 	// Specially handle Fulu objects.
 	GossipTypeMapping[reflect.TypeFor[*ethpb.SignedBeaconBlockFulu]()] = BlockSubnetTopicFormat
+
+	// Payload attestation messages.
+	GossipTypeMapping[reflect.TypeFor[*ethpb.PayloadAttestationMessage]()] = PayloadAttestationMessageTopicFormat
 }
--- a/beacon-chain/p2p/topics.go
+++ b/beacon-chain/p2p/topics.go
@@ -46,6 +46,10 @@ const (
 	GossipLightClientOptimisticUpdateMessage = "light_client_optimistic_update"
 	// GossipDataColumnSidecarMessage is the name for the data column sidecar message type.
 	GossipDataColumnSidecarMessage = "data_column_sidecar"
+	// GossipPayloadAttestationMessage is the name for the payload attestation message type.
+	GossipPayloadAttestationMessage = "payload_attestation_message"
+	// GossipExecutionPayloadEnvelopeMessage is the name for the execution payload envelope message type.
+	GossipExecutionPayloadEnvelopeMessage = "execution_payload_envelope"

 	// Topic Formats
 	//
@@ -75,6 +79,10 @@ const (
 	LightClientOptimisticUpdateTopicFormat = GossipProtocolAndDigest + GossipLightClientOptimisticUpdateMessage
 	// DataColumnSubnetTopicFormat is the topic format for the data column subnet.
 	DataColumnSubnetTopicFormat = GossipProtocolAndDigest + GossipDataColumnSidecarMessage + "_%d"
+	// PayloadAttestationMessageTopicFormat is the topic format for payload attestation messages.
+	PayloadAttestationMessageTopicFormat = GossipProtocolAndDigest + GossipPayloadAttestationMessage
+	// ExecutionPayloadEnvelopeTopicFormat is the topic format for execution payload envelopes.
+	ExecutionPayloadEnvelopeTopicFormat = GossipProtocolAndDigest + GossipExecutionPayloadEnvelopeMessage
 )

 // topic is a struct representing a single gossipsub topic.
@@ -141,7 +149,7 @@ func (s *Service) allTopics() []topic {
 	cfg := params.BeaconConfig()
 	// bellatrix: no special topics; electra: blobs topics handled all together
 	genesis, altair, capella := cfg.GenesisEpoch, cfg.AltairForkEpoch, cfg.CapellaForkEpoch
-	deneb, fulu, future := cfg.DenebForkEpoch, cfg.FuluForkEpoch, cfg.FarFutureEpoch
+	deneb, fulu, gloas, future := cfg.DenebForkEpoch, cfg.FuluForkEpoch, cfg.GloasForkEpoch, cfg.FarFutureEpoch
 	// Templates are starter topics - they have a placeholder digest and the subnet is set to the maximum value
 	// for the subnet (see how this is used in allSubnetsBelow). These are not directly returned by the method,
 	// they are copied and modified for each digest where they apply based on the start and end epochs.
@@ -158,6 +166,8 @@ func (s *Service) allTopics() []topic {
 		newTopic(altair, future, empty, GossipLightClientOptimisticUpdateMessage),
 		newTopic(altair, future, empty, GossipLightClientFinalityUpdateMessage),
 		newTopic(capella, future, empty, GossipBlsToExecutionChangeMessage),
+		newTopic(gloas, future, empty, GossipPayloadAttestationMessage),
+		newTopic(gloas, future, empty, GossipExecutionPayloadEnvelopeMessage),
 	}
 	last := params.GetNetworkScheduleEntry(genesis)
 	schedule := []params.NetworkScheduleEntry{last}
--- a/beacon-chain/sync/BUILD.bazel
+++ b/beacon-chain/sync/BUILD.bazel
@@ -47,6 +47,7 @@ go_library(
        "subscriber_bls_to_execution_change.go",
        "subscriber_data_column_sidecar.go",
        "subscriber_handlers.go",
+        "subscriber_payload_attestation.go",
        "subscriber_sync_committee_message.go",
        "subscriber_sync_contribution_proof.go",
        "subscription_topic_handler.go",
@@ -57,7 +58,9 @@ go_library(
        "validate_blob.go",
        "validate_bls_to_execution_change.go",
        "validate_data_column.go",
+        "validate_execution_payload_envelope.go",
        "validate_light_client.go",
+        "validate_payload_attestation.go",
        "validate_proposer_slashing.go",
        "validate_sync_committee_message.go",
        "validate_sync_contribution_proof.go",
@@ -114,6 +117,7 @@ go_library(
        "//config/params:go_default_library",
        "//consensus-types/blocks:go_default_library",
        "//consensus-types/interfaces:go_default_library",
+        "//consensus-types/payload-attestation:go_default_library",
        "//consensus-types/primitives:go_default_library",
        "//consensus-types/wrapper:go_default_library",
        "//container/leaky-bucket:go_default_library",
@@ -211,7 +215,9 @@ go_test(
        "validate_blob_test.go",
        "validate_bls_to_execution_change_test.go",
        "validate_data_column_test.go",
+        "validate_execution_payload_envelope_test.go",
        "validate_light_client_test.go",
+        "validate_payload_attestation_test.go",
        "validate_proposer_slashing_test.go",
        "validate_sync_committee_message_test.go",
        "validate_sync_contribution_proof_test.go",
@@ -264,6 +270,7 @@ go_test(
        "//config/params:go_default_library",
        "//consensus-types/blocks:go_default_library",
        "//consensus-types/interfaces:go_default_library",
+        "//consensus-types/payload-attestation:go_default_library",
        "//consensus-types/primitives:go_default_library",
        "//consensus-types/wrapper:go_default_library",
        "//container/leaky-bucket:go_default_library",
--- a/beacon-chain/sync/options.go
+++ b/beacon-chain/sync/options.go
@@ -207,6 +207,13 @@ func WithTrackedValidatorsCache(c *cache.TrackedValidatorsCache) Option {
 	}
 }

+func WithPayloadAttestationCache(c *cache.PayloadAttestationCache) Option {
+	return func(s *Service) error {
+		s.payloadAttestationCache = c
+		return nil
+	}
+}
+
 // WithSlasherEnabled configures the sync package to support slashing detection.
 func WithSlasherEnabled(enabled bool) Option {
 	return func(s *Service) error {
--- a/beacon-chain/sync/service.go
+++ b/beacon-chain/sync/service.go
@@ -38,6 +38,7 @@ import (
 	"github.com/OffchainLabs/prysm/v7/config/params"
 	"github.com/OffchainLabs/prysm/v7/consensus-types/blocks"
 	"github.com/OffchainLabs/prysm/v7/consensus-types/interfaces"
+	payloadattestation "github.com/OffchainLabs/prysm/v7/consensus-types/payload-attestation"
 	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
 	leakybucket "github.com/OffchainLabs/prysm/v7/container/leaky-bucket"
 	"github.com/OffchainLabs/prysm/v7/crypto/rand"
@@ -61,6 +62,7 @@ var _ runtime.Service = (*Service)(nil)
 const (
 	rangeLimit               uint64 = 1024
 	seenBlockSize                   = 1000
+	seenPayloadEnvelopeSize         = 1000
 	seenDataColumnSize              = seenBlockSize * 128 // Each block can have max 128 data columns.
 	seenUnaggregatedAttSize         = 20000
 	seenAggregatedAttSize           = 16384
@@ -117,10 +119,12 @@ type blockchainService interface {
 	blockchain.BlockReceiver
 	blockchain.BlobReceiver
 	blockchain.DataColumnReceiver
+	blockchain.ExecutionPayloadEnvelopeReceiver
 	blockchain.HeadFetcher
 	blockchain.FinalizationFetcher
 	blockchain.ForkFetcher
 	blockchain.AttestationReceiver
+	blockchain.PayloadAttestationReceiver
 	blockchain.TimeFetcher
 	blockchain.GenesisFetcher
 	blockchain.CanonicalFetcher
@@ -132,73 +136,79 @@ type blockchainService interface {
 // Service is responsible for handling all run time p2p related operations as the
 // main entry point for network messages.
 type Service struct {
-	cfg                              *config
-	ctx                              context.Context
-	cancel                           context.CancelFunc
-	slotToPendingBlocks              *gcache.Cache
-	seenPendingBlocks                map[[32]byte]bool
-	blkRootToPendingAtts             map[[32]byte][]any
-	subHandler                       *subTopicHandler
-	pendingAttsLock                  sync.RWMutex
-	pendingQueueLock                 sync.RWMutex
-	chainStarted                     *abool.AtomicBool
-	validateBlockLock                sync.RWMutex
-	rateLimiter                      *limiter
-	seenBlockLock                    sync.RWMutex
-	seenBlockCache                   *lru.Cache
-	seenBlobLock                     sync.RWMutex
-	seenBlobCache                    *lru.Cache
-	seenDataColumnCache              *slotAwareCache
-	seenAggregatedAttestationLock    sync.RWMutex
-	seenAggregatedAttestationCache   *lru.Cache
-	seenUnAggregatedAttestationLock  sync.RWMutex
-	seenUnAggregatedAttestationCache *lru.Cache
-	seenExitLock                     sync.RWMutex
-	seenExitCache                    *lru.Cache
-	seenProposerSlashingLock         sync.RWMutex
-	seenProposerSlashingCache        *lru.Cache
-	seenAttesterSlashingLock         sync.RWMutex
-	seenAttesterSlashingCache        map[uint64]bool
-	seenSyncMessageLock              sync.RWMutex
-	seenSyncMessageCache             *lru.Cache
-	seenSyncContributionLock         sync.RWMutex
-	seenSyncContributionCache        *lru.Cache
-	badBlockCache                    *lru.Cache
-	badBlockLock                     sync.RWMutex
-	syncContributionBitsOverlapLock  sync.RWMutex
-	syncContributionBitsOverlapCache *lru.Cache
-	signatureChan                    chan *signatureVerifier
-	clockWaiter                      startup.ClockWaiter
-	initialSyncComplete              chan struct{}
-	verifierWaiter                   *verification.InitializerWaiter
-	newBlobVerifier                  verification.NewBlobVerifier
-	newColumnsVerifier               verification.NewDataColumnsVerifier
-	columnSidecarsExecSingleFlight   singleflight.Group
-	reconstructionSingleFlight       singleflight.Group
-	availableBlocker                 coverage.AvailableBlocker
-	reconstructionRandGen            *rand.Rand
-	trackedValidatorsCache           *cache.TrackedValidatorsCache
-	ctxMap                           ContextByteVersions
-	slasherEnabled                   bool
-	lcStore                          *lightClient.Store
-	dataColumnLogCh                  chan dataColumnLogEntry
-	digestActions                    perDigestSet
-	subscriptionSpawner              func(func()) // see Service.spawn for details
+	cfg                                 *config
+	ctx                                 context.Context
+	cancel                              context.CancelFunc
+	slotToPendingBlocks                 *gcache.Cache
+	seenPendingBlocks                   map[[32]byte]bool
+	blkRootToPendingAtts                map[[32]byte][]any
+	subHandler                          *subTopicHandler
+	pendingAttsLock                     sync.RWMutex
+	pendingQueueLock                    sync.RWMutex
+	chainStarted                        *abool.AtomicBool
+	validateBlockLock                   sync.RWMutex
+	rateLimiter                         *limiter
+	seenBlockLock                       sync.RWMutex
+	seenBlockCache                      *lru.Cache
+	seenPayloadEnvelopeLock             sync.RWMutex
+	seenPayloadEnvelopeCache            *lru.Cache
+	seenBlobLock                        sync.RWMutex
+	seenBlobCache                       *lru.Cache
+	seenDataColumnCache                 *slotAwareCache
+	seenAggregatedAttestationLock       sync.RWMutex
+	seenAggregatedAttestationCache      *lru.Cache
+	seenUnAggregatedAttestationLock     sync.RWMutex
+	seenUnAggregatedAttestationCache    *lru.Cache
+	seenExitLock                        sync.RWMutex
+	seenExitCache                       *lru.Cache
+	seenProposerSlashingLock            sync.RWMutex
+	seenProposerSlashingCache           *lru.Cache
+	seenAttesterSlashingLock            sync.RWMutex
+	seenAttesterSlashingCache           map[uint64]bool
+	seenSyncMessageLock                 sync.RWMutex
+	seenSyncMessageCache                *lru.Cache
+	seenSyncContributionLock            sync.RWMutex
+	seenSyncContributionCache           *lru.Cache
+	badBlockCache                       *lru.Cache
+	badBlockLock                        sync.RWMutex
+	syncContributionBitsOverlapLock     sync.RWMutex
+	syncContributionBitsOverlapCache    *lru.Cache
+	signatureChan                       chan *signatureVerifier
+	clockWaiter                         startup.ClockWaiter
+	initialSyncComplete                 chan struct{}
+	verifierWaiter                      *verification.InitializerWaiter
+	newBlobVerifier                     verification.NewBlobVerifier
+	newColumnsVerifier                  verification.NewDataColumnsVerifier
+	newPayloadAttestationVerifier       verification.NewPayloadAttestationMsgVerifier
+	columnSidecarsExecSingleFlight      singleflight.Group
+	reconstructionSingleFlight          singleflight.Group
+	availableBlocker                    coverage.AvailableBlocker
+	reconstructionRandGen               *rand.Rand
+	trackedValidatorsCache              *cache.TrackedValidatorsCache
+	ctxMap                              ContextByteVersions
+	slasherEnabled                      bool
+	lcStore                             *lightClient.Store
+	dataColumnLogCh                     chan dataColumnLogEntry
+	payloadAttestationCache             *cache.PayloadAttestationCache
+	digestActions                       perDigestSet
+	subscriptionSpawner                 func(func()) // see Service.spawn for details
+	newExecutionPayloadEnvelopeVerifier verification.NewExecutionPayloadEnvelopeVerifier
 }

 // NewService initializes new regular sync service.
 func NewService(ctx context.Context, opts ...Option) *Service {
 	ctx, cancel := context.WithCancel(ctx)
 	r := &Service{
-		ctx:                   ctx,
-		cancel:                cancel,
-		chainStarted:          abool.New(),
-		cfg:                   &config{clock: startup.NewClock(time.Unix(0, 0), [32]byte{})},
-		slotToPendingBlocks:   gcache.New(pendingBlockExpTime /* exp time */, 0 /* disable janitor */),
-		seenPendingBlocks:     make(map[[32]byte]bool),
-		blkRootToPendingAtts:  make(map[[32]byte][]any),
-		dataColumnLogCh:       make(chan dataColumnLogEntry, 1000),
-		reconstructionRandGen: rand.NewGenerator(),
+		ctx:                     ctx,
+		cancel:                  cancel,
+		chainStarted:            abool.New(),
+		cfg:                     &config{clock: startup.NewClock(time.Unix(0, 0), [32]byte{})},
+		slotToPendingBlocks:     gcache.New(pendingBlockExpTime /* exp time */, 0 /* disable janitor */),
+		seenPendingBlocks:       make(map[[32]byte]bool),
+		blkRootToPendingAtts:    make(map[[32]byte][]any),
+		dataColumnLogCh:         make(chan dataColumnLogEntry, 1000),
+		reconstructionRandGen:   rand.NewGenerator(),
+		payloadAttestationCache: &cache.PayloadAttestationCache{},
 	}

 	for _, opt := range opts {
@@ -250,6 +260,12 @@ func newDataColumnsVerifierFromInitializer(ini *verification.Initializer) verifi
 	}
 }

+func newPayloadAttestationMessageFromInitializer(ini *verification.Initializer) verification.NewPayloadAttestationMsgVerifier {
+	return func(pa payloadattestation.ROMessage, reqs []verification.Requirement) verification.PayloadAttestationMsgVerifier {
+		return ini.NewPayloadAttestationMsgVerifier(pa, reqs)
+	}
+}
+
 // Start the regular sync service.
 func (s *Service) Start() {
 	v, err := s.verifierWaiter.WaitForInitializer(s.ctx)
@@ -259,6 +275,8 @@ func (s *Service) Start() {
 	}
 	s.newBlobVerifier = newBlobVerifierFromInitializer(v)
 	s.newColumnsVerifier = newDataColumnsVerifierFromInitializer(v)
+	s.newPayloadAttestationVerifier = newPayloadAttestationMessageFromInitializer(v)
+	s.newExecutionPayloadEnvelopeVerifier = newPayloadVerifierFromInitializer(v)

 	go s.verifierRoutine()
 	go s.startDiscoveryAndSubscriptions()
@@ -346,6 +364,7 @@ func (s *Service) Status() error {
 // and prevent DoS.
 func (s *Service) initCaches() {
 	s.seenBlockCache = lruwrpr.New(seenBlockSize)
+	s.seenPayloadEnvelopeCache = lruwrpr.New(seenPayloadEnvelopeSize)
 	s.seenBlobCache = lruwrpr.New(seenBlockSize * params.BeaconConfig().DeprecatedMaxBlobsPerBlockElectra)
 	s.seenDataColumnCache = newSlotAwareCache(seenDataColumnSize)
 	s.seenAggregatedAttestationCache = lruwrpr.New(seenAggregatedAttSize)
@@ -546,3 +565,9 @@ type Checker interface {
 	Status() error
 	Resync() error
 }
+
+func newPayloadVerifierFromInitializer(ini *verification.Initializer) verification.NewExecutionPayloadEnvelopeVerifier {
+	return func(e interfaces.ROSignedExecutionPayloadEnvelope, reqs []verification.Requirement) verification.ExecutionPayloadEnvelopeVerifier {
+		return ini.NewPayloadEnvelopeVerifier(e, reqs)
+	}
+}
--- a/beacon-chain/sync/subscriber.go
+++ b/beacon-chain/sync/subscriber.go
@@ -330,6 +330,27 @@ func (s *Service) registerSubscribers(nse params.NetworkScheduleEntry) bool {
 			})
 		})
 	}
+
+	// New gossip topic in Gloas.
+	if params.BeaconConfig().GloasForkEpoch <= nse.Epoch {
+		s.spawn(func() {
+			s.subscribe(
+				p2p.PayloadAttestationMessageTopicFormat,
+				s.validatePayloadAttestation,
+				s.payloadAttestationSubscriber,
+				nse,
+			)
+		})
+
+		s.spawn(func() {
+			s.subscribe(
+				p2p.ExecutionPayloadEnvelopeTopicFormat,
+				s.validateExecutionPayloadEnvelope,
+				s.executionPayloadEnvelopeSubscriber,
+				nse,
+			)
+		})
+	}
 	return true
 }

--- a/beacon-chain/sync/subscriber_payload_attestation.go
+++ b/beacon-chain/sync/subscriber_payload_attestation.go
@@ -0,0 +1,21 @@
+package sync
+
+import (
+	"context"
+
+	eth "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
+	"google.golang.org/protobuf/proto"
+)
+
+func (s *Service) payloadAttestationSubscriber(ctx context.Context, msg proto.Message) error {
+	a, ok := msg.(*eth.PayloadAttestationMessage)
+	if !ok {
+		return errWrongMessage
+	}
+
+	if err := s.payloadAttestationCache.Add(a.Data.Slot, a.ValidatorIndex); err != nil {
+		return err
+	}
+
+	return s.cfg.chain.ReceivePayloadAttestationMessage(ctx, a)
+}
--- a/beacon-chain/sync/validate_execution_payload_envelope.go
+++ b/beacon-chain/sync/validate_execution_payload_envelope.go
@@ -0,0 +1,160 @@
+package sync
+
+import (
+	"context"
+
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/p2p"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/verification"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/blocks"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
+	"github.com/OffchainLabs/prysm/v7/encoding/bytesutil"
+	"github.com/OffchainLabs/prysm/v7/monitoring/tracing"
+	"github.com/OffchainLabs/prysm/v7/monitoring/tracing/trace"
+	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
+	pubsub "github.com/libp2p/go-libp2p-pubsub"
+	"github.com/libp2p/go-libp2p/core/peer"
+	"github.com/pkg/errors"
+	"google.golang.org/protobuf/proto"
+)
+
+func (s *Service) validateExecutionPayloadEnvelope(ctx context.Context, pid peer.ID, msg *pubsub.Message) (pubsub.ValidationResult, error) {
+	if pid == s.cfg.p2p.PeerID() {
+		return pubsub.ValidationAccept, nil
+	}
+	if s.cfg.initialSync.Syncing() {
+		return pubsub.ValidationIgnore, nil
+	}
+
+	ctx, span := trace.StartSpan(ctx, "sync.validateExecutionPayloadEnvelope")
+	defer span.End()
+
+	if msg.Topic == nil {
+		return pubsub.ValidationReject, p2p.ErrInvalidTopic
+	}
+
+	m, err := s.decodePubsubMessage(msg)
+	if err != nil {
+		tracing.AnnotateError(span, err)
+		return pubsub.ValidationReject, err
+	}
+
+	signedEnvelope, ok := m.(*ethpb.SignedExecutionPayloadEnvelope)
+	if !ok {
+		return pubsub.ValidationReject, errWrongMessage
+	}
+	e, err := blocks.WrappedROSignedExecutionPayloadEnvelope(signedEnvelope)
+	if err != nil {
+		log.WithError(err).Error("failed to create read only signed payload execution envelope")
+		return pubsub.ValidationIgnore, err
+	}
+	v := s.newExecutionPayloadEnvelopeVerifier(e, verification.GossipExecutionPayloadEnvelopeRequirements)
+
+	env, err := e.Envelope()
+	if err != nil {
+		return pubsub.ValidationIgnore, err
+	}
+
+	// [IGNORE] The envelope's block root envelope.block_root has been seen (via gossip or non-gossip sources)
+	// (a client MAY queue payload for processing once the block is retrieved).
+	if err := v.VerifyBlockRootSeen(func(root [32]byte) bool { return s.cfg.chain.HasBlock(ctx, root) }); err != nil {
+		return pubsub.ValidationIgnore, err
+	}
+	root := env.BeaconBlockRoot()
+	// [IGNORE] The node has not seen another valid SignedExecutionPayloadEnvelope for this block root from this builder.
+	if s.hasSeenPayloadEnvelope(root, env.BuilderIndex()) {
+		return pubsub.ValidationIgnore, nil
+	}
+	finalized := s.cfg.chain.FinalizedCheckpt()
+	if finalized == nil {
+		return pubsub.ValidationIgnore, errors.New("nil finalized checkpoint")
+	}
+	// [IGNORE] The envelope is from a slot greater than or equal to the latest finalized slot --
+	// i.e. validate that envelope.slot >= compute_start_slot_at_epoch(store.finalized_checkpoint.epoch).
+	if err := v.VerifySlotAboveFinalized(finalized.Epoch); err != nil {
+		return pubsub.ValidationIgnore, err
+	}
+	// [REJECT] block passes validation.
+	if err := v.VerifyBlockRootValid(s.hasBadBlock); err != nil {
+		return pubsub.ValidationReject, err
+	}
+
+	// Let block be the block with envelope.beacon_block_root.
+	block, err := s.cfg.beaconDB.Block(ctx, root)
+	if err != nil {
+		return pubsub.ValidationIgnore, err
+	}
+	// [REJECT] block.slot equals envelope.slot.
+	if err := v.VerifySlotMatchesBlock(block.Block().Slot()); err != nil {
+		return pubsub.ValidationReject, err
+	}
+
+	// Let bid alias block.body.signed_execution_payload_bid.message
+	// (notice that this can be obtained from the state.latest_execution_payload_bid).
+	signedBid, err := block.Block().Body().SignedExecutionPayloadBid()
+	if err != nil {
+		return pubsub.ValidationIgnore, err
+	}
+	wrappedBid, err := blocks.WrappedROSignedExecutionPayloadBid(signedBid)
+	if err != nil {
+		return pubsub.ValidationIgnore, err
+	}
+	bid, err := wrappedBid.Bid()
+	if err != nil {
+		return pubsub.ValidationIgnore, err
+	}
+	// [REJECT] envelope.builder_index == bid.builder_index.
+	if err := v.VerifyBuilderValid(bid); err != nil {
+		return pubsub.ValidationReject, err
+	}
+	// [REJECT] payload.block_hash == bid.block_hash.
+	if err := v.VerifyPayloadHash(bid); err != nil {
+		return pubsub.ValidationReject, err
+	}
+
+	// For self-build, the state is retrived via how we retrieve for beacon block optimization
+	// For builder index, the state is retrived via head state read only
+	st, err := s.blockVerifyingState(ctx, block)
+	if err != nil {
+		return pubsub.ValidationIgnore, err
+	}
+
+	// [REJECT] signed_execution_payload_envelope.signature is valid with respect to the builder's public key.
+	if err := v.VerifySignature(st); err != nil {
+		return pubsub.ValidationReject, err
+	}
+	s.setSeenPayloadEnvelope(root, env.BuilderIndex())
+	return pubsub.ValidationAccept, nil
+}
+
+func (s *Service) executionPayloadEnvelopeSubscriber(ctx context.Context, msg proto.Message) error {
+	e, ok := msg.(*ethpb.SignedExecutionPayloadEnvelope)
+	if !ok {
+		return errWrongMessage
+	}
+	env, err := blocks.WrappedROSignedExecutionPayloadEnvelope(e)
+	if err != nil {
+		return err
+	}
+	return s.cfg.chain.ReceiveExecutionPayloadEnvelope(ctx, env)
+}
+
+func (s *Service) hasSeenPayloadEnvelope(root [32]byte, builderIdx primitives.BuilderIndex) bool {
+	if s.seenPayloadEnvelopeCache == nil {
+		return false
+	}
+	s.seenPayloadEnvelopeLock.RLock()
+	defer s.seenPayloadEnvelopeLock.RUnlock()
+	b := append(bytesutil.Bytes32(uint64(builderIdx)), root[:]...)
+	_, seen := s.seenPayloadEnvelopeCache.Get(string(b))
+	return seen
+}
+
+func (s *Service) setSeenPayloadEnvelope(root [32]byte, builderIdx primitives.BuilderIndex) {
+	if s.seenPayloadEnvelopeCache == nil {
+		return
+	}
+	s.seenPayloadEnvelopeLock.Lock()
+	defer s.seenPayloadEnvelopeLock.Unlock()
+	b := append(bytesutil.Bytes32(uint64(builderIdx)), root[:]...)
+	s.seenPayloadEnvelopeCache.Add(string(b), true)
+}
--- a/beacon-chain/sync/validate_execution_payload_envelope_test.go
+++ b/beacon-chain/sync/validate_execution_payload_envelope_test.go
@@ -0,0 +1,275 @@
+package sync
+
+import (
+	"bytes"
+	"context"
+	"reflect"
+	"testing"
+	"time"
+
+	mock "github.com/OffchainLabs/prysm/v7/beacon-chain/blockchain/testing"
+	dbtest "github.com/OffchainLabs/prysm/v7/beacon-chain/db/testing"
+	doublylinkedtree "github.com/OffchainLabs/prysm/v7/beacon-chain/forkchoice/doubly-linked-tree"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/p2p"
+	p2ptest "github.com/OffchainLabs/prysm/v7/beacon-chain/p2p/testing"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/startup"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/state"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/state/stategen"
+	mockSync "github.com/OffchainLabs/prysm/v7/beacon-chain/sync/initial-sync/testing"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/verification"
+	lruwrpr "github.com/OffchainLabs/prysm/v7/cache/lru"
+	"github.com/OffchainLabs/prysm/v7/config/params"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/blocks"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/interfaces"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
+	"github.com/OffchainLabs/prysm/v7/encoding/bytesutil"
+	enginev1 "github.com/OffchainLabs/prysm/v7/proto/engine/v1"
+	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
+	"github.com/OffchainLabs/prysm/v7/testing/require"
+	"github.com/OffchainLabs/prysm/v7/testing/util"
+	pubsub "github.com/libp2p/go-libp2p-pubsub"
+	pb "github.com/libp2p/go-libp2p-pubsub/pb"
+	"github.com/pkg/errors"
+)
+
+func TestValidateExecutionPayloadEnvelope_InvalidTopic(t *testing.T) {
+	ctx := context.Background()
+	p := p2ptest.NewTestP2P(t)
+	s := &Service{cfg: &config{p2p: p, initialSync: &mockSync.Sync{}}}
+
+	result, err := s.validateExecutionPayloadEnvelope(ctx, "", &pubsub.Message{
+		Message: &pb.Message{},
+	})
+	require.ErrorIs(t, p2p.ErrInvalidTopic, err)
+	require.Equal(t, result, pubsub.ValidationReject)
+}
+
+func TestValidateExecutionPayloadEnvelope_AlreadySeen(t *testing.T) {
+	ctx := context.Background()
+	s, msg, builderIdx, root := setupExecutionPayloadEnvelopeService(t, 1, 1)
+	s.newExecutionPayloadEnvelopeVerifier = testNewExecutionPayloadEnvelopeVerifier(mockExecutionPayloadEnvelopeVerifier{})
+
+	s.setSeenPayloadEnvelope(root, builderIdx)
+	result, err := s.validateExecutionPayloadEnvelope(ctx, "", msg)
+	require.NoError(t, err)
+	require.Equal(t, result, pubsub.ValidationIgnore)
+}
+
+func TestValidateExecutionPayloadEnvelope_ErrorPathsWithMock(t *testing.T) {
+	ctx := context.Background()
+	tests := []struct {
+		name     string
+		verifier mockExecutionPayloadEnvelopeVerifier
+		result   pubsub.ValidationResult
+	}{
+		{
+			name:     "block root not seen",
+			verifier: mockExecutionPayloadEnvelopeVerifier{errBlockRootSeen: errors.New("not seen")},
+			result:   pubsub.ValidationIgnore,
+		},
+		{
+			name:     "slot below finalized",
+			verifier: mockExecutionPayloadEnvelopeVerifier{errSlotAboveFinalized: errors.New("below finalized")},
+			result:   pubsub.ValidationIgnore,
+		},
+		{
+			name:     "block root invalid",
+			verifier: mockExecutionPayloadEnvelopeVerifier{errBlockRootValid: errors.New("invalid block")},
+			result:   pubsub.ValidationReject,
+		},
+		{
+			name:     "slot mismatch",
+			verifier: mockExecutionPayloadEnvelopeVerifier{errSlotMatchesBlock: errors.New("slot mismatch")},
+			result:   pubsub.ValidationReject,
+		},
+		{
+			name:     "builder mismatch",
+			verifier: mockExecutionPayloadEnvelopeVerifier{errBuilderValid: errors.New("builder mismatch")},
+			result:   pubsub.ValidationReject,
+		},
+		{
+			name:     "payload hash mismatch",
+			verifier: mockExecutionPayloadEnvelopeVerifier{errPayloadHash: errors.New("payload hash mismatch")},
+			result:   pubsub.ValidationReject,
+		},
+		{
+			name:     "signature invalid",
+			verifier: mockExecutionPayloadEnvelopeVerifier{errSignature: errors.New("signature invalid")},
+			result:   pubsub.ValidationReject,
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			s, msg, _, _ := setupExecutionPayloadEnvelopeService(t, 1, 1)
+			s.newExecutionPayloadEnvelopeVerifier = testNewExecutionPayloadEnvelopeVerifier(tc.verifier)
+
+			result, err := s.validateExecutionPayloadEnvelope(ctx, "", msg)
+			require.NotNil(t, err)
+			require.Equal(t, result, tc.result)
+		})
+	}
+}
+
+func TestValidateExecutionPayloadEnvelope_HappyPath(t *testing.T) {
+	ctx := context.Background()
+	s, msg, builderIdx, root := setupExecutionPayloadEnvelopeService(t, 1, 1)
+	s.newExecutionPayloadEnvelopeVerifier = testNewExecutionPayloadEnvelopeVerifier(mockExecutionPayloadEnvelopeVerifier{})
+
+	require.Equal(t, false, s.hasSeenPayloadEnvelope(root, builderIdx))
+	result, err := s.validateExecutionPayloadEnvelope(ctx, "", msg)
+	require.NoError(t, err)
+	require.Equal(t, result, pubsub.ValidationAccept)
+	require.Equal(t, true, s.hasSeenPayloadEnvelope(root, builderIdx))
+}
+
+type mockExecutionPayloadEnvelopeVerifier struct {
+	errBlockRootSeen      error
+	errBlockRootValid     error
+	errSlotAboveFinalized error
+	errSlotMatchesBlock   error
+	errBuilderValid       error
+	errPayloadHash        error
+	errSignature          error
+}
+
+var _ verification.ExecutionPayloadEnvelopeVerifier = &mockExecutionPayloadEnvelopeVerifier{}
+
+func (m *mockExecutionPayloadEnvelopeVerifier) VerifyBlockRootSeen(_ func([32]byte) bool) error {
+	return m.errBlockRootSeen
+}
+
+func (m *mockExecutionPayloadEnvelopeVerifier) VerifyBlockRootValid(_ func([32]byte) bool) error {
+	return m.errBlockRootValid
+}
+
+func (m *mockExecutionPayloadEnvelopeVerifier) VerifySlotAboveFinalized(_ primitives.Epoch) error {
+	return m.errSlotAboveFinalized
+}
+
+func (m *mockExecutionPayloadEnvelopeVerifier) VerifySlotMatchesBlock(_ primitives.Slot) error {
+	return m.errSlotMatchesBlock
+}
+
+func (m *mockExecutionPayloadEnvelopeVerifier) VerifyBuilderValid(_ interfaces.ROExecutionPayloadBid) error {
+	return m.errBuilderValid
+}
+
+func (m *mockExecutionPayloadEnvelopeVerifier) VerifyPayloadHash(_ interfaces.ROExecutionPayloadBid) error {
+	return m.errPayloadHash
+}
+
+func (m *mockExecutionPayloadEnvelopeVerifier) VerifySignature(_ state.ReadOnlyBeaconState) error {
+	return m.errSignature
+}
+
+func (*mockExecutionPayloadEnvelopeVerifier) SatisfyRequirement(_ verification.Requirement) {}
+
+func testNewExecutionPayloadEnvelopeVerifier(m mockExecutionPayloadEnvelopeVerifier) verification.NewExecutionPayloadEnvelopeVerifier {
+	return func(_ interfaces.ROSignedExecutionPayloadEnvelope, _ []verification.Requirement) verification.ExecutionPayloadEnvelopeVerifier {
+		clone := m
+		return &clone
+	}
+}
+
+func setupExecutionPayloadEnvelopeService(t *testing.T, envelopeSlot, blockSlot primitives.Slot) (*Service, *pubsub.Message, primitives.BuilderIndex, [32]byte) {
+	t.Helper()
+
+	ctx := context.Background()
+	db := dbtest.SetupDB(t)
+	p := p2ptest.NewTestP2P(t)
+	chainService := &mock.ChainService{
+		Genesis:             time.Unix(time.Now().Unix()-int64(params.BeaconConfig().SecondsPerSlot), 0),
+		FinalizedCheckPoint: &ethpb.Checkpoint{},
+		DB:                  db,
+	}
+	stateGen := stategen.New(db, doublylinkedtree.New())
+	s := &Service{
+		seenPayloadEnvelopeCache: lruwrpr.New(10),
+		cfg: &config{
+			p2p:         p,
+			initialSync: &mockSync.Sync{},
+			chain:       chainService,
+			beaconDB:    db,
+			stateGen:    stateGen,
+			clock:       startup.NewClock(chainService.Genesis, chainService.ValidatorsRoot),
+		},
+	}
+
+	bid := util.GenerateTestSignedExecutionPayloadBid(blockSlot)
+	sb := util.NewBeaconBlockGloas()
+	sb.Block.Slot = blockSlot
+	sb.Block.Body.SignedExecutionPayloadBid = bid
+	signedBlock, err := blocks.NewSignedBeaconBlock(sb)
+	require.NoError(t, err)
+	root, err := signedBlock.Block().HashTreeRoot()
+	require.NoError(t, err)
+	require.NoError(t, db.SaveBlock(ctx, signedBlock))
+
+	state, err := util.NewBeaconStateFulu()
+	require.NoError(t, err)
+	require.NoError(t, db.SaveState(ctx, state, root))
+
+	blockHash := bytesutil.ToBytes32(bid.Message.BlockHash)
+	env := testSignedExecutionPayloadEnvelope(t, envelopeSlot, primitives.BuilderIndex(bid.Message.BuilderIndex), root, blockHash)
+	msg := envelopeToPubsub(t, s, p, env)
+
+	return s, msg, primitives.BuilderIndex(bid.Message.BuilderIndex), root
+}
+
+func envelopeToPubsub(t *testing.T, s *Service, p p2p.P2P, env *ethpb.SignedExecutionPayloadEnvelope) *pubsub.Message {
+	t.Helper()
+
+	buf := new(bytes.Buffer)
+	_, err := p.Encoding().EncodeGossip(buf, env)
+	require.NoError(t, err)
+
+	topic := p2p.GossipTypeMapping[reflect.TypeFor[*ethpb.SignedExecutionPayloadEnvelope]()]
+	digest, err := s.currentForkDigest()
+	require.NoError(t, err)
+	topic = s.addDigestToTopic(topic, digest)
+
+	return &pubsub.Message{
+		Message: &pb.Message{
+			Data:  buf.Bytes(),
+			Topic: &topic,
+		},
+	}
+}
+
+func testSignedExecutionPayloadEnvelope(t *testing.T, slot primitives.Slot, builderIdx primitives.BuilderIndex, root, blockHash [32]byte) *ethpb.SignedExecutionPayloadEnvelope {
+	t.Helper()
+
+	payload := &enginev1.ExecutionPayloadDeneb{
+		ParentHash:    bytes.Repeat([]byte{0x01}, 32),
+		FeeRecipient:  bytes.Repeat([]byte{0x02}, 20),
+		StateRoot:     bytes.Repeat([]byte{0x03}, 32),
+		ReceiptsRoot:  bytes.Repeat([]byte{0x04}, 32),
+		LogsBloom:     bytes.Repeat([]byte{0x05}, 256),
+		PrevRandao:    bytes.Repeat([]byte{0x06}, 32),
+		BlockNumber:   1,
+		GasLimit:      2,
+		GasUsed:       3,
+		Timestamp:     4,
+		BaseFeePerGas: bytes.Repeat([]byte{0x07}, 32),
+		BlockHash:     blockHash[:],
+		Transactions:  [][]byte{},
+		Withdrawals:   []*enginev1.Withdrawal{},
+		BlobGasUsed:   0,
+		ExcessBlobGas: 0,
+	}
+
+	return &ethpb.SignedExecutionPayloadEnvelope{
+		Message: &ethpb.ExecutionPayloadEnvelope{
+			Payload: payload,
+			ExecutionRequests: &enginev1.ExecutionRequests{
+				Deposits: []*enginev1.DepositRequest{},
+			},
+			BuilderIndex:    builderIdx,
+			BeaconBlockRoot: root[:],
+			Slot:            slot,
+			StateRoot:       bytes.Repeat([]byte{0xBB}, 32),
+		},
+		Signature: bytes.Repeat([]byte{0xAA}, 96),
+	}
+}
--- a/beacon-chain/sync/validate_payload_attestation.go
+++ b/beacon-chain/sync/validate_payload_attestation.go
@@ -0,0 +1,131 @@
+package sync
+
+import (
+	"bytes"
+	"context"
+
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/transition"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/p2p"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/state"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/verification"
+	payloadattestation "github.com/OffchainLabs/prysm/v7/consensus-types/payload-attestation"
+	"github.com/OffchainLabs/prysm/v7/encoding/bytesutil"
+	"github.com/OffchainLabs/prysm/v7/monitoring/tracing/trace"
+	eth "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
+	"github.com/OffchainLabs/prysm/v7/time/slots"
+	pubsub "github.com/libp2p/go-libp2p-pubsub"
+	"github.com/libp2p/go-libp2p/core/peer"
+	"github.com/pkg/errors"
+)
+
+var (
+	errAlreadySeenPayloadAttestation = errors.New("payload attestation already seen for validator index")
+)
+
+func (s *Service) validatePayloadAttestation(ctx context.Context, pid peer.ID, msg *pubsub.Message) (pubsub.ValidationResult, error) {
+	if pid == s.cfg.p2p.PeerID() {
+		return pubsub.ValidationAccept, nil
+	}
+	if s.cfg.initialSync.Syncing() {
+		return pubsub.ValidationIgnore, nil
+	}
+	ctx, span := trace.StartSpan(ctx, "sync.validatePayloadAttestation")
+	defer span.End()
+
+	if msg.Topic == nil {
+		return pubsub.ValidationReject, p2p.ErrInvalidTopic
+	}
+	m, err := s.decodePubsubMessage(msg)
+	if err != nil {
+		return pubsub.ValidationReject, err
+	}
+	att, ok := m.(*eth.PayloadAttestationMessage)
+	if !ok {
+		return pubsub.ValidationReject, errWrongMessage
+	}
+	pa, err := payloadattestation.NewReadOnly(att)
+	if err != nil {
+		return pubsub.ValidationIgnore, err
+	}
+	v := s.newPayloadAttestationVerifier(pa, verification.GossipPayloadAttestationMessageRequirements)
+
+	// [IGNORE] The message's slot is for the current slot (with a MAXIMUM_GOSSIP_CLOCK_DISPARITY allowance),
+	// i.e. data.slot == current_slot.
+	if err := v.VerifyCurrentSlot(); err != nil {
+		return pubsub.ValidationIgnore, err
+	}
+
+	// [IGNORE] The payload_attestation_message is the first valid message received from the validator with
+	// index payload_attestation_message.validator_index.
+	if s.payloadAttestationCache.Seen(pa.Slot(), pa.ValidatorIndex()) {
+		return pubsub.ValidationIgnore, errAlreadySeenPayloadAttestation
+	}
+
+	// [IGNORE] The message's block data.beacon_block_root has been seen (via gossip or non-gossip sources)
+	// (a client MAY queue attestation for processing once the block is retrieved. Note a client might want to request payload after).
+	if err := v.VerifyBlockRootSeen(s.cfg.chain.InForkchoice); err != nil {
+		// TODO: queue attestation
+		return pubsub.ValidationIgnore, err
+	}
+
+	// [REJECT] The message's block data.beacon_block_root passes validation.
+	if err := v.VerifyBlockRootValid(s.hasBadBlock); err != nil {
+		return pubsub.ValidationReject, err
+	}
+
+	st, err := s.getPtcState(ctx, pa)
+	if err != nil {
+		return pubsub.ValidationIgnore, err
+	}
+
+	// [REJECT] The message's validator index is within the payload committee in get_ptc(state, data.slot).
+	// The state is the head state corresponding to processing the block up to the current slot.
+	if err := v.VerifyValidatorInPTC(ctx, st); err != nil {
+		return pubsub.ValidationReject, err
+	}
+
+	// [REJECT] payload_attestation_message.signature is valid with respect to the validator's public key.
+	if err := v.VerifySignature(st); err != nil {
+		return pubsub.ValidationReject, err
+	}
+
+	msg.ValidatorData = att
+
+	return pubsub.ValidationAccept, nil
+}
+
+func (s *Service) getPtcState(ctx context.Context, pa payloadattestation.ROMessage) (state.ReadOnlyBeaconState, error) {
+	blockRoot := pa.BeaconBlockRoot()
+	blockSlot := pa.Slot()
+	blockEpoch := slots.ToEpoch(blockSlot)
+	headSlot := s.cfg.chain.HeadSlot()
+	headEpoch := slots.ToEpoch(headSlot)
+	headRoot, err := s.cfg.chain.HeadRoot(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	if blockEpoch == headEpoch {
+		if bytes.Equal(blockRoot[:], headRoot) {
+			return s.cfg.chain.HeadStateReadOnly(ctx)
+		}
+
+		headDependent, err := s.cfg.chain.DependentRootForEpoch(bytesutil.ToBytes32(headRoot), blockEpoch)
+		if err != nil {
+			return nil, err
+		}
+		blockDependent, err := s.cfg.chain.DependentRootForEpoch(blockRoot, blockEpoch)
+		if err != nil {
+			return nil, err
+		}
+		if bytes.Equal(headDependent[:], blockDependent[:]) {
+			return s.cfg.chain.HeadStateReadOnly(ctx)
+		}
+	}
+
+	headState, err := s.cfg.chain.HeadState(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return transition.ProcessSlotsUsingNextSlotCache(ctx, headState, headRoot, blockSlot)
+}
--- a/beacon-chain/sync/validate_payload_attestation_test.go
+++ b/beacon-chain/sync/validate_payload_attestation_test.go
@@ -0,0 +1,165 @@
+package sync
+
+import (
+	"bytes"
+	"context"
+	"reflect"
+	"testing"
+	"time"
+
+	mock "github.com/OffchainLabs/prysm/v7/beacon-chain/blockchain/testing"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/cache"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/p2p"
+	p2ptest "github.com/OffchainLabs/prysm/v7/beacon-chain/p2p/testing"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/startup"
+	mockSync "github.com/OffchainLabs/prysm/v7/beacon-chain/sync/initial-sync/testing"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/verification"
+	fieldparams "github.com/OffchainLabs/prysm/v7/config/fieldparams"
+	"github.com/OffchainLabs/prysm/v7/config/params"
+	payloadattestation "github.com/OffchainLabs/prysm/v7/consensus-types/payload-attestation"
+	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
+	"github.com/OffchainLabs/prysm/v7/testing/require"
+	"github.com/OffchainLabs/prysm/v7/testing/util"
+	pubsub "github.com/libp2p/go-libp2p-pubsub"
+	pb "github.com/libp2p/go-libp2p-pubsub/pb"
+	"github.com/pkg/errors"
+)
+
+func TestValidatePayloadAttestationMessage_IncorrectTopic(t *testing.T) {
+	ctx := context.Background()
+	p := p2ptest.NewTestP2P(t)
+	chainService := &mock.ChainService{Genesis: time.Unix(time.Now().Unix()-int64(params.BeaconConfig().SecondsPerSlot), 0)}
+	s := &Service{
+		payloadAttestationCache: &cache.PayloadAttestationCache{},
+		cfg:                     &config{chain: chainService, p2p: p, initialSync: &mockSync.Sync{}, clock: startup.NewClock(chainService.Genesis, chainService.ValidatorsRoot)}}
+
+	msg := util.HydratePayloadAttestation(&ethpb.PayloadAttestation{}) // Using payload attestation for message should fail.
+	buf := new(bytes.Buffer)
+	_, err := p.Encoding().EncodeGossip(buf, msg)
+	require.NoError(t, err)
+
+	topic := p2p.GossipTypeMapping[reflect.TypeFor[*ethpb.PayloadAttestation]()]
+	digest, err := s.currentForkDigest()
+	require.NoError(t, err)
+	topic = s.addDigestToTopic(topic, digest)
+
+	result, err := s.validatePayloadAttestation(ctx, "", &pubsub.Message{
+		Message: &pb.Message{
+			Data:  buf.Bytes(),
+			Topic: &topic,
+		}})
+	require.ErrorContains(t, "extraction failed for topic", err)
+	require.Equal(t, result, pubsub.ValidationReject)
+}
+
+func TestValidatePayloadAttestationMessage_ErrorPathsWithMock(t *testing.T) {
+	tests := []struct {
+		error    error
+		verifier verification.NewPayloadAttestationMsgVerifier
+		result   pubsub.ValidationResult
+	}{
+		{
+			error: errors.New("incorrect slot"),
+			verifier: func(pa payloadattestation.ROMessage, reqs []verification.Requirement) verification.PayloadAttestationMsgVerifier {
+				return &verification.MockPayloadAttestation{ErrIncorrectPayloadAttSlot: errors.New("incorrect slot")}
+			},
+			result: pubsub.ValidationIgnore,
+		},
+		{
+			error: errors.New("block root seen"),
+			verifier: func(pa payloadattestation.ROMessage, reqs []verification.Requirement) verification.PayloadAttestationMsgVerifier {
+				return &verification.MockPayloadAttestation{ErrPayloadAttBlockRootNotSeen: errors.New("block root seen")}
+			},
+			result: pubsub.ValidationIgnore,
+		},
+		{
+			error: errors.New("block root invalid"),
+			verifier: func(pa payloadattestation.ROMessage, reqs []verification.Requirement) verification.PayloadAttestationMsgVerifier {
+				return &verification.MockPayloadAttestation{ErrPayloadAttBlockRootInvalid: errors.New("block root invalid")}
+			},
+			result: pubsub.ValidationReject,
+		},
+		{
+			error: errors.New("validator not in PTC"),
+			verifier: func(pa payloadattestation.ROMessage, reqs []verification.Requirement) verification.PayloadAttestationMsgVerifier {
+				return &verification.MockPayloadAttestation{ErrIncorrectPayloadAttValidator: errors.New("validator not in PTC")}
+			},
+			result: pubsub.ValidationReject,
+		},
+		{
+			error: errors.New("incorrect signature"),
+			verifier: func(pa payloadattestation.ROMessage, reqs []verification.Requirement) verification.PayloadAttestationMsgVerifier {
+				return &verification.MockPayloadAttestation{ErrInvalidMessageSignature: errors.New("incorrect signature")}
+			},
+			result: pubsub.ValidationReject,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.error.Error(), func(t *testing.T) {
+			ctx := context.Background()
+			p := p2ptest.NewTestP2P(t)
+			chainService := &mock.ChainService{Genesis: time.Unix(time.Now().Unix()-int64(params.BeaconConfig().SecondsPerSlot), 0)}
+			s := &Service{
+				payloadAttestationCache: &cache.PayloadAttestationCache{},
+				cfg:                     &config{chain: chainService, p2p: p, initialSync: &mockSync.Sync{}, clock: startup.NewClock(chainService.Genesis, chainService.ValidatorsRoot)}}
+			s.newPayloadAttestationVerifier = tt.verifier
+
+			msg := newPayloadAttestationMessage()
+			buf := new(bytes.Buffer)
+			_, err := p.Encoding().EncodeGossip(buf, msg)
+			require.NoError(t, err)
+
+			topic := p2p.GossipTypeMapping[reflect.TypeFor[*ethpb.PayloadAttestationMessage]()]
+			digest, err := s.currentForkDigest()
+			require.NoError(t, err)
+			topic = s.addDigestToTopic(topic, digest)
+
+			result, err := s.validatePayloadAttestation(ctx, "", &pubsub.Message{
+				Message: &pb.Message{
+					Data:  buf.Bytes(),
+					Topic: &topic,
+				}})
+
+			require.ErrorContains(t, tt.error.Error(), err)
+			require.Equal(t, result, tt.result)
+		})
+	}
+}
+
+func TestValidatePayloadAttestationMessage_Accept(t *testing.T) {
+	ctx := context.Background()
+	p := p2ptest.NewTestP2P(t)
+	chainService := &mock.ChainService{Genesis: time.Unix(time.Now().Unix()-int64(params.BeaconConfig().SecondsPerSlot), 0)}
+	s := &Service{
+		payloadAttestationCache: &cache.PayloadAttestationCache{},
+		cfg:                     &config{chain: chainService, p2p: p, initialSync: &mockSync.Sync{}, clock: startup.NewClock(chainService.Genesis, chainService.ValidatorsRoot)}}
+	s.newPayloadAttestationVerifier = func(pa payloadattestation.ROMessage, reqs []verification.Requirement) verification.PayloadAttestationMsgVerifier {
+		return &verification.MockPayloadAttestation{}
+	}
+
+	msg := newPayloadAttestationMessage()
+	buf := new(bytes.Buffer)
+	_, err := p.Encoding().EncodeGossip(buf, msg)
+	require.NoError(t, err)
+
+	topic := p2p.GossipTypeMapping[reflect.TypeFor[*ethpb.PayloadAttestationMessage]()]
+	digest, err := s.currentForkDigest()
+	require.NoError(t, err)
+	topic = s.addDigestToTopic(topic, digest)
+
+	result, err := s.validatePayloadAttestation(ctx, "", &pubsub.Message{
+		Message: &pb.Message{
+			Data:  buf.Bytes(),
+			Topic: &topic,
+		}})
+	require.NoError(t, err)
+	require.Equal(t, result, pubsub.ValidationAccept)
+}
+
+func newPayloadAttestationMessage() *ethpb.PayloadAttestationMessage {
+	return &ethpb.PayloadAttestationMessage{
+		ValidatorIndex: 0,
+		Data:           util.HydratePayloadAttestationData(&ethpb.PayloadAttestationData{Slot: 1}),
+		Signature:      make([]byte, fieldparams.BLSSignatureLength),
+	}
+}
--- a/beacon-chain/verification/BUILD.bazel
+++ b/beacon-chain/verification/BUILD.bazel
@@ -8,6 +8,7 @@ go_library(
        "cache.go",
        "data_column.go",
        "error.go",
+        "execution_payload_envelope.go",
        "fake.go",
        "filesystem.go",
        "initializer.go",
@@ -15,12 +16,16 @@ go_library(
        "log.go",
        "metrics.go",
        "mock.go",
+        "payload_attestation.go",
+        "payload_attestation_mock.go",
+        "requirements.go",
        "result.go",
    ],
    importpath = "github.com/OffchainLabs/prysm/v7/beacon-chain/verification",
    visibility = ["//visibility:public"],
    deps = [
        "//beacon-chain/blockchain/kzg:go_default_library",
+        "//beacon-chain/core/gloas:go_default_library",
        "//beacon-chain/core/helpers:go_default_library",
        "//beacon-chain/core/peerdas:go_default_library",
        "//beacon-chain/core/signing:go_default_library",
@@ -32,6 +37,8 @@ go_library(
        "//config/fieldparams:go_default_library",
        "//config/params:go_default_library",
        "//consensus-types/blocks:go_default_library",
+        "//consensus-types/interfaces:go_default_library",
+        "//consensus-types/payload-attestation:go_default_library",
        "//consensus-types/primitives:go_default_library",
        "//crypto/bls:go_default_library",
        "//encoding/bytesutil:go_default_library",
@@ -55,14 +62,17 @@ go_test(
        "blob_test.go",
        "cache_test.go",
        "data_column_test.go",
+        "execution_payload_envelope_test.go",
        "filesystem_test.go",
        "initializer_test.go",
+        "payload_attestation_test.go",
        "result_test.go",
        "verification_test.go",
    ],
    embed = [":go_default_library"],
    deps = [
        "//beacon-chain/blockchain/kzg:go_default_library",
+        "//beacon-chain/core/helpers:go_default_library",
        "//beacon-chain/core/peerdas:go_default_library",
        "//beacon-chain/core/signing:go_default_library",
        "//beacon-chain/db:go_default_library",
@@ -73,9 +83,13 @@ go_test(
        "//config/fieldparams:go_default_library",
        "//config/params:go_default_library",
        "//consensus-types/blocks:go_default_library",
+        "//consensus-types/interfaces:go_default_library",
+        "//consensus-types/payload-attestation:go_default_library",
        "//consensus-types/primitives:go_default_library",
        "//crypto/bls:go_default_library",
+        "//crypto/bls/common:go_default_library",
        "//encoding/bytesutil:go_default_library",
+        "//proto/engine/v1:go_default_library",
        "//proto/prysm/v1alpha1:go_default_library",
        "//runtime/interop:go_default_library",
        "//testing/require:go_default_library",
--- a/beacon-chain/verification/blob.go
+++ b/beacon-chain/verification/blob.go
@@ -14,24 +14,6 @@ import (
 	"github.com/pkg/errors"
 )

-const (
-	RequireBlobIndexInBounds Requirement = iota
-	RequireNotFromFutureSlot
-	RequireSlotAboveFinalized
-	RequireValidProposerSignature
-	RequireSidecarParentSeen
-	RequireSidecarParentValid
-	RequireSidecarParentSlotLower
-	RequireSidecarDescendsFromFinalized
-	RequireSidecarInclusionProven
-	RequireSidecarKzgProofVerified
-	RequireSidecarProposerExpected
-
-	// Data columns specific.
-	RequireValidFields
-	RequireCorrectSubnet
-)
-
 var allBlobSidecarRequirements = []Requirement{
 	RequireBlobIndexInBounds,
 	RequireNotFromFutureSlot,
--- a/beacon-chain/verification/execution_payload_envelope.go
+++ b/beacon-chain/verification/execution_payload_envelope.go
@@ -0,0 +1,229 @@
+package verification
+
+import (
+	"fmt"
+
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/signing"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/state"
+	"github.com/OffchainLabs/prysm/v7/config/params"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/interfaces"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
+	"github.com/OffchainLabs/prysm/v7/crypto/bls"
+	"github.com/OffchainLabs/prysm/v7/time/slots"
+	"github.com/pkg/errors"
+)
+
+// ExecutionPayloadEnvelopeVerifier defines the methods implemented by the ROSignedExecutionPayloadEnvelope.
+type ExecutionPayloadEnvelopeVerifier interface {
+	VerifyBlockRootSeen(func([32]byte) bool) error
+	VerifyBlockRootValid(func([32]byte) bool) error
+	VerifySlotAboveFinalized(primitives.Epoch) error
+	VerifySlotMatchesBlock(primitives.Slot) error
+	VerifyBuilderValid(interfaces.ROExecutionPayloadBid) error
+	VerifyPayloadHash(interfaces.ROExecutionPayloadBid) error
+	VerifySignature(state.ReadOnlyBeaconState) error
+	SatisfyRequirement(Requirement)
+}
+
+// NewExecutionPayloadEnvelopeVerifier is a function signature that can be used by code that needs to be
+// able to mock Initializer.NewExecutionPayloadEnvelopeVerifier without complex setup.
+type NewExecutionPayloadEnvelopeVerifier func(e interfaces.ROSignedExecutionPayloadEnvelope, reqs []Requirement) ExecutionPayloadEnvelopeVerifier
+
+// ExecutionPayloadEnvelopeGossipRequirements defines the list of requirements for gossip
+// execution payload envelopes.
+var ExecutionPayloadEnvelopeGossipRequirements = []Requirement{
+	RequireBlockRootSeen,
+	RequireBlockRootValid,
+	RequireEnvelopeSlotAboveFinalized,
+	RequireEnvelopeSlotMatchesBlock,
+	RequireBuilderValid,
+	RequirePayloadHashValid,
+	RequireBuilderSignatureValid,
+}
+
+// GossipExecutionPayloadEnvelopeRequirements is a requirement list for gossip execution payload envelopes.
+var GossipExecutionPayloadEnvelopeRequirements = requirementList(ExecutionPayloadEnvelopeGossipRequirements)
+
+var (
+	ErrEnvelopeBlockRootNotSeen    = errors.New("block root not seen")
+	ErrEnvelopeBlockRootInvalid    = errors.New("block root invalid")
+	ErrEnvelopeSlotBeforeFinalized = errors.New("envelope slot is before finalized checkpoint")
+	ErrEnvelopeSlotMismatch        = errors.New("envelope slot does not match block slot")
+	ErrIncorrectEnvelopeBuilder    = errors.New("builder index does not match committed header")
+	ErrIncorrectEnvelopeBlockHash  = errors.New("block hash does not match committed header")
+)
+
+var _ ExecutionPayloadEnvelopeVerifier = &EnvelopeVerifier{}
+
+// EnvelopeVerifier is a read-only verifier for execution payload envelopes.
+type EnvelopeVerifier struct {
+	results *results
+	e       interfaces.ROSignedExecutionPayloadEnvelope
+}
+
+// VerifyBlockRootSeen verifies if the block root has been seen before.
+func (v *EnvelopeVerifier) VerifyBlockRootSeen(parentSeen func([32]byte) bool) (err error) {
+	defer v.record(RequireBlockRootSeen, &err)
+	env, err := v.e.Envelope()
+	if err != nil {
+		return errors.Wrap(err, "failed to get envelope")
+	}
+	if parentSeen != nil && parentSeen(env.BeaconBlockRoot()) {
+		return nil
+	}
+	return fmt.Errorf("%w: root=%#x slot=%d builder=%d", ErrEnvelopeBlockRootNotSeen, env.BeaconBlockRoot(), env.Slot(), env.BuilderIndex())
+}
+
+// VerifyBlockRootValid verifies if the block root is valid.
+func (v *EnvelopeVerifier) VerifyBlockRootValid(badBlock func([32]byte) bool) (err error) {
+	defer v.record(RequireBlockRootValid, &err)
+	env, err := v.e.Envelope()
+	if err != nil {
+		return errors.Wrap(err, "failed to get envelope")
+	}
+	if badBlock != nil && badBlock(env.BeaconBlockRoot()) {
+		return fmt.Errorf("%w: root=%#x slot=%d builder=%d", ErrEnvelopeBlockRootInvalid, env.BeaconBlockRoot(), env.Slot(), env.BuilderIndex())
+	}
+	return nil
+}
+
+// VerifySlotAboveFinalized ensures the envelope slot is not before the latest finalized epoch start.
+func (v *EnvelopeVerifier) VerifySlotAboveFinalized(finalizedEpoch primitives.Epoch) (err error) {
+	defer v.record(RequireEnvelopeSlotAboveFinalized, &err)
+	env, err := v.e.Envelope()
+	if err != nil {
+		return errors.Wrap(err, "failed to get envelope")
+	}
+	startSlot, err := slots.EpochStart(finalizedEpoch)
+	if err != nil {
+		return errors.Wrapf(ErrEnvelopeSlotBeforeFinalized, "error computing epoch start slot for finalized checkpoint (%d) %s", finalizedEpoch, err.Error())
+	}
+	if env.Slot() < startSlot {
+		return fmt.Errorf("%w: slot=%d start=%d", ErrEnvelopeSlotBeforeFinalized, env.Slot(), startSlot)
+	}
+	return nil
+}
+
+// VerifySlotMatchesBlock ensures the envelope slot matches the block slot.
+func (v *EnvelopeVerifier) VerifySlotMatchesBlock(blockSlot primitives.Slot) (err error) {
+	defer v.record(RequireEnvelopeSlotMatchesBlock, &err)
+	env, err := v.e.Envelope()
+	if err != nil {
+		return errors.Wrap(err, "failed to get envelope")
+	}
+	if env.Slot() != blockSlot {
+		return fmt.Errorf("%w: envelope=%d block=%d", ErrEnvelopeSlotMismatch, env.Slot(), blockSlot)
+	}
+	return nil
+}
+
+// VerifyBuilderValid checks that the builder index matches the one in the bid.
+func (v *EnvelopeVerifier) VerifyBuilderValid(bid interfaces.ROExecutionPayloadBid) (err error) {
+	defer v.record(RequireBuilderValid, &err)
+	env, err := v.e.Envelope()
+	if err != nil {
+		return errors.Wrap(err, "failed to get envelope")
+	}
+	if bid.BuilderIndex() != env.BuilderIndex() {
+		return fmt.Errorf("%w: envelope=%d bid=%d", ErrIncorrectEnvelopeBuilder, env.BuilderIndex(), bid.BuilderIndex())
+	}
+	return nil
+}
+
+// VerifyPayloadHash checks that the payload blockhash matches the one in the bid.
+func (v *EnvelopeVerifier) VerifyPayloadHash(bid interfaces.ROExecutionPayloadBid) (err error) {
+	defer v.record(RequirePayloadHashValid, &err)
+	env, err := v.e.Envelope()
+	if err != nil {
+		return errors.Wrap(err, "failed to get envelope")
+	}
+	if env.IsBlinded() {
+		return nil
+	}
+	payload, err := env.Execution()
+	if err != nil {
+		return errors.Wrap(err, "failed to get payload execution")
+	}
+	if bid.BlockHash() != [32]byte(payload.BlockHash()) {
+		return fmt.Errorf("%w: payload=%#x bid=%#x", ErrIncorrectEnvelopeBlockHash, payload.BlockHash(), bid.BlockHash())
+	}
+	return nil
+}
+
+// VerifySignature verifies the signature of the execution payload envelope.
+func (v *EnvelopeVerifier) VerifySignature(st state.ReadOnlyBeaconState) (err error) {
+	defer v.record(RequireBuilderSignatureValid, &err)
+
+	err = validatePayloadEnvelopeSignature(st, v.e)
+	if err != nil {
+		env, envErr := v.e.Envelope()
+		if envErr != nil {
+			return errors.Wrap(err, "failed to get envelope for signature validation")
+		}
+		return errors.Wrapf(err, "signature validation failed: root=%#x slot=%d builder=%d", env.BeaconBlockRoot(), env.Slot(), env.BuilderIndex())
+	}
+	return nil
+}
+
+// SatisfyRequirement allows the caller to manually mark a requirement as satisfied.
+func (v *EnvelopeVerifier) SatisfyRequirement(req Requirement) {
+	v.record(req, nil)
+}
+
+// record records the result of a requirement verification.
+func (v *EnvelopeVerifier) record(req Requirement, err *error) {
+	if err == nil || *err == nil {
+		v.results.record(req, nil)
+		return
+	}
+
+	v.results.record(req, *err)
+}
+
+// validatePayloadEnvelopeSignature verifies the signature of a signed execution payload envelope
+func validatePayloadEnvelopeSignature(st state.ReadOnlyBeaconState, e interfaces.ROSignedExecutionPayloadEnvelope) error {
+	env, err := e.Envelope()
+	if err != nil {
+		return errors.Wrap(err, "failed to get envelope")
+	}
+	var pubkey []byte
+	if env.BuilderIndex() == params.BeaconConfig().BuilderIndexSelfBuild {
+		header := st.LatestBlockHeader()
+		if header == nil {
+			return errors.New("latest block header is nil")
+		}
+		val, err := st.ValidatorAtIndex(primitives.ValidatorIndex(header.ProposerIndex))
+		if err != nil {
+			return errors.Wrap(err, "failed to get proposer validator")
+		}
+		pubkey = val.PublicKey
+	} else {
+		builderPubkey, err := st.BuilderPubkey(env.BuilderIndex())
+		if err != nil {
+			return errors.Wrap(err, "failed to get builder pubkey")
+		}
+		pubkey = builderPubkey[:]
+	}
+	pub, err := bls.PublicKeyFromBytes(pubkey)
+	if err != nil {
+		return errors.Wrap(err, "invalid public key")
+	}
+	s := e.Signature()
+	sig, err := bls.SignatureFromBytes(s[:])
+	if err != nil {
+		return errors.Wrap(err, "invalid signature format")
+	}
+	currentEpoch := slots.ToEpoch(st.Slot())
+	domain, err := signing.Domain(st.Fork(), currentEpoch, params.BeaconConfig().DomainBeaconBuilder, st.GenesisValidatorsRoot())
+	if err != nil {
+		return errors.Wrap(err, "failed to compute signing domain")
+	}
+	root, err := e.SigningRoot(domain)
+	if err != nil {
+		return errors.Wrap(err, "failed to compute signing root")
+	}
+	if !sig.Verify(pub, root[:]) {
+		return signing.ErrSigFailedToVerify
+	}
+	return nil
+}
--- a/beacon-chain/verification/execution_payload_envelope_test.go
+++ b/beacon-chain/verification/execution_payload_envelope_test.go
@@ -0,0 +1,258 @@
+package verification
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/signing"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/state"
+	"github.com/OffchainLabs/prysm/v7/config/params"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/blocks"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/interfaces"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
+	"github.com/OffchainLabs/prysm/v7/crypto/bls"
+	"github.com/OffchainLabs/prysm/v7/encoding/bytesutil"
+	enginev1 "github.com/OffchainLabs/prysm/v7/proto/engine/v1"
+	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
+	"github.com/OffchainLabs/prysm/v7/testing/require"
+	"github.com/OffchainLabs/prysm/v7/testing/util"
+	"github.com/OffchainLabs/prysm/v7/time/slots"
+)
+
+func TestEnvelopeVerifier_VerifySlotAboveFinalized(t *testing.T) {
+	root := bytesutil.ToBytes32(bytes.Repeat([]byte{0xAA}, 32))
+	blockHash := bytesutil.ToBytes32(bytes.Repeat([]byte{0xBB}, 32))
+	env := testSignedExecutionPayloadEnvelope(t, 1, 1, root, blockHash)
+	wrapped, err := blocks.WrappedROSignedExecutionPayloadEnvelope(env)
+	require.NoError(t, err)
+
+	verifier := &EnvelopeVerifier{results: newResults(RequireEnvelopeSlotAboveFinalized), e: wrapped}
+	require.ErrorIs(t, verifier.VerifySlotAboveFinalized(1), ErrEnvelopeSlotBeforeFinalized)
+
+	verifier = &EnvelopeVerifier{results: newResults(RequireEnvelopeSlotAboveFinalized), e: wrapped}
+	require.NoError(t, verifier.VerifySlotAboveFinalized(0))
+}
+
+func TestEnvelopeVerifier_VerifySlotMatchesBlock(t *testing.T) {
+	root := bytesutil.ToBytes32(bytes.Repeat([]byte{0xAA}, 32))
+	blockHash := bytesutil.ToBytes32(bytes.Repeat([]byte{0xBB}, 32))
+	env := testSignedExecutionPayloadEnvelope(t, 2, 1, root, blockHash)
+	wrapped, err := blocks.WrappedROSignedExecutionPayloadEnvelope(env)
+	require.NoError(t, err)
+
+	verifier := &EnvelopeVerifier{results: newResults(RequireEnvelopeSlotMatchesBlock), e: wrapped}
+	require.ErrorIs(t, verifier.VerifySlotMatchesBlock(3), ErrEnvelopeSlotMismatch)
+
+	verifier = &EnvelopeVerifier{results: newResults(RequireEnvelopeSlotMatchesBlock), e: wrapped}
+	require.NoError(t, verifier.VerifySlotMatchesBlock(2))
+}
+
+func TestEnvelopeVerifier_VerifyBlockRootSeen(t *testing.T) {
+	root := bytesutil.ToBytes32(bytes.Repeat([]byte{0xAA}, 32))
+	blockHash := bytesutil.ToBytes32(bytes.Repeat([]byte{0xBB}, 32))
+	env := testSignedExecutionPayloadEnvelope(t, 1, 1, root, blockHash)
+	wrapped, err := blocks.WrappedROSignedExecutionPayloadEnvelope(env)
+	require.NoError(t, err)
+
+	verifier := &EnvelopeVerifier{results: newResults(RequireBlockRootSeen), e: wrapped}
+	require.ErrorIs(t, verifier.VerifyBlockRootSeen(func([32]byte) bool { return false }), ErrEnvelopeBlockRootNotSeen)
+
+	verifier = &EnvelopeVerifier{results: newResults(RequireBlockRootSeen), e: wrapped}
+	require.NoError(t, verifier.VerifyBlockRootSeen(func([32]byte) bool { return true }))
+}
+
+func TestEnvelopeVerifier_VerifyBlockRootValid(t *testing.T) {
+	root := bytesutil.ToBytes32(bytes.Repeat([]byte{0xAA}, 32))
+	blockHash := bytesutil.ToBytes32(bytes.Repeat([]byte{0xBB}, 32))
+	env := testSignedExecutionPayloadEnvelope(t, 1, 1, root, blockHash)
+	wrapped, err := blocks.WrappedROSignedExecutionPayloadEnvelope(env)
+	require.NoError(t, err)
+
+	verifier := &EnvelopeVerifier{results: newResults(RequireBlockRootValid), e: wrapped}
+	require.ErrorIs(t, verifier.VerifyBlockRootValid(func([32]byte) bool { return true }), ErrEnvelopeBlockRootInvalid)
+
+	verifier = &EnvelopeVerifier{results: newResults(RequireBlockRootValid), e: wrapped}
+	require.NoError(t, verifier.VerifyBlockRootValid(func([32]byte) bool { return false }))
+}
+
+func TestEnvelopeVerifier_VerifyBuilderValid(t *testing.T) {
+	root := bytesutil.ToBytes32(bytes.Repeat([]byte{0xAA}, 32))
+	blockHash := bytesutil.ToBytes32(bytes.Repeat([]byte{0xBB}, 32))
+	env := testSignedExecutionPayloadEnvelope(t, 1, 1, root, blockHash)
+	wrapped, err := blocks.WrappedROSignedExecutionPayloadEnvelope(env)
+	require.NoError(t, err)
+
+	badBid := testExecutionPayloadBid(t, 1, 2, blockHash)
+	verifier := &EnvelopeVerifier{results: newResults(RequireBuilderValid), e: wrapped}
+	require.ErrorIs(t, verifier.VerifyBuilderValid(badBid), ErrIncorrectEnvelopeBuilder)
+
+	okBid := testExecutionPayloadBid(t, 1, 1, blockHash)
+	verifier = &EnvelopeVerifier{results: newResults(RequireBuilderValid), e: wrapped}
+	require.NoError(t, verifier.VerifyBuilderValid(okBid))
+}
+
+func TestEnvelopeVerifier_VerifyPayloadHash(t *testing.T) {
+	root := bytesutil.ToBytes32(bytes.Repeat([]byte{0xAA}, 32))
+	blockHash := bytesutil.ToBytes32(bytes.Repeat([]byte{0xBB}, 32))
+	env := testSignedExecutionPayloadEnvelope(t, 1, 1, root, blockHash)
+	wrapped, err := blocks.WrappedROSignedExecutionPayloadEnvelope(env)
+	require.NoError(t, err)
+
+	badHash := bytesutil.ToBytes32(bytes.Repeat([]byte{0xCC}, 32))
+	badBid := testExecutionPayloadBid(t, 1, 1, badHash)
+	verifier := &EnvelopeVerifier{results: newResults(RequirePayloadHashValid), e: wrapped}
+	require.ErrorIs(t, verifier.VerifyPayloadHash(badBid), ErrIncorrectEnvelopeBlockHash)
+
+	okBid := testExecutionPayloadBid(t, 1, 1, blockHash)
+	verifier = &EnvelopeVerifier{results: newResults(RequirePayloadHashValid), e: wrapped}
+	require.NoError(t, verifier.VerifyPayloadHash(okBid))
+}
+
+func TestEnvelopeVerifier_VerifySignature_Builder(t *testing.T) {
+	slot := primitives.Slot(1)
+	root := bytesutil.ToBytes32(bytes.Repeat([]byte{0xAA}, 32))
+	blockHash := bytesutil.ToBytes32(bytes.Repeat([]byte{0xBB}, 32))
+	env := testSignedExecutionPayloadEnvelope(t, slot, 0, root, blockHash)
+
+	sk, err := bls.RandKey()
+	require.NoError(t, err)
+	builderPubkey := sk.PublicKey().Marshal()
+
+	st := newGloasState(t, slot, nil, nil, []*ethpb.Builder{{Pubkey: builderPubkey}})
+
+	sig := signEnvelope(t, sk, env.Message, st.Fork(), st.GenesisValidatorsRoot(), slot)
+	env.Signature = sig[:]
+	wrapped, err := blocks.WrappedROSignedExecutionPayloadEnvelope(env)
+	require.NoError(t, err)
+
+	verifier := &EnvelopeVerifier{results: newResults(RequireBuilderSignatureValid), e: wrapped}
+	require.NoError(t, verifier.VerifySignature(st))
+
+	sk2, err := bls.RandKey()
+	require.NoError(t, err)
+	badSig := signEnvelope(t, sk2, env.Message, st.Fork(), st.GenesisValidatorsRoot(), slot)
+	env.Signature = badSig[:]
+	wrapped, err = blocks.WrappedROSignedExecutionPayloadEnvelope(env)
+	require.NoError(t, err)
+	verifier = &EnvelopeVerifier{results: newResults(RequireBuilderSignatureValid), e: wrapped}
+	require.ErrorIs(t, verifier.VerifySignature(st), signing.ErrSigFailedToVerify)
+}
+
+func TestEnvelopeVerifier_VerifySignature_SelfBuild(t *testing.T) {
+	slot := primitives.Slot(2)
+	root := bytesutil.ToBytes32(bytes.Repeat([]byte{0xAA}, 32))
+	blockHash := bytesutil.ToBytes32(bytes.Repeat([]byte{0xBB}, 32))
+	env := testSignedExecutionPayloadEnvelope(t, slot, params.BeaconConfig().BuilderIndexSelfBuild, root, blockHash)
+
+	sk, err := bls.RandKey()
+	require.NoError(t, err)
+	validatorPubkey := sk.PublicKey().Marshal()
+
+	validators := []*ethpb.Validator{{PublicKey: validatorPubkey}}
+	balances := []uint64{0}
+	st := newGloasState(t, slot, validators, balances, nil)
+
+	sig := signEnvelope(t, sk, env.Message, st.Fork(), st.GenesisValidatorsRoot(), slot)
+	env.Signature = sig[:]
+	wrapped, err := blocks.WrappedROSignedExecutionPayloadEnvelope(env)
+	require.NoError(t, err)
+
+	verifier := &EnvelopeVerifier{results: newResults(RequireBuilderSignatureValid), e: wrapped}
+	require.NoError(t, verifier.VerifySignature(st))
+}
+
+func testSignedExecutionPayloadEnvelope(t *testing.T, slot primitives.Slot, builderIdx primitives.BuilderIndex, root, blockHash [32]byte) *ethpb.SignedExecutionPayloadEnvelope {
+	t.Helper()
+
+	payload := &enginev1.ExecutionPayloadDeneb{
+		ParentHash:    bytes.Repeat([]byte{0x01}, 32),
+		FeeRecipient:  bytes.Repeat([]byte{0x02}, 20),
+		StateRoot:     bytes.Repeat([]byte{0x03}, 32),
+		ReceiptsRoot:  bytes.Repeat([]byte{0x04}, 32),
+		LogsBloom:     bytes.Repeat([]byte{0x05}, 256),
+		PrevRandao:    bytes.Repeat([]byte{0x06}, 32),
+		BlockNumber:   1,
+		GasLimit:      2,
+		GasUsed:       3,
+		Timestamp:     4,
+		BaseFeePerGas: bytes.Repeat([]byte{0x07}, 32),
+		BlockHash:     blockHash[:],
+		Transactions:  [][]byte{},
+		Withdrawals:   []*enginev1.Withdrawal{},
+		BlobGasUsed:   0,
+		ExcessBlobGas: 0,
+	}
+
+	return &ethpb.SignedExecutionPayloadEnvelope{
+		Message: &ethpb.ExecutionPayloadEnvelope{
+			Payload: payload,
+			ExecutionRequests: &enginev1.ExecutionRequests{
+				Deposits: []*enginev1.DepositRequest{},
+			},
+			BuilderIndex:    builderIdx,
+			BeaconBlockRoot: root[:],
+			Slot:            slot,
+			StateRoot:       bytes.Repeat([]byte{0xBB}, 32),
+		},
+		Signature: bytes.Repeat([]byte{0xCC}, 96),
+	}
+}
+
+func testExecutionPayloadBid(t *testing.T, slot primitives.Slot, builderIdx primitives.BuilderIndex, blockHash [32]byte) interfaces.ROExecutionPayloadBid {
+	t.Helper()
+
+	signed := util.GenerateTestSignedExecutionPayloadBid(slot)
+	signed.Message.BuilderIndex = builderIdx
+	copy(signed.Message.BlockHash, blockHash[:])
+
+	wrapped, err := blocks.WrappedROSignedExecutionPayloadBid(signed)
+	require.NoError(t, err)
+	bid, err := wrapped.Bid()
+	require.NoError(t, err)
+	return bid
+}
+
+func newGloasState(
+	t *testing.T,
+	slot primitives.Slot,
+	validators []*ethpb.Validator,
+	balances []uint64,
+	builders []*ethpb.Builder,
+) state.BeaconState {
+	t.Helper()
+
+	genesisRoot := bytes.Repeat([]byte{0x11}, 32)
+	st, err := util.NewBeaconStateGloas(func(s *ethpb.BeaconStateGloas) error {
+		s.Slot = slot
+		s.GenesisValidatorsRoot = genesisRoot
+		if validators != nil {
+			s.Validators = validators
+		}
+		if balances != nil {
+			s.Balances = balances
+		}
+		if s.LatestBlockHeader != nil {
+			s.LatestBlockHeader.ProposerIndex = 0
+		}
+		if builders != nil {
+			s.Builders = builders
+		}
+		return nil
+	})
+	require.NoError(t, err)
+	return st
+}
+
+func signEnvelope(t *testing.T, sk bls.SecretKey, env *ethpb.ExecutionPayloadEnvelope, fork *ethpb.Fork, genesisRoot []byte, slot primitives.Slot) [96]byte {
+	t.Helper()
+
+	epoch := slots.ToEpoch(slot)
+	domain, err := signing.Domain(fork, epoch, params.BeaconConfig().DomainBeaconBuilder, genesisRoot)
+	require.NoError(t, err)
+	root, err := signing.ComputeSigningRoot(env, domain)
+	require.NoError(t, err)
+	sig := sk.Sign(root[:]).Marshal()
+	var out [96]byte
+	copy(out[:], sig)
+	return out
+}
--- a/beacon-chain/verification/initializer.go
+++ b/beacon-chain/verification/initializer.go
@@ -12,6 +12,8 @@ import (
 	fieldparams "github.com/OffchainLabs/prysm/v7/config/fieldparams"
 	"github.com/OffchainLabs/prysm/v7/config/params"
 	"github.com/OffchainLabs/prysm/v7/consensus-types/blocks"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/interfaces"
+	payloadattestation "github.com/OffchainLabs/prysm/v7/consensus-types/payload-attestation"
 	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
 	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
 	"golang.org/x/sync/singleflight"
@@ -86,6 +88,24 @@ func (ini *Initializer) NewDataColumnsVerifier(roDataColumns []blocks.RODataColu
 	}
 }

+// NewPayloadAttestationMsgVerifier creates a PayloadAttestationMsgVerifier for a single payload attestation message,
+// with the given set of requirements.
+func (ini *Initializer) NewPayloadAttestationMsgVerifier(pa payloadattestation.ROMessage, reqs []Requirement) *PayloadAttMsgVerifier {
+	return &PayloadAttMsgVerifier{
+		sharedResources: ini.shared,
+		results:         newResults(reqs...),
+		pa:              pa,
+	}
+}
+
+// NewPayloadEnvelopeVerifier creates a SignedExecutionPayloadEnvelopeVerifier for a single signed execution payload envelope with the given set of requirements.
+func (ini *Initializer) NewPayloadEnvelopeVerifier(ee interfaces.ROSignedExecutionPayloadEnvelope, reqs []Requirement) *EnvelopeVerifier {
+	return &EnvelopeVerifier{
+		results: newResults(reqs...),
+		e:       ee,
+	}
+}
+
 // InitializerWaiter provides an Initializer once all dependent resources are ready
 // via the WaitForInitializer method.
 type InitializerWaiter struct {
--- a/beacon-chain/verification/interface.go
+++ b/beacon-chain/verification/interface.go
@@ -3,8 +3,10 @@ package verification
 import (
 	"context"

+	"github.com/OffchainLabs/prysm/v7/beacon-chain/state"
 	fieldparams "github.com/OffchainLabs/prysm/v7/config/fieldparams"
 	"github.com/OffchainLabs/prysm/v7/consensus-types/blocks"
+	payloadattestation "github.com/OffchainLabs/prysm/v7/consensus-types/payload-attestation"
 )

 // BlobVerifier defines the methods implemented by the ROBlobVerifier.
@@ -54,3 +56,18 @@ type DataColumnsVerifier interface {
 // NewDataColumnsVerifier is a function signature that can be used to mock a setup where a
 // column verifier can be easily initialized.
 type NewDataColumnsVerifier func(dataColumns []blocks.RODataColumn, reqs []Requirement) DataColumnsVerifier
+
+// PayloadAttestationMsgVerifier defines the methods implemented by the ROPayloadAttestation.
+type PayloadAttestationMsgVerifier interface {
+	VerifyCurrentSlot() error
+	VerifyBlockRootSeen(blockRootSeen func([32]byte) bool) error
+	VerifyBlockRootValid(func([32]byte) bool) error
+	VerifyValidatorInPTC(context.Context, state.ReadOnlyBeaconState) error
+	VerifySignature(state.ReadOnlyBeaconState) error
+	VerifiedPayloadAttestation() (payloadattestation.VerifiedROMessage, error)
+	SatisfyRequirement(Requirement)
+}
+
+// NewPayloadAttestationMsgVerifier is a function signature that can be used by code that needs to be
+// able to mock Initializer.NewPayloadAttestationMsgVerifier without complex setup.
+type NewPayloadAttestationMsgVerifier func(pa payloadattestation.ROMessage, reqs []Requirement) PayloadAttestationMsgVerifier
--- a/beacon-chain/verification/payload_attestation.go
+++ b/beacon-chain/verification/payload_attestation.go
@@ -0,0 +1,177 @@
+package verification
+
+import (
+	"context"
+	"fmt"
+	"slices"
+
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/gloas"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/signing"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/state"
+	"github.com/OffchainLabs/prysm/v7/config/params"
+	payloadattestation "github.com/OffchainLabs/prysm/v7/consensus-types/payload-attestation"
+	"github.com/OffchainLabs/prysm/v7/crypto/bls"
+	"github.com/OffchainLabs/prysm/v7/time/slots"
+	"github.com/pkg/errors"
+)
+
+// RequirementList defines a list of requirements.
+type RequirementList []Requirement
+
+// PayloadAttGossipRequirements defines the list of requirements for gossip payload attestation messages.
+var PayloadAttGossipRequirements = []Requirement{
+	RequireCurrentSlot,
+	RequireMessageNotSeen,
+	RequireValidatorInPTC,
+	RequireBlockRootSeen,
+	RequireBlockRootValid,
+	RequireSignatureValid,
+}
+
+// GossipPayloadAttestationMessageRequirements is a requirement list for gossip payload attestation messages.
+var GossipPayloadAttestationMessageRequirements = RequirementList(PayloadAttGossipRequirements)
+
+var (
+	ErrIncorrectPayloadAttSlot      = errors.New("payload att slot does not match the current slot")
+	ErrPayloadAttBlockRootNotSeen   = errors.New("block root not seen")
+	ErrPayloadAttBlockRootInvalid   = errors.New("block root invalid")
+	ErrIncorrectPayloadAttValidator = errors.New("validator not present in payload timeliness committee")
+	ErrInvalidPayloadAttMessage     = errors.New("invalid payload attestation message")
+)
+
+var _ PayloadAttestationMsgVerifier = &PayloadAttMsgVerifier{}
+
+// PayloadAttMsgVerifier is a read-only verifier for payload attestation messages.
+type PayloadAttMsgVerifier struct {
+	*sharedResources
+	results *results
+	pa      payloadattestation.ROMessage
+}
+
+// VerifyCurrentSlot verifies if the current slot matches the expected slot.
+// Represents the following spec verification:
+// [IGNORE] data.slot is the current slot.
+func (v *PayloadAttMsgVerifier) VerifyCurrentSlot() (err error) {
+	defer v.record(RequireCurrentSlot, &err)
+
+	currentSlot := v.clock.CurrentSlot()
+	if v.pa.Slot() != currentSlot {
+		return fmt.Errorf("%w: got %d want %d", ErrIncorrectPayloadAttSlot, v.pa.Slot(), currentSlot)
+	}
+
+	return nil
+}
+
+// VerifyBlockRootSeen verifies if the block root has been seen before.
+// Represents the following spec verification:
+// [IGNORE] The attestation's data.beacon_block_root has been seen (via both gossip and non-gossip sources).
+func (v *PayloadAttMsgVerifier) VerifyBlockRootSeen(blockRootSeen func([32]byte) bool) (err error) {
+	defer v.record(RequireBlockRootSeen, &err)
+	if blockRootSeen != nil && blockRootSeen(v.pa.BeaconBlockRoot()) {
+		return nil
+	}
+	return fmt.Errorf("%w: root=%#x", ErrPayloadAttBlockRootNotSeen, v.pa.BeaconBlockRoot())
+}
+
+// VerifyBlockRootValid verifies if the block root is valid.
+// Represents the following spec verification:
+// [REJECT] The beacon block with root data.beacon_block_root passes validation.
+func (v *PayloadAttMsgVerifier) VerifyBlockRootValid(badBlock func([32]byte) bool) (err error) {
+	defer v.record(RequireBlockRootValid, &err)
+
+	if badBlock != nil && badBlock(v.pa.BeaconBlockRoot()) {
+		return fmt.Errorf("%w: root=%#x", ErrPayloadAttBlockRootInvalid, v.pa.BeaconBlockRoot())
+	}
+
+	return nil
+}
+
+// VerifyValidatorInPTC verifies if the validator is present.
+// Represents the following spec verification:
+// [REJECT] The validator index is within the payload committee in get_ptc(state, data.slot). For the current's slot head state.
+func (v *PayloadAttMsgVerifier) VerifyValidatorInPTC(ctx context.Context, st state.ReadOnlyBeaconState) (err error) {
+	defer v.record(RequireValidatorInPTC, &err)
+
+	ptc, err := gloas.PayloadCommittee(ctx, st, v.pa.Slot())
+	if err != nil {
+		return err
+	}
+
+	if slices.Index(ptc, v.pa.ValidatorIndex()) == -1 {
+		return fmt.Errorf("%w: validatorIndex=%d", ErrIncorrectPayloadAttValidator, v.pa.ValidatorIndex())
+	}
+
+	return nil
+}
+
+// VerifySignature verifies the signature of the payload attestation message.
+// Represents the following spec verification:
+// [REJECT] The signature of payload_attestation_message.signature is valid with respect to the validator index.
+func (v *PayloadAttMsgVerifier) VerifySignature(st state.ReadOnlyBeaconState) (err error) {
+	defer v.record(RequireSignatureValid, &err)
+
+	err = validatePayloadAttestationMessageSignature(st, v.pa)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// VerifiedPayloadAttestation returns a verified payload attestation message by checking all requirements.
+func (v *PayloadAttMsgVerifier) VerifiedPayloadAttestation() (payloadattestation.VerifiedROMessage, error) {
+	if v.results.allSatisfied() {
+		return payloadattestation.NewVerifiedROMessage(v.pa), nil
+	}
+	return payloadattestation.VerifiedROMessage{}, ErrInvalidPayloadAttMessage
+}
+
+// SatisfyRequirement allows the caller to manually mark a requirement as satisfied.
+func (v *PayloadAttMsgVerifier) SatisfyRequirement(req Requirement) {
+	v.record(req, nil)
+}
+
+// ValidatePayloadAttestationMessageSignature verifies the signature of a payload attestation message.
+func validatePayloadAttestationMessageSignature(st state.ReadOnlyBeaconState, payloadAtt payloadattestation.ROMessage) error {
+	val, err := st.ValidatorAtIndex(payloadAtt.ValidatorIndex())
+	if err != nil {
+		return fmt.Errorf("validator %d: %w", payloadAtt.ValidatorIndex(), err)
+	}
+
+	pub, err := bls.PublicKeyFromBytes(val.PublicKey)
+	if err != nil {
+		return fmt.Errorf("public key: %w", err)
+	}
+
+	s := payloadAtt.Signature()
+	sig, err := bls.SignatureFromBytes(s[:])
+	if err != nil {
+		return fmt.Errorf("signature bytes: %w", err)
+	}
+
+	currentEpoch := slots.ToEpoch(st.Slot())
+	domain, err := signing.Domain(st.Fork(), currentEpoch, params.BeaconConfig().DomainPTCAttester, st.GenesisValidatorsRoot())
+	if err != nil {
+		return fmt.Errorf("domain: %w", err)
+	}
+
+	root, err := payloadAtt.SigningRoot(domain)
+	if err != nil {
+		return fmt.Errorf("signing root: %w", err)
+	}
+
+	if !sig.Verify(pub, root[:]) {
+		return fmt.Errorf("verify signature: %w", signing.ErrSigFailedToVerify)
+	}
+	return nil
+}
+
+// record records the result of a requirement verification.
+func (v *PayloadAttMsgVerifier) record(req Requirement, err *error) {
+	if err == nil || *err == nil {
+		v.results.record(req, nil)
+		return
+	}
+
+	v.results.record(req, *err)
+}
--- a/beacon-chain/verification/payload_attestation_mock.go
+++ b/beacon-chain/verification/payload_attestation_mock.go
@@ -0,0 +1,46 @@
+package verification
+
+import (
+	"context"
+
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/state"
+	payloadattestation "github.com/OffchainLabs/prysm/v7/consensus-types/payload-attestation"
+)
+
+type MockPayloadAttestation struct {
+	ErrIncorrectPayloadAttSlot      error
+	ErrIncorrectPayloadAttValidator error
+	ErrPayloadAttBlockRootNotSeen   error
+	ErrPayloadAttBlockRootInvalid   error
+	ErrInvalidPayloadAttMessage     error
+	ErrInvalidMessageSignature      error
+	ErrUnsatisfiedRequirement       error
+}
+
+var _ PayloadAttestationMsgVerifier = &MockPayloadAttestation{}
+
+func (m *MockPayloadAttestation) VerifyCurrentSlot() error {
+	return m.ErrIncorrectPayloadAttSlot
+}
+
+func (m *MockPayloadAttestation) VerifyValidatorInPTC(ctx context.Context, st state.ReadOnlyBeaconState) error {
+	return m.ErrIncorrectPayloadAttValidator
+}
+
+func (m *MockPayloadAttestation) VerifyBlockRootSeen(_ func([32]byte) bool) error {
+	return m.ErrPayloadAttBlockRootNotSeen
+}
+
+func (m *MockPayloadAttestation) VerifyBlockRootValid(func([32]byte) bool) error {
+	return m.ErrPayloadAttBlockRootInvalid
+}
+
+func (m *MockPayloadAttestation) VerifySignature(st state.ReadOnlyBeaconState) (err error) {
+	return m.ErrInvalidMessageSignature
+}
+
+func (m *MockPayloadAttestation) VerifiedPayloadAttestation() (payloadattestation.VerifiedROMessage, error) {
+	return payloadattestation.VerifiedROMessage{}, nil
+}
+
+func (m *MockPayloadAttestation) SatisfyRequirement(req Requirement) {}
--- a/beacon-chain/verification/payload_attestation_test.go
+++ b/beacon-chain/verification/payload_attestation_test.go
@@ -0,0 +1,167 @@
+package verification
+
+import (
+	"bytes"
+	"context"
+	"testing"
+	"time"
+
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/helpers"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/signing"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/startup"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/state"
+	"github.com/OffchainLabs/prysm/v7/config/params"
+	payloadattestation "github.com/OffchainLabs/prysm/v7/consensus-types/payload-attestation"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
+	"github.com/OffchainLabs/prysm/v7/crypto/bls"
+	"github.com/OffchainLabs/prysm/v7/crypto/bls/common"
+	eth "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
+	"github.com/OffchainLabs/prysm/v7/testing/require"
+	testutil "github.com/OffchainLabs/prysm/v7/testing/util"
+	"github.com/OffchainLabs/prysm/v7/time/slots"
+)
+
+func TestPayloadAttestationVerifyCurrentSlot(t *testing.T) {
+	params.SetupTestConfigCleanup(t)
+	now := time.Unix(1000, 0)
+	genesis := now.Add(-time.Duration(params.BeaconConfig().SecondsPerSlot) * time.Second)
+	clock := startup.NewClock(genesis, [32]byte{}, startup.WithNower(func() time.Time { return now }))
+	ini := &Initializer{shared: &sharedResources{clock: clock}}
+
+	msg := newPayloadAttestationMessage(primitives.Slot(1), 0, bytes.Repeat([]byte{0x11}, 32))
+	pa, err := payloadattestation.NewReadOnly(msg)
+	require.NoError(t, err)
+	v := ini.NewPayloadAttestationMsgVerifier(pa, GossipPayloadAttestationMessageRequirements)
+	require.NoError(t, v.VerifyCurrentSlot())
+
+	msg = newPayloadAttestationMessage(primitives.Slot(2), 0, bytes.Repeat([]byte{0x11}, 32))
+	pa, err = payloadattestation.NewReadOnly(msg)
+	require.NoError(t, err)
+	v = ini.NewPayloadAttestationMsgVerifier(pa, GossipPayloadAttestationMessageRequirements)
+	require.ErrorIs(t, v.VerifyCurrentSlot(), ErrIncorrectPayloadAttSlot)
+}
+
+func TestPayloadAttestationVerifyBlockRootSeenAndValid(t *testing.T) {
+	params.SetupTestConfigCleanup(t)
+	ini := &Initializer{shared: &sharedResources{}}
+	root := bytes.Repeat([]byte{0x22}, 32)
+	var root32 [32]byte
+	copy(root32[:], root)
+
+	msg := newPayloadAttestationMessage(primitives.Slot(1), 0, root)
+	pa, err := payloadattestation.NewReadOnly(msg)
+	require.NoError(t, err)
+	v := ini.NewPayloadAttestationMsgVerifier(pa, GossipPayloadAttestationMessageRequirements)
+
+	require.NoError(t, v.VerifyBlockRootSeen(func(r [32]byte) bool { return r == root32 }))
+	require.ErrorIs(t, v.VerifyBlockRootSeen(func([32]byte) bool { return false }), ErrPayloadAttBlockRootNotSeen)
+
+	require.NoError(t, v.VerifyBlockRootValid(func([32]byte) bool { return false }))
+	require.ErrorIs(t, v.VerifyBlockRootValid(func([32]byte) bool { return true }), ErrPayloadAttBlockRootInvalid)
+}
+
+func TestPayloadAttestationVerifyValidatorInPTC(t *testing.T) {
+	setupPayloadAttTestConfig(t)
+
+	_, pk := newKey(t)
+	st := newTestState(t, []*eth.Validator{activeValidator(pk)}, 1)
+	msg := newPayloadAttestationMessage(primitives.Slot(1), 0, bytes.Repeat([]byte{0x33}, 32))
+	pa, err := payloadattestation.NewReadOnly(msg)
+	require.NoError(t, err)
+	v := (&Initializer{shared: &sharedResources{}}).NewPayloadAttestationMsgVerifier(pa, GossipPayloadAttestationMessageRequirements)
+	require.NoError(t, v.VerifyValidatorInPTC(context.Background(), st))
+
+	msg = newPayloadAttestationMessage(primitives.Slot(1), 1, bytes.Repeat([]byte{0x33}, 32))
+	pa, err = payloadattestation.NewReadOnly(msg)
+	require.NoError(t, err)
+	v = (&Initializer{shared: &sharedResources{}}).NewPayloadAttestationMsgVerifier(pa, GossipPayloadAttestationMessageRequirements)
+	require.ErrorIs(t, v.VerifyValidatorInPTC(context.Background(), st), ErrIncorrectPayloadAttValidator)
+}
+
+func TestPayloadAttestationVerifySignature(t *testing.T) {
+	setupPayloadAttTestConfig(t)
+
+	sk, pk := newKey(t)
+	st := newTestState(t, []*eth.Validator{activeValidator(pk)}, 1)
+	root := bytes.Repeat([]byte{0x44}, 32)
+	data := &eth.PayloadAttestationData{
+		BeaconBlockRoot:   root,
+		Slot:              1,
+		PayloadPresent:    true,
+		BlobDataAvailable: true,
+	}
+	msg := &eth.PayloadAttestationMessage{
+		ValidatorIndex: 0,
+		Data:           data,
+		Signature:      signPayloadAttestationMessage(t, st, data, sk),
+	}
+	pa, err := payloadattestation.NewReadOnly(msg)
+	require.NoError(t, err)
+	v := (&Initializer{shared: &sharedResources{}}).NewPayloadAttestationMsgVerifier(pa, GossipPayloadAttestationMessageRequirements)
+	require.NoError(t, v.VerifySignature(st))
+
+	sk2, _ := newKey(t)
+	msg.Signature = signPayloadAttestationMessage(t, st, data, sk2)
+	pa, err = payloadattestation.NewReadOnly(msg)
+	require.NoError(t, err)
+	v = (&Initializer{shared: &sharedResources{}}).NewPayloadAttestationMsgVerifier(pa, GossipPayloadAttestationMessageRequirements)
+	require.ErrorIs(t, v.VerifySignature(st), signing.ErrSigFailedToVerify)
+}
+
+func newPayloadAttestationMessage(slot primitives.Slot, idx primitives.ValidatorIndex, root []byte) *eth.PayloadAttestationMessage {
+	return &eth.PayloadAttestationMessage{
+		ValidatorIndex: idx,
+		Data: &eth.PayloadAttestationData{
+			BeaconBlockRoot:   root,
+			Slot:              slot,
+			PayloadPresent:    true,
+			BlobDataAvailable: true,
+		},
+		Signature: []byte{0x01},
+	}
+}
+
+func newTestState(t *testing.T, vals []*eth.Validator, slot primitives.Slot) state.BeaconState {
+	st, err := testutil.NewBeaconStateGloas()
+	require.NoError(t, err)
+	for _, v := range vals {
+		require.NoError(t, st.AppendValidator(v))
+		require.NoError(t, st.AppendBalance(v.EffectiveBalance))
+	}
+	require.NoError(t, st.SetSlot(slot))
+	require.NoError(t, helpers.UpdateCommitteeCache(t.Context(), st, slots.ToEpoch(slot)))
+	return st
+}
+
+func setupPayloadAttTestConfig(t *testing.T) {
+	params.SetupTestConfigCleanup(t)
+	cfg := params.BeaconConfig().Copy()
+	cfg.SlotsPerEpoch = 1
+	cfg.MaxEffectiveBalanceElectra = cfg.MaxEffectiveBalance
+	params.OverrideBeaconConfig(cfg)
+}
+
+func activeValidator(pub []byte) *eth.Validator {
+	return &eth.Validator{
+		PublicKey:                  pub,
+		EffectiveBalance:           params.BeaconConfig().MaxEffectiveBalance,
+		WithdrawalCredentials:      make([]byte, 32),
+		ExitEpoch:                  params.BeaconConfig().FarFutureEpoch,
+		WithdrawableEpoch:          params.BeaconConfig().FarFutureEpoch,
+	}
+}
+
+func newKey(t *testing.T) (common.SecretKey, []byte) {
+	sk, err := bls.RandKey()
+	require.NoError(t, err)
+	return sk, sk.PublicKey().Marshal()
+}
+
+func signPayloadAttestationMessage(t *testing.T, st state.ReadOnlyBeaconState, data *eth.PayloadAttestationData, sk common.SecretKey) []byte {
+	domain, err := signing.Domain(st.Fork(), slots.ToEpoch(st.Slot()), params.BeaconConfig().DomainPTCAttester, st.GenesisValidatorsRoot())
+	require.NoError(t, err)
+	root, err := signing.ComputeSigningRoot(data, domain)
+	require.NoError(t, err)
+	sig := sk.Sign(root[:])
+	return sig.Marshal()
+}
--- a/beacon-chain/verification/requirements.go
+++ b/beacon-chain/verification/requirements.go
@@ -0,0 +1,34 @@
+package verification
+
+const (
+	RequireBlobIndexInBounds Requirement = iota
+	RequireNotFromFutureSlot
+	RequireSlotAboveFinalized
+	RequireValidProposerSignature
+	RequireSidecarParentSeen
+	RequireSidecarParentValid
+	RequireSidecarParentSlotLower
+	RequireSidecarDescendsFromFinalized
+	RequireSidecarInclusionProven
+	RequireSidecarKzgProofVerified
+	RequireSidecarProposerExpected
+
+	// Data columns specific.
+	RequireValidFields
+	RequireCorrectSubnet
+
+	// Payload attestation specific.
+	RequireCurrentSlot
+	RequireMessageNotSeen
+	RequireValidatorInPTC
+	RequireBlockRootSeen
+	RequireBlockRootValid
+	RequireSignatureValid
+
+	// Execution payload envelope specific.
+	RequireBuilderValid
+	RequirePayloadHashValid
+	RequireEnvelopeSlotAboveFinalized
+	RequireEnvelopeSlotMatchesBlock
+	RequireBuilderSignatureValid
+)
--- a/beacon-chain/verification/result.go
+++ b/beacon-chain/verification/result.go
@@ -29,6 +29,32 @@ func (r Requirement) String() string {
 		return "RequireSidecarKzgProofVerified"
 	case RequireSidecarProposerExpected:
 		return "RequireSidecarProposerExpected"
+	case RequireValidFields:
+		return "RequireValidFields"
+	case RequireCorrectSubnet:
+		return "RequireCorrectSubnet"
+	case RequireCurrentSlot:
+		return "RequireCurrentSlot"
+	case RequireMessageNotSeen:
+		return "RequireMessageNotSeen"
+	case RequireValidatorInPTC:
+		return "RequireValidatorInPTC"
+	case RequireBlockRootSeen:
+		return "RequireBlockRootSeen"
+	case RequireBlockRootValid:
+		return "RequireBlockRootValid"
+	case RequireSignatureValid:
+		return "RequireSignatureValid"
+	case RequireBuilderValid:
+		return "RequireBuilderValid"
+	case RequirePayloadHashValid:
+		return "RequirePayloadHashValid"
+	case RequireEnvelopeSlotAboveFinalized:
+		return "RequireEnvelopeSlotAboveFinalized"
+	case RequireEnvelopeSlotMatchesBlock:
+		return "RequireEnvelopeSlotMatchesBlock"
+	case RequireBuilderSignatureValid:
+		return "RequireBuilderSignatureValid"
 	default:
 		return unknownRequirementName
 	}
--- a/beacon-chain/verification/result_test.go
+++ b/beacon-chain/verification/result_test.go
@@ -61,3 +61,16 @@ func TestAllBlobRequirementsHaveStrings(t *testing.T) {
 		require.NotEqual(t, unknownRequirementName, allBlobSidecarRequirements[i].String())
 	}
 }
+
+func TestPayloadAttestationRequirementsHaveStrings(t *testing.T) {
+	blobReqs := make(map[Requirement]struct{}, len(allBlobSidecarRequirements))
+	for i := range allBlobSidecarRequirements {
+		blobReqs[allBlobSidecarRequirements[i]] = struct{}{}
+	}
+	for i := range PayloadAttGossipRequirements {
+		req := PayloadAttGossipRequirements[i]
+		require.NotEqual(t, unknownRequirementName, req.String())
+		_, overlaps := blobReqs[req]
+		require.Equal(t, false, overlaps)
+	}
+}
--- a/changelog/codex_add-gloas-execution-payload-envelope.md
+++ b/changelog/codex_add-gloas-execution-payload-envelope.md
@@ -0,0 +1,3 @@
+### Added
+
+- Add Gloas execution payload envelope gossip validation
--- a/changelog/tt_gossip_payload.md
+++ b/changelog/tt_gossip_payload.md
@@ -0,0 +1,3 @@
+### Added
+
+- Added support for Payload attestation gossip net in gloas
--- a/consensus-types/payload-attestation/BUILD.bazel
+++ b/consensus-types/payload-attestation/BUILD.bazel
@@ -0,0 +1,15 @@
+load("@prysm//tools/go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["readonly_message.go"],
+    importpath = "github.com/OffchainLabs/prysm/v7/consensus-types/payload-attestation",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//beacon-chain/core/signing:go_default_library",
+        "//consensus-types/primitives:go_default_library",
+        "//encoding/bytesutil:go_default_library",
+        "//proto/prysm/v1alpha1:go_default_library",
+        "@com_github_pkg_errors//:go_default_library",
+    ],
+)
--- a/consensus-types/payload-attestation/readonly_message.go
+++ b/consensus-types/payload-attestation/readonly_message.go
@@ -0,0 +1,87 @@
+package payloadattestation
+
+import (
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/signing"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
+	"github.com/OffchainLabs/prysm/v7/encoding/bytesutil"
+	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
+	"github.com/pkg/errors"
+)
+
+var (
+	errNilPayloadAttMessage   = errors.New("received nil payload attestation message")
+	errNilPayloadAttData      = errors.New("received nil payload attestation data")
+	errNilPayloadAttSignature = errors.New("received nil payload attestation signature")
+)
+
+// ROMessage represents a read-only payload attestation message.
+type ROMessage struct {
+	m *ethpb.PayloadAttestationMessage
+}
+
+// validatePayloadAtt checks if the given payload attestation message is valid.
+func validatePayloadAtt(m *ethpb.PayloadAttestationMessage) error {
+	if m == nil {
+		return errNilPayloadAttMessage
+	}
+	if m.Data == nil {
+		return errNilPayloadAttData
+	}
+	if len(m.Signature) == 0 {
+		return errNilPayloadAttSignature
+	}
+	return nil
+}
+
+// NewReadOnly creates a new ReadOnly instance after validating the message.
+func NewReadOnly(m *ethpb.PayloadAttestationMessage) (ROMessage, error) {
+	if err := validatePayloadAtt(m); err != nil {
+		return ROMessage{}, err
+	}
+	return ROMessage{m}, nil
+}
+
+// ValidatorIndex returns the validator index from the payload attestation message.
+func (r *ROMessage) ValidatorIndex() primitives.ValidatorIndex {
+	return r.m.ValidatorIndex
+}
+
+// Signature returns the signature from the payload attestation message.
+func (r *ROMessage) Signature() [96]byte {
+	return bytesutil.ToBytes96(r.m.Signature)
+}
+
+// BeaconBlockRoot returns the beacon block root from the payload attestation message.
+func (r *ROMessage) BeaconBlockRoot() [32]byte {
+	return bytesutil.ToBytes32(r.m.Data.BeaconBlockRoot)
+}
+
+// Slot returns the slot from the payload attestation message.
+func (r *ROMessage) Slot() primitives.Slot {
+	return r.m.Data.Slot
+}
+
+// PayloadPresent returns whether the payload was present.
+func (r *ROMessage) PayloadPresent() bool {
+	return r.m.Data.PayloadPresent
+}
+
+// BlobDataAvailable returns whether blob data was available.
+func (r *ROMessage) BlobDataAvailable() bool {
+	return r.m.Data.BlobDataAvailable
+}
+
+// SigningRoot returns the signing root from the payload attestation message.
+func (r *ROMessage) SigningRoot(domain []byte) ([32]byte, error) {
+	return signing.ComputeSigningRoot(r.m.Data, domain)
+}
+
+// VerifiedROMessage represents a verified read-only payload attestation message.
+type VerifiedROMessage struct {
+	ROMessage
+}
+
+// NewVerifiedROMessage creates a new VerifiedROMessage instance after validating the message.
+func NewVerifiedROMessage(r ROMessage) VerifiedROMessage {
+	return VerifiedROMessage{r}
+}
Author	SHA1	Message	Date
terence	2295c62f8f	James feedback	2026-02-10 15:18:36 -08:00
terence	94091e5ebd	Add gossip for payload envelope	2026-02-10 10:19:12 -08:00
terence	9c49bb484c	Add gossip for payload attestation (#16333 ) This PR implements gossip validation and subscription for payload attestation	2026-02-10 16:17:22 +00:00