Merge branch 'develop' into poc/optional-proofs

* Initialize exec proof service

* Fix wrong condition for starting exec proof pool service

.github/workflows/check-specrefs.yml

@@ -12,11 +12,11 @@ jobs:
     - name: Check version consistency
       run: |
         WORKSPACE_VERSION=$(grep 'consensus_spec_version = ' WORKSPACE | sed 's/.*"\(.*\)"/\1/')
-        ETHSPECIFY_VERSION=$(grep '^version:' .ethspecify.yml | sed 's/version: //')
+        ETHSPECIFY_VERSION=$(grep '^version:' specrefs/.ethspecify.yml | sed 's/version: //')
         if [ "$WORKSPACE_VERSION" != "$ETHSPECIFY_VERSION" ]; then
           echo "Version mismatch between WORKSPACE and ethspecify"
           echo "  WORKSPACE: $WORKSPACE_VERSION"
-          echo "  .ethspecify.yml: $ETHSPECIFY_VERSION"
+          echo "  specrefs/.ethspecify.yml: $ETHSPECIFY_VERSION"
           exit 1
         else
           echo "Versions match: $WORKSPACE_VERSION"
@@ -26,7 +26,7 @@ jobs:
       run: python3 -mpip install ethspecify
 
     - name: Update spec references
-      run: ethspecify
+      run: ethspecify process --path=specrefs
 
     - name: Check for differences
       run: |
@@ -40,4 +40,4 @@ jobs:
         fi
 
     - name: Check spec references
-      run: ethspecify check
+      run: ethspecify check --path=specrefs

.github/workflows/go.yml

@@ -2,7 +2,7 @@ name: Go
 
 on:
   push:
-    branches: [ master, develop ]
+    branches: [ master ]
   pull_request:
     branches: [ '*' ]
   merge_group:

.golangci.yml

@@ -33,8 +33,9 @@ formatters:
     generated: lax
     paths:
       - validator/web/site_data.go
+      - .*_test.go
       - proto
       - tools/analyzers
       - third_party$
       - builtin$
-      - examples$
+      - examples$

api/fallback/BUILD.bazel

@@ -1,19 +0,0 @@
-load("@prysm//tools/go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "go_default_library",
-    srcs = [
-        "fallback.go",
-        "log.go",
-    ],
-    importpath = "github.com/OffchainLabs/prysm/v7/api/fallback",
-    visibility = ["//visibility:public"],
-    deps = ["@com_github_sirupsen_logrus//:go_default_library"],
-)
-
-go_test(
-    name = "go_default_test",
-    srcs = ["fallback_test.go"],
-    embed = [":go_default_library"],
-    deps = ["//testing/assert:go_default_library"],
-)

api/fallback/fallback.go

@@ -1,66 +0,0 @@
-package fallback
-
-import (
-	"context"
-
-	"github.com/sirupsen/logrus"
-)
-
-// HostProvider is the subset of connection-provider methods that EnsureReady
-// needs. Both grpc.GrpcConnectionProvider and rest.RestConnectionProvider
-// satisfy this interface.
-type HostProvider interface {
-	Hosts() []string
-	CurrentHost() string
-	SwitchHost(index int) error
-}
-
-// ReadyChecker can report whether the current endpoint is ready.
-// iface.NodeClient satisfies this implicitly.
-type ReadyChecker interface {
-	IsReady(ctx context.Context) bool
-}
-
-// EnsureReady iterates through the configured hosts and returns true as soon as
-// one responds as ready. It starts from the provider's current host and wraps
-// around using modular arithmetic, performing failover when a host is not ready.
-func EnsureReady(ctx context.Context, provider HostProvider, checker ReadyChecker) bool {
-	hosts := provider.Hosts()
-	numHosts := len(hosts)
-	startingHost := provider.CurrentHost()
-	var attemptedHosts []string
-
-	// Find current index
-	currentIdx := 0
-	for i, h := range hosts {
-		if h == startingHost {
-			currentIdx = i
-			break
-		}
-	}
-
-	for i := range numHosts {
-		if checker.IsReady(ctx) {
-			if len(attemptedHosts) > 0 {
-				log.WithFields(logrus.Fields{
-					"previous": startingHost,
-					"current":  provider.CurrentHost(),
-					"tried":    attemptedHosts,
-				}).Info("Switched to responsive beacon node")
-			}
-			return true
-		}
-		attemptedHosts = append(attemptedHosts, provider.CurrentHost())
-
-		// Try next host if not the last iteration
-		if i < numHosts-1 {
-			nextIdx := (currentIdx + i + 1) % numHosts
-			if err := provider.SwitchHost(nextIdx); err != nil {
-				log.WithError(err).Error("Failed to switch host")
-			}
-		}
-	}
-
-	log.WithField("tried", attemptedHosts).Warn("No responsive beacon node found")
-	return false
-}

api/fallback/fallback_test.go

@@ -1,94 +0,0 @@
-package fallback
-
-import (
-	"context"
-	"testing"
-
-	"github.com/OffchainLabs/prysm/v7/testing/assert"
-)
-
-// mockHostProvider is a minimal HostProvider for unit tests.
-type mockHostProvider struct {
-	hosts     []string
-	hostIndex int
-}
-
-func (m *mockHostProvider) Hosts() []string { return m.hosts }
-func (m *mockHostProvider) CurrentHost() string {
-	return m.hosts[m.hostIndex%len(m.hosts)]
-}
-func (m *mockHostProvider) SwitchHost(index int) error { m.hostIndex = index; return nil }
-
-// mockReadyChecker records per-call IsReady results in sequence.
-type mockReadyChecker struct {
-	results []bool
-	idx     int
-}
-
-func (m *mockReadyChecker) IsReady(_ context.Context) bool {
-	if m.idx >= len(m.results) {
-		return false
-	}
-	r := m.results[m.idx]
-	m.idx++
-	return r
-}
-
-func TestEnsureReady_SingleHostReady(t *testing.T) {
-	provider := &mockHostProvider{hosts: []string{"http://host1:3500"}, hostIndex: 0}
-	checker := &mockReadyChecker{results: []bool{true}}
-	assert.Equal(t, true, EnsureReady(t.Context(), provider, checker))
-	assert.Equal(t, 0, provider.hostIndex)
-}
-
-func TestEnsureReady_SingleHostNotReady(t *testing.T) {
-	provider := &mockHostProvider{hosts: []string{"http://host1:3500"}, hostIndex: 0}
-	checker := &mockReadyChecker{results: []bool{false}}
-	assert.Equal(t, false, EnsureReady(t.Context(), provider, checker))
-}
-
-func TestEnsureReady_SingleHostError(t *testing.T) {
-	provider := &mockHostProvider{hosts: []string{"http://host1:3500"}, hostIndex: 0}
-	checker := &mockReadyChecker{results: []bool{false}}
-	assert.Equal(t, false, EnsureReady(t.Context(), provider, checker))
-}
-
-func TestEnsureReady_MultipleHostsFirstReady(t *testing.T) {
-	provider := &mockHostProvider{
-		hosts:     []string{"http://host1:3500", "http://host2:3500"},
-		hostIndex: 0,
-	}
-	checker := &mockReadyChecker{results: []bool{true}}
-	assert.Equal(t, true, EnsureReady(t.Context(), provider, checker))
-	assert.Equal(t, 0, provider.hostIndex)
-}
-
-func TestEnsureReady_MultipleHostsFailoverToSecond(t *testing.T) {
-	provider := &mockHostProvider{
-		hosts:     []string{"http://host1:3500", "http://host2:3500"},
-		hostIndex: 0,
-	}
-	checker := &mockReadyChecker{results: []bool{false, true}}
-	assert.Equal(t, true, EnsureReady(t.Context(), provider, checker))
-	assert.Equal(t, 1, provider.hostIndex)
-}
-
-func TestEnsureReady_MultipleHostsNoneReady(t *testing.T) {
-	provider := &mockHostProvider{
-		hosts:     []string{"http://host1:3500", "http://host2:3500", "http://host3:3500"},
-		hostIndex: 0,
-	}
-	checker := &mockReadyChecker{results: []bool{false, false, false}}
-	assert.Equal(t, false, EnsureReady(t.Context(), provider, checker))
-}
-
-func TestEnsureReady_WrapAroundFromNonZeroIndex(t *testing.T) {
-	provider := &mockHostProvider{
-		hosts:     []string{"http://host0:3500", "http://host1:3500", "http://host2:3500"},
-		hostIndex: 1,
-	}
-	// host1 (start) fails, host2 fails, host0 succeeds
-	checker := &mockReadyChecker{results: []bool{false, false, true}}
-	assert.Equal(t, true, EnsureReady(t.Context(), provider, checker))
-	assert.Equal(t, 0, provider.hostIndex)
-}

api/fallback/log.go

@@ -1,9 +0,0 @@
-// Code generated by hack/gen-logs.sh; DO NOT EDIT.
-// This file is created and regenerated automatically. Anything added here might get removed.
-package fallback
-
-import "github.com/sirupsen/logrus"
-
-// The prefix for logs from this package will be the text after the last slash in the package path.
-// If you wish to change this, you should add your desired name in the runtime/logging/logrus-prefixed-formatter/prefix-replacement.go file.
-var log = logrus.WithField("package", "api/fallback")

api/grpc/BUILD.bazel

@@ -3,16 +3,13 @@ load("@prysm//tools/go:def.bzl", "go_library", "go_test")
 go_library(
     name = "go_default_library",
     srcs = [
-        "grpc_connection_provider.go",
         "grpcutils.go",
         "log.go",
-        "mock_grpc_provider.go",
         "parameters.go",
     ],
     importpath = "github.com/OffchainLabs/prysm/v7/api/grpc",
     visibility = ["//visibility:public"],
     deps = [
-        "@com_github_pkg_errors//:go_default_library",
         "@com_github_sirupsen_logrus//:go_default_library",
         "@org_golang_google_grpc//:go_default_library",
         "@org_golang_google_grpc//metadata:go_default_library",
@@ -21,17 +18,12 @@ go_library(
 
 go_test(
     name = "go_default_test",
-    srcs = [
-        "grpc_connection_provider_test.go",
-        "grpcutils_test.go",
-    ],
+    srcs = ["grpcutils_test.go"],
     embed = [":go_default_library"],
     deps = [
         "//testing/assert:go_default_library",
         "//testing/require:go_default_library",
         "@com_github_sirupsen_logrus//hooks/test:go_default_library",
-        "@org_golang_google_grpc//:go_default_library",
-        "@org_golang_google_grpc//credentials/insecure:go_default_library",
         "@org_golang_google_grpc//metadata:go_default_library",
     ],
 )

api/grpc/grpc_connection_provider.go

@@ -1,186 +0,0 @@
-package grpc
-
-import (
-	"context"
-	"strings"
-	"sync"
-
-	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
-	"google.golang.org/grpc"
-)
-
-// GrpcConnectionProvider manages gRPC connections for failover support.
-// It allows switching between different beacon node endpoints when the current one becomes unavailable.
-// Only one connection is maintained at a time - when switching hosts, the old connection is closed.
-type GrpcConnectionProvider interface {
-	// CurrentConn returns the currently active gRPC connection.
-	// The connection is created lazily on first call.
-	// Returns nil if the provider has been closed.
-	CurrentConn() *grpc.ClientConn
-	// CurrentHost returns the address of the currently active endpoint.
-	CurrentHost() string
-	// Hosts returns all configured endpoint addresses.
-	Hosts() []string
-	// SwitchHost switches to the endpoint at the given index.
-	// The new connection is created lazily on next CurrentConn() call.
-	SwitchHost(index int) error
-	// ConnectionCounter returns a monotonically increasing counter that increments
-	// each time SwitchHost changes the active endpoint. This allows consumers to
-	// detect connection changes even when the host string returns to a previous value
-	// (e.g., host0 → host1 → host0).
-	ConnectionCounter() uint64
-	// Close closes the current connection.
-	Close()
-}
-
-type grpcConnectionProvider struct {
-	// Immutable after construction - no lock needed for reads
-	endpoints []string
-	ctx       context.Context
-	dialOpts  []grpc.DialOption
-
-	// Current connection state (protected by mutex)
-	currentIndex uint64
-	conn         *grpc.ClientConn
-	connCounter  uint64
-
-	mu     sync.Mutex
-	closed bool
-}
-
-// NewGrpcConnectionProvider creates a new connection provider that manages gRPC connections.
-// The endpoint parameter can be a comma-separated list of addresses (e.g., "host1:4000,host2:4000").
-// Only one connection is maintained at a time, created lazily on first use.
-func NewGrpcConnectionProvider(
-	ctx context.Context,
-	endpoint string,
-	dialOpts []grpc.DialOption,
-) (GrpcConnectionProvider, error) {
-	endpoints := parseEndpoints(endpoint)
-	if len(endpoints) == 0 {
-		return nil, errors.New("no gRPC endpoints provided")
-	}
-
-	log.WithFields(logrus.Fields{
-		"endpoints": endpoints,
-		"count":     len(endpoints),
-	}).Info("Initialized gRPC connection provider")
-
-	return &grpcConnectionProvider{
-		endpoints: endpoints,
-		ctx:       ctx,
-		dialOpts:  dialOpts,
-	}, nil
-}
-
-// parseEndpoints splits a comma-separated endpoint string into individual endpoints.
-func parseEndpoints(endpoint string) []string {
-	if endpoint == "" {
-		return nil
-	}
-	endpoints := make([]string, 0, 1)
-	for p := range strings.SplitSeq(endpoint, ",") {
-		if p = strings.TrimSpace(p); p != "" {
-			endpoints = append(endpoints, p)
-		}
-	}
-	return endpoints
-}
-
-func (p *grpcConnectionProvider) CurrentConn() *grpc.ClientConn {
-	p.mu.Lock()
-	defer p.mu.Unlock()
-
-	if p.closed {
-		return nil
-	}
-
-	// Return existing connection if available
-	if p.conn != nil {
-		return p.conn
-	}
-
-	// Create connection lazily
-	ep := p.endpoints[p.currentIndex]
-	conn, err := grpc.DialContext(p.ctx, ep, p.dialOpts...)
-	if err != nil {
-		log.WithError(err).WithField("endpoint", ep).Error("Failed to create gRPC connection")
-		return nil
-	}
-
-	p.conn = conn
-	log.WithField("endpoint", ep).Debug("Created gRPC connection")
-	return conn
-}
-
-func (p *grpcConnectionProvider) CurrentHost() string {
-	p.mu.Lock()
-	defer p.mu.Unlock()
-	return p.endpoints[p.currentIndex]
-}
-
-func (p *grpcConnectionProvider) Hosts() []string {
-	// Return a copy to maintain immutability
-	hosts := make([]string, len(p.endpoints))
-	copy(hosts, p.endpoints)
-	return hosts
-}
-
-func (p *grpcConnectionProvider) SwitchHost(index int) error {
-	if index < 0 || index >= len(p.endpoints) {
-		return errors.Errorf("invalid host index %d, must be between 0 and %d", index, len(p.endpoints)-1)
-	}
-
-	p.mu.Lock()
-	defer p.mu.Unlock()
-
-	if uint64(index) == p.currentIndex {
-		return nil // Already on this host
-	}
-
-	oldHost := p.endpoints[p.currentIndex]
-	oldConn := p.conn
-
-	p.conn = nil // Clear immediately - new connection created lazily
-	p.currentIndex = uint64(index)
-	p.connCounter++
-
-	// Close old connection asynchronously to avoid blocking the caller
-	if oldConn != nil {
-		go func() {
-			if err := oldConn.Close(); err != nil {
-				log.WithError(err).WithField("endpoint", oldHost).Debug("Failed to close previous connection")
-			}
-		}()
-	}
-
-	log.WithFields(logrus.Fields{
-		"previousHost": oldHost,
-		"newHost":      p.endpoints[index],
-	}).Debug("Switched gRPC endpoint")
-	return nil
-}
-
-func (p *grpcConnectionProvider) ConnectionCounter() uint64 {
-	p.mu.Lock()
-	defer p.mu.Unlock()
-	return p.connCounter
-}
-
-func (p *grpcConnectionProvider) Close() {
-	p.mu.Lock()
-	defer p.mu.Unlock()
-
-	if p.closed {
-		return
-	}
-	p.closed = true
-
-	if p.conn != nil {
-		if err := p.conn.Close(); err != nil {
-			log.WithError(err).WithField("endpoint", p.endpoints[p.currentIndex]).Debug("Failed to close gRPC connection")
-		}
-		p.conn = nil
-	}
-}

api/grpc/grpc_connection_provider_test.go

@@ -1,207 +0,0 @@
-package grpc
-
-import (
-	"context"
-	"net"
-	"reflect"
-	"strings"
-	"testing"
-
-	"github.com/OffchainLabs/prysm/v7/testing/assert"
-	"github.com/OffchainLabs/prysm/v7/testing/require"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials/insecure"
-)
-
-func TestParseEndpoints(t *testing.T) {
-	tests := []struct {
-		name     string
-		input    string
-		expected []string
-	}{
-		{"single endpoint", "localhost:4000", []string{"localhost:4000"}},
-		{"multiple endpoints", "host1:4000,host2:4000,host3:4000", []string{"host1:4000", "host2:4000", "host3:4000"}},
-		{"endpoints with spaces", "host1:4000, host2:4000 , host3:4000", []string{"host1:4000", "host2:4000", "host3:4000"}},
-		{"empty string", "", nil},
-		{"only commas", ",,,", []string{}},
-		{"trailing comma", "host1:4000,host2:4000,", []string{"host1:4000", "host2:4000"}},
-		{"leading comma", ",host1:4000,host2:4000", []string{"host1:4000", "host2:4000"}},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got := parseEndpoints(tt.input)
-			if !reflect.DeepEqual(tt.expected, got) {
-				t.Errorf("parseEndpoints(%q) = %v, want %v", tt.input, got, tt.expected)
-			}
-		})
-	}
-}
-
-func TestNewGrpcConnectionProvider_Errors(t *testing.T) {
-	t.Run("no endpoints", func(t *testing.T) {
-		dialOpts := []grpc.DialOption{grpc.WithTransportCredentials(insecure.NewCredentials())}
-		_, err := NewGrpcConnectionProvider(context.Background(), "", dialOpts)
-		require.ErrorContains(t, "no gRPC endpoints provided", err)
-	})
-}
-
-func TestGrpcConnectionProvider_LazyConnection(t *testing.T) {
-	// Start only one server but configure provider with two endpoints
-	lis, err := net.Listen("tcp", "127.0.0.1:0")
-	require.NoError(t, err)
-	server := grpc.NewServer()
-	go func() { _ = server.Serve(lis) }()
-	defer server.Stop()
-
-	validAddr := lis.Addr().String()
-	invalidAddr := "127.0.0.1:1" // Port 1 is unlikely to be listening
-
-	// Provider should succeed even though second endpoint is invalid (lazy connections)
-	endpoint := validAddr + "," + invalidAddr
-	ctx := context.Background()
-	dialOpts := []grpc.DialOption{grpc.WithTransportCredentials(insecure.NewCredentials())}
-	provider, err := NewGrpcConnectionProvider(ctx, endpoint, dialOpts)
-	require.NoError(t, err, "Provider creation should succeed with lazy connections")
-	defer func() { provider.Close() }()
-
-	// First endpoint should work
-	conn := provider.CurrentConn()
-	assert.NotNil(t, conn, "First connection should be created lazily")
-}
-
-func TestGrpcConnectionProvider_SingleConnectionModel(t *testing.T) {
-	// Create provider with 3 endpoints
-	var addrs []string
-	var servers []*grpc.Server
-
-	for range 3 {
-		lis, err := net.Listen("tcp", "127.0.0.1:0")
-		require.NoError(t, err)
-		server := grpc.NewServer()
-		go func() { _ = server.Serve(lis) }()
-		addrs = append(addrs, lis.Addr().String())
-		servers = append(servers, server)
-	}
-	defer func() {
-		for _, s := range servers {
-			s.Stop()
-		}
-	}()
-
-	endpoint := strings.Join(addrs, ",")
-	ctx := context.Background()
-	dialOpts := []grpc.DialOption{grpc.WithTransportCredentials(insecure.NewCredentials())}
-	provider, err := NewGrpcConnectionProvider(ctx, endpoint, dialOpts)
-	require.NoError(t, err)
-	defer func() { provider.Close() }()
-
-	// Access the internal state to verify single connection behavior
-	p := provider.(*grpcConnectionProvider)
-
-	// Initially no connection
-	p.mu.Lock()
-	assert.Equal(t, (*grpc.ClientConn)(nil), p.conn, "Connection should be nil before access")
-	p.mu.Unlock()
-
-	// Access connection - should create one
-	conn0 := provider.CurrentConn()
-	assert.NotNil(t, conn0)
-
-	p.mu.Lock()
-	assert.NotNil(t, p.conn, "Connection should be created after CurrentConn()")
-	firstConn := p.conn
-	p.mu.Unlock()
-
-	// Call CurrentConn again - should return same connection
-	conn0Again := provider.CurrentConn()
-	assert.Equal(t, conn0, conn0Again, "Should return same connection")
-
-	// Switch to different host - old connection should be closed, new one created lazily
-	require.NoError(t, provider.SwitchHost(1))
-
-	p.mu.Lock()
-	assert.Equal(t, (*grpc.ClientConn)(nil), p.conn, "Connection should be nil after SwitchHost (lazy)")
-	p.mu.Unlock()
-
-	// Get new connection
-	conn1 := provider.CurrentConn()
-	assert.NotNil(t, conn1)
-	assert.NotEqual(t, firstConn, conn1, "Should be a different connection after switching hosts")
-}
-
-// testProvider creates a provider with n test servers and returns cleanup function.
-func testProvider(t *testing.T, n int) (GrpcConnectionProvider, []string, func()) {
-	var addrs []string
-	var cleanups []func()
-
-	for range n {
-		lis, err := net.Listen("tcp", "127.0.0.1:0")
-		require.NoError(t, err)
-		server := grpc.NewServer()
-		go func() { _ = server.Serve(lis) }()
-		addrs = append(addrs, lis.Addr().String())
-		cleanups = append(cleanups, server.Stop)
-	}
-
-	endpoint := strings.Join(addrs, ",")
-
-	ctx := context.Background()
-	dialOpts := []grpc.DialOption{grpc.WithTransportCredentials(insecure.NewCredentials())}
-	provider, err := NewGrpcConnectionProvider(ctx, endpoint, dialOpts)
-	require.NoError(t, err)
-
-	cleanup := func() {
-		provider.Close()
-		for _, c := range cleanups {
-			c()
-		}
-	}
-	return provider, addrs, cleanup
-}
-
-func TestGrpcConnectionProvider(t *testing.T) {
-	provider, addrs, cleanup := testProvider(t, 3)
-	defer cleanup()
-
-	t.Run("initial state", func(t *testing.T) {
-		assert.Equal(t, 3, len(provider.Hosts()))
-		assert.Equal(t, addrs[0], provider.CurrentHost())
-		assert.NotNil(t, provider.CurrentConn())
-	})
-
-	t.Run("SwitchHost", func(t *testing.T) {
-		require.NoError(t, provider.SwitchHost(1))
-		assert.Equal(t, addrs[1], provider.CurrentHost())
-		assert.NotNil(t, provider.CurrentConn()) // New connection created lazily
-		require.NoError(t, provider.SwitchHost(0))
-		assert.Equal(t, addrs[0], provider.CurrentHost())
-		require.ErrorContains(t, "invalid host index", provider.SwitchHost(-1))
-		require.ErrorContains(t, "invalid host index", provider.SwitchHost(3))
-	})
-
-	t.Run("SwitchHost circular", func(t *testing.T) {
-		// Test round-robin style switching using SwitchHost with manual index
-		indices := []int{1, 2, 0, 1} // Simulate circular switching
-		for i, idx := range indices {
-			require.NoError(t, provider.SwitchHost(idx))
-			assert.Equal(t, addrs[idx], provider.CurrentHost(), "iteration %d", i)
-		}
-	})
-
-	t.Run("Hosts returns copy", func(t *testing.T) {
-		hosts := provider.Hosts()
-		original := hosts[0]
-		hosts[0] = "modified"
-		assert.Equal(t, original, provider.Hosts()[0])
-	})
-}
-
-func TestGrpcConnectionProvider_Close(t *testing.T) {
-	provider, _, cleanup := testProvider(t, 1)
-	defer cleanup()
-
-	assert.NotNil(t, provider.CurrentConn())
-	provider.Close()
-	assert.Equal(t, (*grpc.ClientConn)(nil), provider.CurrentConn())
-	provider.Close() // Double close is safe
-}

api/grpc/mock_grpc_provider.go

@@ -1,27 +0,0 @@
-package grpc
-
-import "google.golang.org/grpc"
-
-// MockGrpcProvider implements GrpcConnectionProvider for testing.
-type MockGrpcProvider struct {
-	MockConn     *grpc.ClientConn
-	MockHosts    []string
-	CurrentIndex int
-	ConnCounter  uint64
-}
-
-func (m *MockGrpcProvider) CurrentConn() *grpc.ClientConn { return m.MockConn }
-func (m *MockGrpcProvider) CurrentHost() string {
-	if len(m.MockHosts) > 0 {
-		return m.MockHosts[m.CurrentIndex]
-	}
-	return ""
-}
-func (m *MockGrpcProvider) Hosts() []string { return m.MockHosts }
-func (m *MockGrpcProvider) SwitchHost(idx int) error {
-	m.CurrentIndex = idx
-	m.ConnCounter++
-	return nil
-}
-func (m *MockGrpcProvider) ConnectionCounter() uint64 { return m.ConnCounter }
-func (m *MockGrpcProvider) Close()                    {}

api/rest/BUILD.bazel

@@ -1,34 +0,0 @@
-load("@prysm//tools/go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "go_default_library",
-    srcs = [
-        "log.go",
-        "mock_rest_provider.go",
-        "rest_connection_provider.go",
-        "rest_handler.go",
-    ],
-    importpath = "github.com/OffchainLabs/prysm/v7/api/rest",
-    visibility = ["//visibility:public"],
-    deps = [
-        "//api:go_default_library",
-        "//api/apiutil:go_default_library",
-        "//api/client:go_default_library",
-        "//config/params:go_default_library",
-        "//network/httputil:go_default_library",
-        "//runtime/version:go_default_library",
-        "@com_github_pkg_errors//:go_default_library",
-        "@com_github_sirupsen_logrus//:go_default_library",
-        "@io_opentelemetry_go_contrib_instrumentation_net_http_otelhttp//:go_default_library",
-    ],
-)
-
-go_test(
-    name = "go_default_test",
-    srcs = ["rest_connection_provider_test.go"],
-    embed = [":go_default_library"],
-    deps = [
-        "//testing/assert:go_default_library",
-        "//testing/require:go_default_library",
-    ],
-)

api/rest/log.go

@@ -1,9 +0,0 @@
-// Code generated by hack/gen-logs.sh; DO NOT EDIT.
-// This file is created and regenerated automatically. Anything added here might get removed.
-package rest
-
-import "github.com/sirupsen/logrus"
-
-// The prefix for logs from this package will be the text after the last slash in the package path.
-// If you wish to change this, you should add your desired name in the runtime/logging/logrus-prefixed-formatter/prefix-replacement.go file.
-var log = logrus.WithField("package", "api/rest")

api/rest/mock_rest_provider.go

@@ -1,46 +0,0 @@
-package rest
-
-import (
-	"bytes"
-	"context"
-	"net/http"
-)
-
-// MockRestProvider implements RestConnectionProvider for testing.
-type MockRestProvider struct {
-	MockClient  *http.Client
-	MockHandler Handler
-	MockHosts   []string
-	HostIndex   int
-}
-
-func (m *MockRestProvider) HttpClient() *http.Client { return m.MockClient }
-func (m *MockRestProvider) Handler() Handler         { return m.MockHandler }
-func (m *MockRestProvider) CurrentHost() string {
-	if len(m.MockHosts) > 0 {
-		return m.MockHosts[m.HostIndex%len(m.MockHosts)]
-	}
-	return ""
-}
-func (m *MockRestProvider) Hosts() []string            { return m.MockHosts }
-func (m *MockRestProvider) SwitchHost(index int) error { m.HostIndex = index; return nil }
-
-// MockHandler implements Handler for testing.
-type MockHandler struct {
-	MockHost string
-}
-
-func (m *MockHandler) Get(_ context.Context, _ string, _ any) error { return nil }
-func (m *MockHandler) GetStatusCode(_ context.Context, _ string) (int, error) {
-	return http.StatusOK, nil
-}
-func (m *MockHandler) GetSSZ(_ context.Context, _ string) ([]byte, http.Header, error) {
-	return nil, nil, nil
-}
-func (m *MockHandler) Post(_ context.Context, _ string, _ map[string]string, _ *bytes.Buffer, _ any) error {
-	return nil
-}
-func (m *MockHandler) PostSSZ(_ context.Context, _ string, _ map[string]string, _ *bytes.Buffer) ([]byte, http.Header, error) {
-	return nil, nil, nil
-}
-func (m *MockHandler) Host() string { return m.MockHost }

api/rest/rest_connection_provider.go

@@ -1,158 +0,0 @@
-package rest
-
-import (
-	"net/http"
-	"strings"
-	"sync/atomic"
-	"time"
-
-	"github.com/OffchainLabs/prysm/v7/api/client"
-	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
-	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
-)
-
-// RestConnectionProvider manages HTTP client configuration for REST API with failover support.
-// It allows switching between different beacon node REST endpoints when the current one becomes unavailable.
-type RestConnectionProvider interface {
-	// HttpClient returns the configured HTTP client with headers, timeout, and optional tracing.
-	HttpClient() *http.Client
-	// Handler returns the REST handler for making API requests.
-	Handler() Handler
-	// CurrentHost returns the current REST API endpoint URL.
-	CurrentHost() string
-	// Hosts returns all configured REST API endpoint URLs.
-	Hosts() []string
-	// SwitchHost switches to the endpoint at the given index.
-	SwitchHost(index int) error
-}
-
-// RestConnectionProviderOption is a functional option for configuring the REST connection provider.
-type RestConnectionProviderOption func(*restConnectionProvider)
-
-// WithHttpTimeout sets the HTTP client timeout.
-func WithHttpTimeout(timeout time.Duration) RestConnectionProviderOption {
-	return func(p *restConnectionProvider) {
-		p.timeout = timeout
-	}
-}
-
-// WithHttpHeaders sets custom HTTP headers to include in all requests.
-func WithHttpHeaders(headers map[string][]string) RestConnectionProviderOption {
-	return func(p *restConnectionProvider) {
-		p.headers = headers
-	}
-}
-
-// WithTracing enables OpenTelemetry tracing for HTTP requests.
-func WithTracing() RestConnectionProviderOption {
-	return func(p *restConnectionProvider) {
-		p.enableTracing = true
-	}
-}
-
-type restConnectionProvider struct {
-	endpoints     []string
-	httpClient    *http.Client
-	restHandler   *handler
-	currentIndex  atomic.Uint64
-	timeout       time.Duration
-	headers       map[string][]string
-	enableTracing bool
-}
-
-// NewRestConnectionProvider creates a new REST connection provider that manages HTTP client configuration.
-// The endpoint parameter can be a comma-separated list of URLs (e.g., "http://host1:3500,http://host2:3500").
-func NewRestConnectionProvider(endpoint string, opts ...RestConnectionProviderOption) (RestConnectionProvider, error) {
-	endpoints := parseEndpoints(endpoint)
-	if len(endpoints) == 0 {
-		return nil, errors.New("no REST API endpoints provided")
-	}
-
-	p := &restConnectionProvider{
-		endpoints: endpoints,
-	}
-
-	for _, opt := range opts {
-		opt(p)
-	}
-
-	// Build the HTTP transport chain
-	var transport http.RoundTripper = http.DefaultTransport
-
-	// Add custom headers if configured
-	if len(p.headers) > 0 {
-		transport = client.NewCustomHeadersTransport(transport, p.headers)
-	}
-
-	// Add tracing if enabled
-	if p.enableTracing {
-		transport = otelhttp.NewTransport(transport)
-	}
-
-	p.httpClient = &http.Client{
-		Timeout:   p.timeout,
-		Transport: transport,
-	}
-
-	// Create the REST handler with the HTTP client and initial host
-	p.restHandler = newHandler(*p.httpClient, endpoints[0])
-
-	log.WithFields(logrus.Fields{
-		"endpoints": endpoints,
-		"count":     len(endpoints),
-	}).Info("Initialized REST connection provider")
-
-	return p, nil
-}
-
-// parseEndpoints splits a comma-separated endpoint string into individual endpoints.
-func parseEndpoints(endpoint string) []string {
-	if endpoint == "" {
-		return nil
-	}
-	endpoints := make([]string, 0, 1)
-	for p := range strings.SplitSeq(endpoint, ",") {
-		if p = strings.TrimSpace(p); p != "" {
-			endpoints = append(endpoints, p)
-		}
-	}
-	return endpoints
-}
-
-func (p *restConnectionProvider) HttpClient() *http.Client {
-	return p.httpClient
-}
-
-func (p *restConnectionProvider) Handler() Handler {
-	return p.restHandler
-}
-
-func (p *restConnectionProvider) CurrentHost() string {
-	return p.endpoints[p.currentIndex.Load()]
-}
-
-func (p *restConnectionProvider) Hosts() []string {
-	// Return a copy to maintain immutability
-	hosts := make([]string, len(p.endpoints))
-	copy(hosts, p.endpoints)
-	return hosts
-}
-
-func (p *restConnectionProvider) SwitchHost(index int) error {
-	if index < 0 || index >= len(p.endpoints) {
-		return errors.Errorf("invalid host index %d, must be between 0 and %d", index, len(p.endpoints)-1)
-	}
-
-	oldIdx := p.currentIndex.Load()
-	p.currentIndex.Store(uint64(index))
-
-	// Update the rest handler's host
-	p.restHandler.SwitchHost(p.endpoints[index])
-
-	log.WithFields(logrus.Fields{
-		"previousHost": p.endpoints[oldIdx],
-		"newHost":      p.endpoints[index],
-	}).Debug("Switched REST endpoint")
-	return nil
-}

api/rest/rest_connection_provider_test.go

@@ -1,80 +0,0 @@
-package rest
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/OffchainLabs/prysm/v7/testing/assert"
-	"github.com/OffchainLabs/prysm/v7/testing/require"
-)
-
-func TestParseEndpoints(t *testing.T) {
-	tests := []struct {
-		name     string
-		input    string
-		expected []string
-	}{
-		{"single endpoint", "http://localhost:3500", []string{"http://localhost:3500"}},
-		{"multiple endpoints", "http://host1:3500,http://host2:3500,http://host3:3500", []string{"http://host1:3500", "http://host2:3500", "http://host3:3500"}},
-		{"endpoints with spaces", "http://host1:3500, http://host2:3500 , http://host3:3500", []string{"http://host1:3500", "http://host2:3500", "http://host3:3500"}},
-		{"empty string", "", nil},
-		{"only commas", ",,,", []string{}},
-		{"trailing comma", "http://host1:3500,http://host2:3500,", []string{"http://host1:3500", "http://host2:3500"}},
-		{"leading comma", ",http://host1:3500,http://host2:3500", []string{"http://host1:3500", "http://host2:3500"}},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got := parseEndpoints(tt.input)
-			if !reflect.DeepEqual(tt.expected, got) {
-				t.Errorf("parseEndpoints(%q) = %v, want %v", tt.input, got, tt.expected)
-			}
-		})
-	}
-}
-
-func TestNewRestConnectionProvider_Errors(t *testing.T) {
-	t.Run("no endpoints", func(t *testing.T) {
-		_, err := NewRestConnectionProvider("")
-		require.ErrorContains(t, "no REST API endpoints provided", err)
-	})
-}
-
-func TestRestConnectionProvider(t *testing.T) {
-	provider, err := NewRestConnectionProvider("http://host1:3500,http://host2:3500,http://host3:3500")
-	require.NoError(t, err)
-
-	t.Run("initial state", func(t *testing.T) {
-		assert.Equal(t, 3, len(provider.Hosts()))
-		assert.Equal(t, "http://host1:3500", provider.CurrentHost())
-		assert.NotNil(t, provider.HttpClient())
-	})
-
-	t.Run("SwitchHost", func(t *testing.T) {
-		require.NoError(t, provider.SwitchHost(1))
-		assert.Equal(t, "http://host2:3500", provider.CurrentHost())
-		require.NoError(t, provider.SwitchHost(0))
-		assert.Equal(t, "http://host1:3500", provider.CurrentHost())
-		require.ErrorContains(t, "invalid host index", provider.SwitchHost(-1))
-		require.ErrorContains(t, "invalid host index", provider.SwitchHost(3))
-	})
-
-	t.Run("Hosts returns copy", func(t *testing.T) {
-		hosts := provider.Hosts()
-		original := hosts[0]
-		hosts[0] = "modified"
-		assert.Equal(t, original, provider.Hosts()[0])
-	})
-}
-
-func TestRestConnectionProvider_WithOptions(t *testing.T) {
-	headers := map[string][]string{"Authorization": {"Bearer token"}}
-	provider, err := NewRestConnectionProvider(
-		"http://localhost:3500",
-		WithHttpHeaders(headers),
-		WithHttpTimeout(30000000000), // 30 seconds in nanoseconds
-		WithTracing(),
-	)
-	require.NoError(t, err)
-	assert.NotNil(t, provider.HttpClient())
-	assert.Equal(t, "http://localhost:3500", provider.CurrentHost())
-}

api/server/structs/endpoints_validator.go

@@ -150,36 +150,3 @@ type ActiveSetChanges struct {
 	EjectedPublicKeys   []string `json:"ejected_public_keys"`
 	EjectedIndices      []string `json:"ejected_indices"`
 }
-
-// =============================================================================
-// GLOAS Fork Types - Execution Payload Envelope
-// =============================================================================
-// Note: Block-related GLOAS types (BeaconBlockGloas, ExecutionPayloadBid, etc.)
-// are defined in block.go. This file contains only the envelope types used for
-// the validator API endpoints.
-
-// ExecutionPayloadEnvelope represents an execution payload envelope in the GLOAS fork.
-// This wraps the full execution payload with builder metadata for separate signing
-// and broadcasting by validators.
-type ExecutionPayloadEnvelope struct {
-	Payload            json.RawMessage `json:"payload"`              // ExecutionPayloadDeneb
-	ExecutionRequests  json.RawMessage `json:"execution_requests"`   // ExecutionRequests
-	BuilderIndex       string          `json:"builder_index"`        // uint64 as string
-	BeaconBlockRoot    string          `json:"beacon_block_root"`    // hex encoded 32 bytes
-	Slot               string          `json:"slot"`                 // uint64 as string
-	BlobKzgCommitments []string        `json:"blob_kzg_commitments"` // list of hex encoded 48-byte commitments
-	StateRoot          string          `json:"state_root"`           // hex encoded 32 bytes
-}
-
-// SignedExecutionPayloadEnvelope wraps an execution payload envelope with a BLS signature.
-// The signature is provided by the validator after retrieving the envelope from the beacon node.
-type SignedExecutionPayloadEnvelope struct {
-	Message   *ExecutionPayloadEnvelope `json:"message"`
-	Signature string                    `json:"signature"` // hex encoded 96-byte BLS signature
-}
-
-// GetExecutionPayloadEnvelopeResponse is the response for retrieving a cached execution payload envelope.
-type GetExecutionPayloadEnvelopeResponse struct {
-	Version string                    `json:"version"`
-	Data    *ExecutionPayloadEnvelope `json:"data"`
-}

beacon-chain/blockchain/BUILD.bazel

@@ -27,6 +27,7 @@ go_library(
         "receive_blob.go",
         "receive_block.go",
         "receive_data_column.go",
+        "receive_proof.go",
         "service.go",
         "setup_forkchoice.go",
         "tracked_proposer.go",
@@ -49,6 +50,7 @@ go_library(
         "//beacon-chain/core/electra:go_default_library",
         "//beacon-chain/core/epoch/precompute:go_default_library",
         "//beacon-chain/core/feed:go_default_library",
+        "//beacon-chain/core/feed/operation:go_default_library",
         "//beacon-chain/core/feed/state:go_default_library",
         "//beacon-chain/core/helpers:go_default_library",
         "//beacon-chain/core/peerdas:go_default_library",
@@ -74,6 +76,7 @@ go_library(
         "//beacon-chain/state:go_default_library",
         "//beacon-chain/state/stategen:go_default_library",
         "//beacon-chain/verification:go_default_library",
+        "//cmd/beacon-chain/flags:go_default_library",
         "//config/features:go_default_library",
         "//config/fieldparams:go_default_library",
         "//config/params:go_default_library",
@@ -85,7 +88,6 @@ go_library(
         "//consensus-types/primitives:go_default_library",
         "//crypto/bls:go_default_library",
         "//encoding/bytesutil:go_default_library",
-        "//io/logs:go_default_library",
         "//math:go_default_library",
         "//monitoring/tracing:go_default_library",
         "//monitoring/tracing/trace:go_default_library",

beacon-chain/blockchain/log_helpers.go

@@ -10,7 +10,6 @@ import (
 	consensus_types "github.com/OffchainLabs/prysm/v7/consensus-types"
 	"github.com/OffchainLabs/prysm/v7/consensus-types/interfaces"
 	"github.com/OffchainLabs/prysm/v7/encoding/bytesutil"
-	"github.com/OffchainLabs/prysm/v7/io/logs"
 	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
 	"github.com/OffchainLabs/prysm/v7/runtime/version"
 	prysmTime "github.com/OffchainLabs/prysm/v7/time"
@@ -88,45 +87,36 @@ func logStateTransitionData(b interfaces.ReadOnlyBeaconBlock) error {
 func logBlockSyncStatus(block interfaces.ReadOnlyBeaconBlock, blockRoot [32]byte, justified, finalized *ethpb.Checkpoint, receivedTime time.Time, genesis time.Time, daWaitedTime time.Duration) error {
 	startTime, err := slots.StartTime(genesis, block.Slot())
 	if err != nil {
-		return errors.Wrap(err, "failed to get slot start time")
+		return err
 	}
-	parentRoot := block.ParentRoot()
-	blkRoot := fmt.Sprintf("0x%s...", hex.EncodeToString(blockRoot[:])[:8])
-	finalizedRoot := fmt.Sprintf("0x%s...", hex.EncodeToString(finalized.Root)[:8])
-	sinceSlotStartTime := prysmTime.Now().Sub(startTime)
-
-	lessFields := logrus.Fields{
-		"slot":               block.Slot(),
-		"block":              blkRoot,
-		"finalizedEpoch":     finalized.Epoch,
-		"finalizedRoot":      finalizedRoot,
-		"epoch":              slots.ToEpoch(block.Slot()),
-		"sinceSlotStartTime": sinceSlotStartTime,
-	}
-	moreFields := logrus.Fields{
-		"slot":                       block.Slot(),
-		"slotInEpoch":                block.Slot() % params.BeaconConfig().SlotsPerEpoch,
-		"block":                      blkRoot,
-		"epoch":                      slots.ToEpoch(block.Slot()),
-		"justifiedEpoch":             justified.Epoch,
-		"justifiedRoot":              fmt.Sprintf("0x%s...", hex.EncodeToString(justified.Root)[:8]),
-		"finalizedEpoch":             finalized.Epoch,
-		"finalizedRoot":              finalizedRoot,
-		"parentRoot":                 fmt.Sprintf("0x%s...", hex.EncodeToString(parentRoot[:])[:8]),
-		"version":                    version.String(block.Version()),
-		"sinceSlotStartTime":         sinceSlotStartTime,
-		"chainServiceProcessedTime":  prysmTime.Now().Sub(receivedTime) - daWaitedTime,
-		"dataAvailabilityWaitedTime": daWaitedTime,
-	}
-
-	level := logs.PackageVerbosity("beacon-chain/blockchain")
+	level := log.Logger.GetLevel()
 	if level >= logrus.DebugLevel {
-		log.WithFields(moreFields).Info("Synced new block")
-		return nil
+		parentRoot := block.ParentRoot()
+		lf := logrus.Fields{
+			"slot":                       block.Slot(),
+			"slotInEpoch":                block.Slot() % params.BeaconConfig().SlotsPerEpoch,
+			"block":                      fmt.Sprintf("0x%s...", hex.EncodeToString(blockRoot[:])[:8]),
+			"epoch":                      slots.ToEpoch(block.Slot()),
+			"justifiedEpoch":             justified.Epoch,
+			"justifiedRoot":              fmt.Sprintf("0x%s...", hex.EncodeToString(justified.Root)[:8]),
+			"finalizedEpoch":             finalized.Epoch,
+			"finalizedRoot":              fmt.Sprintf("0x%s...", hex.EncodeToString(finalized.Root)[:8]),
+			"parentRoot":                 fmt.Sprintf("0x%s...", hex.EncodeToString(parentRoot[:])[:8]),
+			"version":                    version.String(block.Version()),
+			"sinceSlotStartTime":         prysmTime.Now().Sub(startTime),
+			"chainServiceProcessedTime":  prysmTime.Now().Sub(receivedTime) - daWaitedTime,
+			"dataAvailabilityWaitedTime": daWaitedTime,
+		}
+		log.WithFields(lf).Debug("Synced new block")
+	} else {
+		log.WithFields(logrus.Fields{
+			"slot":           block.Slot(),
+			"block":          fmt.Sprintf("0x%s...", hex.EncodeToString(blockRoot[:])[:8]),
+			"finalizedEpoch": finalized.Epoch,
+			"finalizedRoot":  fmt.Sprintf("0x%s...", hex.EncodeToString(finalized.Root)[:8]),
+			"epoch":          slots.ToEpoch(block.Slot()),
+		}).Info("Synced new block")
 	}
-
-	log.WithFields(lessFields).WithField(logs.LogTargetField, logs.LogTargetUser).Info("Synced new block")
-	log.WithFields(moreFields).WithField(logs.LogTargetField, logs.LogTargetEphemeral).Info("Synced new block")
 	return nil
 }
 

beacon-chain/blockchain/options.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/OffchainLabs/prysm/v7/async/event"
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/cache"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/feed/operation"
 	statefeed "github.com/OffchainLabs/prysm/v7/beacon-chain/core/feed/state"
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/db"
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/db/filesystem"
@@ -226,6 +227,14 @@ func WithDataColumnStorage(b *filesystem.DataColumnStorage) Option {
 	}
 }
 
+// WithProofStorage sets the proof storage backend for the blockchain service.
+func WithProofStorage(p *filesystem.ProofStorage) Option {
+	return func(s *Service) error {
+		s.proofStorage = p
+		return nil
+	}
+}
+
 // WithSyncChecker sets the sync checker for the blockchain service.
 func WithSyncChecker(checker Checker) Option {
 	return func(s *Service) error {
@@ -266,3 +275,10 @@ func WithStartWaitingDataColumnSidecars(c chan bool) Option {
 		return nil
 	}
 }
+
+func WithOperationNotifier(operationNotifier operation.Notifier) Option {
+	return func(s *Service) error {
+		s.cfg.OperationNotifier = operationNotifier
+		return nil
+	}
+}

beacon-chain/blockchain/process_block.go

@@ -15,6 +15,7 @@ import (
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/db/filesystem"
 	forkchoicetypes "github.com/OffchainLabs/prysm/v7/beacon-chain/forkchoice/types"
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/state"
+	"github.com/OffchainLabs/prysm/v7/cmd/beacon-chain/flags"
 	"github.com/OffchainLabs/prysm/v7/config/features"
 	fieldparams "github.com/OffchainLabs/prysm/v7/config/fieldparams"
 	"github.com/OffchainLabs/prysm/v7/config/params"
@@ -113,6 +114,7 @@ func (s *Service) postBlockProcess(cfg *postBlockProcessConfig) error {
 			s.updateCachesPostBlockProcessing(cfg)
 		}()
 	}
+
 	return nil
 }
 
@@ -661,10 +663,17 @@ func (s *Service) isDataAvailable(
 		return errors.New("invalid nil beacon block")
 	}
 
-	root := roBlock.Root()
-	blockVersion := block.Version()
+	root, blockVersion := roBlock.Root(), roBlock.Version()
 	if blockVersion >= version.Fulu {
-		return s.areDataColumnsAvailable(ctx, root, block)
+		if err := s.areExecutionProofsAvailable(ctx, roBlock); err != nil {
+			return fmt.Errorf("are execution proofs available: %w", err)
+		}
+
+		if err := s.areDataColumnsAvailable(ctx, root, block); err != nil {
+			return fmt.Errorf("are data columns available: %w", err)
+		}
+
+		return nil
 	}
 
 	if blockVersion >= version.Deneb {
@@ -674,6 +683,77 @@ func (s *Service) isDataAvailable(
 	return nil
 }
 
+// areExecutionProofsAvailable blocks until we have enough execution proofs to import the block,
+// or an error or context cancellation occurs.
+// This check is only performed for lightweight verifier nodes that need zkVM proofs
+// to validate block execution (nodes without execution layer + proof generation capability).
+// A nil result means that the data availability check is successful.
+func (s *Service) areExecutionProofsAvailable(ctx context.Context, roBlock consensusblocks.ROBlock) error {
+	// Return early if zkVM features are disabled (no need to check for execution proofs),
+	// or if the generation proof is enabled (we will generate proofs ourselves).
+	if !features.Get().EnableZkvm || len(flags.Get().ProofGenerationTypes) > 0 {
+		return nil
+	}
+
+	root, slot := roBlock.Root(), roBlock.Block().Slot()
+
+	requiredProofCount := params.BeaconConfig().MinProofsRequired
+	log := log.WithFields(logrus.Fields{
+		"root":               fmt.Sprintf("%#x", root),
+		"slot":               slot,
+		"requiredProofCount": requiredProofCount,
+	})
+
+	// Subscribe to newly execution proofs stored in the database.
+	subscription, identChan := s.proofStorage.Subscribe()
+	defer subscription.Unsubscribe()
+
+	// Return early if we already have enough proofs.
+	if actualProofCount := uint64(s.proofStorage.Summary(root).Count()); actualProofCount >= requiredProofCount {
+		log.WithField("actualProofCount", actualProofCount).Debug("Already have enough execution proofs")
+		return nil
+	}
+
+	// Log for DA checks that cross over into the next slot; helpful for debugging.
+	nextSlot, err := slots.StartTime(s.genesisTime, roBlock.Block().Slot()+1)
+	if err != nil {
+		return fmt.Errorf("start time: %w", err)
+	}
+
+	// Avoid logging if DA check is called after next slot start.
+	if nextSlot.After(time.Now()) {
+		timer := time.AfterFunc(time.Until(nextSlot), func() {
+			actualCount := uint64(s.proofStorage.Summary(root).Count())
+			if actualCount >= requiredProofCount {
+				return
+			}
+
+			log.WithField("proofsRetrieved", actualCount).Warning("Execution proofs still missing at slot end")
+		})
+
+		defer timer.Stop()
+	}
+
+	// Some proofs are missing; wait for them.
+	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		case proofIdent := <-identChan:
+			// Skip if the proof is for a different block.
+			if proofIdent.BlockRoot != root {
+				continue
+			}
+
+			// Return if we have enough proofs.
+			if actualProofCount := uint64(s.proofStorage.Summary(root).Count()); actualProofCount >= requiredProofCount {
+				log.WithField("actualProofCount", actualProofCount).Debug("Got enough execution proofs")
+				return nil
+			}
+		}
+	}
+}
+
 // areDataColumnsAvailable blocks until all data columns committed to in the block are available,
 // or an error or context cancellation occurs. A nil result means that the data availability check is successful.
 func (s *Service) areDataColumnsAvailable(
@@ -810,14 +890,7 @@ func (s *Service) areDataColumnsAvailable(
 			}
 
 		case <-ctx.Done():
-			var missingIndices any = "all"
-			missingIndicesCount := len(missing)
-
-			if missingIndicesCount < fieldparams.NumberOfColumns {
-				missingIndices = helpers.SortedPrettySliceFromMap(missing)
-			}
-
-			return errors.Wrapf(ctx.Err(), "data column sidecars slot: %d, BlockRoot: %#x, missing: %v", block.Slot(), root, missingIndices)
+			return errors.Wrapf(ctx.Err(), "data column sidecars slot: %d, BlockRoot: %#x, missing: %v", block.Slot(), root, helpers.SortedPrettySliceFromMap(missing))
 		}
 	}
 }

beacon-chain/blockchain/receive_block.go

@@ -60,6 +60,12 @@ type DataColumnReceiver interface {
 	ReceiveDataColumns([]blocks.VerifiedRODataColumn) error
 }
 
+// ProofReceiver interface defines the methods of chain service for receiving new
+// execution proofs
+type ProofReceiver interface {
+	ReceiveProof(proof *ethpb.ExecutionProof) error
+}
+
 // SlashingReceiver interface defines the methods of chain service for receiving validated slashing over the wire.
 type SlashingReceiver interface {
 	ReceiveAttesterSlashing(ctx context.Context, slashing ethpb.AttSlashing)

beacon-chain/blockchain/receive_proof.go

@@ -0,0 +1,15 @@
+package blockchain
+
+import (
+	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
+	"github.com/pkg/errors"
+)
+
+// ReceiveProof saves an execution proof to storage.
+func (s *Service) ReceiveProof(proof *ethpb.ExecutionProof) error {
+	if err := s.proofStorage.Save([]*ethpb.ExecutionProof{proof}); err != nil {
+		return errors.Wrap(err, "save proof")
+	}
+
+	return nil
+}

beacon-chain/blockchain/service.go

@@ -12,6 +12,7 @@ import (
 	"github.com/OffchainLabs/prysm/v7/async/event"
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/blockchain/kzg"
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/cache"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/feed/operation"
 	statefeed "github.com/OffchainLabs/prysm/v7/beacon-chain/core/feed/state"
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/helpers"
 	coreTime "github.com/OffchainLabs/prysm/v7/beacon-chain/core/time"
@@ -64,6 +65,7 @@ type Service struct {
 	blockBeingSynced               *currentlySyncingBlock
 	blobStorage                    *filesystem.BlobStorage
 	dataColumnStorage              *filesystem.DataColumnStorage
+	proofStorage                   *filesystem.ProofStorage
 	slasherEnabled                 bool
 	lcStore                        *lightClient.Store
 	startWaitingDataColumnSidecars chan bool // for testing purposes only
@@ -86,6 +88,7 @@ type config struct {
 	P2P                     p2p.Accessor
 	MaxRoutines             int
 	StateNotifier           statefeed.Notifier
+	OperationNotifier       operation.Notifier
 	ForkChoiceStore         f.ForkChoicer
 	AttService              *attestations.Service
 	StateGen                *stategen.State
@@ -209,7 +212,8 @@ func (s *Service) Start() {
 	if err := s.StartFromSavedState(s.cfg.FinalizedStateAtStartUp); err != nil {
 		log.Fatal(err)
 	}
-	s.spawnProcessAttestationsRoutine()
+
+	go s.spawnProcessAttestationsRoutine()
 	go s.runLateBlockTasks()
 }
 

beacon-chain/blockchain/testing/mock.go

@@ -75,6 +75,7 @@ type ChainService struct {
 	SyncingRoot                 [32]byte
 	Blobs                       []blocks.VerifiedROBlob
 	DataColumns                 []blocks.VerifiedRODataColumn
+	Proofs                      []*ethpb.ExecutionProof
 	TargetRoot                  [32]byte
 	MockHeadSlot                *primitives.Slot
 }
@@ -757,6 +758,12 @@ func (c *ChainService) ReceiveDataColumns(dcs []blocks.VerifiedRODataColumn) err
 	return nil
 }
 
+// ReceiveProof implements the same method in chain service
+func (c *ChainService) ReceiveProof(proof *ethpb.ExecutionProof) error {
+	c.Proofs = append(c.Proofs, proof)
+	return nil
+}
+
 // DependentRootForEpoch mocks the same method in the chain service
 func (c *ChainService) DependentRootForEpoch(_ [32]byte, _ primitives.Epoch) ([32]byte, error) {
 	return c.TargetRoot, nil

beacon-chain/cache/BUILD.bazel

@@ -15,7 +15,6 @@ go_library(
         "common.go",
         "doc.go",
         "error.go",
-        "execution_payload_envelope.go",
         "interfaces.go",
         "log.go",
         "payload_id.go",
@@ -52,7 +51,6 @@ go_library(
         "//encoding/bytesutil:go_default_library",
         "//math:go_default_library",
         "//monitoring/tracing/trace:go_default_library",
-        "//proto/engine/v1:go_default_library",
         "//proto/prysm/v1alpha1:go_default_library",
         "//proto/prysm/v1alpha1/attestation:go_default_library",
         "//runtime/version:go_default_library",
@@ -78,7 +76,6 @@ go_test(
         "checkpoint_state_test.go",
         "committee_fuzz_test.go",
         "committee_test.go",
-        "execution_payload_envelope_test.go",
         "payload_id_test.go",
         "private_access_test.go",
         "proposer_indices_test.go",
@@ -100,7 +97,6 @@ go_test(
         "//consensus-types/primitives:go_default_library",
         "//crypto/bls/blst:go_default_library",
         "//encoding/bytesutil:go_default_library",
-        "//proto/engine/v1:go_default_library",
         "//proto/prysm/v1alpha1:go_default_library",
         "//proto/prysm/v1alpha1/attestation:go_default_library",
         "//testing/assert:go_default_library",

beacon-chain/cache/execution_payload_envelope.go

@@ -1,111 +0,0 @@
-package cache
-
-import (
-	"sync"
-
-	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
-	enginev1 "github.com/OffchainLabs/prysm/v7/proto/engine/v1"
-	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
-)
-
-// ExecutionPayloadEnvelopeKey uniquely identifies a cached execution payload envelope.
-type ExecutionPayloadEnvelopeKey struct {
-	Slot         primitives.Slot
-	BuilderIndex primitives.BuilderIndex
-}
-
-// executionPayloadEnvelopeCacheEntry holds an execution payload envelope and
-// the associated blobs bundle from the EL. The blobs bundle is needed later
-// when proposing the block to build and broadcast blob sidecars.
-type executionPayloadEnvelopeCacheEntry struct {
-	envelope    *ethpb.ExecutionPayloadEnvelope
-	blobsBundle enginev1.BlobsBundler
-}
-
-// ExecutionPayloadEnvelopeCache stores execution payload envelopes produced during
-// GLOAS block building for later retrieval by validators. When a beacon node
-// produces a GLOAS block, it caches the execution payload envelope so the validator
-// can retrieve it, sign it, and broadcast it separately from the beacon block.
-// The blobs bundle from the EL is also cached alongside, since blobs are only
-// persisted to the DB after they are broadcast as sidecars during block proposal.
-type ExecutionPayloadEnvelopeCache struct {
-	cache map[ExecutionPayloadEnvelopeKey]*executionPayloadEnvelopeCacheEntry
-	sync.RWMutex
-}
-
-// NewExecutionPayloadEnvelopeCache creates a new execution payload envelope cache.
-func NewExecutionPayloadEnvelopeCache() *ExecutionPayloadEnvelopeCache {
-	return &ExecutionPayloadEnvelopeCache{
-		cache: make(map[ExecutionPayloadEnvelopeKey]*executionPayloadEnvelopeCacheEntry),
-	}
-}
-
-// Get retrieves an execution payload envelope by slot and builder index.
-// Returns the envelope and true if found, nil and false otherwise.
-func (c *ExecutionPayloadEnvelopeCache) Get(slot primitives.Slot, builderIndex primitives.BuilderIndex) (*ethpb.ExecutionPayloadEnvelope, bool) {
-	c.RLock()
-	defer c.RUnlock()
-
-	key := ExecutionPayloadEnvelopeKey{
-		Slot:         slot,
-		BuilderIndex: builderIndex,
-	}
-	entry, ok := c.cache[key]
-	if !ok {
-		return nil, false
-	}
-	return entry.envelope, true
-}
-
-// GetBlobsBundle retrieves a cached blobs bundle by slot and builder index.
-// Returns the blobs bundle and true if found, nil and false otherwise.
-func (c *ExecutionPayloadEnvelopeCache) GetBlobsBundle(slot primitives.Slot, builderIndex primitives.BuilderIndex) (enginev1.BlobsBundler, bool) {
-	c.RLock()
-	defer c.RUnlock()
-
-	key := ExecutionPayloadEnvelopeKey{
-		Slot:         slot,
-		BuilderIndex: builderIndex,
-	}
-	entry, ok := c.cache[key]
-	if !ok {
-		return nil, false
-	}
-	return entry.blobsBundle, true
-}
-
-// Set stores an execution payload envelope and its associated blobs bundle in the cache.
-// The envelope's slot and builder_index fields are used as the cache key.
-// Old entries are automatically pruned to prevent unbounded growth.
-func (c *ExecutionPayloadEnvelopeCache) Set(envelope *ethpb.ExecutionPayloadEnvelope, blobsBundle enginev1.BlobsBundler) {
-	if envelope == nil {
-		return
-	}
-
-	c.Lock()
-	defer c.Unlock()
-
-	slot := envelope.Slot
-	if slot > 2 {
-		c.prune(slot - 2)
-	}
-
-	key := ExecutionPayloadEnvelopeKey{
-		Slot:         slot,
-		BuilderIndex: envelope.BuilderIndex,
-	}
-	c.cache[key] = &executionPayloadEnvelopeCacheEntry{
-		envelope:    envelope,
-		blobsBundle: blobsBundle,
-	}
-}
-
-// prune removes all entries with slots older than the given slot.
-// Must be called with the lock held.
-func (c *ExecutionPayloadEnvelopeCache) prune(slot primitives.Slot) {
-	for key := range c.cache {
-		if key.Slot < slot {
-			delete(c.cache, key)
-		}
-	}
-}

beacon-chain/cache/execution_payload_envelope_test.go

@@ -1,146 +0,0 @@
-package cache
-
-import (
-	"testing"
-
-	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
-	enginev1 "github.com/OffchainLabs/prysm/v7/proto/engine/v1"
-	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
-	"github.com/OffchainLabs/prysm/v7/testing/require"
-)
-
-func TestExecutionPayloadEnvelopeCache_GetSet(t *testing.T) {
-	cache := NewExecutionPayloadEnvelopeCache()
-
-	// Test empty cache returns false
-	_, ok := cache.Get(1, 0)
-	require.Equal(t, false, ok, "expected empty cache to return false")
-
-	// Create test envelope
-	envelope := &ethpb.ExecutionPayloadEnvelope{
-		Slot:         primitives.Slot(100),
-		BuilderIndex: primitives.BuilderIndex(5),
-		StateRoot:    make([]byte, 32),
-	}
-
-	// Set and retrieve
-	cache.Set(envelope, nil)
-	retrieved, ok := cache.Get(100, 5)
-	require.Equal(t, true, ok, "expected to find cached envelope")
-	require.Equal(t, envelope.Slot, retrieved.Slot)
-	require.Equal(t, envelope.BuilderIndex, retrieved.BuilderIndex)
-
-	// Different builder index should not find it
-	_, ok = cache.Get(100, 6)
-	require.Equal(t, false, ok, "expected different builder index to return false")
-
-	// Different slot should not find it
-	_, ok = cache.Get(101, 5)
-	require.Equal(t, false, ok, "expected different slot to return false")
-}
-
-func TestExecutionPayloadEnvelopeCache_Prune(t *testing.T) {
-	cache := NewExecutionPayloadEnvelopeCache()
-
-	// Add envelopes at slots 10, 11, 12 (close enough that none get pruned).
-	// Prune removes entries with slot < (new_slot - 2), so inserting 10, 11, 12
-	// keeps all three: slot 12 prunes < 10, but 10 is not < 10.
-	for i := primitives.Slot(10); i <= 12; i++ {
-		envelope := &ethpb.ExecutionPayloadEnvelope{
-			Slot:         i,
-			BuilderIndex: 0,
-			StateRoot:    make([]byte, 32),
-		}
-		cache.Set(envelope, nil)
-	}
-
-	// Verify all are present
-	for i := primitives.Slot(10); i <= 12; i++ {
-		_, ok := cache.Get(i, 0)
-		require.Equal(t, true, ok, "expected envelope at slot %d", i)
-	}
-
-	// Add envelope at slot 20, should prune slots < 18
-	envelope := &ethpb.ExecutionPayloadEnvelope{
-		Slot:         20,
-		BuilderIndex: 0,
-		StateRoot:    make([]byte, 32),
-	}
-	cache.Set(envelope, nil)
-
-	// Slots 10-12 should be pruned (all < 18)
-	for i := primitives.Slot(10); i <= 12; i++ {
-		_, ok := cache.Get(i, 0)
-		require.Equal(t, false, ok, "expected envelope at slot %d to be pruned", i)
-	}
-
-	// Slot 20 should still be present
-	_, ok := cache.Get(20, 0)
-	require.Equal(t, true, ok, "expected envelope at slot 20 to be present")
-}
-
-func TestExecutionPayloadEnvelopeCache_NilEnvelope(t *testing.T) {
-	cache := NewExecutionPayloadEnvelopeCache()
-
-	// Setting nil should not panic or add entry
-	cache.Set(nil, nil)
-
-	// Cache should still be empty
-	require.Equal(t, 0, len(cache.cache))
-}
-
-func TestExecutionPayloadEnvelopeCache_MultipleBuilders(t *testing.T) {
-	cache := NewExecutionPayloadEnvelopeCache()
-
-	slot := primitives.Slot(100)
-
-	// Add envelopes from multiple builders at same slot
-	for i := range primitives.BuilderIndex(3) {
-		envelope := &ethpb.ExecutionPayloadEnvelope{
-			Slot:         slot,
-			BuilderIndex: i,
-			StateRoot:    make([]byte, 32),
-		}
-		cache.Set(envelope, nil)
-	}
-
-	// All should be retrievable
-	for i := range primitives.BuilderIndex(3) {
-		retrieved, ok := cache.Get(slot, i)
-		require.Equal(t, true, ok, "expected to find envelope for builder %d", i)
-		require.Equal(t, i, retrieved.BuilderIndex)
-	}
-}
-
-func TestExecutionPayloadEnvelopeCache_BlobsBundle(t *testing.T) {
-	cache := NewExecutionPayloadEnvelopeCache()
-
-	slot := primitives.Slot(100)
-	builderIndex := primitives.BuilderIndex(5)
-
-	envelope := &ethpb.ExecutionPayloadEnvelope{
-		Slot:         slot,
-		BuilderIndex: builderIndex,
-		StateRoot:    make([]byte, 32),
-	}
-	bundle := &enginev1.BlobsBundle{
-		KzgCommitments: [][]byte{{1, 2, 3}},
-		Proofs:         [][]byte{{4, 5, 6}},
-		Blobs:          [][]byte{{7, 8, 9}},
-	}
-
-	cache.Set(envelope, bundle)
-
-	// Retrieve blobs bundle
-	retrieved, ok := cache.GetBlobsBundle(slot, builderIndex)
-	require.Equal(t, true, ok, "expected to find cached blobs bundle")
-	require.NotNil(t, retrieved)
-	b, ok := retrieved.(*enginev1.BlobsBundle)
-	require.Equal(t, true, ok)
-	require.Equal(t, 1, len(b.KzgCommitments))
-	require.DeepEqual(t, []byte{1, 2, 3}, b.KzgCommitments[0])
-
-	// Nil blobs bundle for missing key
-	_, ok = cache.GetBlobsBundle(slot, 99)
-	require.Equal(t, false, ok, "expected missing key to return false")
-}

beacon-chain/core/feed/operation/events.go

@@ -46,6 +46,9 @@ const (
 
 	// DataColumnReceived is sent after a data column has been seen after gossip validation rules.
 	DataColumnReceived = 12
+
+	// ExecutionProofReceived is sent after a execution proof object has been received from gossip or rpc.
+	ExecutionProofReceived = 13
 )
 
 // UnAggregatedAttReceivedData is the data sent with UnaggregatedAttReceived events.
@@ -77,6 +80,11 @@ type BLSToExecutionChangeReceivedData struct {
 	Change *ethpb.SignedBLSToExecutionChange
 }
 
+// ExecutionProofReceivedData is the data sent with ExecutionProofReceived events.
+type ExecutionProofReceivedData struct {
+	ExecutionProof *ethpb.ExecutionProof
+}
+
 // BlobSidecarReceivedData is the data sent with BlobSidecarReceived events.
 type BlobSidecarReceivedData struct {
 	Blob *blocks.VerifiedROBlob

beacon-chain/core/gloas/bid.go

@@ -17,50 +17,27 @@ import (
 )
 
 // ProcessExecutionPayloadBid processes a signed execution payload bid in the Gloas fork.
+// Spec v1.7.0-alpha.0 (pseudocode):
+// process_execution_payload_bid(state: BeaconState, block: BeaconBlock):
 //
-//	<spec fn="process_execution_payload_bid" fork="gloas" hash="6dc696bb">
-//	def process_execution_payload_bid(state: BeaconState, block: BeaconBlock) -> None:
-//	    signed_bid = block.body.signed_execution_payload_bid
-//	    bid = signed_bid.message
-//	    builder_index = bid.builder_index
-//	    amount = bid.value
-//
-//	    # For self-builds, amount must be zero regardless of withdrawal credential prefix
-//	    if builder_index == BUILDER_INDEX_SELF_BUILD:
-//	        assert amount == 0
-//	        assert signed_bid.signature == bls.G2_POINT_AT_INFINITY
-//	    else:
-//	        # Verify that the builder is active
-//	        assert is_active_builder(state, builder_index)
-//	        # Verify that the builder has funds to cover the bid
-//	        assert can_builder_cover_bid(state, builder_index, amount)
-//	        # Verify that the bid signature is valid
-//	        assert verify_execution_payload_bid_signature(state, signed_bid)
-//
-//	    # Verify that the bid is for the current slot
-//	    assert bid.slot == block.slot
-//	    # Verify that the bid is for the right parent block
-//	    assert bid.parent_block_hash == state.latest_block_hash
-//	    assert bid.parent_block_root == block.parent_root
-//	    assert bid.prev_randao == get_randao_mix(state, get_current_epoch(state))
-//
-//	    # Record the pending payment if there is some payment
-//	    if amount > 0:
-//	        pending_payment = BuilderPendingPayment(
-//	            weight=0,
-//	            withdrawal=BuilderPendingWithdrawal(
-//	                fee_recipient=bid.fee_recipient,
-//	                amount=amount,
-//	                builder_index=builder_index,
-//	            ),
-//	        )
-//	        state.builder_pending_payments[SLOTS_PER_EPOCH + bid.slot % SLOTS_PER_EPOCH] = (
-//	            pending_payment
-//	        )
-//
-//	    # Cache the signed execution payload bid
-//	    state.latest_execution_payload_bid = bid
-//	</spec>
+//	signed_bid = block.body.signed_execution_payload_bid
+//	bid = signed_bid.message
+//	builder_index = bid.builder_index
+//	amount = bid.value
+//	if builder_index == BUILDER_INDEX_SELF_BUILD:
+//	  assert amount == 0
+//	  assert signed_bid.signature == G2_POINT_AT_INFINITY
+//	else:
+//	  assert is_active_builder(state, builder_index)
+//	  assert can_builder_cover_bid(state, builder_index, amount)
+//	  assert verify_execution_payload_bid_signature(state, signed_bid)
+//	assert bid.slot == block.slot
+//	assert bid.parent_block_hash == state.latest_block_hash
+//	assert bid.parent_block_root == block.parent_root
+//	assert bid.prev_randao == get_randao_mix(state, get_current_epoch(state))
+//	if amount > 0:
+//	  state.builder_pending_payments[...] = BuilderPendingPayment(weight=0, withdrawal=BuilderPendingWithdrawal(fee_recipient=bid.fee_recipient, amount=amount, builder_index=builder_index))
+//	state.latest_execution_payload_bid = bid
 func ProcessExecutionPayloadBid(st state.BeaconState, block interfaces.ReadOnlyBeaconBlock) error {
 	signedBid, err := block.Body().SignedExecutionPayloadBid()
 	if err != nil {

beacon-chain/core/gloas/payload_attestation.go

@@ -24,21 +24,14 @@ import (
 )
 
 // ProcessPayloadAttestations validates payload attestations in a block body.
+// Spec v1.7.0-alpha.0 (pseudocode):
+// process_payload_attestation(state: BeaconState, payload_attestation: PayloadAttestation):
 //
-//	<spec fn="process_payload_attestation" fork="gloas" hash="f46bf0b0">
-//	def process_payload_attestation(
-//	    state: BeaconState, payload_attestation: PayloadAttestation
-//	) -> None:
-//	    data = payload_attestation.data
-//
-//	    # Check that the attestation is for the parent beacon block
-//	    assert data.beacon_block_root == state.latest_block_header.parent_root
-//	    # Check that the attestation is for the previous slot
-//	    assert data.slot + 1 == state.slot
-//	    # Verify signature
-//	    indexed_payload_attestation = get_indexed_payload_attestation(state, payload_attestation)
-//	    assert is_valid_indexed_payload_attestation(state, indexed_payload_attestation)
-//	</spec>
+//	data = payload_attestation.data
+//	assert data.beacon_block_root == state.latest_block_header.parent_root
+//	assert data.slot + 1 == state.slot
+//	indexed = get_indexed_payload_attestation(state, data.slot, payload_attestation)
+//	assert is_valid_indexed_payload_attestation(state, indexed)
 func ProcessPayloadAttestations(ctx context.Context, st state.BeaconState, body interfaces.ReadOnlyBeaconBlockBody) error {
 	atts, err := body.PayloadAttestations()
 	if err != nil {
@@ -97,24 +90,17 @@ func indexedPayloadAttestation(ctx context.Context, st state.ReadOnlyBeaconState
 }
 
 // payloadCommittee returns the payload timeliness committee for a given slot for the state.
+// Spec v1.7.0-alpha.0 (pseudocode):
+// get_ptc(state: BeaconState, slot: Slot) -> Vector[ValidatorIndex, PTC_SIZE]:
 //
-//	<spec fn="get_ptc" fork="gloas" hash="ae15f761">
-//	def get_ptc(state: BeaconState, slot: Slot) -> Vector[ValidatorIndex, PTC_SIZE]:
-//	    """
-//	    Get the payload timeliness committee for the given ``slot``.
-//	    """
-//	    epoch = compute_epoch_at_slot(slot)
-//	    seed = hash(get_seed(state, epoch, DOMAIN_PTC_ATTESTER) + uint_to_bytes(slot))
-//	    indices: List[ValidatorIndex] = []
-//	    # Concatenate all committees for this slot in order
-//	    committees_per_slot = get_committee_count_per_slot(state, epoch)
-//	    for i in range(committees_per_slot):
-//	        committee = get_beacon_committee(state, slot, CommitteeIndex(i))
-//	        indices.extend(committee)
-//	    return compute_balance_weighted_selection(
-//	        state, indices, seed, size=PTC_SIZE, shuffle_indices=False
-//	    )
-//	</spec>
+//	epoch = compute_epoch_at_slot(slot)
+//	seed = hash(get_seed(state, epoch, DOMAIN_PTC_ATTESTER) + uint_to_bytes(slot))
+//	indices = []
+//	committees_per_slot = get_committee_count_per_slot(state, epoch)
+//	for i in range(committees_per_slot):
+//	  committee = get_beacon_committee(state, slot, CommitteeIndex(i))
+//	  indices.extend(committee)
+//	return compute_balance_weighted_selection(state, indices, seed, size=PTC_SIZE, shuffle_indices=False)
 func payloadCommittee(ctx context.Context, st state.ReadOnlyBeaconState, slot primitives.Slot) ([]primitives.ValidatorIndex, error) {
 	epoch := slots.ToEpoch(slot)
 	seed, err := ptcSeed(st, epoch, slot)
@@ -128,32 +114,17 @@ func payloadCommittee(ctx context.Context, st state.ReadOnlyBeaconState, slot pr
 	}
 
 	committeesPerSlot := helpers.SlotCommitteeCount(activeCount)
+	out := make([]primitives.ValidatorIndex, 0, activeCount/uint64(params.BeaconConfig().SlotsPerEpoch))
 
-	selected := make([]primitives.ValidatorIndex, 0, fieldparams.PTCSize)
-	var i uint64
-	for uint64(len(selected)) < fieldparams.PTCSize {
-		if ctx.Err() != nil {
-			return nil, ctx.Err()
-		}
-
-		for committeeIndex := primitives.CommitteeIndex(0); committeeIndex < primitives.CommitteeIndex(committeesPerSlot); committeeIndex++ {
-			if uint64(len(selected)) >= fieldparams.PTCSize {
-				break
-			}
-
-			committee, err := helpers.BeaconCommitteeFromState(ctx, st, slot, committeeIndex)
-			if err != nil {
-				return nil, errors.Wrapf(err, "failed to get beacon committee %d", committeeIndex)
-			}
-
-			selected, i, err = selectByBalanceFill(ctx, st, committee, seed, selected, i)
-			if err != nil {
-				return nil, errors.Wrapf(err, "failed to sample beacon committee %d", committeeIndex)
-			}
+	for i := primitives.CommitteeIndex(0); i < primitives.CommitteeIndex(committeesPerSlot); i++ {
+		committee, err := helpers.BeaconCommitteeFromState(ctx, st, slot, i)
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to get beacon committee %d", i)
 		}
+		out = append(out, committee...)
 	}
 
-	return selected, nil
+	return selectByBalance(ctx, st, out, seed, fieldparams.PTCSize)
 }
 
 // ptcSeed computes the seed for the payload timeliness committee.
@@ -166,87 +137,56 @@ func ptcSeed(st state.ReadOnlyBeaconState, epoch primitives.Epoch, slot primitiv
 }
 
 // selectByBalance selects a balance-weighted subset of input candidates.
+// Spec v1.7.0-alpha.0 (pseudocode):
+// compute_balance_weighted_selection(state, indices, seed, size, shuffle_indices):
+// Note: shuffle_indices is false for PTC.
 //
-//	<spec fn="compute_balance_weighted_selection" fork="gloas" hash="2c9f1c23">
-//	def compute_balance_weighted_selection(
-//	    state: BeaconState,
-//	    indices: Sequence[ValidatorIndex],
-//	    seed: Bytes32,
-//	    size: uint64,
-//	    shuffle_indices: bool,
-//	) -> Sequence[ValidatorIndex]:
-//	    """
-//	    Return ``size`` indices sampled by effective balance, using ``indices``
-//	    as candidates. If ``shuffle_indices`` is ``True``, candidate indices
-//	    are themselves sampled from ``indices`` by shuffling it, otherwise
-//	    ``indices`` is traversed in order.
-//	    """
-//	    total = uint64(len(indices))
-//	    assert total > 0
-//	    selected: List[ValidatorIndex] = []
-//	    i = uint64(0)
-//	    while len(selected) < size:
-//	        next_index = i % total
-//	        if shuffle_indices:
-//	            next_index = compute_shuffled_index(next_index, total, seed)
-//	        candidate_index = indices[next_index]
-//	        if compute_balance_weighted_acceptance(state, candidate_index, seed, i):
-//	            selected.append(candidate_index)
-//	        i += 1
-//	    return selected
-//	</spec>
-func selectByBalanceFill(
-	ctx context.Context,
-	st state.ReadOnlyBeaconState,
-	candidates []primitives.ValidatorIndex,
-	seed [32]byte,
-	selected []primitives.ValidatorIndex,
-	i uint64,
-) ([]primitives.ValidatorIndex, uint64, error) {
+//	total = len(indices); selected = []; i = 0
+//	while len(selected) < size:
+//	  next = i % total
+//	  if shuffle_indices: next = compute_shuffled_index(next, total, seed)
+//	  if compute_balance_weighted_acceptance(state, indices[next], seed, i):
+//	    selected.append(indices[next])
+//	  i += 1
+func selectByBalance(ctx context.Context, st state.ReadOnlyBeaconState, candidates []primitives.ValidatorIndex, seed [32]byte, count uint64) ([]primitives.ValidatorIndex, error) {
+	if len(candidates) == 0 {
+		return nil, errors.New("no candidates for balance weighted selection")
+	}
+
 	hashFunc := hash.CustomSHA256Hasher()
 	// Pre-allocate buffer for hash input: seed (32 bytes) + round counter (8 bytes).
 	var buf [40]byte
 	copy(buf[:], seed[:])
 	maxBalance := params.BeaconConfig().MaxEffectiveBalanceElectra
 
-	for _, idx := range candidates {
+	selected := make([]primitives.ValidatorIndex, 0, count)
+	total := uint64(len(candidates))
+	for i := uint64(0); uint64(len(selected)) < count; i++ {
 		if ctx.Err() != nil {
-			return nil, i, ctx.Err()
+			return nil, ctx.Err()
 		}
-
+		idx := candidates[i%total]
 		ok, err := acceptByBalance(st, idx, buf[:], hashFunc, maxBalance, i)
 		if err != nil {
-			return nil, i, err
+			return nil, err
 		}
 		if ok {
 			selected = append(selected, idx)
 		}
-		if uint64(len(selected)) == fieldparams.PTCSize {
-			break
-		}
-		i++
 	}
-
-	return selected, i, nil
+	return selected, nil
 }
 
 // acceptByBalance determines if a validator is accepted based on its effective balance.
+// Spec v1.7.0-alpha.0 (pseudocode):
+// compute_balance_weighted_acceptance(state, index, seed, i):
 //
-//	<spec fn="compute_balance_weighted_acceptance" fork="gloas" hash="9954dcd0">
-//	def compute_balance_weighted_acceptance(
-//	    state: BeaconState, index: ValidatorIndex, seed: Bytes32, i: uint64
-//	) -> bool:
-//	    """
-//	    Return whether to accept the selection of the validator ``index``, with probability
-//	    proportional to its ``effective_balance``, and randomness given by ``seed`` and ``i``.
-//	    """
-//	    MAX_RANDOM_VALUE = 2**16 - 1
-//	    random_bytes = hash(seed + uint_to_bytes(i // 16))
-//	    offset = i % 16 * 2
-//	    random_value = bytes_to_uint64(random_bytes[offset : offset + 2])
-//	    effective_balance = state.validators[index].effective_balance
-//	    return effective_balance * MAX_RANDOM_VALUE >= MAX_EFFECTIVE_BALANCE_ELECTRA * random_value
-//	</spec>
+//	MAX_RANDOM_VALUE = 2**16 - 1
+//	random_bytes = hash(seed + uint_to_bytes(i // 16))
+//	offset = i % 16 * 2
+//	random_value = bytes_to_uint64(random_bytes[offset:offset+2])
+//	effective_balance = state.validators[index].effective_balance
+//	return effective_balance * MAX_RANDOM_VALUE >= MAX_EFFECTIVE_BALANCE_ELECTRA * random_value
 func acceptByBalance(st state.ReadOnlyBeaconState, idx primitives.ValidatorIndex, seedBuf []byte, hashFunc func([]byte) [32]byte, maxBalance uint64, round uint64) (bool, error) {
 	// Reuse the seed buffer by overwriting the last 8 bytes with the round counter.
 	binary.LittleEndian.PutUint64(seedBuf[len(seedBuf)-8:], round/16)
@@ -263,26 +203,16 @@ func acceptByBalance(st state.ReadOnlyBeaconState, idx primitives.ValidatorIndex
 }
 
 // validIndexedPayloadAttestation verifies the signature of an indexed payload attestation.
+// Spec v1.7.0-alpha.0 (pseudocode):
+// is_valid_indexed_payload_attestation(state: BeaconState, indexed_payload_attestation: IndexedPayloadAttestation) -> bool:
 //
-//	<spec fn="is_valid_indexed_payload_attestation" fork="gloas" hash="cf1e65b5">
-//	def is_valid_indexed_payload_attestation(
-//	    state: BeaconState, indexed_payload_attestation: IndexedPayloadAttestation
-//	) -> bool:
-//	    """
-//	    Check if ``indexed_payload_attestation`` is non-empty, has sorted indices, and has
-//	    a valid aggregate signature.
-//	    """
-//	    # Verify indices are non-empty and sorted
-//	    indices = indexed_payload_attestation.attesting_indices
-//	    if len(indices) == 0 or not indices == sorted(indices):
-//	        return False
-//
-//	    # Verify aggregate signature
-//	    pubkeys = [state.validators[i].pubkey for i in indices]
-//	    domain = get_domain(state, DOMAIN_PTC_ATTESTER, None)
-//	    signing_root = compute_signing_root(indexed_payload_attestation.data, domain)
-//	    return bls.FastAggregateVerify(pubkeys, signing_root, indexed_payload_attestation.signature)
-//	</spec>
+//	indices = indexed_payload_attestation.attesting_indices
+//	return len(indices) > 0 and indices == sorted(indices) and
+//	  bls.FastAggregateVerify(
+//	    [state.validators[i].pubkey for i in indices],
+//	    compute_signing_root(indexed_payload_attestation.data, get_domain(state, DOMAIN_PTC_ATTESTER, compute_epoch_at_slot(attestation.data.slot)),
+//	    indexed_payload_attestation.signature,
+//	  )
 func validIndexedPayloadAttestation(st state.ReadOnlyBeaconState, att *consensus_types.IndexedPayloadAttestation) error {
 	indices := att.AttestingIndices
 	if len(indices) == 0 || !slices.IsSorted(indices) {

beacon-chain/core/gloas/pending_payment.go

@@ -10,21 +10,17 @@ import (
 )
 
 // ProcessBuilderPendingPayments processes the builder pending payments from the previous epoch.
+// Spec v1.7.0-alpha.0 (pseudocode):
+// def process_builder_pending_payments(state: BeaconState) -> None:
 //
-//	<spec fn="process_builder_pending_payments" fork="gloas" hash="10da48dd">
-//	def process_builder_pending_payments(state: BeaconState) -> None:
-//	    """
-//	    Processes the builder pending payments from the previous epoch.
-//	    """
-//	    quorum = get_builder_payment_quorum_threshold(state)
-//	    for payment in state.builder_pending_payments[:SLOTS_PER_EPOCH]:
-//	        if payment.weight >= quorum:
-//	            state.builder_pending_withdrawals.append(payment.withdrawal)
+//	quorum = get_builder_payment_quorum_threshold(state)
+//	for payment in state.builder_pending_payments[:SLOTS_PER_EPOCH]:
+//	    if payment.weight >= quorum:
+//	        state.builder_pending_withdrawals.append(payment.withdrawal)
 //
-//	    old_payments = state.builder_pending_payments[SLOTS_PER_EPOCH:]
-//	    new_payments = [BuilderPendingPayment() for _ in range(SLOTS_PER_EPOCH)]
-//	    state.builder_pending_payments = old_payments + new_payments
-//	</spec>
+//	old_payments = state.builder_pending_payments[SLOTS_PER_EPOCH:]
+//	new_payments = [BuilderPendingPayment() for _ in range(SLOTS_PER_EPOCH)]
+//	state.builder_pending_payments = old_payments + new_payments
 func ProcessBuilderPendingPayments(state state.BeaconState) error {
 	quorum, err := builderQuorumThreshold(state)
 	if err != nil {
@@ -57,16 +53,12 @@ func ProcessBuilderPendingPayments(state state.BeaconState) error {
 }
 
 // builderQuorumThreshold calculates the quorum threshold for builder payments.
+// Spec v1.7.0-alpha.0 (pseudocode):
+// def get_builder_payment_quorum_threshold(state: BeaconState) -> uint64:
 //
-//	<spec fn="get_builder_payment_quorum_threshold" fork="gloas" hash="a64b7ffb">
-//	def get_builder_payment_quorum_threshold(state: BeaconState) -> uint64:
-//	    """
-//	    Calculate the quorum threshold for builder payments.
-//	    """
-//	    per_slot_balance = get_total_active_balance(state) // SLOTS_PER_EPOCH
-//	    quorum = per_slot_balance * BUILDER_PAYMENT_THRESHOLD_NUMERATOR
-//	    return uint64(quorum // BUILDER_PAYMENT_THRESHOLD_DENOMINATOR)
-//	</spec>
+//	per_slot_balance = get_total_active_balance(state) // SLOTS_PER_EPOCH
+//	quorum = per_slot_balance * BUILDER_PAYMENT_THRESHOLD_NUMERATOR
+//	return uint64(quorum // BUILDER_PAYMENT_THRESHOLD_DENOMINATOR)
 func builderQuorumThreshold(state state.ReadOnlyBeaconState) (primitives.Gwei, error) {
 	activeBalance, err := helpers.TotalActiveBalance(state)
 	if err != nil {

beacon-chain/core/gloas/proposer_slashing.go

@@ -11,20 +11,16 @@ import (
 )
 
 // RemoveBuilderPendingPayment removes the pending builder payment for the proposal slot.
+// Spec v1.7.0 (pseudocode):
 //
-//	<spec fn="process_proposer_slashing" fork="gloas" lines="22-32" hash="4da721ef">
-//	# [New in Gloas:EIP7732]
-//	# Remove the BuilderPendingPayment corresponding to
-//	# this proposal if it is still in the 2-epoch window.
 //	slot = header_1.slot
 //	proposal_epoch = compute_epoch_at_slot(slot)
 //	if proposal_epoch == get_current_epoch(state):
-//	    payment_index = SLOTS_PER_EPOCH + slot % SLOTS_PER_EPOCH
-//	    state.builder_pending_payments[payment_index] = BuilderPendingPayment()
+//	  payment_index = SLOTS_PER_EPOCH + slot % SLOTS_PER_EPOCH
+//	  state.builder_pending_payments[payment_index] = BuilderPendingPayment()
 //	elif proposal_epoch == get_previous_epoch(state):
-//	    payment_index = slot % SLOTS_PER_EPOCH
-//	    state.builder_pending_payments[payment_index] = BuilderPendingPayment()
-//	</spec>
+//	  payment_index = slot % SLOTS_PER_EPOCH
+//	  state.builder_pending_payments[payment_index] = BuilderPendingPayment()
 func RemoveBuilderPendingPayment(st state.BeaconState, header *eth.BeaconBlockHeader) error {
 	proposalEpoch := slots.ToEpoch(header.Slot)
 	currentEpoch := time.CurrentEpoch(st)

beacon-chain/core/peerdas/validator.go

@@ -23,13 +23,11 @@ var (
 var (
 	_ ConstructionPopulator = (*BlockReconstructionSource)(nil)
 	_ ConstructionPopulator = (*SidecarReconstructionSource)(nil)
-	_ ConstructionPopulator = (*EnvelopeReconstructionSource)(nil)
 )
 
 const (
-	BlockType    = "BeaconBlock"
-	SidecarType  = "DataColumnSidecar"
-	EnvelopeType = "ExecutionPayloadEnvelope"
+	BlockType   = "BeaconBlock"
+	SidecarType = "DataColumnSidecar"
 )
 
 type (
@@ -51,20 +49,11 @@ type (
 		blocks.ROBlock
 	}
 
-	// SidecarReconstructionSource is a ConstructionPopulator that uses a data column sidecar as the source of data
+	// DataColumnSidecar is a ConstructionPopulator that uses a data column sidecar as the source of data
 	SidecarReconstructionSource struct {
 		blocks.VerifiedRODataColumn
 	}
 
-	// EnvelopeReconstructionSource is a ConstructionPopulator for GLOAS+ where
-	// blob KZG commitments are in the execution payload envelope rather than the
-	// block body. It uses the block for the header and root, but overrides
-	// commitments with those from the envelope.
-	EnvelopeReconstructionSource struct {
-		blocks.ROBlock
-		commitments [][]byte
-	}
-
 	blockInfo struct {
 		signedBlockHeader *ethpb.SignedBeaconBlockHeader
 		kzgCommitments    [][]byte
@@ -82,13 +71,6 @@ func PopulateFromSidecar(sidecar blocks.VerifiedRODataColumn) *SidecarReconstruc
 	return &SidecarReconstructionSource{VerifiedRODataColumn: sidecar}
 }
 
-// PopulateFromEnvelope creates an EnvelopeReconstructionSource from a block and
-// the KZG commitments from the execution payload envelope. This is used for GLOAS+
-// where commitments are in the envelope rather than the block body.
-func PopulateFromEnvelope(block blocks.ROBlock, commitments [][]byte) *EnvelopeReconstructionSource {
-	return &EnvelopeReconstructionSource{ROBlock: block, commitments: commitments}
-}
-
 // ValidatorsCustodyRequirement returns the number of custody groups regarding the validator indices attached to the beacon node.
 // https://github.com/ethereum/consensus-specs/blob/master/specs/fulu/validator.md#validator-custody
 func ValidatorsCustodyRequirement(state beaconState.ReadOnlyBeaconState, validatorsIndex map[primitives.ValidatorIndex]bool) (uint64, error) {
@@ -272,46 +254,3 @@ func (s *SidecarReconstructionSource) extract() (*blockInfo, error) {
 
 	return info, nil
 }
-
-// Slot returns the slot of the source
-func (s *EnvelopeReconstructionSource) Slot() primitives.Slot {
-	return s.Block().Slot()
-}
-
-// ProposerIndex returns the proposer index of the source
-func (s *EnvelopeReconstructionSource) ProposerIndex() primitives.ValidatorIndex {
-	return s.Block().ProposerIndex()
-}
-
-// Commitments returns the blob KZG commitments from the envelope.
-func (s *EnvelopeReconstructionSource) Commitments() ([][]byte, error) {
-	return s.commitments, nil
-}
-
-// Type returns the type of the source
-func (s *EnvelopeReconstructionSource) Type() string {
-	return EnvelopeType
-}
-
-// extract extracts the block information from the source, using commitments
-// from the envelope rather than the block body.
-func (s *EnvelopeReconstructionSource) extract() (*blockInfo, error) {
-	header, err := s.Header()
-	if err != nil {
-		return nil, errors.Wrap(err, "header")
-	}
-
-	// TODO: Implement proper merkle proof for envelope commitments.
-	// In GLOAS, commitments are in the envelope not the block body,
-	// so the inclusion proof structure differs from pre-GLOAS forks.
-	inclusionProof := make([][]byte, 4)
-	for i := range inclusionProof {
-		inclusionProof[i] = make([]byte, 32)
-	}
-
-	return &blockInfo{
-		signedBlockHeader: header,
-		kzgCommitments:    s.commitments,
-		kzgInclusionProof: inclusionProof,
-	}, nil
-}

beacon-chain/core/transition/transition.go

@@ -143,11 +143,10 @@ func ProcessSlot(ctx context.Context, state state.BeaconState) (state.BeaconStat
 		return nil, err
 	}
 
-	// <spec fn="process_slot" fork="gloas" lines="11-13" hash="62b28839">
+	// Spec v1.6.1 (pseudocode):
 	// # [New in Gloas:EIP7732]
 	// # Unset the next payload availability
 	// state.execution_payload_availability[(state.slot + 1) % SLOTS_PER_HISTORICAL_ROOT] = 0b0
-	// </spec>
 	if state.Version() >= version.Gloas {
 		index := uint64((state.Slot() + 1) % params.BeaconConfig().SlotsPerHistoricalRoot)
 		if err := state.UpdateExecutionPayloadAvailabilityAtIndex(index, 0x0); err != nil {

beacon-chain/db/filesystem/BUILD.bazel

@@ -7,7 +7,6 @@ go_library(
         "cache.go",
         "data_column.go",
         "data_column_cache.go",
-        "doc.go",
         "iteration.go",
         "layout.go",
         "layout_by_epoch.go",
@@ -15,6 +14,8 @@ go_library(
         "log.go",
         "metrics.go",
         "mock.go",
+        "proof.go",
+        "proof_cache.go",
         "pruner.go",
     ],
     importpath = "github.com/OffchainLabs/prysm/v7/beacon-chain/db/filesystem",
@@ -30,6 +31,7 @@ go_library(
         "//consensus-types/primitives:go_default_library",
         "//encoding/bytesutil:go_default_library",
         "//io/file:go_default_library",
+        "//proto/prysm/v1alpha1:go_default_library",
         "//runtime/logging:go_default_library",
         "//time/slots:go_default_library",
         "@com_github_ethereum_go_ethereum//common/hexutil:go_default_library",
@@ -52,6 +54,7 @@ go_test(
         "iteration_test.go",
         "layout_test.go",
         "migration_test.go",
+        "proof_test.go",
         "pruner_test.go",
     ],
     embed = [":go_default_library"],

beacon-chain/db/filesystem/doc.go

@@ -1,104 +0,0 @@
-package filesystem
-
-// nolint:dupword
-/*
-Data column sidecars storage documentation
-==========================================
-
-File organisation
------------------
-- The first byte represents the version of the file structure (up to 0xff = 255).
-  We set it to 0x01.
-  Note: This is not strictly needed, but it will help a lot if, in the future,
-        we want to modify the file structure.
-- The next 4 bytes represents the size of a SSZ encoded data column sidecar.
-  (See the `Computation of the maximum size of a DataColumnSidecar` section to a description
-  of how this value is computed).
-- The next 128 bytes represent the index in the file of a given column.
-  The first bit of each byte in the index is set to 0 if there is no data column,
-  and set to 1 if there is a data column.
-  The remaining 7 bits (from 0 to 127) represent the index of the data column.
-  This sentinel bit is needed to distinguish between the column with index 0 and no column.
-  Example: If the column with index 5 is in the 3th position in the file, then indices[5] = 0x80 + 0x03 = 0x83.
-- The rest of the file is a repeat of the SSZ encoded data column sidecars.
-
-
-|------------------------------------------|------------------------------------------------------------------------------------|
-|                Byte offset               |                                     Description                                    |
-|------------------------------------------|------------------------------------------------------------------------------------|
-|                                        0 | version (1 byte) | sszEncodedDataColumnSidecarSize (4 bytes) | indices (128 bytes) |
-|133 +   0*sszEncodedDataColumnSidecarSize | sszEncodedDataColumnSidecar (sszEncodedDataColumnSidecarSize bytes)                |
-|133 +   1*sszEncodedDataColumnSidecarSize | sszEncodedDataColumnSidecar (sszEncodedDataColumnSidecarSize bytes)                |
-|133 +   2*sszEncodedDataColumnSidecarSize | sszEncodedDataColumnSidecar (sszEncodedDataColumnSidecarSize bytes)                |
-|                  ...                     |                                 ...                                                |
-|133 + 127*sszEncodedDataColumnSidecarSize | sszEncodedDataColumnSidecar (sszEncodedDataColumnSidecarSize bytes)                |
-|------------------------------------------|------------------------------------------------------------------------------------|
-
-Each file is named after the block root where the data columns were data columns are committed to.
-Example: `0x259c6d2f6a0bb75e2405cea7cb248e5663dc26b9404fd3bcd777afc20de91c1e.sszs`
-
-Database organisation
----------------------
-SSZ encoded data column sidecars are stored following the `by-epoch` layout.
-- The first layer is a directory corresponding to the `period`, which corresponds to the epoch divided by the 4096.
-- The second layer is a directory corresponding to the epoch.
-- Then all files are stored in the epoch directory.
-
-Example:
-data-columns
-├── 0
-│   ├── 3638
-│   │   ├── 0x259c6d2f6a0bb75e2405cea7cb248e5663dc26b9404fd3bcd777afc20de91c1e.sszs
-│   │   ├── 0x2a855b1f6e9a2f04f8383e336325bf7d5ba02d1eab3ef90ef183736f8c768533.sszs
-│   │   ├── ...
-│   │   ├── 0xeb78e2b2350a71c640f1e96fea9e42f38e65705ab7e6e100c8bc9c589f2c5f2b.sszs
-│   │   └── 0xeb7ee68da988fd20d773d45aad01dd62527734367a146e2b048715bd68a4e370.sszs
-│   └── 3639
-│       ├── 0x0fd231fe95e57936fa44f6c712c490b9e337a481b661dfd46768901e90444330.sszs
-│       ├── 0x1bf5edff6b6ba2b65b1db325ff3312bbb57da461ef2ae651bd741af851aada3a.sszs
-│       ├── ...
-│       ├── 0xa156a527e631f858fee79fab7ef1fde3f6117a2e1201d47c09fbab0c6780c937.sszs
-│       └── 0xcd80bc535ddc467dea1d19e0c39c1160875ccd1989061bcd8ce206e3c1261c87.sszs
-└── 1
-    ├── 4096
-    │   ├── 0x0d244009093e2bedb72eb265280290199e8c7bf1d90d7583c41af40d9f662269.sszs
-    │   ├── 0x11f420928d8de41c50e735caab0369996824a5299c5f054e097965855925697d.sszs
-    │   ├── ...
-    │   ├── 0xbe91fc782877ed400d95c02c61aebfdd592635d11f8e64c94b46abd84f45c967.sszs
-    │   └── 0xf246189f078f02d30173ff74605cf31c9e65b5e463275ebdbeb40476638135ff.sszs
-    └── 4097
-        ├── 0x454d000674793c479e90504c0fe9827b50bb176ae022dab4e37d6a21471ab570.sszs
-        ├── 0xac5eb7437d7190c48cfa863e3c45f96a7f8af371d47ac12ccda07129a06af763.sszs
-        ├── ...
-        ├── 0xb7df30561d9d92ab5fafdd96bca8b44526497c8debf0fc425c7a0770b2abeb83.sszs
-        └── 0xc1dd0b1ae847b6ec62303a36d08c6a4a2e9e3ec4be3ff70551972a0ee3de9c14.sszs
-
-Computation of the maximum size of a DataColumnSidecar
-------------------------------------------------------
-https://github.com/ethereum/consensus-specs/blob/master/specs/fulu/das-core.md#datacolumnsidecar
-
-
-class DataColumnSidecar(Container):
-    index: ColumnIndex  # Index of column in extended matrix
-    column: List[Cell, MAX_BLOB_COMMITMENTS_PER_BLOCK]
-    kzg_commitments: List[KZGCommitment, MAX_BLOB_COMMITMENTS_PER_BLOCK]
-    kzg_proofs: List[KZGProof, MAX_BLOB_COMMITMENTS_PER_BLOCK]
-    signed_block_header: SignedBeaconBlockHeader
-    kzg_commitments_inclusion_proof: Vector[Bytes32, KZG_COMMITMENTS_INCLUSION_PROOF_DEPTH]
-
-
-- index: 2 bytes (ColumnIndex)
-- `column`: 4,096 (MAX_BLOB_COMMITMENTS_PER_BLOCK) * 64 (FIELD_ELEMENTS_PER_CELL) * 32 bytes (BYTES_PER_FIELD_ELEMENT) = 8,388,608 bytes
-- kzg_commitments: 4,096 (MAX_BLOB_COMMITMENTS_PER_BLOCK) * 48 bytes (KZGCommitment) = 196,608 bytes
-- kzg_proofs: 4,096 (MAX_BLOB_COMMITMENTS_PER_BLOCK) * 48 bytes (KZGProof) = 196,608 bytes
-- signed_block_header: 2 bytes (Slot) + 2 bytes (ValidatorIndex) + 3 * 2 bytes (Root) + 96 bytes (BLSSignature) = 106 bytes
-- kzg_commitments_inclusion_proof: 4 (KZG_COMMITMENTS_INCLUSION_PROOF_DEPTH) * 32 bytes = 128 bytes
-
-TOTAL: 8,782,060 bytes = 70,256,480 bits
-log(70,256,480) / log(2) ~= 26.07
-
-==> 32 bits (4 bytes) are enough to store the maximum size of a data column sidecar.
-
-The maximum size of an SSZ encoded data column can be 2**32 bits = 536,879,912 bytes,
-which left a room of 536,879,912 bytes - 8,782,060 bytes ~= 503 mega bytes to store the extra data needed by SSZ encoding (which is more than enough.)
-*/

beacon-chain/db/filesystem/doc.md

@@ -0,0 +1,197 @@
+# Filesystem storage documentation
+
+This document describes the file formats and database organization for storing data column sidecars and execution proofs.
+
+---
+
+# Data column sidecars
+
+## File organisation
+
+- The first byte represents the version of the file structure (up to `0xff = 255`).
+  We set it to `0x01`.
+
+  _(Note: This is not strictly needed, but it will help a lot if, in the future, we want to modify the file structure.)_
+
+- The next 4 bytes represents the size of a SSZ encoded data column sidecar.
+  (See the [Computation of the maximum size of a DataColumnSidecar](#computation-of-the-maximum-size-of-a-datacolumnsidecar) section for a description
+  of how this value is computed).
+
+- The next 128 bytes represent the index in the file of a given column.
+  The first bit of each byte in the index is set to 0 if there is no data column,
+  and set to 1 if there is a data column.
+  The remaining 7 bits (from 0 to 127) represent the index of the data column.
+  This sentinel bit is needed to distinguish between the column with index 0 and no column.
+
+  **Example:** If the column with index 5 is in the 3rd position in the file, then `indices[5] = 0x80 + 0x03 = 0x83`.
+
+- The rest of the file is a repeat of the SSZ encoded data column sidecars.
+
+### File layout
+
+| Byte offset | Description |
+|-------------|-------------|
+| `0` | `version (1 byte) \| sszEncodedDataColumnSidecarSize (4 bytes) \| indices (128 bytes)` |
+| `133 + 0×sszEncodedDataColumnSidecarSize` | `sszEncodedDataColumnSidecar (sszEncodedDataColumnSidecarSize bytes)` |
+| `133 + 1×sszEncodedDataColumnSidecarSize` | `sszEncodedDataColumnSidecar (sszEncodedDataColumnSidecarSize bytes)` |
+| `133 + 2×sszEncodedDataColumnSidecarSize` | `sszEncodedDataColumnSidecar (sszEncodedDataColumnSidecarSize bytes)` |
+| ... | ... |
+| `133 + 127×sszEncodedDataColumnSidecarSize` | `sszEncodedDataColumnSidecar (sszEncodedDataColumnSidecarSize bytes)` |
+
+Each file is named after the block root where the data columns are committed to.
+
+**Example:** `0x259c6d2f6a0bb75e2405cea7cb248e5663dc26b9404fd3bcd777afc20de91c1e.sszs`
+
+## Database organisation
+
+SSZ encoded data column sidecars are stored following the `by-epoch` layout.
+
+- The first layer is a directory corresponding to the `period`, which corresponds to the epoch divided by 4096.
+- The second layer is a directory corresponding to the epoch.
+- Then all files are stored in the epoch directory.
+
+### Example directory structure
+
+```
+data-columns
+├── 0
+│   ├── 3638
+│   │   ├── 0x259c6d2f6a0bb75e2405cea7cb248e5663dc26b9404fd3bcd777afc20de91c1e.sszs
+│   │   ├── 0x2a855b1f6e9a2f04f8383e336325bf7d5ba02d1eab3ef90ef183736f8c768533.sszs
+│   │   ├── ...
+│   │   ├── 0xeb78e2b2350a71c640f1e96fea9e42f38e65705ab7e6e100c8bc9c589f2c5f2b.sszs
+│   │   └── 0xeb7ee68da988fd20d773d45aad01dd62527734367a146e2b048715bd68a4e370.sszs
+│   └── 3639
+│       ├── 0x0fd231fe95e57936fa44f6c712c490b9e337a481b661dfd46768901e90444330.sszs
+│       ├── 0x1bf5edff6b6ba2b65b1db325ff3312bbb57da461ef2ae651bd741af851aada3a.sszs
+│       ├── ...
+│       ├── 0xa156a527e631f858fee79fab7ef1fde3f6117a2e1201d47c09fbab0c6780c937.sszs
+│       └── 0xcd80bc535ddc467dea1d19e0c39c1160875ccd1989061bcd8ce206e3c1261c87.sszs
+└── 1
+    ├── 4096
+    │   ├── 0x0d244009093e2bedb72eb265280290199e8c7bf1d90d7583c41af40d9f662269.sszs
+    │   ├── 0x11f420928d8de41c50e735caab0369996824a5299c5f054e097965855925697d.sszs
+    │   ├── ...
+    │   ├── 0xbe91fc782877ed400d95c02c61aebfdd592635d11f8e64c94b46abd84f45c967.sszs
+    │   └── 0xf246189f078f02d30173ff74605cf31c9e65b5e463275ebdbeb40476638135ff.sszs
+    └── 4097
+        ├── 0x454d000674793c479e90504c0fe9827b50bb176ae022dab4e37d6a21471ab570.sszs
+        ├── 0xac5eb7437d7190c48cfa863e3c45f96a7f8af371d47ac12ccda07129a06af763.sszs
+        ├── ...
+        ├── 0xb7df30561d9d92ab5fafdd96bca8b44526497c8debf0fc425c7a0770b2abeb83.sszs
+        └── 0xc1dd0b1ae847b6ec62303a36d08c6a4a2e9e3ec4be3ff70551972a0ee3de9c14.sszs
+```
+
+## Computation of the maximum size of a `DataColumnSidecar`
+
+Reference: [Ethereum Consensus Specs - Fulu DAS Core](https://github.com/ethereum/consensus-specs/blob/master/specs/fulu/das-core.md#datacolumnsidecar)
+
+```python
+class DataColumnSidecar(Container):
+    index: ColumnIndex  # Index of column in extended matrix
+    column: List[Cell, MAX_BLOB_COMMITMENTS_PER_BLOCK]
+    kzg_commitments: List[KZGCommitment, MAX_BLOB_COMMITMENTS_PER_BLOCK]
+    kzg_proofs: List[KZGProof, MAX_BLOB_COMMITMENTS_PER_BLOCK]
+    signed_block_header: SignedBeaconBlockHeader
+    kzg_commitments_inclusion_proof: Vector[Bytes32, KZG_COMMITMENTS_INCLUSION_PROOF_DEPTH]
+```
+
+### Size breakdown
+
+| Field | Calculation | Size |
+|-------|-------------|------|
+| `index` | `ColumnIndex` | `2 bytes` |
+| `column` | `4,096 (MAX_BLOB_COMMITMENTS_PER_BLOCK) × 64 (FIELD_ELEMENTS_PER_CELL) × 32 bytes (BYTES_PER_FIELD_ELEMENT)` | `8,388,608 bytes` |
+| `kzg_commitments` | `4,096 (MAX_BLOB_COMMITMENTS_PER_BLOCK) × 48 bytes (KZGCommitment)` | `196,608 bytes` |
+| `kzg_proofs` | `4,096 (MAX_BLOB_COMMITMENTS_PER_BLOCK) × 48 bytes (KZGProof)` | `196,608 bytes` |
+| `signed_block_header` | `2 bytes (Slot) + 2 bytes (ValidatorIndex) + 3 × 2 bytes (Root) + 96 bytes (BLSSignature)` | `106 bytes` |
+| `kzg_commitments_inclusion_proof` | `4 (KZG_COMMITMENTS_INCLUSION_PROOF_DEPTH) × 32 bytes` | `128 bytes` |
+
+**TOTAL:** `8,782,060 bytes = 70,256,480 bits`
+
+```
+log(70,256,480) / log(2) ≈ 26.07
+```
+
+**Conclusion:** 32 bits (4 bytes) are enough to store the maximum size of a data column sidecar.
+
+The maximum size of an SSZ encoded data column can be `2³² bits = 536,879,912 bytes`,
+which leaves a room of `536,879,912 bytes - 8,782,060 bytes ≈ 503 megabytes` to store the extra data needed by SSZ encoding (which is more than enough).
+
+---
+
+# Execution proofs
+
+## File organisation
+
+Unlike data column sidecars (which have a fixed size per block), execution proofs have variable sizes.
+To handle this, we use an offset table that stores the position and size of each proof.
+
+- The first byte represents the version of the file structure (up to `0xff = 255`).
+  We set it to `0x01`.
+
+- The next 64 bytes represent the offset table with 8 slots (one per proof type).
+  Each slot contains:
+  - 4 bytes for the offset (relative to end of header)
+  - 4 bytes for the size of the SSZ-encoded proof
+
+  If the size is 0, the proof is not present.
+
+- The rest of the file contains the SSZ encoded proofs, stored contiguously.
+
+### File layout
+
+| Byte offset | Description |
+|-------------|-------------|
+| `0` | `version (1 byte) \| offsetTable (64 bytes)` |
+| `65 + offsetTable[0].offset` | `sszEncodedProof (offsetTable[0].size bytes)` |
+| `65 + offsetTable[1].offset` | `sszEncodedProof (offsetTable[1].size bytes)` |
+| ... | ... |
+| `65 + offsetTable[7].offset` | `sszEncodedProof (offsetTable[7].size bytes)` |
+
+**Header size:** 1 (version) + 64 (offset table) = **65 bytes**
+
+### Offset table entry format
+
+Each slot in the offset table (8 bytes per slot):
+- `offset` (4 bytes, big-endian): Offset from end of header where proof data begins
+- `size` (4 bytes, big-endian): Size of the SSZ-encoded proof in bytes
+
+**Note:** Offsets are relative to the end of the header (byte 65), not the start of the file.
+This maximizes the usable range of the 4-byte offset field.
+
+### Reading a proof with `proofID=N (O(1) access)`
+
+1. Read header (65 bytes)
+2. Check slot N: if `size == 0`, proof not present
+3. Seek to `(65 + offset)`, read `size` bytes, SSZ unmarshal
+
+Each file is named after the block root.
+
+**Example:** `0x259c6d2f6a0bb75e2405cea7cb248e5663dc26b9404fd3bcd777afc20de91c1e.sszs`
+
+## Database Organisation
+
+SSZ encoded execution proofs are stored following the same `by-epoch` layout as data column sidecars.
+
+- The first layer is a directory corresponding to the `period`, which corresponds to the epoch divided by 4096.
+- The second layer is a directory corresponding to the epoch.
+- Then all files are stored in the epoch directory.
+
+### Example Directory Structure
+
+```
+proofs
+├── 0
+│   ├── 100
+│   │   ├── 0x259c6d2f6a0bb75e2405cea7cb248e5663dc26b9404fd3bcd777afc20de91c1e.sszs
+│   │   ├── 0x2a855b1f6e9a2f04f8383e336325bf7d5ba02d1eab3ef90ef183736f8c768533.sszs
+│   │   └── ...
+│   └── 101
+│       ├── 0x0fd231fe95e57936fa44f6c712c490b9e337a481b661dfd46768901e90444330.sszs
+│       └── ...
+└── 1
+    └── 4096
+        ├── 0x0d244009093e2bedb72eb265280290199e8c7bf1d90d7583c41af40d9f662269.sszs
+        └── ...
+```

beacon-chain/db/filesystem/metrics.go

@@ -70,4 +70,36 @@ var (
 		Name: "data_column_prune_latency",
 		Help: "Latency of data column prune operations in milliseconds",
 	})
+
+	// Proofs
+	proofSaveLatency = promauto.NewHistogram(prometheus.HistogramOpts{
+		Name:    "proof_storage_save_latency",
+		Help:    "Latency of proof storage save operations in milliseconds",
+		Buckets: []float64{3, 5, 7, 9, 11, 13, 20, 50},
+	})
+	proofFetchLatency = promauto.NewHistogram(prometheus.HistogramOpts{
+		Name:    "proof_storage_get_latency",
+		Help:    "Latency of proof storage get operations in milliseconds",
+		Buckets: []float64{3, 5, 7, 9, 11, 13},
+	})
+	proofPrunedCounter = promauto.NewCounter(prometheus.CounterOpts{
+		Name: "proof_pruned",
+		Help: "Number of proof files pruned.",
+	})
+	proofWrittenCounter = promauto.NewCounter(prometheus.CounterOpts{
+		Name: "proof_written",
+		Help: "Number of proof files written",
+	})
+	proofDiskCount = promauto.NewGauge(prometheus.GaugeOpts{
+		Name: "proof_disk_count",
+		Help: "Approximate number of proof files in storage",
+	})
+	proofFileSyncLatency = promauto.NewSummary(prometheus.SummaryOpts{
+		Name: "proof_file_sync_latency",
+		Help: "Latency of sync operations when saving proofs in milliseconds",
+	})
+	proofPruneLatency = promauto.NewSummary(prometheus.SummaryOpts{
+		Name: "proof_prune_latency",
+		Help: "Latency of proof prune operations in milliseconds",
+	})
 )

beacon-chain/db/filesystem/mock.go

@@ -144,3 +144,45 @@ func NewEphemeralDataColumnStorageWithMocker(t testing.TB) (*DataColumnMocker, *
 	fs, dcs := NewEphemeralDataColumnStorageAndFs(t)
 	return &DataColumnMocker{fs: fs, dcs: dcs}, dcs
 }
+
+// Proofs
+// ------
+
+// NewEphemeralProofStorage should only be used for tests.
+// The instance of ProofStorage returned is backed by an in-memory virtual filesystem,
+// improving test performance and simplifying cleanup.
+func NewEphemeralProofStorage(t testing.TB, opts ...ProofStorageOption) *ProofStorage {
+	return NewWarmedEphemeralProofStorageUsingFs(t, afero.NewMemMapFs(), opts...)
+}
+
+// NewEphemeralProofStorageAndFs can be used by tests that want access to the virtual filesystem
+// in order to interact with it outside the parameters of the ProofStorage API.
+func NewEphemeralProofStorageAndFs(t testing.TB, opts ...ProofStorageOption) (afero.Fs, *ProofStorage) {
+	fs := afero.NewMemMapFs()
+	ps := NewWarmedEphemeralProofStorageUsingFs(t, fs, opts...)
+	return fs, ps
+}
+
+// NewEphemeralProofStorageUsingFs creates a ProofStorage backed by the provided filesystem.
+func NewEphemeralProofStorageUsingFs(t testing.TB, fs afero.Fs, opts ...ProofStorageOption) *ProofStorage {
+	defaultOpts := []ProofStorageOption{
+		WithProofRetentionEpochs(params.BeaconConfig().MinEpochsForDataColumnSidecarsRequest),
+		WithProofFs(fs),
+	}
+	// User opts come last so they can override defaults
+	allOpts := append(defaultOpts, opts...)
+
+	ps, err := NewProofStorage(context.Background(), allOpts...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return ps
+}
+
+// NewWarmedEphemeralProofStorageUsingFs creates a ProofStorage with a warmed cache.
+func NewWarmedEphemeralProofStorageUsingFs(t testing.TB, fs afero.Fs, opts ...ProofStorageOption) *ProofStorage {
+	ps := NewEphemeralProofStorageUsingFs(t, fs, opts...)
+	ps.WarmCache()
+	return ps
+}

beacon-chain/db/filesystem/proof.go

@@ -0,0 +1,964 @@
+package filesystem
+
+import (
+	"context"
+	"encoding/binary"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"path"
+	"path/filepath"
+	"slices"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/OffchainLabs/prysm/v7/async"
+	"github.com/OffchainLabs/prysm/v7/async/event"
+	fieldparams "github.com/OffchainLabs/prysm/v7/config/fieldparams"
+	"github.com/OffchainLabs/prysm/v7/config/params"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
+	"github.com/OffchainLabs/prysm/v7/io/file"
+	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
+	"github.com/OffchainLabs/prysm/v7/time/slots"
+	"github.com/spf13/afero"
+)
+
+const (
+	proofVersion         = 0x01
+	proofVersionSize     = 1                                       // bytes
+	maxProofTypes        = 8                                       // ExecutionProofId max value (EXECUTION_PROOF_TYPE_COUNT)
+	proofOffsetSize      = 4                                       // bytes for offset (uint32)
+	proofSizeSize        = 4                                       // bytes for size (uint32)
+	proofSlotSize        = proofOffsetSize + proofSizeSize         // 8 bytes per slot
+	proofOffsetTableSize = maxProofTypes * proofSlotSize           // 64 bytes
+	proofHeaderSize      = proofVersionSize + proofOffsetTableSize // 65 bytes
+	proofsFileExtension  = "sszs"
+	proofPrunePeriod     = 1 * time.Minute
+)
+
+var (
+	errProofIDTooLarge        = errors.New("proof ID too large")
+	errWrongProofBytesWritten = errors.New("wrong number of bytes written")
+	errWrongProofVersion      = errors.New("wrong proof version")
+	errWrongProofBytesRead    = errors.New("wrong number of bytes read")
+	errNoProofBasePath        = errors.New("ProofStorage base path not specified in init")
+	errProofAlreadyExists     = errors.New("proof already exists")
+)
+
+type (
+	// ProofIdent is a unique identifier for a proof.
+	ProofIdent struct {
+		BlockRoot [fieldparams.RootLength]byte
+		Epoch     primitives.Epoch
+		ProofID   uint64
+	}
+
+	// ProofsIdent is a collection of unique identifiers for proofs.
+	ProofsIdent struct {
+		BlockRoot [fieldparams.RootLength]byte
+		Epoch     primitives.Epoch
+		ProofIDs  []uint64
+	}
+
+	// ProofStorage is the concrete implementation of the filesystem backend for saving and retrieving ExecutionProofs.
+	ProofStorage struct {
+		base            string
+		retentionEpochs primitives.Epoch
+		fs              afero.Fs
+		cache           *proofCache
+		proofFeed       *event.Feed
+		pruneMu         sync.RWMutex
+
+		mu      sync.Mutex // protects muChans
+		muChans map[[fieldparams.RootLength]byte]*proofMuChan
+	}
+
+	// ProofStorageOption is a functional option for configuring a ProofStorage.
+	ProofStorageOption func(*ProofStorage) error
+
+	proofMuChan struct {
+		mu      *sync.RWMutex
+		toStore chan []*ethpb.ExecutionProof
+	}
+
+	// proofSlotEntry represents the offset and size for a proof in the file.
+	proofSlotEntry struct {
+		offset uint32
+		size   uint32
+	}
+
+	// proofOffsetTable is the offset table with 8 slots indexed by proofID.
+	proofOffsetTable [maxProofTypes]proofSlotEntry
+
+	// proofFileMetadata contains metadata extracted from a proof file path.
+	proofFileMetadata struct {
+		period    uint64
+		epoch     primitives.Epoch
+		blockRoot [fieldparams.RootLength]byte
+	}
+)
+
+// WithProofBasePath is a required option that sets the base path of proof storage.
+func WithProofBasePath(base string) ProofStorageOption {
+	return func(ps *ProofStorage) error {
+		ps.base = base
+		return nil
+	}
+}
+
+// WithProofRetentionEpochs is an option that changes the number of epochs proofs will be persisted.
+func WithProofRetentionEpochs(e primitives.Epoch) ProofStorageOption {
+	return func(ps *ProofStorage) error {
+		ps.retentionEpochs = e
+		return nil
+	}
+}
+
+// WithProofFs allows the afero.Fs implementation to be customized.
+// Used by tests to substitute an in-memory filesystem.
+func WithProofFs(fs afero.Fs) ProofStorageOption {
+	return func(ps *ProofStorage) error {
+		ps.fs = fs
+		return nil
+	}
+}
+
+// NewProofStorage creates a new instance of the ProofStorage object.
+func NewProofStorage(ctx context.Context, opts ...ProofStorageOption) (*ProofStorage, error) {
+	storage := &ProofStorage{
+		proofFeed: new(event.Feed),
+		muChans:   make(map[[fieldparams.RootLength]byte]*proofMuChan),
+	}
+
+	for _, o := range opts {
+		if err := o(storage); err != nil {
+			return nil, fmt.Errorf("failed to create proof storage: %w", err)
+		}
+	}
+
+	// Allow tests to set up a different fs using WithProofFs.
+	if storage.fs == nil {
+		if storage.base == "" {
+			return nil, errNoProofBasePath
+		}
+
+		storage.base = path.Clean(storage.base)
+		if err := file.MkdirAll(storage.base); err != nil {
+			return nil, fmt.Errorf("failed to create proof storage at %s: %w", storage.base, err)
+		}
+
+		storage.fs = afero.NewBasePathFs(afero.NewOsFs(), storage.base)
+	}
+
+	storage.cache = newProofCache()
+
+	async.RunEvery(ctx, proofPrunePeriod, func() {
+		storage.pruneMu.Lock()
+		defer storage.pruneMu.Unlock()
+
+		storage.prune()
+	})
+
+	return storage, nil
+}
+
+// WarmCache warms the cache of the proof filesystem.
+func (ps *ProofStorage) WarmCache() {
+	start := time.Now()
+	log.Info("Proof filesystem cache warm-up started")
+
+	ps.pruneMu.Lock()
+	defer ps.pruneMu.Unlock()
+
+	// List all period directories
+	periodFileInfos, err := afero.ReadDir(ps.fs, ".")
+	if err != nil {
+		log.WithError(err).Error("Error reading top directory during proof warm cache")
+		return
+	}
+
+	// Iterate through periods
+	for _, periodFileInfo := range periodFileInfos {
+		if !periodFileInfo.IsDir() {
+			continue
+		}
+
+		periodPath := periodFileInfo.Name()
+
+		// List all epoch directories in this period
+		epochFileInfos, err := afero.ReadDir(ps.fs, periodPath)
+		if err != nil {
+			log.WithError(err).WithField("period", periodPath).Error("Error reading period directory during proof warm cache")
+			continue
+		}
+
+		// Iterate through epochs
+		for _, epochFileInfo := range epochFileInfos {
+			if !epochFileInfo.IsDir() {
+				continue
+			}
+
+			epochPath := path.Join(periodPath, epochFileInfo.Name())
+
+			// List all .sszs files in this epoch
+			files, err := ps.listProofEpochFiles(epochPath)
+			if err != nil {
+				log.WithError(err).WithField("epoch", epochPath).Error("Error listing epoch files during proof warm cache")
+				continue
+			}
+
+			// Process all files in this epoch in parallel
+			ps.processProofEpochFiles(files)
+		}
+	}
+
+	// Prune the cache and the filesystem
+	ps.prune()
+
+	totalElapsed := time.Since(start)
+	log.WithField("elapsed", totalElapsed).Info("Proof filesystem cache warm-up complete")
+}
+
+// listProofEpochFiles lists all .sszs files in an epoch directory.
+func (ps *ProofStorage) listProofEpochFiles(epochPath string) ([]string, error) {
+	fileInfos, err := afero.ReadDir(ps.fs, epochPath)
+	if err != nil {
+		return nil, fmt.Errorf("read epoch directory: %w", err)
+	}
+
+	files := make([]string, 0, len(fileInfos))
+	for _, fileInfo := range fileInfos {
+		if fileInfo.IsDir() {
+			continue
+		}
+
+		fileName := fileInfo.Name()
+		if strings.HasSuffix(fileName, "."+proofsFileExtension) {
+			files = append(files, path.Join(epochPath, fileName))
+		}
+	}
+
+	return files, nil
+}
+
+// processProofEpochFiles processes all proof files in an epoch in parallel.
+func (ps *ProofStorage) processProofEpochFiles(files []string) {
+	var wg sync.WaitGroup
+
+	for _, filePath := range files {
+		wg.Go(func() {
+			if err := ps.processProofFile(filePath); err != nil {
+				log.WithError(err).WithField("file", filePath).Error("Error processing proof file during warm cache")
+			}
+		})
+	}
+
+	wg.Wait()
+}
+
+// processProofFile processes a single .sszs proof file for cache warming.
+func (ps *ProofStorage) processProofFile(filePath string) error {
+	// Extract metadata from the file path
+	fileMetadata, err := extractProofFileMetadata(filePath)
+	if err != nil {
+		return fmt.Errorf("extract proof file metadata: %w", err)
+	}
+
+	// Open the file
+	f, err := ps.fs.Open(filePath)
+	if err != nil {
+		return fmt.Errorf("open file: %w", err)
+	}
+
+	defer func() {
+		if closeErr := f.Close(); closeErr != nil {
+			log.WithError(closeErr).WithField("file", filePath).Error("Error closing file during proof warm cache")
+		}
+	}()
+
+	// Read the offset table
+	offsetTable, _, err := ps.readHeader(f)
+	if err != nil {
+		return fmt.Errorf("read header: %w", err)
+	}
+
+	// Add all present proofs to the cache
+	for proofID, entry := range offsetTable {
+		if entry.size == 0 {
+			continue
+		}
+
+		proofIdent := ProofIdent{
+			BlockRoot: fileMetadata.blockRoot,
+			Epoch:     fileMetadata.epoch,
+			ProofID:   uint64(proofID),
+		}
+
+		ps.cache.set(proofIdent)
+	}
+
+	return nil
+}
+
+// Summary returns the ProofStorageSummary for a given root.
+func (ps *ProofStorage) Summary(root [fieldparams.RootLength]byte) ProofStorageSummary {
+	return ps.cache.Summary(root)
+}
+
+// Save saves execution proofs into the database.
+func (ps *ProofStorage) Save(proofs []*ethpb.ExecutionProof) error {
+	startTime := time.Now()
+
+	if len(proofs) == 0 {
+		return nil
+	}
+
+	proofsByRoot := make(map[[fieldparams.RootLength]byte][]*ethpb.ExecutionProof)
+
+	// Group proofs by root.
+	for _, proof := range proofs {
+		// Check if the proof ID is valid.
+		proofID := uint64(proof.ProofId)
+		if proofID >= maxProofTypes {
+			return errProofIDTooLarge
+		}
+
+		// Extract block root from proof.
+		var blockRoot [fieldparams.RootLength]byte
+		copy(blockRoot[:], proof.BlockRoot)
+
+		// Group proofs by root.
+		proofsByRoot[blockRoot] = append(proofsByRoot[blockRoot], proof)
+	}
+
+	for blockRoot, proofsForRoot := range proofsByRoot {
+		// Compute epoch from slot.
+		epoch := slots.ToEpoch(proofsForRoot[0].Slot)
+
+		// Save proofs in the filesystem.
+		if err := ps.saveFilesystem(blockRoot, epoch, proofsForRoot); err != nil {
+			return fmt.Errorf("save filesystem: %w", err)
+		}
+
+		// Get all proof IDs.
+		proofIDs := make([]uint64, 0, len(proofsForRoot))
+		for _, proof := range proofsForRoot {
+			proofIDs = append(proofIDs, uint64(proof.ProofId))
+		}
+
+		// Compute the proofs ident.
+		proofsIdent := ProofsIdent{BlockRoot: blockRoot, Epoch: epoch, ProofIDs: proofIDs}
+
+		// Set proofs in the cache.
+		ps.cache.setMultiple(proofsIdent)
+
+		// Notify the proof feed.
+		ps.proofFeed.Send(proofsIdent)
+	}
+
+	proofSaveLatency.Observe(float64(time.Since(startTime).Milliseconds()))
+
+	return nil
+}
+
+// saveFilesystem saves proofs into the database.
+// This function expects all proofs to belong to the same block.
+func (ps *ProofStorage) saveFilesystem(root [fieldparams.RootLength]byte, epoch primitives.Epoch, proofs []*ethpb.ExecutionProof) error {
+	// Compute the file path.
+	filePath := proofFilePath(root, epoch)
+
+	ps.pruneMu.RLock()
+	defer ps.pruneMu.RUnlock()
+
+	fileMu, toStore := ps.fileMutexChan(root)
+	toStore <- proofs
+
+	fileMu.Lock()
+	defer fileMu.Unlock()
+
+	// Check if the file exists.
+	exists, err := afero.Exists(ps.fs, filePath)
+	if err != nil {
+		return fmt.Errorf("afero exists: %w", err)
+	}
+
+	if exists {
+		if err := ps.saveProofExistingFile(filePath, toStore); err != nil {
+			return fmt.Errorf("save proof existing file: %w", err)
+		}
+
+		return nil
+	}
+
+	if err := ps.saveProofNewFile(filePath, toStore); err != nil {
+		return fmt.Errorf("save proof new file: %w", err)
+	}
+
+	return nil
+}
+
+// Subscribe subscribes to the proof feed.
+// It returns the subscription and a 1-size buffer channel to receive proof idents.
+func (ps *ProofStorage) Subscribe() (event.Subscription, <-chan ProofsIdent) {
+	identsChan := make(chan ProofsIdent, 1)
+	subscription := ps.proofFeed.Subscribe(identsChan)
+	return subscription, identsChan
+}
+
+// Get retrieves execution proofs from the database.
+// If one of the requested proofs is not found, it is just skipped.
+// If proofIDs is nil, then all stored proofs are returned.
+func (ps *ProofStorage) Get(root [fieldparams.RootLength]byte, proofIDs []uint64) ([]*ethpb.ExecutionProof, error) {
+	ps.pruneMu.RLock()
+	defer ps.pruneMu.RUnlock()
+
+	fileMu, _ := ps.fileMutexChan(root)
+	fileMu.RLock()
+	defer fileMu.RUnlock()
+
+	startTime := time.Now()
+
+	// Build all proofIDs if none are provided.
+	if proofIDs == nil {
+		proofIDs = make([]uint64, maxProofTypes)
+		for i := range proofIDs {
+			proofIDs[i] = uint64(i)
+		}
+	}
+
+	summary, ok := ps.cache.get(root)
+	if !ok {
+		// Nothing found in db. Exit early.
+		return nil, nil
+	}
+
+	// Check if any requested proofID exists.
+	if !slices.ContainsFunc(proofIDs, summary.HasProof) {
+		return nil, nil
+	}
+
+	// Compute the file path.
+	filePath := proofFilePath(root, summary.epoch)
+
+	// Open the proof file.
+	file, err := ps.fs.Open(filePath)
+	if err != nil {
+		return nil, fmt.Errorf("proof file open: %w", err)
+	}
+	defer func() {
+		if closeErr := file.Close(); closeErr != nil {
+			log.WithError(closeErr).WithField("file", filePath).Error("Error closing proof file")
+		}
+	}()
+
+	// Read the header.
+	offsetTable, _, err := ps.readHeader(file)
+	if err != nil {
+		return nil, fmt.Errorf("read header: %w", err)
+	}
+
+	// Retrieve proofs from the file.
+	proofs := make([]*ethpb.ExecutionProof, 0, len(proofIDs))
+	for _, proofID := range proofIDs {
+		if proofID >= maxProofTypes {
+			continue
+		}
+
+		entry := offsetTable[proofID]
+		// Skip if the proof is not saved.
+		if entry.size == 0 {
+			continue
+		}
+
+		// Seek to the proof offset (offset is relative to end of header).
+		_, err = file.Seek(proofHeaderSize+int64(entry.offset), io.SeekStart)
+		if err != nil {
+			return nil, fmt.Errorf("seek: %w", err)
+		}
+
+		// Read the SSZ encoded proof.
+		sszProof := make([]byte, entry.size)
+		n, err := io.ReadFull(file, sszProof)
+		if err != nil {
+			return nil, fmt.Errorf("read proof: %w", err)
+		}
+		if n != int(entry.size) {
+			return nil, errWrongProofBytesRead
+		}
+
+		// Unmarshal the proof.
+		proof := new(ethpb.ExecutionProof)
+		if err := proof.UnmarshalSSZ(sszProof); err != nil {
+			return nil, fmt.Errorf("unmarshal proof: %w", err)
+		}
+
+		proofs = append(proofs, proof)
+	}
+
+	proofFetchLatency.Observe(float64(time.Since(startTime).Milliseconds()))
+
+	return proofs, nil
+}
+
+// Remove deletes all proofs for a given root.
+func (ps *ProofStorage) Remove(blockRoot [fieldparams.RootLength]byte) error {
+	ps.pruneMu.RLock()
+	defer ps.pruneMu.RUnlock()
+
+	fileMu, _ := ps.fileMutexChan(blockRoot)
+	fileMu.Lock()
+	defer fileMu.Unlock()
+
+	summary, ok := ps.cache.get(blockRoot)
+	if !ok {
+		// Nothing found in db. Exit early.
+		return nil
+	}
+
+	// Remove the proofs from the cache.
+	ps.cache.evict(blockRoot)
+
+	// Remove the proof file.
+	filePath := proofFilePath(blockRoot, summary.epoch)
+	if err := ps.fs.Remove(filePath); err != nil {
+		return fmt.Errorf("remove: %w", err)
+	}
+
+	return nil
+}
+
+// Clear deletes all files on the filesystem.
+func (ps *ProofStorage) Clear() error {
+	ps.pruneMu.Lock()
+	defer ps.pruneMu.Unlock()
+
+	dirs, err := listDir(ps.fs, ".")
+	if err != nil {
+		return fmt.Errorf("list dir: %w", err)
+	}
+
+	ps.cache.clear()
+
+	for _, dir := range dirs {
+		if err := ps.fs.RemoveAll(dir); err != nil {
+			return fmt.Errorf("remove all: %w", err)
+		}
+	}
+
+	return nil
+}
+
+// saveProofNewFile saves proofs to a new file.
+func (ps *ProofStorage) saveProofNewFile(filePath string, inputProofs chan []*ethpb.ExecutionProof) (err error) {
+	// Initialize the offset table.
+	var offsetTable proofOffsetTable
+
+	var sszEncodedProofs []byte
+	currentOffset := uint32(0)
+
+	for {
+		proofs := pullProofChan(inputProofs)
+		if len(proofs) == 0 {
+			break
+		}
+
+		for _, proof := range proofs {
+			proofID := uint64(proof.ProofId)
+			if proofID >= maxProofTypes {
+				continue
+			}
+
+			// Skip if already in offset table (duplicate).
+			if offsetTable[proofID].size != 0 {
+				continue
+			}
+
+			// SSZ encode the proof.
+			sszProof, err := proof.MarshalSSZ()
+			if err != nil {
+				return fmt.Errorf("marshal proof SSZ: %w", err)
+			}
+
+			proofSize := uint32(len(sszProof))
+
+			// Update offset table.
+			offsetTable[proofID] = proofSlotEntry{
+				offset: currentOffset,
+				size:   proofSize,
+			}
+
+			// Append SSZ encoded proof.
+			sszEncodedProofs = append(sszEncodedProofs, sszProof...)
+			currentOffset += proofSize
+		}
+	}
+
+	if len(sszEncodedProofs) == 0 {
+		// Nothing to save.
+		return nil
+	}
+
+	// Create directory structure.
+	dir := filepath.Dir(filePath)
+	if err := ps.fs.MkdirAll(dir, directoryPermissions()); err != nil {
+		return fmt.Errorf("mkdir all: %w", err)
+	}
+
+	file, err := ps.fs.Create(filePath)
+	if err != nil {
+		return fmt.Errorf("create proof file: %w", err)
+	}
+
+	defer func() {
+		closeErr := file.Close()
+		if closeErr != nil && err == nil {
+			err = closeErr
+		}
+	}()
+
+	// Build the file content.
+	countToWrite := proofHeaderSize + len(sszEncodedProofs)
+	bytes := make([]byte, 0, countToWrite)
+
+	// Write version byte.
+	bytes = append(bytes, byte(proofVersion))
+
+	// Write offset table.
+	bytes = append(bytes, encodeOffsetTable(offsetTable)...)
+
+	// Write SSZ encoded proofs.
+	bytes = append(bytes, sszEncodedProofs...)
+
+	countWritten, err := file.Write(bytes)
+	if err != nil {
+		return fmt.Errorf("write: %w", err)
+	}
+	if countWritten != countToWrite {
+		return errWrongProofBytesWritten
+	}
+
+	syncStart := time.Now()
+	if err := file.Sync(); err != nil {
+		return fmt.Errorf("sync: %w", err)
+	}
+	proofFileSyncLatency.Observe(float64(time.Since(syncStart).Milliseconds()))
+
+	return nil
+}
+
+// saveProofExistingFile saves proofs to an existing file.
+func (ps *ProofStorage) saveProofExistingFile(filePath string, inputProofs chan []*ethpb.ExecutionProof) (err error) {
+	// Open the file for read/write.
+	file, err := ps.fs.OpenFile(filePath, os.O_RDWR, os.FileMode(0600))
+	if err != nil {
+		return fmt.Errorf("open proof file: %w", err)
+	}
+
+	defer func() {
+		closeErr := file.Close()
+		if closeErr != nil && err == nil {
+			err = closeErr
+		}
+	}()
+
+	// Read current header.
+	offsetTable, fileSize, err := ps.readHeader(file)
+	if err != nil {
+		return fmt.Errorf("read header: %w", err)
+	}
+
+	var sszEncodedProofs []byte
+	currentOffset := uint32(fileSize - proofHeaderSize)
+	modified := false
+
+	for {
+		proofs := pullProofChan(inputProofs)
+		if len(proofs) == 0 {
+			break
+		}
+
+		for _, proof := range proofs {
+			proofID := uint64(proof.ProofId)
+			if proofID >= maxProofTypes {
+				continue
+			}
+
+			// Skip if proof already exists.
+			if offsetTable[proofID].size != 0 {
+				continue
+			}
+
+			// SSZ encode the proof.
+			sszProof, err := proof.MarshalSSZ()
+			if err != nil {
+				return fmt.Errorf("marshal proof SSZ: %w", err)
+			}
+
+			proofSize := uint32(len(sszProof))
+
+			// Update offset table.
+			offsetTable[proofID] = proofSlotEntry{
+				offset: currentOffset,
+				size:   proofSize,
+			}
+
+			// Append SSZ encoded proof.
+			sszEncodedProofs = append(sszEncodedProofs, sszProof...)
+			currentOffset += proofSize
+			modified = true
+		}
+	}
+
+	if !modified {
+		return nil
+	}
+
+	// Write updated offset table back to file (at position 1, after version byte).
+	encodedTable := encodeOffsetTable(offsetTable)
+	count, err := file.WriteAt(encodedTable, int64(proofVersionSize))
+	if err != nil {
+		return fmt.Errorf("write offset table: %w", err)
+	}
+	if count != proofOffsetTableSize {
+		return errWrongProofBytesWritten
+	}
+
+	// Append the SSZ encoded proofs to the end of the file.
+	count, err = file.WriteAt(sszEncodedProofs, fileSize)
+	if err != nil {
+		return fmt.Errorf("write SSZ encoded proofs: %w", err)
+	}
+	if count != len(sszEncodedProofs) {
+		return errWrongProofBytesWritten
+	}
+
+	syncStart := time.Now()
+	if err := file.Sync(); err != nil {
+		return fmt.Errorf("sync: %w", err)
+	}
+	proofFileSyncLatency.Observe(float64(time.Since(syncStart).Milliseconds()))
+
+	return nil
+}
+
+// readHeader reads the file header and returns the offset table and file size.
+func (ps *ProofStorage) readHeader(file afero.File) (proofOffsetTable, int64, error) {
+	var header [proofHeaderSize]byte
+	countRead, err := file.ReadAt(header[:], 0)
+	if err != nil {
+		return proofOffsetTable{}, 0, fmt.Errorf("read at: %w", err)
+	}
+	if countRead != proofHeaderSize {
+		return proofOffsetTable{}, 0, errWrongProofBytesRead
+	}
+
+	// Check version.
+	fileVersion := int(header[0])
+	if fileVersion != proofVersion {
+		return proofOffsetTable{}, 0, errWrongProofVersion
+	}
+
+	// Decode offset table and compute file size.
+	var offsetTable proofOffsetTable
+	fileSize := int64(proofHeaderSize)
+	for i := range offsetTable {
+		pos := proofVersionSize + i*proofSlotSize
+		offsetTable[i].offset = binary.BigEndian.Uint32(header[pos : pos+proofOffsetSize])
+		offsetTable[i].size = binary.BigEndian.Uint32(header[pos+proofOffsetSize : pos+proofSlotSize])
+		fileSize += int64(offsetTable[i].size)
+	}
+
+	return offsetTable, fileSize, nil
+}
+
+// prune cleans the cache, the filesystem and mutexes.
+func (ps *ProofStorage) prune() {
+	startTime := time.Now()
+	defer func() {
+		proofPruneLatency.Observe(float64(time.Since(startTime).Milliseconds()))
+	}()
+
+	highestStoredEpoch := ps.cache.HighestEpoch()
+
+	// Check if we need to prune.
+	if highestStoredEpoch < ps.retentionEpochs {
+		return
+	}
+
+	highestEpochToPrune := highestStoredEpoch - ps.retentionEpochs
+	highestPeriodToPrune := proofPeriod(highestEpochToPrune)
+
+	// Prune the cache.
+	prunedCount := ps.cache.pruneUpTo(highestEpochToPrune)
+
+	if prunedCount == 0 {
+		return
+	}
+
+	proofPrunedCounter.Add(float64(prunedCount))
+
+	// Prune the filesystem.
+	periodFileInfos, err := afero.ReadDir(ps.fs, ".")
+	if err != nil {
+		log.WithError(err).Error("Error encountered while reading top directory during proof prune")
+		return
+	}
+
+	for _, periodFileInfo := range periodFileInfos {
+		periodStr := periodFileInfo.Name()
+		period, err := strconv.ParseUint(periodStr, 10, 64)
+		if err != nil {
+			log.WithError(err).Errorf("Error encountered while parsing period %s", periodStr)
+			continue
+		}
+
+		if period < highestPeriodToPrune {
+			// Remove everything lower than highest period to prune.
+			if err := ps.fs.RemoveAll(periodStr); err != nil {
+				log.WithError(err).Error("Error encountered while removing period directory during proof prune")
+			}
+			continue
+		}
+
+		if period > highestPeriodToPrune {
+			// Do not remove anything higher than highest period to prune.
+			continue
+		}
+
+		// if period == highestPeriodToPrune
+		epochFileInfos, err := afero.ReadDir(ps.fs, periodStr)
+		if err != nil {
+			log.WithError(err).Error("Error encountered while reading epoch directory during proof prune")
+			continue
+		}
+
+		for _, epochFileInfo := range epochFileInfos {
+			epochStr := epochFileInfo.Name()
+			epochDir := path.Join(periodStr, epochStr)
+
+			epoch, err := strconv.ParseUint(epochStr, 10, 64)
+			if err != nil {
+				log.WithError(err).Errorf("Error encountered while parsing epoch %s", epochStr)
+				continue
+			}
+
+			if primitives.Epoch(epoch) > highestEpochToPrune {
+				continue
+			}
+
+			if err := ps.fs.RemoveAll(epochDir); err != nil {
+				log.WithError(err).Error("Error encountered while removing epoch directory during proof prune")
+				continue
+			}
+		}
+	}
+
+	ps.mu.Lock()
+	defer ps.mu.Unlock()
+	clear(ps.muChans)
+}
+
+// fileMutexChan returns the file mutex and channel for a given block root.
+func (ps *ProofStorage) fileMutexChan(root [fieldparams.RootLength]byte) (*sync.RWMutex, chan []*ethpb.ExecutionProof) {
+	ps.mu.Lock()
+	defer ps.mu.Unlock()
+
+	mc, ok := ps.muChans[root]
+	if !ok {
+		mc = &proofMuChan{
+			mu:      new(sync.RWMutex),
+			toStore: make(chan []*ethpb.ExecutionProof, 1),
+		}
+		ps.muChans[root] = mc
+		return mc.mu, mc.toStore
+	}
+
+	return mc.mu, mc.toStore
+}
+
+// pullProofChan pulls proofs from the input channel until it is empty.
+func pullProofChan(inputProofs chan []*ethpb.ExecutionProof) []*ethpb.ExecutionProof {
+	proofs := make([]*ethpb.ExecutionProof, 0, maxProofTypes)
+
+	for {
+		select {
+		case batch := <-inputProofs:
+			proofs = append(proofs, batch...)
+		default:
+			return proofs
+		}
+	}
+}
+
+// proofFilePath builds the file path in database for a given root and epoch.
+func proofFilePath(root [fieldparams.RootLength]byte, epoch primitives.Epoch) string {
+	return path.Join(
+		fmt.Sprintf("%d", proofPeriod(epoch)),
+		fmt.Sprintf("%d", epoch),
+		fmt.Sprintf("%#x.%s", root, proofsFileExtension),
+	)
+}
+
+// extractProofFileMetadata extracts the metadata from a proof file path.
+func extractProofFileMetadata(path string) (*proofFileMetadata, error) {
+	// Use filepath.Separator to handle both Windows (\) and Unix (/) path separators
+	parts := strings.Split(path, string(filepath.Separator))
+	if len(parts) != 3 {
+		return nil, fmt.Errorf("unexpected proof file %s", path)
+	}
+
+	period, err := strconv.ParseUint(parts[0], 10, 64)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse period from %s: %w", path, err)
+	}
+
+	epoch, err := strconv.ParseUint(parts[1], 10, 64)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse epoch from %s: %w", path, err)
+	}
+
+	partsRoot := strings.Split(parts[2], ".")
+	if len(partsRoot) != 2 {
+		return nil, fmt.Errorf("failed to parse root from %s", path)
+	}
+
+	blockRootString := partsRoot[0]
+	if len(blockRootString) != 2+2*fieldparams.RootLength || blockRootString[:2] != "0x" {
+		return nil, fmt.Errorf("unexpected proof file name %s", path)
+	}
+
+	if partsRoot[1] != proofsFileExtension {
+		return nil, fmt.Errorf("unexpected extension %s", path)
+	}
+
+	blockRootSlice, err := hex.DecodeString(blockRootString[2:])
+	if err != nil {
+		return nil, fmt.Errorf("decode string from %s: %w", path, err)
+	}
+
+	var blockRoot [fieldparams.RootLength]byte
+	copy(blockRoot[:], blockRootSlice)
+
+	result := &proofFileMetadata{period: period, epoch: primitives.Epoch(epoch), blockRoot: blockRoot}
+	return result, nil
+}
+
+// proofPeriod computes the period of a given epoch.
+func proofPeriod(epoch primitives.Epoch) uint64 {
+	return uint64(epoch / params.BeaconConfig().MinEpochsForDataColumnSidecarsRequest)
+}
+
+// encodeOffsetTable encodes the offset table to bytes.
+func encodeOffsetTable(table proofOffsetTable) []byte {
+	result := make([]byte, proofOffsetTableSize)
+	for i, entry := range table {
+		offset := i * proofSlotSize
+		binary.BigEndian.PutUint32(result[offset:offset+proofOffsetSize], entry.offset)
+		binary.BigEndian.PutUint32(result[offset+proofOffsetSize:offset+proofSlotSize], entry.size)
+	}
+	return result
+}

beacon-chain/db/filesystem/proof_cache.go

@@ -0,0 +1,206 @@
+package filesystem
+
+import (
+	"slices"
+	"sync"
+
+	fieldparams "github.com/OffchainLabs/prysm/v7/config/fieldparams"
+	"github.com/OffchainLabs/prysm/v7/config/params"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
+)
+
+// ProofStorageSummary represents cached information about the proofs on disk for each root the cache knows about.
+type ProofStorageSummary struct {
+	epoch    primitives.Epoch
+	proofIDs map[uint64]bool
+}
+
+// HasProof returns true if the proof with the given proofID is available in the filesystem.
+func (s ProofStorageSummary) HasProof(proofID uint64) bool {
+	if s.proofIDs == nil {
+		return false
+	}
+	_, ok := s.proofIDs[proofID]
+	return ok
+}
+
+// Count returns the number of available proofs.
+func (s ProofStorageSummary) Count() int {
+	return len(s.proofIDs)
+}
+
+// All returns all stored proofIDs sorted in ascending order.
+func (s ProofStorageSummary) All() []uint64 {
+	if s.proofIDs == nil {
+		return nil
+	}
+	ids := make([]uint64, 0, len(s.proofIDs))
+	for id := range s.proofIDs {
+		ids = append(ids, id)
+	}
+	slices.Sort(ids)
+	return ids
+}
+
+type proofCache struct {
+	mu                 sync.RWMutex
+	proofCount         float64
+	lowestCachedEpoch  primitives.Epoch
+	highestCachedEpoch primitives.Epoch
+	cache              map[[fieldparams.RootLength]byte]ProofStorageSummary
+}
+
+func newProofCache() *proofCache {
+	return &proofCache{
+		cache:             make(map[[fieldparams.RootLength]byte]ProofStorageSummary),
+		lowestCachedEpoch: params.BeaconConfig().FarFutureEpoch,
+	}
+}
+
+// Summary returns the ProofStorageSummary for `root`.
+// The ProofStorageSummary can be used to check for the presence of proofs based on proofID.
+func (pc *proofCache) Summary(root [fieldparams.RootLength]byte) ProofStorageSummary {
+	pc.mu.RLock()
+	defer pc.mu.RUnlock()
+
+	return pc.cache[root]
+}
+
+// HighestEpoch returns the highest cached epoch.
+func (pc *proofCache) HighestEpoch() primitives.Epoch {
+	pc.mu.RLock()
+	defer pc.mu.RUnlock()
+
+	return pc.highestCachedEpoch
+}
+
+// set adds a proof to the cache.
+func (pc *proofCache) set(ident ProofIdent) {
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+
+	summary := pc.cache[ident.BlockRoot]
+	if summary.proofIDs == nil {
+		summary.proofIDs = make(map[uint64]bool)
+	}
+	summary.epoch = ident.Epoch
+
+	if _, exists := summary.proofIDs[ident.ProofID]; exists {
+		pc.cache[ident.BlockRoot] = summary
+		return
+	}
+
+	summary.proofIDs[ident.ProofID] = true
+	pc.lowestCachedEpoch = min(pc.lowestCachedEpoch, ident.Epoch)
+	pc.highestCachedEpoch = max(pc.highestCachedEpoch, ident.Epoch)
+
+	pc.cache[ident.BlockRoot] = summary
+
+	pc.proofCount++
+	proofDiskCount.Set(pc.proofCount)
+	proofWrittenCounter.Inc()
+}
+
+// setMultiple adds multiple proofs to the cache.
+func (pc *proofCache) setMultiple(ident ProofsIdent) {
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+
+	summary := pc.cache[ident.BlockRoot]
+	if summary.proofIDs == nil {
+		summary.proofIDs = make(map[uint64]bool)
+	}
+	summary.epoch = ident.Epoch
+
+	addedCount := 0
+	for _, proofID := range ident.ProofIDs {
+		if _, exists := summary.proofIDs[proofID]; exists {
+			continue
+		}
+		summary.proofIDs[proofID] = true
+		addedCount++
+	}
+
+	if addedCount == 0 {
+		pc.cache[ident.BlockRoot] = summary
+		return
+	}
+
+	pc.lowestCachedEpoch = min(pc.lowestCachedEpoch, ident.Epoch)
+	pc.highestCachedEpoch = max(pc.highestCachedEpoch, ident.Epoch)
+
+	pc.cache[ident.BlockRoot] = summary
+
+	pc.proofCount += float64(addedCount)
+	proofDiskCount.Set(pc.proofCount)
+	proofWrittenCounter.Add(float64(addedCount))
+}
+
+// get returns the ProofStorageSummary for the given block root.
+// If the root is not in the cache, the second return value will be false.
+func (pc *proofCache) get(blockRoot [fieldparams.RootLength]byte) (ProofStorageSummary, bool) {
+	pc.mu.RLock()
+	defer pc.mu.RUnlock()
+
+	summary, ok := pc.cache[blockRoot]
+	return summary, ok
+}
+
+// evict removes the ProofStorageSummary for the given block root from the cache.
+func (pc *proofCache) evict(blockRoot [fieldparams.RootLength]byte) int {
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+
+	summary, ok := pc.cache[blockRoot]
+	if !ok {
+		return 0
+	}
+
+	deleted := len(summary.proofIDs)
+	delete(pc.cache, blockRoot)
+
+	if deleted > 0 {
+		pc.proofCount -= float64(deleted)
+		proofDiskCount.Set(pc.proofCount)
+	}
+
+	return deleted
+}
+
+// pruneUpTo removes all entries from the cache up to the given target epoch included.
+func (pc *proofCache) pruneUpTo(targetEpoch primitives.Epoch) uint64 {
+	pc.mu.Lock()
+	defer pc.mu.Unlock()
+
+	prunedCount := uint64(0)
+	newLowestCachedEpoch := params.BeaconConfig().FarFutureEpoch
+	newHighestCachedEpoch := primitives.Epoch(0)
+
+	for blockRoot, summary := range pc.cache {
+		epoch := summary.epoch
+
+		if epoch > targetEpoch {
+			newLowestCachedEpoch = min(newLowestCachedEpoch, epoch)
+			newHighestCachedEpoch = max(newHighestCachedEpoch, epoch)
+		}
+
+		if epoch <= targetEpoch {
+			prunedCount += uint64(len(summary.proofIDs))
+			delete(pc.cache, blockRoot)
+		}
+	}
+
+	if prunedCount > 0 {
+		pc.lowestCachedEpoch = newLowestCachedEpoch
+		pc.highestCachedEpoch = newHighestCachedEpoch
+		pc.proofCount -= float64(prunedCount)
+		proofDiskCount.Set(pc.proofCount)
+	}
+
+	return prunedCount
+}
+
+// clear removes all entries from the cache.
+func (pc *proofCache) clear() uint64 {
+	return pc.pruneUpTo(params.BeaconConfig().FarFutureEpoch)
+}

beacon-chain/db/filesystem/proof_test.go

@@ -0,0 +1,407 @@
+package filesystem
+
+import (
+	"encoding/binary"
+	"os"
+	"testing"
+
+	fieldparams "github.com/OffchainLabs/prysm/v7/config/fieldparams"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
+	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
+	"github.com/OffchainLabs/prysm/v7/testing/require"
+	"github.com/spf13/afero"
+)
+
+func createTestProof(t *testing.T, slot primitives.Slot, proofID uint64, blockRoot [32]byte) *ethpb.ExecutionProof {
+	t.Helper()
+
+	return &ethpb.ExecutionProof{
+		ProofId:   primitives.ExecutionProofId(proofID),
+		Slot:      slot,
+		BlockHash: make([]byte, 32),
+		BlockRoot: blockRoot[:],
+		ProofData: []byte("test proof data for proofID " + string(rune('0'+proofID))),
+	}
+}
+
+// assertProofsEqual compares two proofs by comparing their SSZ-encoded bytes.
+func assertProofsEqual(t *testing.T, expected, actual *ethpb.ExecutionProof) {
+	t.Helper()
+
+	expectedSSZ, err := expected.MarshalSSZ()
+	require.NoError(t, err)
+	actualSSZ, err := actual.MarshalSSZ()
+	require.NoError(t, err)
+	require.DeepEqual(t, expectedSSZ, actualSSZ)
+}
+
+func TestNewProofStorage(t *testing.T) {
+	ctx := t.Context()
+
+	t.Run("No base path", func(t *testing.T) {
+		_, err := NewProofStorage(ctx)
+		require.ErrorIs(t, err, errNoProofBasePath)
+	})
+
+	t.Run("Nominal", func(t *testing.T) {
+		dir := t.TempDir()
+
+		storage, err := NewProofStorage(ctx, WithProofBasePath(dir))
+		require.NoError(t, err)
+		require.Equal(t, dir, storage.base)
+	})
+}
+
+func TestProofSaveAndGet(t *testing.T) {
+	t.Run("proof ID too large", func(t *testing.T) {
+		_, proofStorage := NewEphemeralProofStorageAndFs(t)
+
+		proof := &ethpb.ExecutionProof{
+			ProofId:   primitives.ExecutionProofId(maxProofTypes), // too large
+			Slot:      1,
+			BlockHash: make([]byte, 32),
+			BlockRoot: make([]byte, 32),
+			ProofData: []byte("test"),
+		}
+
+		err := proofStorage.Save([]*ethpb.ExecutionProof{proof})
+		require.ErrorIs(t, err, errProofIDTooLarge)
+	})
+
+	t.Run("save empty slice", func(t *testing.T) {
+		_, proofStorage := NewEphemeralProofStorageAndFs(t)
+
+		err := proofStorage.Save([]*ethpb.ExecutionProof{})
+		require.NoError(t, err)
+	})
+
+	t.Run("save and get single proof", func(t *testing.T) {
+		_, proofStorage := NewEphemeralProofStorageAndFs(t)
+
+		blockRoot := [32]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32}
+		proof := createTestProof(t, 32, 2, blockRoot)
+
+		err := proofStorage.Save([]*ethpb.ExecutionProof{proof})
+		require.NoError(t, err)
+
+		// Check summary
+		summary := proofStorage.Summary(blockRoot)
+		require.Equal(t, true, summary.HasProof(2))
+		require.Equal(t, false, summary.HasProof(0))
+		require.Equal(t, false, summary.HasProof(1))
+		require.Equal(t, 1, summary.Count())
+
+		// Get the proof
+		proofs, err := proofStorage.Get(blockRoot, []uint64{2})
+		require.NoError(t, err)
+		require.Equal(t, 1, len(proofs))
+		assertProofsEqual(t, proof, proofs[0])
+	})
+
+	t.Run("save and get multiple proofs", func(t *testing.T) {
+		_, proofStorage := NewEphemeralProofStorageAndFs(t)
+
+		blockRoot := [32]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32}
+
+		// Save first proof
+		proof1 := createTestProof(t, 32, 0, blockRoot)
+		err := proofStorage.Save([]*ethpb.ExecutionProof{proof1})
+		require.NoError(t, err)
+
+		// Save second proof (should append to existing file)
+		proof2 := createTestProof(t, 32, 3, blockRoot)
+		err = proofStorage.Save([]*ethpb.ExecutionProof{proof2})
+		require.NoError(t, err)
+
+		// Save third proof
+		proof3 := createTestProof(t, 32, 7, blockRoot)
+		err = proofStorage.Save([]*ethpb.ExecutionProof{proof3})
+		require.NoError(t, err)
+
+		// Check summary
+		summary := proofStorage.Summary(blockRoot)
+		require.Equal(t, true, summary.HasProof(0))
+		require.Equal(t, false, summary.HasProof(1))
+		require.Equal(t, false, summary.HasProof(2))
+		require.Equal(t, true, summary.HasProof(3))
+		require.Equal(t, false, summary.HasProof(4))
+		require.Equal(t, false, summary.HasProof(5))
+		require.Equal(t, false, summary.HasProof(6))
+		require.Equal(t, true, summary.HasProof(7))
+		require.Equal(t, 3, summary.Count())
+
+		// Get all proofs
+		proofs, err := proofStorage.Get(blockRoot, nil)
+		require.NoError(t, err)
+		require.Equal(t, 3, len(proofs))
+
+		// Get specific proofs
+		proofs, err = proofStorage.Get(blockRoot, []uint64{0, 3})
+		require.NoError(t, err)
+		require.Equal(t, 2, len(proofs))
+		assertProofsEqual(t, proof1, proofs[0])
+		assertProofsEqual(t, proof2, proofs[1])
+	})
+
+	t.Run("duplicate proof is ignored", func(t *testing.T) {
+		_, proofStorage := NewEphemeralProofStorageAndFs(t)
+
+		blockRoot := [32]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32}
+		proof := createTestProof(t, 32, 2, blockRoot)
+
+		// Save first time
+		err := proofStorage.Save([]*ethpb.ExecutionProof{proof})
+		require.NoError(t, err)
+
+		// Save same proof again (should be silently ignored)
+		err = proofStorage.Save([]*ethpb.ExecutionProof{proof})
+		require.NoError(t, err)
+
+		// Check count
+		summary := proofStorage.Summary(blockRoot)
+		require.Equal(t, 1, summary.Count())
+
+		// Get the proof
+		proofs, err := proofStorage.Get(blockRoot, nil)
+		require.NoError(t, err)
+		require.Equal(t, 1, len(proofs))
+	})
+
+	t.Run("get non-existent root", func(t *testing.T) {
+		_, proofStorage := NewEphemeralProofStorageAndFs(t)
+
+		proofs, err := proofStorage.Get([fieldparams.RootLength]byte{1}, []uint64{0, 1, 2})
+		require.NoError(t, err)
+		require.Equal(t, 0, len(proofs))
+	})
+
+	t.Run("get non-existent proofIDs", func(t *testing.T) {
+		_, proofStorage := NewEphemeralProofStorageAndFs(t)
+
+		blockRoot := [32]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32}
+		proof := createTestProof(t, 32, 2, blockRoot)
+
+		err := proofStorage.Save([]*ethpb.ExecutionProof{proof})
+		require.NoError(t, err)
+
+		// Try to get proofIDs that don't exist
+		proofs, err := proofStorage.Get(blockRoot, []uint64{0, 1, 3, 4})
+		require.NoError(t, err)
+		require.Equal(t, 0, len(proofs))
+	})
+}
+
+func TestProofRemove(t *testing.T) {
+	t.Run("remove non-existent", func(t *testing.T) {
+		_, proofStorage := NewEphemeralProofStorageAndFs(t)
+		err := proofStorage.Remove([fieldparams.RootLength]byte{1})
+		require.NoError(t, err)
+	})
+
+	t.Run("remove existing", func(t *testing.T) {
+		_, proofStorage := NewEphemeralProofStorageAndFs(t)
+
+		blockRoot1 := [32]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32}
+		blockRoot2 := [32]byte{32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1}
+
+		proof1 := createTestProof(t, 32, 0, blockRoot1)
+		proof2 := createTestProof(t, 64, 1, blockRoot2)
+
+		err := proofStorage.Save([]*ethpb.ExecutionProof{proof1})
+		require.NoError(t, err)
+		err = proofStorage.Save([]*ethpb.ExecutionProof{proof2})
+		require.NoError(t, err)
+
+		// Remove first proof
+		err = proofStorage.Remove(blockRoot1)
+		require.NoError(t, err)
+
+		// Check first proof is gone
+		summary := proofStorage.Summary(blockRoot1)
+		require.Equal(t, 0, summary.Count())
+
+		proofs, err := proofStorage.Get(blockRoot1, nil)
+		require.NoError(t, err)
+		require.Equal(t, 0, len(proofs))
+
+		// Check second proof still exists
+		summary = proofStorage.Summary(blockRoot2)
+		require.Equal(t, 1, summary.Count())
+
+		proofs, err = proofStorage.Get(blockRoot2, nil)
+		require.NoError(t, err)
+		require.Equal(t, 1, len(proofs))
+	})
+}
+
+func TestProofClear(t *testing.T) {
+	_, proofStorage := NewEphemeralProofStorageAndFs(t)
+
+	blockRoot1 := [32]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32}
+	blockRoot2 := [32]byte{32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1}
+
+	proof1 := createTestProof(t, 32, 0, blockRoot1)
+	proof2 := createTestProof(t, 64, 1, blockRoot2)
+
+	err := proofStorage.Save([]*ethpb.ExecutionProof{proof1})
+	require.NoError(t, err)
+	err = proofStorage.Save([]*ethpb.ExecutionProof{proof2})
+	require.NoError(t, err)
+
+	// Clear all
+	err = proofStorage.Clear()
+	require.NoError(t, err)
+
+	// Check both are gone
+	summary := proofStorage.Summary(blockRoot1)
+	require.Equal(t, 0, summary.Count())
+
+	summary = proofStorage.Summary(blockRoot2)
+	require.Equal(t, 0, summary.Count())
+}
+
+func TestProofWarmCache(t *testing.T) {
+	fs, proofStorage := NewEphemeralProofStorageAndFs(t)
+
+	blockRoot1 := [32]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32}
+	blockRoot2 := [32]byte{32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1}
+
+	// Save proofs
+	proof1a := createTestProof(t, 32, 0, blockRoot1)
+	proof1b := createTestProof(t, 32, 3, blockRoot1)
+	proof2 := createTestProof(t, 64, 5, blockRoot2)
+
+	err := proofStorage.Save([]*ethpb.ExecutionProof{proof1a})
+	require.NoError(t, err)
+	err = proofStorage.Save([]*ethpb.ExecutionProof{proof1b})
+	require.NoError(t, err)
+	err = proofStorage.Save([]*ethpb.ExecutionProof{proof2})
+	require.NoError(t, err)
+
+	// Verify files exist
+	files, err := afero.ReadDir(fs, "0/1")
+	require.NoError(t, err)
+	require.Equal(t, 1, len(files))
+
+	files, err = afero.ReadDir(fs, "0/2")
+	require.NoError(t, err)
+	require.Equal(t, 1, len(files))
+
+	// Create a new storage with the same filesystem
+	proofStorage2 := NewEphemeralProofStorageUsingFs(t, fs)
+
+	// Before warm cache, cache should be empty
+	summary := proofStorage2.Summary(blockRoot1)
+	require.Equal(t, 0, summary.Count())
+
+	// Warm cache
+	proofStorage2.WarmCache()
+
+	// After warm cache, cache should be populated
+	summary = proofStorage2.Summary(blockRoot1)
+	require.Equal(t, 2, summary.Count())
+	require.Equal(t, true, summary.HasProof(0))
+	require.Equal(t, true, summary.HasProof(3))
+
+	summary = proofStorage2.Summary(blockRoot2)
+	require.Equal(t, 1, summary.Count())
+	require.Equal(t, true, summary.HasProof(5))
+}
+
+func TestProofSubscribe(t *testing.T) {
+	_, proofStorage := NewEphemeralProofStorageAndFs(t)
+
+	sub, ch := proofStorage.Subscribe()
+	defer sub.Unsubscribe()
+
+	blockRoot := [32]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32}
+	proof := createTestProof(t, 32, 2, blockRoot)
+
+	err := proofStorage.Save([]*ethpb.ExecutionProof{proof})
+	require.NoError(t, err)
+
+	// Should receive notification
+	ident := <-ch
+	require.Equal(t, blockRoot, ident.BlockRoot)
+	require.DeepEqual(t, []uint64{2}, ident.ProofIDs)
+	require.Equal(t, primitives.Epoch(1), ident.Epoch)
+}
+
+func TestProofReadHeader(t *testing.T) {
+	t.Run("wrong version", func(t *testing.T) {
+		_, proofStorage := NewEphemeralProofStorageAndFs(t)
+
+		blockRoot := [32]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32}
+		proof := createTestProof(t, 32, 0, blockRoot)
+
+		err := proofStorage.Save([]*ethpb.ExecutionProof{proof})
+		require.NoError(t, err)
+
+		// Get the file path
+		filePath := proofFilePath(blockRoot, 1)
+
+		// Alter the version
+		file, err := proofStorage.fs.OpenFile(filePath, os.O_RDWR, os.FileMode(0600))
+		require.NoError(t, err)
+
+		_, err = file.Write([]byte{42}) // wrong version
+		require.NoError(t, err)
+
+		// Try to read header
+		_, _, err = proofStorage.readHeader(file)
+		require.ErrorIs(t, err, errWrongProofVersion)
+
+		err = file.Close()
+		require.NoError(t, err)
+	})
+}
+
+func TestEncodeOffsetTable(t *testing.T) {
+	var table proofOffsetTable
+	table[0] = proofSlotEntry{offset: 0, size: 100}
+	table[3] = proofSlotEntry{offset: 100, size: 200}
+	table[7] = proofSlotEntry{offset: 300, size: 300}
+
+	encoded := encodeOffsetTable(table)
+	require.Equal(t, proofOffsetTableSize, len(encoded))
+
+	// Decode manually and verify
+	var decoded proofOffsetTable
+	for i := range decoded {
+		pos := i * proofSlotSize
+		decoded[i].offset = binary.BigEndian.Uint32(encoded[pos : pos+proofOffsetSize])
+		decoded[i].size = binary.BigEndian.Uint32(encoded[pos+proofOffsetSize : pos+proofSlotSize])
+	}
+	require.Equal(t, table, decoded)
+}
+
+func TestProofFilePath(t *testing.T) {
+	blockRoot := [32]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32}
+	epoch := primitives.Epoch(100)
+
+	path := proofFilePath(blockRoot, epoch)
+	require.Equal(t, "0/100/0x0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20.sszs", path)
+}
+
+func TestExtractProofFileMetadata(t *testing.T) {
+	t.Run("valid path", func(t *testing.T) {
+		path := "0/100/0x0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20.sszs"
+		metadata, err := extractProofFileMetadata(path)
+		require.NoError(t, err)
+
+		expectedRoot := [32]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32}
+		require.Equal(t, uint64(0), metadata.period)
+		require.Equal(t, primitives.Epoch(100), metadata.epoch)
+		require.Equal(t, expectedRoot, metadata.blockRoot)
+	})
+
+	t.Run("invalid path - wrong number of parts", func(t *testing.T) {
+		_, err := extractProofFileMetadata("invalid/path.sszs")
+		require.ErrorContains(t, "unexpected proof file", err)
+	})
+
+	t.Run("invalid path - wrong extension", func(t *testing.T) {
+		_, err := extractProofFileMetadata("0/100/0x0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20.txt")
+		require.ErrorContains(t, "unexpected extension", err)
+	})
+}

beacon-chain/db/kv/custody_test.go

@@ -67,6 +67,7 @@ func getSubscriptionStatusFromDB(t *testing.T, db *Store) bool {
 	return subscribed
 }
 
+
 func TestUpdateCustodyInfo(t *testing.T) {
 	ctx := t.Context()
 

beacon-chain/forkchoice/doubly-linked-tree/BUILD.bazel

@@ -6,6 +6,7 @@ go_library(
         "doc.go",
         "errors.go",
         "forkchoice.go",
+        "last_root.go",
         "log.go",
         "metrics.go",
         "node.go",
@@ -50,6 +51,7 @@ go_test(
     srcs = [
         "ffg_update_test.go",
         "forkchoice_test.go",
+        "last_root_test.go",
         "no_vote_test.go",
         "node_test.go",
         "on_tick_test.go",

beacon-chain/forkchoice/doubly-linked-tree/forkchoice.go

@@ -32,6 +32,7 @@ func New() *ForkChoice {
 		finalizedCheckpoint:           &forkchoicetypes.Checkpoint{},
 		proposerBoostRoot:             [32]byte{},
 		nodeByRoot:                    make(map[[fieldparams.RootLength]byte]*Node),
+		nodeByPayload:                 make(map[[fieldparams.RootLength]byte]*Node),
 		slashedIndices:                make(map[primitives.ValidatorIndex]bool),
 		receivedBlocksLastEpoch:       [fieldparams.SlotsPerEpoch]primitives.Slot{},
 	}

beacon-chain/forkchoice/doubly-linked-tree/last_root.go

@@ -0,0 +1,26 @@
+package doublylinkedtree
+
+import (
+	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
+	"github.com/OffchainLabs/prysm/v7/time/slots"
+)
+
+// LastRoot returns the last canonical block root in the given epoch
+func (f *ForkChoice) LastRoot(epoch primitives.Epoch) [32]byte {
+	head := f.store.headNode
+	headEpoch := slots.ToEpoch(head.slot)
+	epochEnd, err := slots.EpochEnd(epoch)
+	if err != nil {
+		return [32]byte{}
+	}
+	if headEpoch <= epoch {
+		return head.root
+	}
+	for head != nil && head.slot > epochEnd {
+		head = head.parent
+	}
+	if head == nil {
+		return [32]byte{}
+	}
+	return head.root
+}

beacon-chain/forkchoice/doubly-linked-tree/last_root_test.go

@@ -0,0 +1,38 @@
+package doublylinkedtree
+
+import (
+	"testing"
+
+	"github.com/OffchainLabs/prysm/v7/config/params"
+	"github.com/OffchainLabs/prysm/v7/testing/require"
+)
+
+func TestLastRoot(t *testing.T) {
+	f := setup(0, 0)
+	ctx := t.Context()
+
+	st, root, err := prepareForkchoiceState(ctx, 1, [32]byte{'1'}, params.BeaconConfig().ZeroHash, [32]byte{'1'}, 0, 0)
+	require.NoError(t, err)
+	require.NoError(t, f.InsertNode(ctx, st, root))
+	st, root, err = prepareForkchoiceState(ctx, 2, [32]byte{'2'}, [32]byte{'1'}, [32]byte{'2'}, 0, 0)
+	require.NoError(t, err)
+	require.NoError(t, f.InsertNode(ctx, st, root))
+	st, root, err = prepareForkchoiceState(ctx, 3, [32]byte{'3'}, [32]byte{'1'}, [32]byte{'3'}, 0, 0)
+	require.NoError(t, err)
+	require.NoError(t, f.InsertNode(ctx, st, root))
+	st, root, err = prepareForkchoiceState(ctx, 32, [32]byte{'4'}, [32]byte{'3'}, [32]byte{'4'}, 0, 0)
+	require.NoError(t, err)
+	require.NoError(t, f.InsertNode(ctx, st, root))
+	st, root, err = prepareForkchoiceState(ctx, 33, [32]byte{'5'}, [32]byte{'2'}, [32]byte{'5'}, 0, 0)
+	require.NoError(t, err)
+	require.NoError(t, f.InsertNode(ctx, st, root))
+	st, root, err = prepareForkchoiceState(ctx, 34, [32]byte{'6'}, [32]byte{'5'}, [32]byte{'6'}, 0, 0)
+	require.NoError(t, err)
+	require.NoError(t, f.InsertNode(ctx, st, root))
+	headNode := f.store.nodeByRoot[[32]byte{'6'}]
+	f.store.headNode = headNode
+	require.Equal(t, [32]byte{'6'}, f.store.headNode.root)
+	require.Equal(t, [32]byte{'2'}, f.LastRoot(0))
+	require.Equal(t, [32]byte{'6'}, f.LastRoot(1))
+	require.Equal(t, [32]byte{'6'}, f.LastRoot(2))
+}

beacon-chain/forkchoice/doubly-linked-tree/optimistic_sync.go

@@ -94,5 +94,6 @@ func (s *Store) removeNodeAndChildren(ctx context.Context, node *Node, invalidRo
 		s.previousProposerBoostScore = 0
 	}
 	delete(s.nodeByRoot, node.root)
+	delete(s.nodeByPayload, node.payloadHash)
 	return invalidRoots, nil
 }

beacon-chain/forkchoice/doubly-linked-tree/store.go

@@ -113,6 +113,7 @@ func (s *Store) insert(ctx context.Context,
 		}
 	}
 
+	s.nodeByPayload[payloadHash] = n
 	s.nodeByRoot[root] = n
 	if parent == nil {
 		if s.treeRootNode == nil {
@@ -121,6 +122,7 @@ func (s *Store) insert(ctx context.Context,
 			s.highestReceivedNode = n
 		} else {
 			delete(s.nodeByRoot, root)
+			delete(s.nodeByPayload, payloadHash)
 			return nil, errInvalidParentRoot
 		}
 	} else {
@@ -189,6 +191,7 @@ func (s *Store) pruneFinalizedNodeByRootMap(ctx context.Context, node, finalized
 
 	node.children = nil
 	delete(s.nodeByRoot, node.root)
+	delete(s.nodeByPayload, node.payloadHash)
 	return nil
 }
 
@@ -270,6 +273,21 @@ func (f *ForkChoice) HighestReceivedBlockSlot() primitives.Slot {
 	return f.store.highestReceivedNode.slot
 }
 
+// HighestReceivedBlockDelay returns the number of slots that the highest
+// received block was late when receiving it. For example, a block was late by 12 slots,
+// then this method is expected to return 12.
+func (f *ForkChoice) HighestReceivedBlockDelay() primitives.Slot {
+	n := f.store.highestReceivedNode
+	if n == nil {
+		return 0
+	}
+	sss, err := slots.SinceSlotStart(n.slot, f.store.genesisTime, n.timestamp)
+	if err != nil {
+		return 0
+	}
+	return primitives.Slot(uint64(sss/time.Second) / params.BeaconConfig().SecondsPerSlot)
+}
+
 // ReceivedBlocksLastEpoch returns the number of blocks received in the last epoch
 func (f *ForkChoice) ReceivedBlocksLastEpoch() (uint64, error) {
 	count := uint64(0)

beacon-chain/forkchoice/doubly-linked-tree/store_test.go

@@ -128,9 +128,10 @@ func TestStore_Insert(t *testing.T) {
 	// The new node does not have a parent.
 	treeRootNode := &Node{slot: 0, root: indexToHash(0)}
 	nodeByRoot := map[[32]byte]*Node{indexToHash(0): treeRootNode}
+	nodeByPayload := map[[32]byte]*Node{indexToHash(0): treeRootNode}
 	jc := &forkchoicetypes.Checkpoint{Epoch: 0}
 	fc := &forkchoicetypes.Checkpoint{Epoch: 0}
-	s := &Store{nodeByRoot: nodeByRoot, treeRootNode: treeRootNode, justifiedCheckpoint: jc, finalizedCheckpoint: fc, highestReceivedNode: &Node{}}
+	s := &Store{nodeByRoot: nodeByRoot, treeRootNode: treeRootNode, nodeByPayload: nodeByPayload, justifiedCheckpoint: jc, finalizedCheckpoint: fc, highestReceivedNode: &Node{}}
 	payloadHash := [32]byte{'a'}
 	ctx := t.Context()
 	_, blk, err := prepareForkchoiceState(ctx, 100, indexToHash(100), indexToHash(0), payloadHash, 1, 1)
@@ -237,6 +238,7 @@ func TestStore_Prune_NoDanglingBranch(t *testing.T) {
 	s.finalizedCheckpoint.Root = indexToHash(1)
 	require.NoError(t, s.prune(t.Context()))
 	require.Equal(t, len(s.nodeByRoot), 1)
+	require.Equal(t, len(s.nodeByPayload), 1)
 }
 
 // This test starts with the following branching diagram
@@ -317,6 +319,8 @@ func TestStore_PruneMapsNodes(t *testing.T) {
 	s.finalizedCheckpoint.Root = indexToHash(1)
 	require.NoError(t, s.prune(t.Context()))
 	require.Equal(t, len(s.nodeByRoot), 1)
+	require.Equal(t, len(s.nodeByPayload), 1)
+
 }
 
 func TestForkChoice_ReceivedBlocksLastEpoch(t *testing.T) {
@@ -335,6 +339,7 @@ func TestForkChoice_ReceivedBlocksLastEpoch(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, uint64(1), count)
 	require.Equal(t, primitives.Slot(1), f.HighestReceivedBlockSlot())
+	require.Equal(t, primitives.Slot(0), f.HighestReceivedBlockDelay())
 
 	// 64
 	// Received block last epoch is 1
@@ -347,6 +352,7 @@ func TestForkChoice_ReceivedBlocksLastEpoch(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, uint64(1), count)
 	require.Equal(t, primitives.Slot(64), f.HighestReceivedBlockSlot())
+	require.Equal(t, primitives.Slot(0), f.HighestReceivedBlockDelay())
 
 	// 64 65
 	// Received block last epoch is 2
@@ -359,6 +365,7 @@ func TestForkChoice_ReceivedBlocksLastEpoch(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, uint64(2), count)
 	require.Equal(t, primitives.Slot(65), f.HighestReceivedBlockSlot())
+	require.Equal(t, primitives.Slot(1), f.HighestReceivedBlockDelay())
 
 	// 64 65 66
 	// Received block last epoch is 3
@@ -710,3 +717,17 @@ func TestStore_CleanupInserting(t *testing.T) {
 	require.NotNil(t, f.InsertNode(ctx, st, blk))
 	require.Equal(t, false, f.HasNode(blk.Root()))
 }
+
+func TestStore_HighestReceivedBlockDelay(t *testing.T) {
+	f := ForkChoice{
+		store: &Store{
+			genesisTime: time.Unix(0, 0),
+			highestReceivedNode: &Node{
+				slot:      10,
+				timestamp: time.Unix(int64(((10 + 12) * params.BeaconConfig().SecondsPerSlot)), 0), // 12 slots late
+			},
+		},
+	}
+
+	require.Equal(t, primitives.Slot(12), f.HighestReceivedBlockDelay())
+}

beacon-chain/forkchoice/doubly-linked-tree/types.go

@@ -36,6 +36,7 @@ type Store struct {
 	treeRootNode                  *Node                                  // the root node of the store tree.
 	headNode                      *Node                                  // last head Node
 	nodeByRoot                    map[[fieldparams.RootLength]byte]*Node // nodes indexed by roots.
+	nodeByPayload                 map[[fieldparams.RootLength]byte]*Node // nodes indexed by payload Hash
 	slashedIndices                map[primitives.ValidatorIndex]bool     // the list of equivocating validator indices
 	originRoot                    [fieldparams.RootLength]byte           // The genesis block root
 	genesisTime                   time.Time

beacon-chain/forkchoice/interfaces.go

@@ -67,11 +67,13 @@ type FastGetter interface {
 	HasNode([32]byte) bool
 	HighestReceivedBlockSlot() primitives.Slot
 	HighestReceivedBlockRoot() [32]byte
+	HighestReceivedBlockDelay() primitives.Slot
 	IsCanonical(root [32]byte) bool
 	IsOptimistic(root [32]byte) (bool, error)
 	IsViableForCheckpoint(*forkchoicetypes.Checkpoint) (bool, error)
 	JustifiedCheckpoint() *forkchoicetypes.Checkpoint
 	JustifiedPayloadBlockHash() [32]byte
+	LastRoot(primitives.Epoch) [32]byte
 	NodeCount() int
 	PreviousJustifiedCheckpoint() *forkchoicetypes.Checkpoint
 	ProposerBoost() [fieldparams.RootLength]byte

beacon-chain/forkchoice/ro.go

@@ -121,6 +121,13 @@ func (ro *ROForkChoice) HighestReceivedBlockRoot() [32]byte {
 	return ro.getter.HighestReceivedBlockRoot()
 }
 
+// HighestReceivedBlockDelay delegates to the underlying forkchoice call, under a lock.
+func (ro *ROForkChoice) HighestReceivedBlockDelay() primitives.Slot {
+	ro.l.RLock()
+	defer ro.l.RUnlock()
+	return ro.getter.HighestReceivedBlockDelay()
+}
+
 // ReceivedBlocksLastEpoch delegates to the underlying forkchoice call, under a lock.
 func (ro *ROForkChoice) ReceivedBlocksLastEpoch() (uint64, error) {
 	ro.l.RLock()
@@ -156,6 +163,13 @@ func (ro *ROForkChoice) Slot(root [32]byte) (primitives.Slot, error) {
 	return ro.getter.Slot(root)
 }
 
+// LastRoot delegates to the underlying forkchoice call, under a lock.
+func (ro *ROForkChoice) LastRoot(e primitives.Epoch) [32]byte {
+	ro.l.RLock()
+	defer ro.l.RUnlock()
+	return ro.getter.LastRoot(e)
+}
+
 // DependentRoot delegates to the underlying forkchoice call, under a lock.
 func (ro *ROForkChoice) DependentRoot(epoch primitives.Epoch) ([32]byte, error) {
 	ro.l.RLock()

beacon-chain/forkchoice/ro_test.go

@@ -30,6 +30,7 @@ const (
 	nodeCountCalled
 	highestReceivedBlockSlotCalled
 	highestReceivedBlockRootCalled
+	highestReceivedBlockDelayCalled
 	receivedBlocksLastEpochCalled
 	weightCalled
 	isOptimisticCalled
@@ -117,6 +118,11 @@ func TestROLocking(t *testing.T) {
 			call: highestReceivedBlockSlotCalled,
 			cb:   func(g FastGetter) { g.HighestReceivedBlockSlot() },
 		},
+		{
+			name: "highestReceivedBlockDelayCalled",
+			call: highestReceivedBlockDelayCalled,
+			cb:   func(g FastGetter) { g.HighestReceivedBlockDelay() },
+		},
 		{
 			name: "receivedBlocksLastEpochCalled",
 			call: receivedBlocksLastEpochCalled,
@@ -142,6 +148,11 @@ func TestROLocking(t *testing.T) {
 			call: slotCalled,
 			cb:   func(g FastGetter) { _, err := g.Slot([32]byte{}); _discard(t, err) },
 		},
+		{
+			name: "lastRootCalled",
+			call: lastRootCalled,
+			cb:   func(g FastGetter) { g.LastRoot(0) },
+		},
 		{
 			name: "targetRootForEpochCalled",
 			call: targetRootForEpochCalled,
@@ -254,6 +265,11 @@ func (ro *mockROForkchoice) HighestReceivedBlockRoot() [32]byte {
 	return [32]byte{}
 }
 
+func (ro *mockROForkchoice) HighestReceivedBlockDelay() primitives.Slot {
+	ro.calls = append(ro.calls, highestReceivedBlockDelayCalled)
+	return 0
+}
+
 func (ro *mockROForkchoice) ReceivedBlocksLastEpoch() (uint64, error) {
 	ro.calls = append(ro.calls, receivedBlocksLastEpochCalled)
 	return 0, nil
@@ -279,6 +295,11 @@ func (ro *mockROForkchoice) Slot(_ [32]byte) (primitives.Slot, error) {
 	return 0, nil
 }
 
+func (ro *mockROForkchoice) LastRoot(_ primitives.Epoch) [32]byte {
+	ro.calls = append(ro.calls, lastRootCalled)
+	return [32]byte{}
+}
+
 // DependentRoot impoements FastGetter.
 func (ro *mockROForkchoice) DependentRoot(_ primitives.Epoch) ([32]byte, error) {
 	ro.calls = append(ro.calls, dependentRootCalled)

beacon-chain/node/node.go

@@ -123,6 +123,8 @@ type BeaconNode struct {
 	BlobStorageOptions       []filesystem.BlobStorageOption
 	DataColumnStorage        *filesystem.DataColumnStorage
 	DataColumnStorageOptions []filesystem.DataColumnStorageOption
+	ProofStorage             *filesystem.ProofStorage
+	ProofStorageOptions      []filesystem.ProofStorageOption
 	verifyInitWaiter         *verification.InitializerWaiter
 	lhsp                     *verification.LazyHeadStateProvider
 	syncChecker              *initialsync.SyncChecker
@@ -134,20 +136,10 @@ type BeaconNode struct {
 
 // New creates a new node instance, sets up configuration options, and registers
 // every required service to the node.
-func New(cliCtx *cli.Context, cancel context.CancelFunc, optFuncs []func(*cli.Context) ([]Option, error), opts ...Option) (*BeaconNode, error) {
+func New(cliCtx *cli.Context, cancel context.CancelFunc, opts ...Option) (*BeaconNode, error) {
 	if err := configureBeacon(cliCtx); err != nil {
 		return nil, errors.Wrap(err, "could not set beacon configuration options")
 	}
-
-	for _, of := range optFuncs {
-		ofo, err := of(cliCtx)
-		if err != nil {
-			return nil, err
-		}
-		if ofo != nil {
-			opts = append(opts, ofo...)
-		}
-	}
 	ctx := cliCtx.Context
 
 	beacon := &BeaconNode{
@@ -237,6 +229,15 @@ func New(cliCtx *cli.Context, cancel context.CancelFunc, optFuncs []func(*cli.Co
 		return nil, errors.Wrap(err, "could not clear data column storage")
 	}
 
+	if beacon.ProofStorage == nil {
+		proofStorage, err := filesystem.NewProofStorage(cliCtx.Context, beacon.ProofStorageOptions...)
+		if err != nil {
+			return nil, errors.Wrap(err, "new proof storage")
+		}
+
+		beacon.ProofStorage = proofStorage
+	}
+
 	bfs, err := startBaseServices(cliCtx, beacon, depositAddress, dbClearer)
 	if err != nil {
 		return nil, errors.Wrap(err, "could not start modules")
@@ -757,11 +758,13 @@ func (b *BeaconNode) registerBlockchainService(fc forkchoice.ForkChoicer, gs *st
 		blockchain.WithSyncComplete(syncComplete),
 		blockchain.WithBlobStorage(b.BlobStorage),
 		blockchain.WithDataColumnStorage(b.DataColumnStorage),
+		blockchain.WithProofStorage(b.ProofStorage),
 		blockchain.WithTrackedValidatorsCache(b.trackedValidatorsCache),
 		blockchain.WithPayloadIDCache(b.payloadIDCache),
 		blockchain.WithSyncChecker(b.syncChecker),
 		blockchain.WithSlasherEnabled(b.slasherEnabled),
 		blockchain.WithLightClientStore(b.lcStore),
+		blockchain.WithOperationNotifier(b),
 	)
 
 	blockchainService, err := blockchain.NewService(b.ctx, opts...)
@@ -846,6 +849,7 @@ func (b *BeaconNode) registerSyncService(initialSyncComplete chan struct{}, bFil
 		regularsync.WithStateNotifier(b),
 		regularsync.WithBlobStorage(b.BlobStorage),
 		regularsync.WithDataColumnStorage(b.DataColumnStorage),
+		regularsync.WithExecutionProofStorage(b.ProofStorage),
 		regularsync.WithVerifierWaiter(b.verifyInitWaiter),
 		regularsync.WithAvailableBlocker(bFillStore),
 		regularsync.WithTrackedValidatorsCache(b.trackedValidatorsCache),
@@ -972,6 +976,7 @@ func (b *BeaconNode) registerRPCService(router *http.ServeMux) error {
 		BlockReceiver:             chainService,
 		BlobReceiver:              chainService,
 		DataColumnReceiver:        chainService,
+		ProofReceiver:             chainService,
 		AttestationReceiver:       chainService,
 		GenesisTimeFetcher:        chainService,
 		GenesisFetcher:            chainService,

beacon-chain/node/node_test.go

@@ -59,7 +59,7 @@ func TestNodeClose_OK(t *testing.T) {
 		WithDataColumnStorage(filesystem.NewEphemeralDataColumnStorage(t)),
 	}
 
-	node, err := New(ctx, cancel, nil, options...)
+	node, err := New(ctx, cancel, options...)
 	require.NoError(t, err)
 
 	node.Close()
@@ -87,7 +87,7 @@ func TestNodeStart_Ok(t *testing.T) {
 		WithDataColumnStorage(filesystem.NewEphemeralDataColumnStorage(t)),
 	}
 
-	node, err := New(ctx, cancel, nil, options...)
+	node, err := New(ctx, cancel, options...)
 	require.NoError(t, err)
 	require.NotNil(t, node.lcStore)
 	node.services = &runtime.ServiceRegistry{}
@@ -116,7 +116,7 @@ func TestNodeStart_SyncChecker(t *testing.T) {
 		WithDataColumnStorage(filesystem.NewEphemeralDataColumnStorage(t)),
 	}
 
-	node, err := New(ctx, cancel, nil, options...)
+	node, err := New(ctx, cancel, options...)
 	require.NoError(t, err)
 	go func() {
 		node.Start()
@@ -151,7 +151,7 @@ func TestClearDB(t *testing.T) {
 		WithDataColumnStorage(filesystem.NewEphemeralDataColumnStorage(t)),
 	}
 
-	_, err = New(context, cancel, nil, options...)
+	_, err = New(context, cancel, options...)
 	require.NoError(t, err)
 	require.LogsContain(t, hook, "Removing database")
 }

beacon-chain/node/options.go

@@ -35,6 +35,13 @@ func WithBuilderFlagOptions(opts []builder.Option) Option {
 	}
 }
 
+func WithConfigOptions(opt ...params.Option) Option {
+	return func(bn *BeaconNode) error {
+		bn.ConfigOptions = append(bn.ConfigOptions, opt...)
+		return nil
+	}
+}
+
 // WithBlobStorage sets the BlobStorage backend for the BeaconNode
 func WithBlobStorage(bs *filesystem.BlobStorage) Option {
 	return func(bn *BeaconNode) error {
@@ -52,13 +59,6 @@ func WithBlobStorageOptions(opt ...filesystem.BlobStorageOption) Option {
 	}
 }
 
-func WithConfigOptions(opt ...params.Option) Option {
-	return func(bn *BeaconNode) error {
-		bn.ConfigOptions = append(bn.ConfigOptions, opt...)
-		return nil
-	}
-}
-
 // WithDataColumnStorage sets the DataColumnStorage backend for the BeaconNode
 func WithDataColumnStorage(bs *filesystem.DataColumnStorage) Option {
 	return func(bn *BeaconNode) error {
@@ -75,3 +75,20 @@ func WithDataColumnStorageOptions(opt ...filesystem.DataColumnStorageOption) Opt
 		return nil
 	}
 }
+
+// WithDataColumnStorage sets the DataColumnStorage backend for the BeaconNode
+func WithProofStorage(bs *filesystem.ProofStorage) Option {
+	return func(bn *BeaconNode) error {
+		bn.ProofStorage = bs
+		return nil
+	}
+}
+
+// WithDataColumnStorageOptions appends 1 or more filesystem.DataColumnStorageOption on the beacon node,
+// to be used when initializing data column storage.
+func WithProofStorageOption(opt ...filesystem.ProofStorageOption) Option {
+	return func(bn *BeaconNode) error {
+		bn.ProofStorageOptions = append(bn.ProofStorageOptions, opt...)
+		return nil
+	}
+}

beacon-chain/p2p/BUILD.bazel

@@ -166,6 +166,7 @@ go_test(
         "//beacon-chain/startup:go_default_library",
         "//beacon-chain/state/stategen/mock:go_default_library",
         "//cmd/beacon-chain/flags:go_default_library",
+        "//config/features:go_default_library",
         "//config/fieldparams:go_default_library",
         "//config/params:go_default_library",
         "//consensus-types/blocks:go_default_library",

beacon-chain/p2p/discovery.go

@@ -589,6 +589,11 @@ func (s *Service) createLocalNode(
 		localNode.Set(quicEntry)
 	}
 
+	if features.Get().EnableZkvm {
+		zkvmKeyEntry := enr.WithEntry(zkvmEnabledKeyEnrKey, true)
+		localNode.Set(zkvmKeyEntry)
+	}
+
 	localNode.SetFallbackIP(ipAddr)
 	localNode.SetFallbackUDP(udpPort)
 

beacon-chain/p2p/discovery_test.go

@@ -25,6 +25,7 @@ import (
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/p2p/peers/scorers"
 	testp2p "github.com/OffchainLabs/prysm/v7/beacon-chain/p2p/testing"
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/startup"
+	"github.com/OffchainLabs/prysm/v7/config/features"
 	"github.com/OffchainLabs/prysm/v7/config/params"
 	"github.com/OffchainLabs/prysm/v7/consensus-types/wrapper"
 	leakybucket "github.com/OffchainLabs/prysm/v7/container/leaky-bucket"
@@ -243,12 +244,19 @@ func TestCreateLocalNode(t *testing.T) {
 		name          string
 		cfg           *Config
 		expectedError bool
+		zkvmEnabled   bool
 	}{
 		{
 			name:          "valid config",
 			cfg:           &Config{},
 			expectedError: false,
 		},
+		{
+			name:          "valid config with zkVM enabled",
+			cfg:           &Config{},
+			expectedError: false,
+			zkvmEnabled:   true,
+		},
 		{
 			name:          "invalid host address",
 			cfg:           &Config{HostAddress: "invalid"},
@@ -273,6 +281,15 @@ func TestCreateLocalNode(t *testing.T) {
 
 	for _, tt := range testCases {
 		t.Run(tt.name, func(t *testing.T) {
+			if tt.zkvmEnabled {
+				resetCfg := features.InitWithReset(&features.Flags{
+					EnableZkvm: true,
+				})
+				t.Cleanup(func() {
+					resetCfg()
+				})
+			}
+
 			// Define ports. Use unique ports since this test validates ENR content.
 			const (
 				udpPort  = 3100
@@ -348,6 +365,14 @@ func TestCreateLocalNode(t *testing.T) {
 			custodyGroupCount := new(uint64)
 			require.NoError(t, localNode.Node().Record().Load(enr.WithEntry(params.BeaconNetworkConfig().CustodyGroupCountKey, custodyGroupCount)))
 			require.Equal(t, custodyRequirement, *custodyGroupCount)
+
+			// Check zkVM enabled key if applicable.
+			if tt.zkvmEnabled {
+				zkvmEnabled := new(bool)
+				require.NoError(t, localNode.Node().Record().Load(enr.WithEntry(params.BeaconNetworkConfig().ZkvmEnabledKey, zkvmEnabled)))
+				require.Equal(t, features.Get().EnableZkvm, *zkvmEnabled)
+			}
+
 		})
 	}
 }

beacon-chain/p2p/gossip_scoring_params.go

@@ -52,6 +52,9 @@ const (
 	// lightClientFinalityUpdateWeight specifies the scoring weight that we apply to
 	// our light client finality update topic.
 	lightClientFinalityUpdateWeight = 0.05
+	// executionProofWeight specifies the scoring weight that we apply to
+	// our execution proof topic.
+	executionProofWeight = 0.05
 
 	// maxInMeshScore describes the max score a peer can attain from being in the mesh.
 	maxInMeshScore = 10
@@ -145,6 +148,8 @@ func (s *Service) topicScoreParams(topic string) (*pubsub.TopicScoreParams, erro
 		return defaultLightClientOptimisticUpdateTopicParams(), nil
 	case strings.Contains(topic, GossipLightClientFinalityUpdateMessage):
 		return defaultLightClientFinalityUpdateTopicParams(), nil
+	case strings.Contains(topic, GossipExecutionProofMessage):
+		return defaultExecutionProofTopicParams(), nil
 	default:
 		return nil, errors.Errorf("unrecognized topic provided for parameter registration: %s", topic)
 	}
@@ -510,6 +515,28 @@ func defaultBlsToExecutionChangeTopicParams() *pubsub.TopicScoreParams {
 	}
 }
 
+func defaultExecutionProofTopicParams() *pubsub.TopicScoreParams {
+	return &pubsub.TopicScoreParams{
+		TopicWeight:                     executionProofWeight,
+		TimeInMeshWeight:                maxInMeshScore / inMeshCap(),
+		TimeInMeshQuantum:               inMeshTime(),
+		TimeInMeshCap:                   inMeshCap(),
+		FirstMessageDeliveriesWeight:    2,
+		FirstMessageDeliveriesDecay:     scoreDecay(oneHundredEpochs),
+		FirstMessageDeliveriesCap:       5,
+		MeshMessageDeliveriesWeight:     0,
+		MeshMessageDeliveriesDecay:      0,
+		MeshMessageDeliveriesCap:        0,
+		MeshMessageDeliveriesThreshold:  0,
+		MeshMessageDeliveriesWindow:     0,
+		MeshMessageDeliveriesActivation: 0,
+		MeshFailurePenaltyWeight:        0,
+		MeshFailurePenaltyDecay:         0,
+		InvalidMessageDeliveriesWeight:  -2000,
+		InvalidMessageDeliveriesDecay:   scoreDecay(invalidDecayPeriod),
+	}
+}
+
 func defaultLightClientOptimisticUpdateTopicParams() *pubsub.TopicScoreParams {
 	return &pubsub.TopicScoreParams{
 		TopicWeight:                     lightClientOptimisticUpdateWeight,

beacon-chain/p2p/gossip_topic_mappings.go

@@ -25,6 +25,7 @@ var gossipTopicMappings = map[string]func() proto.Message{
 	LightClientOptimisticUpdateTopicFormat:    func() proto.Message { return &ethpb.LightClientOptimisticUpdateAltair{} },
 	LightClientFinalityUpdateTopicFormat:      func() proto.Message { return &ethpb.LightClientFinalityUpdateAltair{} },
 	DataColumnSubnetTopicFormat:               func() proto.Message { return &ethpb.DataColumnSidecar{} },
+	ExecutionProofSubnetTopicFormat:           func() proto.Message { return &ethpb.ExecutionProof{} },
 }
 
 // GossipTopicMappings is a function to return the assigned data type

beacon-chain/p2p/peers/status.go

@@ -602,6 +602,33 @@ func (p *Status) All() []peer.ID {
 	return pids
 }
 
+// ZkvmEnabledPeers returns all connected peers that have zkvm enabled in their ENR.
+func (p *Status) ZkvmEnabledPeers() []peer.ID {
+	p.store.RLock()
+	defer p.store.RUnlock()
+
+	peers := make([]peer.ID, 0)
+	for pid, peerData := range p.store.Peers() {
+		if peerData.ConnState != Connected {
+			continue
+		}
+		if peerData.Enr == nil {
+			continue
+		}
+
+		var enabled bool
+		entry := enr.WithEntry(params.BeaconNetworkConfig().ZkvmEnabledKey, &enabled)
+		if err := peerData.Enr.Load(entry); err != nil {
+			continue
+		}
+
+		if enabled {
+			peers = append(peers, pid)
+		}
+	}
+	return peers
+}
+
 // Prune clears out and removes outdated and disconnected peers.
 func (p *Status) Prune() {
 	p.store.Lock()

beacon-chain/p2p/peers/status_test.go

@@ -1341,3 +1341,75 @@ func createPeer(t *testing.T, p *peers.Status, addr ma.Multiaddr,
 	p.SetConnectionState(id, state)
 	return id
 }
+
+func TestZkvmEnabledPeers(t *testing.T) {
+	p := peers.NewStatus(t.Context(), &peers.StatusConfig{
+		PeerLimit: 30,
+		ScorerParams: &scorers.Config{
+			BadResponsesScorerConfig: &scorers.BadResponsesScorerConfig{
+				Threshold: 1,
+			},
+		},
+	})
+
+	// Create peer 1: Connected, zkVM enabled
+	pid1 := addPeer(t, p, peers.Connected)
+	record1 := new(enr.Record)
+	zkvmEnabled := true
+	record1.Set(enr.WithEntry(params.BeaconNetworkConfig().ZkvmEnabledKey, &zkvmEnabled))
+	p.Add(record1, pid1, nil, network.DirOutbound)
+	p.SetConnectionState(pid1, peers.Connected)
+
+	// Create peer 2: Connected, zkVM disabled
+	pid2 := addPeer(t, p, peers.Connected)
+	record2 := new(enr.Record)
+	zkvmDisabled := false
+	record2.Set(enr.WithEntry(params.BeaconNetworkConfig().ZkvmEnabledKey, &zkvmDisabled))
+	p.Add(record2, pid2, nil, network.DirOutbound)
+	p.SetConnectionState(pid2, peers.Connected)
+
+	// Create peer 3: Connected, zkVM enabled
+	pid3 := addPeer(t, p, peers.Connected)
+	record3 := new(enr.Record)
+	record3.Set(enr.WithEntry(params.BeaconNetworkConfig().ZkvmEnabledKey, &zkvmEnabled))
+	p.Add(record3, pid3, nil, network.DirOutbound)
+	p.SetConnectionState(pid3, peers.Connected)
+
+	// Create peer 4: Disconnected, zkVM enabled (should not be included)
+	pid4 := addPeer(t, p, peers.Disconnected)
+	record4 := new(enr.Record)
+	record4.Set(enr.WithEntry(params.BeaconNetworkConfig().ZkvmEnabledKey, &zkvmEnabled))
+	p.Add(record4, pid4, nil, network.DirOutbound)
+	p.SetConnectionState(pid4, peers.Disconnected)
+
+	// Create peer 5: Connected, no ENR (should not be included)
+	pid5 := addPeer(t, p, peers.Connected)
+	p.Add(nil, pid5, nil, network.DirOutbound)
+	p.SetConnectionState(pid5, peers.Connected)
+
+	// Create peer 6: Connected, no zkVM key in ENR (should not be included)
+	pid6 := addPeer(t, p, peers.Connected)
+	record6 := new(enr.Record)
+	record6.Set(enr.WithEntry("other_key", "other_value"))
+	p.Add(record6, pid6, nil, network.DirOutbound)
+	p.SetConnectionState(pid6, peers.Connected)
+
+	// Get zkVM enabled peers
+	zkvmPeers := p.ZkvmEnabledPeers()
+
+	// Should return only pid1 and pid3 (connected peers with zkVM enabled)
+	assert.Equal(t, 2, len(zkvmPeers), "Expected 2 zkVM enabled peers")
+
+	// Verify the returned peers are correct
+	zkvmPeerMap := make(map[peer.ID]bool)
+	for _, pid := range zkvmPeers {
+		zkvmPeerMap[pid] = true
+	}
+
+	assert.Equal(t, true, zkvmPeerMap[pid1], "pid1 should be in zkVM enabled peers")
+	assert.Equal(t, true, zkvmPeerMap[pid3], "pid3 should be in zkVM enabled peers")
+	assert.Equal(t, false, zkvmPeerMap[pid2], "pid2 should not be in zkVM enabled peers (disabled)")
+	assert.Equal(t, false, zkvmPeerMap[pid4], "pid4 should not be in zkVM enabled peers (disconnected)")
+	assert.Equal(t, false, zkvmPeerMap[pid5], "pid5 should not be in zkVM enabled peers (no ENR)")
+	assert.Equal(t, false, zkvmPeerMap[pid6], "pid6 should not be in zkVM enabled peers (no zkVM key)")
+}

beacon-chain/p2p/rpc_topic_mappings.go

@@ -67,6 +67,9 @@ const (
 
 	// DataColumnSidecarsByRangeName is the name for the DataColumnSidecarsByRange v1 message topic.
 	DataColumnSidecarsByRangeName = "/data_column_sidecars_by_range"
+
+	// ExecutionProofsByRootName is the name for the ExecutionProofsByRoot v1 message topic.
+	ExecutionProofsByRootName = "/execution_proofs_by_root"
 )
 
 const (
@@ -106,6 +109,9 @@ const (
 	// RPCDataColumnSidecarsByRangeTopicV1 is a topic for requesting data column sidecars by their slot.
 	// /eth2/beacon_chain/req/data_column_sidecars_by_range/1 - New in Fulu.
 	RPCDataColumnSidecarsByRangeTopicV1 = protocolPrefix + DataColumnSidecarsByRangeName + SchemaVersionV1
+	// RPCExecutionProofsByRootTopicV1 is a topic for requesting execution proofs by their block root.
+	// /eth2/beacon_chain/req/execution_proofs_by_root/1 - New in Fulu.
+	RPCExecutionProofsByRootTopicV1 = protocolPrefix + ExecutionProofsByRootName + SchemaVersionV1
 
 	// V2 RPC Topics
 	// RPCStatusTopicV2 defines the v1 topic for the status rpc method.
@@ -170,6 +176,9 @@ var (
 
 		// DataColumnSidecarsByRoot v1 Message
 		RPCDataColumnSidecarsByRootTopicV1: p2ptypes.DataColumnsByRootIdentifiers{},
+
+		// ExecutionProofsByRoot v1 Message
+		RPCExecutionProofsByRootTopicV1: new(pb.ExecutionProofsByRootRequest),
 	}
 
 	// Maps all registered protocol prefixes.
@@ -193,6 +202,7 @@ var (
 		LightClientOptimisticUpdateName: true,
 		DataColumnSidecarsByRootName:    true,
 		DataColumnSidecarsByRangeName:   true,
+		ExecutionProofsByRootName:       true,
 	}
 
 	// Maps all the RPC messages which are to updated in altair.

beacon-chain/p2p/subnets.go

@@ -36,6 +36,7 @@ var (
 	attSubnetEnrKey         = params.BeaconNetworkConfig().AttSubnetKey
 	syncCommsSubnetEnrKey   = params.BeaconNetworkConfig().SyncCommsSubnetKey
 	custodyGroupCountEnrKey = params.BeaconNetworkConfig().CustodyGroupCountKey
+	zkvmEnabledKeyEnrKey    = params.BeaconNetworkConfig().ZkvmEnabledKey
 )
 
 // The value used with the subnet, in order

beacon-chain/p2p/topics.go

@@ -46,6 +46,8 @@ const (
 	GossipLightClientOptimisticUpdateMessage = "light_client_optimistic_update"
 	// GossipDataColumnSidecarMessage is the name for the data column sidecar message type.
 	GossipDataColumnSidecarMessage = "data_column_sidecar"
+	// GossipExecutionProofMessage is the name for the execution proof message type.
+	GossipExecutionProofMessage = "execution_proof"
 
 	// Topic Formats
 	//
@@ -75,6 +77,8 @@ const (
 	LightClientOptimisticUpdateTopicFormat = GossipProtocolAndDigest + GossipLightClientOptimisticUpdateMessage
 	// DataColumnSubnetTopicFormat is the topic format for the data column subnet.
 	DataColumnSubnetTopicFormat = GossipProtocolAndDigest + GossipDataColumnSidecarMessage + "_%d"
+	// ExecutionProofSubnetTopicFormat is the topic format for the execution proof subnet.
+	ExecutionProofSubnetTopicFormat = GossipProtocolAndDigest + GossipExecutionProofMessage // + "_%d" (PoC only have one global topic)
 )
 
 // topic is a struct representing a single gossipsub topic.
@@ -158,6 +162,7 @@ func (s *Service) allTopics() []topic {
 		newTopic(altair, future, empty, GossipLightClientOptimisticUpdateMessage),
 		newTopic(altair, future, empty, GossipLightClientFinalityUpdateMessage),
 		newTopic(capella, future, empty, GossipBlsToExecutionChangeMessage),
+		newTopic(fulu, future, empty, GossipExecutionProofMessage),
 	}
 	last := params.GetNetworkScheduleEntry(genesis)
 	schedule := []params.NetworkScheduleEntry{last}

beacon-chain/rpc/eth/beacon/handlers_pool_test.go

@@ -26,8 +26,8 @@ import (
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/operations/voluntaryexits/mock"
 	p2pMock "github.com/OffchainLabs/prysm/v7/beacon-chain/p2p/testing"
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/rpc/core"
-	state_native "github.com/OffchainLabs/prysm/v7/beacon-chain/state/state-native"
 	mockSync "github.com/OffchainLabs/prysm/v7/beacon-chain/sync/initial-sync/testing"
+	state_native "github.com/OffchainLabs/prysm/v7/beacon-chain/state/state-native"
 	"github.com/OffchainLabs/prysm/v7/config/params"
 	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
 	"github.com/OffchainLabs/prysm/v7/crypto/bls"

beacon-chain/rpc/eth/config/handlers_test.go

@@ -178,6 +178,11 @@ func TestGetSpec(t *testing.T) {
 	config.BuilderPaymentThresholdNumerator = 104
 	config.BuilderPaymentThresholdDenominator = 105
 
+	// EIP-8025
+	config.MaxProofDataBytes = 200
+	config.MinEpochsForExecutionProofRequests = 201
+	config.MinProofsRequired = 202
+
 	var dbp [4]byte
 	copy(dbp[:], []byte{'0', '0', '0', '1'})
 	config.DomainBeaconProposer = dbp
@@ -610,6 +615,12 @@ func TestGetSpec(t *testing.T) {
 				assert.Equal(t, "102", v)
 			case "SYNC_MESSAGE_DUE_BPS":
 				assert.Equal(t, "103", v)
+			case "MAX_PROOF_DATA_BYTES":
+				assert.Equal(t, "200", v)
+			case "MIN_EPOCHS_FOR_EXECUTION_PROOF_REQUESTS":
+				assert.Equal(t, "201", v)
+			case "MIN_PROOFS_REQUIRED":
+				assert.Equal(t, "202", v)
 			case "BUILDER_PAYMENT_THRESHOLD_NUMERATOR":
 				assert.Equal(t, "104", v)
 			case "BUILDER_PAYMENT_THRESHOLD_DENOMINATOR":

beacon-chain/rpc/eth/validator/BUILD.bazel

@@ -5,7 +5,6 @@ go_library(
     srcs = [
         "handlers.go",
         "handlers_block.go",
-        "handlers_gloas.go",
         "log.go",
         "server.go",
     ],

beacon-chain/rpc/eth/validator/handlers_gloas.go

@@ -1,276 +0,0 @@
-package validator
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"strconv"
-	"strings"
-
-	"github.com/OffchainLabs/prysm/v7/api/server/structs"
-	"github.com/OffchainLabs/prysm/v7/beacon-chain/rpc/eth/shared"
-	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
-	"github.com/OffchainLabs/prysm/v7/monitoring/tracing/trace"
-	"github.com/OffchainLabs/prysm/v7/network/httputil"
-	eth "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
-	"github.com/OffchainLabs/prysm/v7/runtime/version"
-	"github.com/pkg/errors"
-	"google.golang.org/protobuf/types/known/wrapperspb"
-)
-
-// ProduceBlockV4 requests a beacon node to produce a valid GLOAS block.
-// This is the GLOAS-specific block production endpoint that returns a block
-// containing a signed execution payload bid instead of the full payload.
-//
-// The execution payload envelope is cached by the beacon node and can be
-// retrieved via GetExecutionPayloadEnvelope.
-//
-// Endpoint: GET /eth/v4/validator/blocks/{slot}
-func (s *Server) ProduceBlockV4(w http.ResponseWriter, r *http.Request) {
-	_, span := trace.StartSpan(r.Context(), "validator.ProduceBlockV4")
-	defer span.End()
-
-	if shared.IsSyncing(r.Context(), w, s.SyncChecker, s.HeadFetcher, s.TimeFetcher, s.OptimisticModeFetcher) {
-		return
-	}
-
-	// Parse path parameters
-	segments := strings.Split(r.URL.Path, "/")
-	rawSlot := segments[len(segments)-1]
-
-	slot, valid := shared.ValidateUint(w, "slot", rawSlot)
-	if !valid {
-		return
-	}
-
-	// Parse query parameters
-	rawRandaoReveal := r.URL.Query().Get("randao_reveal")
-	rawGraffiti := r.URL.Query().Get("graffiti")
-	rawSkipRandaoVerification := r.URL.Query().Get("skip_randao_verification")
-
-	var bbFactor *wrapperspb.UInt64Value
-	rawBbFactor, bbValue, ok := shared.UintFromQuery(w, r, "builder_boost_factor", false)
-	if !ok {
-		return
-	}
-	if rawBbFactor != "" {
-		bbFactor = &wrapperspb.UInt64Value{Value: bbValue}
-	}
-
-	// Parse randao reveal
-	var randaoReveal []byte
-	if rawSkipRandaoVerification == "true" {
-		// TODO: Use infinite signature constant
-		randaoReveal = make([]byte, 96)
-	} else {
-		// TODO: Decode randao reveal from hex
-		_ = rawRandaoReveal
-	}
-
-	// Parse graffiti
-	var graffiti []byte
-	if rawGraffiti != "" {
-		// TODO: Decode graffiti from hex
-	}
-
-	// TODO: Implement GLOAS-specific block production
-	//
-	// This handler should:
-	// 1. Verify the slot is in the GLOAS fork
-	// 2. Call v1alpha1 server's getGloasBeaconBlock
-	// 3. Format response with GLOAS-specific headers
-	// 4. Return the block (the envelope is cached server-side)
-
-	_ = bbFactor
-	_ = graffiti
-	_ = randaoReveal
-	_ = slot
-
-	httputil.HandleError(w, "ProduceBlockV4 not yet implemented", http.StatusNotImplemented)
-}
-
-// handleProduceGloasV4 handles the response formatting for GLOAS blocks.
-func handleProduceGloasV4(w http.ResponseWriter, isSSZ bool, block *eth.BeaconBlockGloas, payloadValue, consensusBlockValue string) {
-	// TODO: Implement GLOAS response handling
-	//
-	// Similar to handleProduceFuluV3 but for GLOAS blocks.
-	// The response should NOT include the execution payload envelope,
-	// as that is retrieved separately.
-
-	if isSSZ {
-		// TODO: SSZ serialize the GLOAS block
-		httputil.HandleError(w, "SSZ response not yet implemented for GLOAS", http.StatusNotImplemented)
-		return
-	}
-
-	// JSON response
-	// TODO: Convert GLOAS block to JSON struct
-	resp := &structs.ProduceBlockV3Response{
-		Version:                 version.String(version.Gloas),
-		ExecutionPayloadBlinded: false, // GLOAS blocks don't have blinded concept in same way
-		ExecutionPayloadValue:   payloadValue,
-		ConsensusBlockValue:     consensusBlockValue,
-		Data:                    nil, // TODO: Marshal block to JSON
-	}
-
-	httputil.WriteJson(w, resp)
-}
-
-// GetExecutionPayloadEnvelope retrieves a cached execution payload envelope.
-// Validators call this after receiving a GLOAS block to get the envelope
-// they need to sign and broadcast.
-//
-// Endpoint: GET /eth/v1/validator/execution_payload_envelope/{slot}/{builder_index}
-func (s *Server) GetExecutionPayloadEnvelope(w http.ResponseWriter, r *http.Request) {
-	ctx, span := trace.StartSpan(r.Context(), "validator.ExecutionPayloadEnvelope")
-	defer span.End()
-
-	// Parse path parameters
-	segments := strings.Split(r.URL.Path, "/")
-	if len(segments) < 2 {
-		httputil.HandleError(w, "missing slot and builder_index in path", http.StatusBadRequest)
-		return
-	}
-
-	rawSlot := segments[len(segments)-2]
-	rawBuilderIndex := segments[len(segments)-1]
-
-	slot, valid := shared.ValidateUint(w, "slot", rawSlot)
-	if !valid {
-		return
-	}
-
-	builderIndex, err := strconv.ParseUint(rawBuilderIndex, 10, 64)
-	if err != nil {
-		httputil.HandleError(w, errors.Wrap(err, "invalid builder_index").Error(), http.StatusBadRequest)
-		return
-	}
-
-	// Build gRPC request
-	req := &eth.ExecutionPayloadEnvelopeRequest{
-		Slot:         primitives.Slot(slot),
-		BuilderIndex: primitives.BuilderIndex(builderIndex),
-	}
-
-	// TODO: The V1Alpha1Server needs to implement the ExecutionPayloadEnvelope method
-	// from the BeaconNodeValidatorServer interface. Currently it's defined but the
-	// interface may need updating to include this method.
-	//
-	// Once implemented, uncomment:
-	// resp, err := s.V1Alpha1Server.ExecutionPayloadEnvelope(ctx, req)
-	// if err != nil {
-	//     // Map gRPC error codes to HTTP status codes
-	//     if status.Code(err) == codes.NotFound {
-	//         httputil.HandleError(w, err.Error(), http.StatusNotFound)
-	//     } else {
-	//         httputil.HandleError(w, err.Error(), http.StatusInternalServerError)
-	//     }
-	//     return
-	// }
-	//
-	// // Format and return response
-	// // - Support both JSON and SSZ based on Accept header
-	// // - Set version header
-	// w.Header().Set(api.VersionHeader, version.String(version.Gloas))
-	// httputil.WriteJson(w, &structs.GetExecutionPayloadEnvelopeResponse{
-	//     Version: version.String(version.Gloas),
-	//     Data:    envelopeProtoToJSON(resp.Envelope),
-	// })
-
-	_ = ctx
-	_ = req
-
-	httputil.HandleError(w, "ExecutionPayloadEnvelope not yet implemented", http.StatusNotImplemented)
-}
-
-// PublishExecutionPayloadEnvelope broadcasts a signed execution payload envelope.
-// Validators call this after signing the envelope to broadcast it to the network.
-//
-// Endpoint: POST /eth/v1/beacon/execution_payload_envelope
-func (s *Server) PublishExecutionPayloadEnvelope(w http.ResponseWriter, r *http.Request) {
-	ctx, span := trace.StartSpan(r.Context(), "validator.PublishExecutionPayloadEnvelope")
-	defer span.End()
-
-	// Parse request body
-	var signedEnvelope structs.SignedExecutionPayloadEnvelope
-	if err := json.NewDecoder(r.Body).Decode(&signedEnvelope); err != nil {
-		httputil.HandleError(w, errors.Wrap(err, "failed to decode request body").Error(), http.StatusBadRequest)
-		return
-	}
-
-	// TODO: Convert JSON struct to proto
-	// protoEnvelope, err := signedEnvelope.ToProto()
-	// if err != nil {
-	//     httputil.HandleError(w, err.Error(), http.StatusBadRequest)
-	//     return
-	// }
-
-	// TODO: Call gRPC server
-	// _, err = s.V1Alpha1Server.PublishExecutionPayloadEnvelope(ctx, protoEnvelope)
-	// if err != nil {
-	//     // Handle different error types (validation errors vs internal errors)
-	//     httputil.HandleError(w, err.Error(), http.StatusBadRequest)
-	//     return
-	// }
-
-	_ = ctx
-	_ = signedEnvelope
-
-	httputil.HandleError(w, "PublishExecutionPayloadEnvelope not yet implemented", http.StatusNotImplemented)
-}
-
-// ExecutionPayloadEnvelopeJSON represents the JSON structure for an execution payload envelope.
-// This is used for REST API serialization.
-type ExecutionPayloadEnvelopeJSON struct {
-	Payload            json.RawMessage `json:"payload"`
-	ExecutionRequests  json.RawMessage `json:"execution_requests"`
-	BuilderIndex       string          `json:"builder_index"`
-	BeaconBlockRoot    string          `json:"beacon_block_root"`
-	Slot               string          `json:"slot"`
-	BlobKzgCommitments []string        `json:"blob_kzg_commitments"`
-	StateRoot          string          `json:"state_root"`
-}
-
-// SignedExecutionPayloadEnvelopeJSON represents the JSON structure for a signed envelope.
-type SignedExecutionPayloadEnvelopeJSON struct {
-	Message   *ExecutionPayloadEnvelopeJSON `json:"message"`
-	Signature string                        `json:"signature"`
-}
-
-// ExecutionPayloadEnvelopeResponseJSON is the response wrapper for envelope retrieval.
-type ExecutionPayloadEnvelopeResponseJSON struct {
-	Version string                        `json:"version"`
-	Data    *ExecutionPayloadEnvelopeJSON `json:"data"`
-}
-
-// envelopeProtoToJSON converts a proto envelope to JSON representation.
-func envelopeProtoToJSON(envelope *eth.ExecutionPayloadEnvelope) (*ExecutionPayloadEnvelopeJSON, error) {
-	// TODO: Implement conversion
-	//
-	// Convert each field:
-	// - payload: Marshal ExecutionPayloadDeneb to JSON
-	// - execution_requests: Marshal to JSON
-	// - builder_index: Convert uint64 to string
-	// - beacon_block_root: Hex encode
-	// - slot: Convert uint64 to string
-	// - blob_kzg_commitments: Hex encode each
-	// - state_root: Hex encode
-
-	return nil, fmt.Errorf("envelopeProtoToJSON not yet implemented")
-}
-
-// envelopeJSONToProto converts a JSON envelope to proto representation.
-func envelopeJSONToProto(envelope *ExecutionPayloadEnvelopeJSON) (*eth.ExecutionPayloadEnvelope, error) {
-	// TODO: Implement conversion
-	//
-	// Parse each field:
-	// - payload: Unmarshal from JSON
-	// - execution_requests: Unmarshal from JSON
-	// - builder_index: Parse uint64 from string
-	// - beacon_block_root: Hex decode
-	// - slot: Parse uint64 from string
-	// - blob_kzg_commitments: Hex decode each
-	// - state_root: Hex decode
-
-	return nil, fmt.Errorf("envelopeJSONToProto not yet implemented")
-}

beacon-chain/rpc/eth/validator/server.go

@@ -19,24 +19,23 @@ import (
 // Server defines a server implementation of the gRPC Validator service,
 // providing RPC endpoints intended for validator clients.
 type Server struct {
-	HeadFetcher                   blockchain.HeadFetcher
-	TimeFetcher                   blockchain.TimeFetcher
-	SyncChecker                   sync.Checker
-	AttestationCache              *cache.AttestationCache
-	AttestationsPool              attestations.Pool
-	PeerManager                   p2p.PeerManager
-	Broadcaster                   p2p.Broadcaster
-	Stater                        lookup.Stater
-	OptimisticModeFetcher         blockchain.OptimisticModeFetcher
-	SyncCommitteePool             synccommittee.Pool
-	V1Alpha1Server                eth.BeaconNodeValidatorServer
-	ChainInfoFetcher              blockchain.ChainInfoFetcher
-	BeaconDB                      db.HeadAccessDatabase
-	BlockBuilder                  builder.BlockBuilder
-	OperationNotifier             operation.Notifier
-	CoreService                   *core.Service
-	BlockRewardFetcher            rewards.BlockRewardsFetcher
-	TrackedValidatorsCache        *cache.TrackedValidatorsCache
-	PayloadIDCache                *cache.PayloadIDCache
-	ExecutionPayloadEnvelopeCache *cache.ExecutionPayloadEnvelopeCache // GLOAS: Cache for execution payload envelopes
+	HeadFetcher            blockchain.HeadFetcher
+	TimeFetcher            blockchain.TimeFetcher
+	SyncChecker            sync.Checker
+	AttestationCache       *cache.AttestationCache
+	AttestationsPool       attestations.Pool
+	PeerManager            p2p.PeerManager
+	Broadcaster            p2p.Broadcaster
+	Stater                 lookup.Stater
+	OptimisticModeFetcher  blockchain.OptimisticModeFetcher
+	SyncCommitteePool      synccommittee.Pool
+	V1Alpha1Server         eth.BeaconNodeValidatorServer
+	ChainInfoFetcher       blockchain.ChainInfoFetcher
+	BeaconDB               db.HeadAccessDatabase
+	BlockBuilder           builder.BlockBuilder
+	OperationNotifier      operation.Notifier
+	CoreService            *core.Service
+	BlockRewardFetcher     rewards.BlockRewardsFetcher
+	TrackedValidatorsCache *cache.TrackedValidatorsCache
+	PayloadIDCache         *cache.PayloadIDCache
 }

beacon-chain/rpc/prysm/v1alpha1/validator/BUILD.bazel

@@ -26,7 +26,6 @@ go_library(
         "proposer_eth1data.go",
         "proposer_execution_payload.go",
         "proposer_exits.go",
-        "proposer_gloas.go",
         "proposer_slashings.go",
         "proposer_sync_aggregate.go",
         "server.go",
@@ -43,6 +42,7 @@ go_library(
         "//beacon-chain/blockchain/kzg:go_default_library",
         "//beacon-chain/builder:go_default_library",
         "//beacon-chain/cache:go_default_library",
+        "//cmd/beacon-chain/flags:go_default_library",
         "//beacon-chain/cache/depositsnapshot:go_default_library",
         "//beacon-chain/core/blocks:go_default_library",
         "//beacon-chain/core/electra:go_default_library",

beacon-chain/rpc/prysm/v1alpha1/validator/construct_generic_block.go

@@ -57,8 +57,6 @@ func (vs *Server) constructGenericBeaconBlock(
 			return nil, fmt.Errorf("expected *BlobsBundleV2, got %T", blobsBundler)
 		}
 		return vs.constructFuluBlock(blockProto, isBlinded, bidStr, bundle), nil
-	case version.Gloas:
-		return vs.constructGloasBlock(blockProto), nil
 	default:
 		return nil, fmt.Errorf("unknown block version: %d", sBlk.Version())
 	}
@@ -111,13 +109,6 @@ func (vs *Server) constructElectraBlock(blockProto proto.Message, isBlinded bool
 	return &ethpb.GenericBeaconBlock{Block: &ethpb.GenericBeaconBlock_Electra{Electra: electraContents}, IsBlinded: false, PayloadValue: payloadValue}
 }
 
-func (vs *Server) constructGloasBlock(blockProto proto.Message) *ethpb.GenericBeaconBlock {
-	// GLOAS blocks do not carry a separate payload value — the bid is part of the block body.
-	return &ethpb.GenericBeaconBlock{
-		Block: &ethpb.GenericBeaconBlock_Gloas{Gloas: blockProto.(*ethpb.BeaconBlockGloas)},
-	}
-}
-
 func (vs *Server) constructFuluBlock(blockProto proto.Message, isBlinded bool, payloadValue string, bundle *enginev1.BlobsBundleV2) *ethpb.GenericBeaconBlock {
 	if isBlinded {
 		return &ethpb.GenericBeaconBlock{Block: &ethpb.GenericBeaconBlock_BlindedFulu{BlindedFulu: blockProto.(*ethpb.BlindedBeaconBlockFulu)}, IsBlinded: true, PayloadValue: payloadValue}

beacon-chain/rpc/prysm/v1alpha1/validator/proposer.go

@@ -19,6 +19,7 @@ import (
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/transition"
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/db/kv"
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/state"
+	"github.com/OffchainLabs/prysm/v7/cmd/beacon-chain/flags"
 	fieldparams "github.com/OffchainLabs/prysm/v7/config/fieldparams"
 	"github.com/OffchainLabs/prysm/v7/config/params"
 	"github.com/OffchainLabs/prysm/v7/consensus-types/blocks"
@@ -231,13 +232,6 @@ func (vs *Server) BuildBlockParallel(ctx context.Context, sBlk interfaces.Signed
 
 		// Set bls to execution change. New in Capella.
 		vs.setBlsToExecData(sBlk, head)
-
-		// Set payload attestations. New in GLOAS.
-		if sBlk.Version() >= version.Gloas {
-			if err := sBlk.SetPayloadAttestations(vs.getPayloadAttestations(ctx, head, sBlk.Block().Slot())); err != nil {
-				log.WithError(err).Error("Could not set payload attestations")
-			}
-		}
 	})
 
 	winningBid := primitives.ZeroWei()
@@ -248,31 +242,24 @@ func (vs *Server) BuildBlockParallel(ctx context.Context, sBlk interfaces.Signed
 			return nil, status.Errorf(codes.Internal, "Could not get local payload: %v", err)
 		}
 
-		switch {
-		case sBlk.Version() >= version.Gloas:
-			if err := vs.setGloasExecutionData(ctx, sBlk, local); err != nil {
-				return nil, status.Errorf(codes.Internal, "Could not set GLOAS execution data: %v", err)
-			}
-		default:
-			// There's no reason to try to get a builder bid if local override is true.
-			var builderBid builderapi.Bid
-			if !(local.OverrideBuilder || skipMevBoost) {
-				latestHeader, err := head.LatestExecutionPayloadHeader()
-				if err != nil {
-					return nil, status.Errorf(codes.Internal, "Could not get latest execution payload header: %v", err)
-				}
-				parentGasLimit := latestHeader.GasLimit()
-				builderBid, err = vs.getBuilderPayloadAndBlobs(ctx, sBlk.Block().Slot(), sBlk.Block().ProposerIndex(), parentGasLimit)
-				if err != nil {
-					builderGetPayloadMissCount.Inc()
-					log.WithError(err).Error("Could not get builder payload")
-				}
-			}
-
-			winningBid, bundle, err = setExecutionData(ctx, sBlk, local, builderBid, builderBoostFactor)
+		// There's no reason to try to get a builder bid if local override is true.
+		var builderBid builderapi.Bid
+		if !(local.OverrideBuilder || skipMevBoost) {
+			latestHeader, err := head.LatestExecutionPayloadHeader()
 			if err != nil {
-				return nil, status.Errorf(codes.Internal, "Could not set execution data: %v", err)
+				return nil, status.Errorf(codes.Internal, "Could not get latest execution payload header: %v", err)
 			}
+			parentGasLimit := latestHeader.GasLimit()
+			builderBid, err = vs.getBuilderPayloadAndBlobs(ctx, sBlk.Block().Slot(), sBlk.Block().ProposerIndex(), parentGasLimit)
+			if err != nil {
+				builderGetPayloadMissCount.Inc()
+				log.WithError(err).Error("Could not get builder payload")
+			}
+		}
+
+		winningBid, bundle, err = setExecutionData(ctx, sBlk, local, builderBid, builderBoostFactor)
+		if err != nil {
+			return nil, status.Errorf(codes.Internal, "Could not set execution data: %v", err)
 		}
 	}
 
@@ -291,6 +278,11 @@ func (vs *Server) BuildBlockParallel(ctx context.Context, sBlk interfaces.Signed
 //
 // ProposeBeaconBlock handles the proposal of beacon blocks.
 func (vs *Server) ProposeBeaconBlock(ctx context.Context, req *ethpb.GenericSignedBeaconBlock) (*ethpb.ProposeResponse, error) {
+	var (
+		blobSidecars       []*ethpb.BlobSidecar
+		dataColumnSidecars []blocks.RODataColumn
+	)
+
 	ctx, span := trace.StartSpan(ctx, "ProposerServer.ProposeBeaconBlock")
 	defer span.End()
 
@@ -307,58 +299,15 @@ func (vs *Server) ProposeBeaconBlock(ctx context.Context, req *ethpb.GenericSign
 		return nil, status.Errorf(codes.Internal, "Could not hash tree root: %v", err)
 	}
 
-	if block.Version() < version.Gloas {
-		// For post-Fulu blinded blocks, submit to relay and return early.
-		if block.IsBlinded() && slots.ToEpoch(block.Block().Slot()) >= params.BeaconConfig().FuluForkEpoch {
-			err := vs.BlockBuilder.SubmitBlindedBlockPostFulu(ctx, block)
-			if err != nil {
-				return nil, status.Errorf(codes.Internal, "Could not submit blinded block post-Fulu: %v", err)
-			}
-			return &ethpb.ProposeResponse{BlockRoot: root[:]}, nil
+	// For post-Fulu blinded blocks, submit to relay and return early
+	if block.IsBlinded() && slots.ToEpoch(block.Block().Slot()) >= params.BeaconConfig().FuluForkEpoch {
+		err := vs.BlockBuilder.SubmitBlindedBlockPostFulu(ctx, block)
+		if err != nil {
+			return nil, status.Errorf(codes.Internal, "Could not submit blinded block post-Fulu: %v", err)
 		}
-		return vs.proposeBlockWithSidecars(ctx, block, root, req)
+		return &ethpb.ProposeResponse{BlockRoot: root[:]}, nil
 	}
 
-	return vs.proposeBlock(ctx, block, root)
-}
-
-// proposeBlock broadcasts and receives a beacon block without sidecars.
-// Used for GLOAS and beyond where execution data is delivered via a separate envelope.
-func (vs *Server) proposeBlock(
-	ctx context.Context,
-	block interfaces.SignedBeaconBlock,
-	root [fieldparams.RootLength]byte,
-) (*ethpb.ProposeResponse, error) {
-	protoBlock, err := block.Proto()
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "Could not convert block to proto: %v", err)
-	}
-	if err := vs.P2P.Broadcast(ctx, protoBlock); err != nil {
-		return nil, status.Errorf(codes.Internal, "Could not broadcast block: %v", err)
-	}
-	vs.BlockNotifier.BlockFeed().Send(&feed.Event{
-		Type: blockfeed.ReceivedBlock,
-		Data: &blockfeed.ReceivedBlockData{SignedBlock: block},
-	})
-	if err := vs.BlockReceiver.ReceiveBlock(ctx, block, root, nil); err != nil {
-		return nil, status.Errorf(codes.Internal, "Could not receive block: %v", err)
-	}
-	return &ethpb.ProposeResponse{BlockRoot: root[:]}, nil
-}
-
-// proposeBlockWithSidecars handles block proposal for forks that carry blob or
-// data column sidecars alongside the block (Bellatrix through Fulu).
-func (vs *Server) proposeBlockWithSidecars(
-	ctx context.Context,
-	block interfaces.SignedBeaconBlock,
-	root [fieldparams.RootLength]byte,
-	req *ethpb.GenericSignedBeaconBlock,
-) (*ethpb.ProposeResponse, error) {
-	var (
-		blobSidecars       []*ethpb.BlobSidecar
-		dataColumnSidecars []blocks.RODataColumn
-	)
-
 	rob, err := blocks.NewROBlockWithRoot(block, root)
 	if block.IsBlinded() {
 		block, blobSidecars, err = vs.handleBlindedBlock(ctx, block)
@@ -373,38 +322,91 @@ func (vs *Server) proposeBlockWithSidecars(
 		return nil, status.Errorf(codes.Internal, "%s: %v", "handle block failed", err)
 	}
 
-	var wg sync.WaitGroup
-	errChan := make(chan error, 1)
+	var wg errgroup.Group
+	blockBroadcastDone := make(chan bool)
 
-	wg.Add(1)
-	go func() {
-		if err := vs.broadcastReceiveBlock(ctx, &wg, block, root); err != nil {
-			errChan <- errors.Wrap(err, "broadcast/receive block failed")
-			return
+	wg.Go(func() error {
+		if err := vs.broadcastReceiveBlock(ctx, blockBroadcastDone, block, root); err != nil {
+			return fmt.Errorf("broadcast receive block: %w", err)
 		}
-		errChan <- nil
-	}()
 
-	wg.Wait()
+		return nil
+	})
 
-	if err := vs.broadcastAndReceiveSidecars(ctx, block, root, blobSidecars, dataColumnSidecars); err != nil {
-		return nil, status.Errorf(codes.Internal, "Could not broadcast/receive sidecars: %v", err)
-	}
-	if err := <-errChan; err != nil {
-		return nil, status.Errorf(codes.Internal, "Could not broadcast/receive block: %v", err)
+	wg.Go(func() error {
+		if err := vs.broadcastAndReceiveSidecars(ctx, blockBroadcastDone, block, root, blobSidecars, dataColumnSidecars); err != nil {
+			return fmt.Errorf("broadcast and receive sidecars: %w", err)
+		}
+
+		return nil
+	})
+
+	if err := wg.Wait(); err != nil {
+		return nil, status.Errorf(codes.Internal, "Could not broadcast/receive block/sidecars: %v", err)
 	}
 
+	// Generate and broadcast execution proofs.
+	go vs.generateAndBroadcastExecutionProofs(ctx, rob)
+
 	return &ethpb.ProposeResponse{BlockRoot: root[:]}, nil
 }
 
+// TODO: This is a duplicate from the same function in the sync package.
+func (vs *Server) generateAndBroadcastExecutionProofs(ctx context.Context, roBlock blocks.ROBlock) {
+	const delay = 2 * time.Second
+	proofTypes := flags.Get().ProofGenerationTypes
+
+	if len(proofTypes) == 0 {
+		return
+	}
+
+	var wg errgroup.Group
+	for _, proofType := range proofTypes {
+		wg.Go(func() error {
+			execProof, err := generateExecProof(roBlock, primitives.ExecutionProofId(proofType), delay)
+
+			if err != nil {
+				return fmt.Errorf("generate exec proof: %w", err)
+			}
+
+			if err := vs.P2P.Broadcast(ctx, execProof); err != nil {
+				return fmt.Errorf("broadcast exec proof: %w", err)
+			}
+
+			// Save the proof to storage.
+			if vs.ProofReceiver != nil {
+				if err := vs.ProofReceiver.ReceiveProof(execProof); err != nil {
+					return fmt.Errorf("receive proof: %w", err)
+				}
+			}
+
+			return nil
+		})
+	}
+
+	if err := wg.Wait(); err != nil {
+		log.WithError(err).Error("Failed to generate and broadcast execution proofs")
+	}
+
+	log.WithFields(logrus.Fields{
+		"root":  fmt.Sprintf("%#x", roBlock.Root()),
+		"slot":  roBlock.Block().Slot(),
+		"count": len(proofTypes),
+	}).Debug("Generated and broadcasted execution proofs")
+}
+
 // broadcastAndReceiveSidecars broadcasts and receives sidecars.
 func (vs *Server) broadcastAndReceiveSidecars(
 	ctx context.Context,
+	blockBroadcastDone <-chan bool,
 	block interfaces.SignedBeaconBlock,
 	root [fieldparams.RootLength]byte,
 	blobSidecars []*ethpb.BlobSidecar,
 	dataColumnSidecars []blocks.RODataColumn,
 ) error {
+	// Wait for block broadcast to complete before broadcasting sidecars.
+	<-blockBroadcastDone
+
 	if block.Version() >= version.Fulu {
 		if err := vs.broadcastAndReceiveDataColumns(ctx, dataColumnSidecars); err != nil {
 			return errors.Wrap(err, "broadcast and receive data columns")
@@ -462,10 +464,18 @@ func (vs *Server) handleUnblindedBlock(
 	}
 
 	if block.Version() >= version.Fulu {
-		roDataColumnSidecars, err := buildDataColumnSidecars(rawBlobs, proofs, peerdas.PopulateFromBlock(block))
+		// Compute cells and proofs from the blobs and cell proofs.
+		cellsPerBlob, proofsPerBlob, err := peerdas.ComputeCellsAndProofsFromFlat(rawBlobs, proofs)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, errors.Wrap(err, "compute cells and proofs")
 		}
+
+		// Construct data column sidecars from the signed block and cells and proofs.
+		roDataColumnSidecars, err := peerdas.DataColumnSidecars(cellsPerBlob, proofsPerBlob, peerdas.PopulateFromBlock(block))
+		if err != nil {
+			return nil, nil, errors.Wrap(err, "data column sidcars")
+		}
+
 		return nil, roDataColumnSidecars, nil
 	}
 
@@ -477,28 +487,15 @@ func (vs *Server) handleUnblindedBlock(
 	return blobSidecars, nil, nil
 }
 
-// buildDataColumnSidecars computes cells and proofs from blobs and constructs
-// data column sidecars using the given ConstructionPopulator source.
-func buildDataColumnSidecars(blobs, proofs [][]byte, src peerdas.ConstructionPopulator) ([]blocks.RODataColumn, error) {
-	cellsPerBlob, proofsPerBlob, err := peerdas.ComputeCellsAndProofsFromFlat(blobs, proofs)
-	if err != nil {
-		return nil, errors.Wrap(err, "compute cells and proofs")
-	}
-
-	roDataColumnSidecars, err := peerdas.DataColumnSidecars(cellsPerBlob, proofsPerBlob, src)
-	if err != nil {
-		return nil, errors.Wrap(err, "data column sidecars")
-	}
-
-	return roDataColumnSidecars, nil
-}
-
 // broadcastReceiveBlock broadcasts a block and handles its reception.
-func (vs *Server) broadcastReceiveBlock(ctx context.Context, wg *sync.WaitGroup, block interfaces.SignedBeaconBlock, root [fieldparams.RootLength]byte) error {
-	if err := vs.broadcastBlock(ctx, wg, block, root); err != nil {
+// It closes the blockBroadcastDone channel once broadcasting is complete (but before receiving the block).
+func (vs *Server) broadcastReceiveBlock(ctx context.Context, blockBroadcastDone chan<- bool, block interfaces.SignedBeaconBlock, root [fieldparams.RootLength]byte) error {
+	if err := vs.broadcastBlock(ctx, block, root); err != nil {
 		return errors.Wrap(err, "broadcast block")
 	}
 
+	close(blockBroadcastDone)
+
 	vs.BlockNotifier.BlockFeed().Send(&feed.Event{
 		Type: blockfeed.ReceivedBlock,
 		Data: &blockfeed.ReceivedBlockData{SignedBlock: block},
@@ -511,9 +508,7 @@ func (vs *Server) broadcastReceiveBlock(ctx context.Context, wg *sync.WaitGroup,
 	return nil
 }
 
-func (vs *Server) broadcastBlock(ctx context.Context, wg *sync.WaitGroup, block interfaces.SignedBeaconBlock, root [fieldparams.RootLength]byte) error {
-	defer wg.Done()
-
+func (vs *Server) broadcastBlock(ctx context.Context, block interfaces.SignedBeaconBlock, root [fieldparams.RootLength]byte) error {
 	protoBlock, err := block.Proto()
 	if err != nil {
 		return errors.Wrap(err, "protobuf conversion failed")
@@ -769,3 +764,57 @@ func blobsAndProofs(req *ethpb.GenericSignedBeaconBlock) ([][]byte, [][]byte, er
 		return nil, nil, errors.Errorf("unknown request type provided: %T", req)
 	}
 }
+
+// generateExecProof returns a dummy execution proof after the specified delay.
+// TODO: This is a duplicate from the same function in the sync package.
+func generateExecProof(roBlock blocks.ROBlock, proofID primitives.ExecutionProofId, delay time.Duration) (*ethpb.ExecutionProof, error) {
+	// Simulate proof generation work
+	time.Sleep(delay)
+
+	// Create a dummy proof with some deterministic data
+	block := roBlock.Block()
+	if block == nil {
+		return nil, errors.New("nil block")
+	}
+
+	body := block.Body()
+	if body == nil {
+		return nil, errors.New("nil block body")
+	}
+
+	executionData, err := body.Execution()
+	if err != nil {
+		return nil, fmt.Errorf("execution: %w", err)
+	}
+
+	if executionData == nil {
+		return nil, errors.New("nil execution data")
+	}
+
+	hash, err := executionData.HashTreeRoot()
+	if err != nil {
+		return nil, fmt.Errorf("hash tree root: %w", err)
+	}
+
+	proofData := []byte{
+		0xFF, // Magic byte for dummy proof
+		byte(proofID),
+		// Include some payload hash bytes
+		hash[0],
+		hash[1],
+		hash[2],
+		hash[3],
+	}
+
+	blockRoot := roBlock.Root()
+
+	proof := &ethpb.ExecutionProof{
+		ProofId:   proofID,
+		Slot:      block.Slot(),
+		BlockHash: hash[:],
+		BlockRoot: blockRoot[:],
+		ProofData: proofData,
+	}
+
+	return proof, nil
+}

beacon-chain/rpc/prysm/v1alpha1/validator/proposer_empty_block.go

@@ -16,11 +16,6 @@ func getEmptyBlock(slot primitives.Slot) (interfaces.SignedBeaconBlock, error) {
 	var err error
 	epoch := slots.ToEpoch(slot)
 	switch {
-	case epoch >= params.BeaconConfig().GloasForkEpoch:
-		sBlk, err = blocks.NewSignedBeaconBlock(&ethpb.SignedBeaconBlockGloas{Block: &ethpb.BeaconBlockGloas{Body: &ethpb.BeaconBlockBodyGloas{}}})
-		if err != nil {
-			return nil, status.Errorf(codes.Internal, "Could not initialize block for proposal: %v", err)
-		}
 	case epoch >= params.BeaconConfig().FuluForkEpoch:
 		sBlk, err = blocks.NewSignedBeaconBlock(&ethpb.SignedBeaconBlockFulu{Block: &ethpb.BeaconBlockElectra{Body: &ethpb.BeaconBlockBodyElectra{}}})
 		if err != nil {

beacon-chain/rpc/prysm/v1alpha1/validator/proposer_gloas.go

@@ -1,460 +0,0 @@
-package validator
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/feed"
-	blockfeed "github.com/OffchainLabs/prysm/v7/beacon-chain/core/feed/block"
-	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/peerdas"
-	"github.com/OffchainLabs/prysm/v7/beacon-chain/state"
-	fieldparams "github.com/OffchainLabs/prysm/v7/config/fieldparams"
-	"github.com/OffchainLabs/prysm/v7/config/params"
-	consensusblocks "github.com/OffchainLabs/prysm/v7/consensus-types/blocks"
-	"github.com/OffchainLabs/prysm/v7/consensus-types/interfaces"
-	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
-	"github.com/OffchainLabs/prysm/v7/container/trie"
-	"github.com/OffchainLabs/prysm/v7/crypto/bls/common"
-	"github.com/OffchainLabs/prysm/v7/encoding/bytesutil"
-	"github.com/OffchainLabs/prysm/v7/monitoring/tracing/trace"
-	enginev1 "github.com/OffchainLabs/prysm/v7/proto/engine/v1"
-	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
-	"github.com/OffchainLabs/prysm/v7/time/slots"
-	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
-	"golang.org/x/sync/errgroup"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/types/known/emptypb"
-)
-
-// setGloasExecutionData creates an execution payload bid from the local payload,
-// sets it on the block, and caches the execution payload envelope for later
-// retrieval by the validator client.
-func (vs *Server) setGloasExecutionData(
-	ctx context.Context,
-	sBlk interfaces.SignedBeaconBlock,
-	local *consensusblocks.GetPayloadResponse,
-) error {
-	_, span := trace.StartSpan(ctx, "ProposerServer.setGloasExecutionData")
-	defer span.End()
-
-	if local == nil || local.ExecutionData == nil {
-		return errors.New("local execution payload is nil")
-	}
-
-	// Create execution payload bid from the local payload.
-	parentRoot := sBlk.Block().ParentRoot()
-	bid, err := vs.createSelfBuildExecutionPayloadBid(
-		local.ExecutionData,
-		primitives.BuilderIndex(sBlk.Block().ProposerIndex()),
-		parentRoot[:],
-		sBlk.Block().Slot(),
-		local.BlobsBundler,
-	)
-	if err != nil {
-		return errors.Wrap(err, "could not create execution payload bid")
-	}
-
-	// Per spec, self-build bids must use G2 point-at-infinity as the signature.
-	// Only the execution payload envelope requires a real signature from the proposer.
-	signedBid := &ethpb.SignedExecutionPayloadBid{
-		Message:   bid,
-		Signature: common.InfiniteSignature[:],
-	}
-	if err := sBlk.SetSignedExecutionPayloadBid(signedBid); err != nil {
-		return errors.Wrap(err, "could not set signed execution payload bid")
-	}
-
-	// Cache the execution payload envelope and blobs bundle for later retrieval.
-	// The envelope is retrieved by the VC to sign and broadcast.
-	// The blobs bundle is needed during block proposal to build and broadcast blob sidecars.
-	envelope := vs.createExecutionPayloadEnvelope(
-		local.ExecutionData,
-		local.ExecutionRequests,
-		primitives.BuilderIndex(sBlk.Block().ProposerIndex()),
-		sBlk.Block().Slot(),
-		local.BlobsBundler,
-	)
-	vs.cacheExecutionPayloadEnvelope(envelope, local.BlobsBundler)
-
-	return nil
-}
-
-// getPayloadAttestations returns payload attestations for inclusion in a GLOAS block.
-// These attest to the payload timeliness from the previous slot's PTC.
-func (vs *Server) getPayloadAttestations(ctx context.Context, head state.BeaconState, slot primitives.Slot) []*ethpb.PayloadAttestation {
-	// TODO: Implement payload attestation retrieval from pool.
-	// This requires:
-	// 1. A PayloadAttestationPool to collect PTC votes
-	// 2. Aggregation of individual PayloadAttestationMessages into PayloadAttestations
-	// For now, return empty - blocks are valid without payload attestations.
-	return []*ethpb.PayloadAttestation{}
-}
-
-// createSelfBuildExecutionPayloadBid creates an ExecutionPayloadBid for self-building,
-// where the proposer acts as its own builder. Value and payment are zero, and the
-// bid fields are derived directly from the local execution payload.
-func (vs *Server) createSelfBuildExecutionPayloadBid(
-	executionData interfaces.ExecutionData,
-	builderIndex primitives.BuilderIndex,
-	parentBlockRoot []byte,
-	slot primitives.Slot,
-	blobsBundler enginev1.BlobsBundler,
-) (*ethpb.ExecutionPayloadBid, error) {
-	if executionData == nil || executionData.IsNil() {
-		return nil, errors.New("execution data is nil")
-	}
-
-	// Compute blob_kzg_commitments_root from the blobs bundle.
-	// This is hash_tree_root(List[KZGCommitment, MAX_BLOB_COMMITMENTS_PER_BLOCK]).
-	kzgCommitmentsRoot := make([]byte, 32)
-	if blobsBundler != nil {
-		commitments := extractKzgCommitments(blobsBundler)
-		if len(commitments) > 0 {
-			leaves := consensusblocks.LeavesFromCommitments(commitments)
-			commitmentsTree, err := trie.GenerateTrieFromItems(leaves, fieldparams.LogMaxBlobCommitments)
-			if err != nil {
-				return nil, errors.Wrap(err, "could not generate kzg commitments trie")
-			}
-			root, err := commitmentsTree.HashTreeRoot()
-			if err != nil {
-				return nil, errors.Wrap(err, "could not compute kzg commitments root")
-			}
-			kzgCommitmentsRoot = root[:]
-		}
-	}
-
-	return &ethpb.ExecutionPayloadBid{
-		ParentBlockHash:        executionData.ParentHash(),
-		ParentBlockRoot:        bytesutil.SafeCopyBytes(parentBlockRoot),
-		BlockHash:              executionData.BlockHash(),
-		PrevRandao:             executionData.PrevRandao(),
-		FeeRecipient:           executionData.FeeRecipient(),
-		GasLimit:               executionData.GasLimit(),
-		BuilderIndex:           builderIndex,
-		Slot:                   slot,
-		Value:                  0,
-		ExecutionPayment:       0,
-		BlobKzgCommitmentsRoot: kzgCommitmentsRoot,
-	}, nil
-}
-
-// createExecutionPayloadEnvelope wraps a full execution payload with metadata.
-// The envelope is cached by the beacon node during block production for later
-// retrieval by the validator via GetExecutionPayloadEnvelope.
-func (vs *Server) createExecutionPayloadEnvelope(
-	executionData interfaces.ExecutionData,
-	executionRequests *enginev1.ExecutionRequests,
-	builderIndex primitives.BuilderIndex,
-	slot primitives.Slot,
-	blobsBundler enginev1.BlobsBundler,
-) *ethpb.ExecutionPayloadEnvelope {
-	// Extract the underlying ExecutionPayloadDeneb proto
-	var payload *enginev1.ExecutionPayloadDeneb
-	if executionData != nil && !executionData.IsNil() {
-		if p, ok := executionData.Proto().(*enginev1.ExecutionPayloadDeneb); ok {
-			payload = p
-		}
-	}
-
-	commitments := extractKzgCommitments(blobsBundler)
-
-	return &ethpb.ExecutionPayloadEnvelope{
-		Payload:            payload,
-		ExecutionRequests:  executionRequests,
-		BuilderIndex:       builderIndex,
-		BeaconBlockRoot:    make([]byte, 32), // Populated later when block root is known
-		Slot:               slot,
-		BlobKzgCommitments: commitments,
-		StateRoot:          make([]byte, 32), // Computed later in GetExecutionPayloadEnvelope
-	}
-}
-
-// extractKzgCommitments pulls KZG commitments from a blobs bundler.
-func extractKzgCommitments(blobsBundler enginev1.BlobsBundler) [][]byte {
-	if blobsBundler == nil {
-		return nil
-	}
-	switch b := blobsBundler.(type) {
-	case *enginev1.BlobsBundle:
-		if b != nil {
-			return b.KzgCommitments
-		}
-	case *enginev1.BlobsBundleV2:
-		if b != nil {
-			return b.KzgCommitments
-		}
-	}
-	return nil
-}
-
-// cacheExecutionPayloadEnvelope stores an envelope and its blobs bundle for later retrieval.
-// The blobs bundle is cached alongside the envelope because blobs from the EL are only
-// held in memory until they are broadcast as sidecars during block proposal.
-func (vs *Server) cacheExecutionPayloadEnvelope(envelope *ethpb.ExecutionPayloadEnvelope, blobsBundle enginev1.BlobsBundler) {
-	if vs.ExecutionPayloadEnvelopeCache == nil {
-		log.Warn("ExecutionPayloadEnvelopeCache is nil, envelope will not be cached")
-		return
-	}
-	vs.ExecutionPayloadEnvelopeCache.Set(envelope, blobsBundle)
-}
-
-// GetExecutionPayloadEnvelope retrieves a cached execution payload envelope.
-// This is called by validators after receiving a GLOAS block to get the envelopeF
-// they need to sign and broadcast.
-//
-// gRPC endpoint: /eth/v1alpha1/validator/execution_payload_envelope/{slot}/{builder_index}
-func (vs *Server) GetExecutionPayloadEnvelope(
-	ctx context.Context,
-	req *ethpb.ExecutionPayloadEnvelopeRequest,
-) (*ethpb.ExecutionPayloadEnvelopeResponse, error) {
-	if req == nil {
-		return nil, status.Error(codes.InvalidArgument, "request cannot be nil")
-	}
-
-	if slots.ToEpoch(req.Slot) < params.BeaconConfig().GloasForkEpoch {
-		return nil, status.Errorf(codes.InvalidArgument,
-			"execution payload envelopes are not supported before GLOAS fork (slot %d)", req.Slot)
-	}
-
-	if vs.ExecutionPayloadEnvelopeCache == nil {
-		return nil, status.Error(codes.Internal, "execution payload envelope cache not initialized")
-	}
-
-	envelope, found := vs.ExecutionPayloadEnvelopeCache.Get(req.Slot, req.BuilderIndex)
-	if !found {
-		return nil, status.Errorf(
-			codes.NotFound,
-			"execution payload envelope not found for slot %d builder %d",
-			req.Slot,
-			req.BuilderIndex,
-		)
-	}
-
-	// Compute state root if not already set.
-	// Following the pattern from epbs-interop: compute post-payload state root.
-	if len(envelope.StateRoot) == 0 || bytesutil.ZeroRoot(envelope.StateRoot) {
-		stateRoot, err := vs.computePostPayloadStateRoot(ctx, envelope)
-		if err != nil {
-			log.WithError(err).Warn("Failed to compute post-payload state root")
-		} else {
-			envelope.StateRoot = stateRoot
-			log.WithField("stateRoot", fmt.Sprintf("%#x", stateRoot)).Debug("Computed state root at execution stage")
-		}
-	}
-
-	return &ethpb.ExecutionPayloadEnvelopeResponse{
-		Envelope: envelope,
-	}, nil
-}
-
-// computePostPayloadStateRoot computes the state root after an execution
-// payload envelope has been processed through a state transition.
-func (vs *Server) computePostPayloadStateRoot(ctx context.Context, envelope *ethpb.ExecutionPayloadEnvelope) ([]byte, error) {
-	ctx, span := trace.StartSpan(ctx, "ProposerServer.computePostPayloadStateRoot")
-	defer span.End()
-
-	if len(envelope.BeaconBlockRoot) == 0 || bytesutil.ZeroRoot(envelope.BeaconBlockRoot) {
-		return nil, errors.New("beacon block root not set on envelope")
-	}
-
-	blockRoot := bytesutil.ToBytes32(envelope.BeaconBlockRoot)
-	st, err := vs.StateGen.StateByRoot(ctx, blockRoot)
-	if err != nil {
-		return nil, errors.Wrap(err, "could not get state by block root")
-	}
-	if st == nil {
-		return nil, errors.New("nil state for block root")
-	}
-
-	// Copy the state to avoid mutating the original
-	st = st.Copy()
-
-	// TODO: Process the execution payload envelope through state transition.
-	// This requires implementing ProcessPayloadStateTransition in beacon-chain/core/gloas.
-	// For now, use the state root from the beacon block state as a placeholder.
-	// The correct implementation would:
-	// 1. Call ProcessPayloadStateTransition(ctx, st, envelope) to apply payload effects
-	// 2. Compute HashTreeRoot of the resulting state
-
-	root, err := st.HashTreeRoot(ctx)
-	if err != nil {
-		return nil, errors.Wrap(err, "could not compute state root")
-	}
-	return root[:], nil
-}
-
-// envelopeBlockWaitTimeout is the maximum time to wait for the associated beacon block
-// before giving up on publishing the execution payload envelope.
-const envelopeBlockWaitTimeout = 4 * time.Second
-
-// envelopeBlockPollInterval is how often to check for the beacon block while waiting.
-const envelopeBlockPollInterval = 100 * time.Millisecond
-
-// PublishExecutionPayloadEnvelope validates and broadcasts a signed execution payload envelope.
-// This is called by validators after signing the envelope retrieved from GetExecutionPayloadEnvelope.
-//
-// The function waits for the associated beacon block to be available before processing,
-// as the envelope references a beacon_block_root that must exist either from local
-// production or P2P gossip.
-//
-// gRPC endpoint: POST /eth/v1alpha1/validator/execution_payload_envelope
-func (vs *Server) PublishExecutionPayloadEnvelope(
-	ctx context.Context,
-	req *ethpb.SignedExecutionPayloadEnvelope,
-) (*emptypb.Empty, error) {
-	if req == nil || req.Message == nil {
-		return nil, status.Error(codes.InvalidArgument, "signed envelope cannot be nil")
-	}
-
-	if slots.ToEpoch(req.Message.Slot) < params.BeaconConfig().GloasForkEpoch {
-		return nil, status.Errorf(codes.InvalidArgument,
-			"execution payload envelopes are not supported before GLOAS fork (slot %d)", req.Message.Slot)
-	}
-
-	beaconBlockRoot := bytesutil.ToBytes32(req.Message.BeaconBlockRoot)
-
-	log := log.WithFields(logrus.Fields{
-		"slot":            req.Message.Slot,
-		"builderIndex":    req.Message.BuilderIndex,
-		"beaconBlockRoot": fmt.Sprintf("%#x", beaconBlockRoot[:8]),
-	})
-	log.Info("Publishing signed execution payload envelope")
-
-	// Wait for the associated beacon block to be available.
-	// The block may come from local production or P2P gossip.
-	if err := vs.waitForBeaconBlock(ctx, beaconBlockRoot); err != nil {
-		return nil, status.Errorf(codes.FailedPrecondition,
-			"beacon block %#x not available: %v", beaconBlockRoot[:8], err)
-	}
-
-	// TODO: Validate envelope signature before broadcasting
-	// if err := vs.validateEnvelopeSignature(ctx, req); err != nil {
-	//     return nil, status.Errorf(codes.InvalidArgument, "invalid envelope signature: %v", err)
-	// }
-
-	// Build data column sidecars from the cached blobs bundle before broadcasting.
-	// In GLOAS, blob data is delivered alongside the execution payload envelope
-	// rather than with the beacon block (which only carries the bid).
-	dataColumnSidecars, err := vs.buildEnvelopeDataColumns(ctx, req.Message, beaconBlockRoot)
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to build data column sidecars: %v", err)
-	}
-
-	// Broadcast envelope and data column sidecars concurrently.
-	eg, eCtx := errgroup.WithContext(ctx)
-	eg.Go(func() error {
-		if err := vs.P2P.Broadcast(eCtx, req); err != nil {
-			return errors.Wrap(err, "broadcast signed execution payload envelope")
-		}
-		// TODO: Receive the envelope locally following the broadcastReceiveBlock pattern.
-		// This requires:
-		// 1. blocks.WrappedROSignedExecutionPayloadEnvelope wrapper
-		// 2. BlockReceiver.ReceiveExecutionPayloadEnvelope method
-		// See epbs branch's receive_execution_payload_envelope.go for reference.
-		return nil
-	})
-	if len(dataColumnSidecars) > 0 {
-		eg.Go(func() error {
-			return vs.broadcastAndReceiveDataColumns(eCtx, dataColumnSidecars)
-		})
-	}
-	if err := eg.Wait(); err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to publish execution payload envelope: %v", err)
-	}
-
-	log.Info("Successfully published execution payload envelope")
-
-	return &emptypb.Empty{}, nil
-}
-
-// waitForBeaconBlock waits for the beacon block with the given root to be available.
-// It first checks if the block already exists, then subscribes to block notifications
-// and polls periodically until the block arrives or the timeout is reached.
-func (vs *Server) waitForBeaconBlock(ctx context.Context, blockRoot [32]byte) error {
-	// Fast path: check if block already exists
-	if vs.BlockReceiver.HasBlock(ctx, blockRoot) {
-		return nil
-	}
-
-	log.WithField("blockRoot", fmt.Sprintf("%#x", blockRoot[:8])).
-		Debug("Waiting for beacon block to arrive")
-
-	waitCtx, cancel := context.WithTimeout(ctx, envelopeBlockWaitTimeout)
-	defer cancel()
-
-	blocksChan := make(chan *feed.Event, 1)
-	blockSub := vs.BlockNotifier.BlockFeed().Subscribe(blocksChan)
-	defer blockSub.Unsubscribe()
-
-	ticker := time.NewTicker(envelopeBlockPollInterval)
-	defer ticker.Stop()
-
-	for {
-		select {
-		case <-waitCtx.Done():
-			return errors.Wrap(waitCtx.Err(), "timeout waiting for beacon block")
-
-		case blockEvent := <-blocksChan:
-			if blockEvent.Type == blockfeed.ReceivedBlock {
-				data, ok := blockEvent.Data.(*blockfeed.ReceivedBlockData)
-				if ok && data != nil && data.SignedBlock != nil {
-					root, err := data.SignedBlock.Block().HashTreeRoot()
-					if err == nil && root == blockRoot {
-						return nil
-					}
-				}
-			}
-
-		case <-ticker.C:
-			if vs.BlockReceiver.HasBlock(ctx, blockRoot) {
-				return nil
-			}
-
-		case <-blockSub.Err():
-			return errors.New("block subscription closed")
-		}
-	}
-}
-
-// buildEnvelopeDataColumns retrieves the cached blobs bundle for the envelope's
-// slot/builder and builds data column sidecars. Returns nil if no blobs to broadcast.
-func (vs *Server) buildEnvelopeDataColumns(
-	ctx context.Context,
-	envelope *ethpb.ExecutionPayloadEnvelope,
-	blockRoot [32]byte,
-) ([]consensusblocks.RODataColumn, error) {
-	if vs.ExecutionPayloadEnvelopeCache == nil {
-		return nil, nil
-	}
-
-	blobsBundle, found := vs.ExecutionPayloadEnvelopeCache.GetBlobsBundle(envelope.Slot, envelope.BuilderIndex)
-	if !found || blobsBundle == nil {
-		return nil, nil
-	}
-
-	blobs := blobsBundle.GetBlobs()
-	proofs := blobsBundle.GetProofs()
-	commitments := envelope.BlobKzgCommitments
-	if len(blobs) == 0 {
-		return nil, nil
-	}
-
-	// Retrieve the beacon block to build the signed block header for sidecars.
-	blk, err := vs.BeaconDB.Block(ctx, blockRoot)
-	if err != nil {
-		return nil, errors.Wrap(err, "could not get block for data column sidecars")
-	}
-	if blk == nil {
-		return nil, errors.New("block not found for data column sidecars")
-	}
-
-	roBlock, err := consensusblocks.NewROBlockWithRoot(blk, blockRoot)
-	if err != nil {
-		return nil, errors.Wrap(err, "could not create ROBlock")
-	}
-
-	return buildDataColumnSidecars(blobs, proofs, peerdas.PopulateFromEnvelope(roBlock, commitments))
-}

beacon-chain/rpc/prysm/v1alpha1/validator/proposer_gloas_test.go

@@ -1,104 +0,0 @@
-package validator
-
-import (
-	"testing"
-
-	"github.com/OffchainLabs/prysm/v7/beacon-chain/cache"
-	consensusblocks "github.com/OffchainLabs/prysm/v7/consensus-types/blocks"
-	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
-	"github.com/OffchainLabs/prysm/v7/crypto/bls/common"
-	enginev1 "github.com/OffchainLabs/prysm/v7/proto/engine/v1"
-	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
-	"github.com/OffchainLabs/prysm/v7/testing/require"
-)
-
-func TestSetGloasExecutionData(t *testing.T) {
-	parentRoot := [32]byte{1, 2, 3}
-	slot := primitives.Slot(100)
-	proposerIndex := primitives.ValidatorIndex(42)
-
-	sBlk, err := consensusblocks.NewSignedBeaconBlock(&ethpb.SignedBeaconBlockGloas{
-		Block: &ethpb.BeaconBlockGloas{
-			Slot:          slot,
-			ProposerIndex: proposerIndex,
-			ParentRoot:    parentRoot[:],
-			Body:          &ethpb.BeaconBlockBodyGloas{},
-		},
-	})
-	require.NoError(t, err)
-
-	payload := &enginev1.ExecutionPayloadDeneb{
-		ParentHash:    make([]byte, 32),
-		FeeRecipient:  make([]byte, 20),
-		StateRoot:     make([]byte, 32),
-		ReceiptsRoot:  make([]byte, 32),
-		LogsBloom:     make([]byte, 256),
-		PrevRandao:    make([]byte, 32),
-		BaseFeePerGas: make([]byte, 32),
-		BlockHash:     make([]byte, 32),
-		ExtraData:     make([]byte, 0),
-	}
-	ed, err := consensusblocks.WrappedExecutionPayloadDeneb(payload)
-	require.NoError(t, err)
-
-	local := &consensusblocks.GetPayloadResponse{
-		ExecutionData:     ed,
-		Bid:               primitives.ZeroWei(),
-		BlobsBundler:      nil,
-		ExecutionRequests: &enginev1.ExecutionRequests{},
-	}
-
-	envelopeCache := cache.NewExecutionPayloadEnvelopeCache()
-	vs := &Server{
-		ExecutionPayloadEnvelopeCache: envelopeCache,
-	}
-
-	err = vs.setGloasExecutionData(t.Context(), sBlk, local)
-	require.NoError(t, err)
-
-	// Verify the signed bid was set on the block.
-	signedBid, err := sBlk.Block().Body().SignedExecutionPayloadBid()
-	require.NoError(t, err)
-	require.NotNil(t, signedBid)
-	require.NotNil(t, signedBid.Message)
-
-	// Per spec (process_execution_payload_bid): for self-builds,
-	// signature must be G2 point-at-infinity.
-	require.DeepEqual(t, common.InfiniteSignature[:], signedBid.Signature)
-
-	// Verify bid fields.
-	bid := signedBid.Message
-	require.Equal(t, slot, bid.Slot)
-	require.Equal(t, primitives.BuilderIndex(proposerIndex), bid.BuilderIndex)
-	require.DeepEqual(t, parentRoot[:], bid.ParentBlockRoot)
-	require.Equal(t, uint64(0), bid.Value)
-	require.Equal(t, uint64(0), bid.ExecutionPayment)
-
-	// Verify the envelope was cached.
-	envelope, found := envelopeCache.Get(slot, primitives.BuilderIndex(proposerIndex))
-	require.Equal(t, true, found)
-	require.NotNil(t, envelope)
-	require.Equal(t, slot, envelope.Slot)
-	require.Equal(t, primitives.BuilderIndex(proposerIndex), envelope.BuilderIndex)
-}
-
-func TestSetGloasExecutionData_NilPayload(t *testing.T) {
-	sBlk, err := consensusblocks.NewSignedBeaconBlock(&ethpb.SignedBeaconBlockGloas{
-		Block: &ethpb.BeaconBlockGloas{
-			Slot:       1,
-			ParentRoot: make([]byte, 32),
-			Body:       &ethpb.BeaconBlockBodyGloas{},
-		},
-	})
-	require.NoError(t, err)
-
-	vs := &Server{
-		ExecutionPayloadEnvelopeCache: cache.NewExecutionPayloadEnvelopeCache(),
-	}
-
-	err = vs.setGloasExecutionData(t.Context(), sBlk, nil)
-	require.ErrorContains(t, "local execution payload is nil", err)
-
-	err = vs.setGloasExecutionData(t.Context(), sBlk, &consensusblocks.GetPayloadResponse{})
-	require.ErrorContains(t, "local execution payload is nil", err)
-}

beacon-chain/rpc/prysm/v1alpha1/validator/server.go

@@ -44,46 +44,46 @@ import (
 // and committees in which particular validators need to perform their responsibilities,
 // and more.
 type Server struct {
-	Ctx                           context.Context
-	PayloadIDCache                *cache.PayloadIDCache
-	TrackedValidatorsCache        *cache.TrackedValidatorsCache
-	ExecutionPayloadEnvelopeCache *cache.ExecutionPayloadEnvelopeCache // GLOAS: Cache for execution payload envelopes
-	HeadFetcher                   blockchain.HeadFetcher
-	ForkFetcher                   blockchain.ForkFetcher
-	ForkchoiceFetcher             blockchain.ForkchoiceFetcher
-	GenesisFetcher                blockchain.GenesisFetcher
-	FinalizationFetcher           blockchain.FinalizationFetcher
-	TimeFetcher                   blockchain.TimeFetcher
-	BlockFetcher                  execution.POWBlockFetcher
-	DepositFetcher                cache.DepositFetcher
-	ChainStartFetcher             execution.ChainStartFetcher
-	Eth1InfoFetcher               execution.ChainInfoFetcher
-	OptimisticModeFetcher         blockchain.OptimisticModeFetcher
-	SyncChecker                   sync.Checker
-	StateNotifier                 statefeed.Notifier
-	BlockNotifier                 blockfeed.Notifier
-	P2P                           p2p.Broadcaster
-	AttestationCache              *cache.AttestationCache
-	AttPool                       attestations.Pool
-	SlashingsPool                 slashings.PoolManager
-	ExitPool                      voluntaryexits.PoolManager
-	SyncCommitteePool             synccommittee.Pool
-	BlockReceiver                 blockchain.BlockReceiver
-	BlobReceiver                  blockchain.BlobReceiver
-	DataColumnReceiver            blockchain.DataColumnReceiver
-	MockEth1Votes                 bool
-	Eth1BlockFetcher              execution.POWBlockFetcher
-	PendingDepositsFetcher        depositsnapshot.PendingDepositsFetcher
-	OperationNotifier             opfeed.Notifier
-	StateGen                      stategen.StateManager
-	ReplayerBuilder               stategen.ReplayerBuilder
-	BeaconDB                      db.HeadAccessDatabase
-	ExecutionEngineCaller         execution.EngineCaller
-	BlockBuilder                  builder.BlockBuilder
-	BLSChangesPool                blstoexec.PoolManager
-	ClockWaiter                   startup.ClockWaiter
-	CoreService                   *core.Service
-	AttestationStateFetcher       blockchain.AttestationStateFetcher
+	Ctx                     context.Context
+	PayloadIDCache          *cache.PayloadIDCache
+	TrackedValidatorsCache  *cache.TrackedValidatorsCache
+	HeadFetcher             blockchain.HeadFetcher
+	ForkFetcher             blockchain.ForkFetcher
+	ForkchoiceFetcher       blockchain.ForkchoiceFetcher
+	GenesisFetcher          blockchain.GenesisFetcher
+	FinalizationFetcher     blockchain.FinalizationFetcher
+	TimeFetcher             blockchain.TimeFetcher
+	BlockFetcher            execution.POWBlockFetcher
+	DepositFetcher          cache.DepositFetcher
+	ChainStartFetcher       execution.ChainStartFetcher
+	Eth1InfoFetcher         execution.ChainInfoFetcher
+	OptimisticModeFetcher   blockchain.OptimisticModeFetcher
+	SyncChecker             sync.Checker
+	StateNotifier           statefeed.Notifier
+	BlockNotifier           blockfeed.Notifier
+	P2P                     p2p.Broadcaster
+	AttestationCache        *cache.AttestationCache
+	AttPool                 attestations.Pool
+	SlashingsPool           slashings.PoolManager
+	ExitPool                voluntaryexits.PoolManager
+	SyncCommitteePool       synccommittee.Pool
+	BlockReceiver           blockchain.BlockReceiver
+	BlobReceiver            blockchain.BlobReceiver
+	DataColumnReceiver      blockchain.DataColumnReceiver
+	ProofReceiver           blockchain.ProofReceiver
+	MockEth1Votes           bool
+	Eth1BlockFetcher        execution.POWBlockFetcher
+	PendingDepositsFetcher  depositsnapshot.PendingDepositsFetcher
+	OperationNotifier       opfeed.Notifier
+	StateGen                stategen.StateManager
+	ReplayerBuilder         stategen.ReplayerBuilder
+	BeaconDB                db.HeadAccessDatabase
+	ExecutionEngineCaller   execution.EngineCaller
+	BlockBuilder            builder.BlockBuilder
+	BLSChangesPool          blstoexec.PoolManager
+	ClockWaiter             startup.ClockWaiter
+	CoreService             *core.Service
+	AttestationStateFetcher blockchain.AttestationStateFetcher
 }
 
 // Deprecated: The gRPC API will remain the default and fully supported through v8 (expected in 2026) but will be eventually removed in favor of REST API.

beacon-chain/rpc/service.go

@@ -90,6 +90,7 @@ type Config struct {
 	BlockReceiver             blockchain.BlockReceiver
 	BlobReceiver              blockchain.BlobReceiver
 	DataColumnReceiver        blockchain.DataColumnReceiver
+	ProofReceiver             blockchain.ProofReceiver
 	ExecutionChainService     execution.Chain
 	ChainStartFetcher         execution.ChainStartFetcher
 	ExecutionChainInfoFetcher execution.ChainInfoFetcher
@@ -240,6 +241,7 @@ func NewService(ctx context.Context, cfg *Config) *Service {
 		BlockReceiver:           s.cfg.BlockReceiver,
 		BlobReceiver:            s.cfg.BlobReceiver,
 		DataColumnReceiver:      s.cfg.DataColumnReceiver,
+		ProofReceiver:           s.cfg.ProofReceiver,
 		MockEth1Votes:           s.cfg.MockEth1Votes,
 		Eth1BlockFetcher:        s.cfg.ExecutionChainService,
 		PendingDepositsFetcher:  s.cfg.PendingDepositFetcher,

beacon-chain/state/state-native/getters_gloas.go

@@ -46,20 +46,14 @@ func (b *BeaconState) BuilderPubkey(builderIndex primitives.BuilderIndex) ([fiel
 }
 
 // IsActiveBuilder returns true if the builder placement is finalized and it has not initiated exit.
+// Spec v1.7.0-alpha.0 (pseudocode):
+// def is_active_builder(state: BeaconState, builder_index: BuilderIndex) -> bool:
 //
-//	<spec fn="is_active_builder" fork="gloas" hash="1a599fb2">
-//	def is_active_builder(state: BeaconState, builder_index: BuilderIndex) -> bool:
-//	    """
-//	    Check if the builder at ``builder_index`` is active for the given ``state``.
-//	    """
-//	    builder = state.builders[builder_index]
-//	    return (
-//	        # Placement in builder list is finalized
-//	        builder.deposit_epoch < state.finalized_checkpoint.epoch
-//	        # Has not initiated exit
-//	        and builder.withdrawable_epoch == FAR_FUTURE_EPOCH
-//	    )
-//	</spec>
+//	builder = state.builders[builder_index]
+//	return (
+//	    builder.deposit_epoch < state.finalized_checkpoint.epoch
+//	    and builder.withdrawable_epoch == FAR_FUTURE_EPOCH
+//	)
 func (b *BeaconState) IsActiveBuilder(builderIndex primitives.BuilderIndex) (bool, error) {
 	if b.version < version.Gloas {
 		return false, errNotSupported("IsActiveBuilder", b.version)
@@ -78,18 +72,15 @@ func (b *BeaconState) IsActiveBuilder(builderIndex primitives.BuilderIndex) (boo
 }
 
 // CanBuilderCoverBid returns true if the builder has enough balance to cover the given bid amount.
+// Spec v1.7.0-alpha.0 (pseudocode):
+// def can_builder_cover_bid(state: BeaconState, builder_index: BuilderIndex, bid_amount: Gwei) -> bool:
 //
-//	<spec fn="can_builder_cover_bid" fork="gloas" hash="9e3f2d7c">
-//	def can_builder_cover_bid(
-//	    state: BeaconState, builder_index: BuilderIndex, bid_amount: Gwei
-//	) -> bool:
-//	    builder_balance = state.builders[builder_index].balance
-//	    pending_withdrawals_amount = get_pending_balance_to_withdraw_for_builder(state, builder_index)
-//	    min_balance = MIN_DEPOSIT_AMOUNT + pending_withdrawals_amount
-//	    if builder_balance < min_balance:
-//	        return False
-//	    return builder_balance - min_balance >= bid_amount
-//	</spec>
+//	builder_balance = state.builders[builder_index].balance
+//	pending_withdrawals_amount = get_pending_balance_to_withdraw_for_builder(state, builder_index)
+//	min_balance = MIN_DEPOSIT_AMOUNT + pending_withdrawals_amount
+//	if builder_balance < min_balance:
+//	    return False
+//	return builder_balance - min_balance >= bid_amount
 func (b *BeaconState) CanBuilderCoverBid(builderIndex primitives.BuilderIndex, bidAmount primitives.Gwei) (bool, error) {
 	if b.version < version.Gloas {
 		return false, errNotSupported("CanBuilderCoverBid", b.version)

beacon-chain/sync/BUILD.bazel

@@ -14,6 +14,7 @@ go_library(
         "decode_pubsub.go",
         "doc.go",
         "error.go",
+        "exec_proofs.go",
         "fork_watcher.go",
         "fuzz_exports.go",  # keep
         "log.go",
@@ -31,6 +32,7 @@ go_library(
         "rpc_chunked_response.go",
         "rpc_data_column_sidecars_by_range.go",
         "rpc_data_column_sidecars_by_root.go",
+        "rpc_execution_proofs_by_root_topic.go",
         "rpc_goodbye.go",
         "rpc_light_client.go",
         "rpc_metadata.go",
@@ -46,6 +48,7 @@ go_library(
         "subscriber_blob_sidecar.go",
         "subscriber_bls_to_execution_change.go",
         "subscriber_data_column_sidecar.go",
+        "subscriber_execution_proofs.go",
         "subscriber_handlers.go",
         "subscriber_sync_committee_message.go",
         "subscriber_sync_contribution_proof.go",
@@ -57,6 +60,7 @@ go_library(
         "validate_blob.go",
         "validate_bls_to_execution_change.go",
         "validate_data_column.go",
+        "validate_execution_proof.go",
         "validate_light_client.go",
         "validate_proposer_slashing.go",
         "validate_sync_committee_message.go",

beacon-chain/sync/exec_proofs.go

@@ -0,0 +1,65 @@
+package sync
+
+import (
+	"fmt"
+	"time"
+
+	"errors"
+
+	"github.com/OffchainLabs/prysm/v7/consensus-types/blocks"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
+	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
+)
+
+// generateExecProof returns a dummy execution proof after the specified delay.
+func generateExecProof(roBlock blocks.ROBlock, proofID primitives.ExecutionProofId, delay time.Duration) (*ethpb.ExecutionProof, error) {
+	// Simulate proof generation work
+	time.Sleep(delay)
+
+	// Create a dummy proof with some deterministic data
+	block := roBlock.Block()
+	if block == nil {
+		return nil, errors.New("nil block")
+	}
+
+	body := block.Body()
+	if body == nil {
+		return nil, errors.New("nil block body")
+	}
+
+	executionData, err := body.Execution()
+	if err != nil {
+		return nil, fmt.Errorf("execution: %w", err)
+	}
+
+	if executionData == nil {
+		return nil, errors.New("nil execution data")
+	}
+
+	hash, err := executionData.HashTreeRoot()
+	if err != nil {
+		return nil, fmt.Errorf("hash tree root: %w", err)
+	}
+
+	proofData := []byte{
+		0xFF, // Magic byte for dummy proof
+		byte(proofID),
+		// Include some payload hash bytes
+		hash[0],
+		hash[1],
+		hash[2],
+		hash[3],
+	}
+
+	blockRoot := roBlock.Root()
+
+	proof := &ethpb.ExecutionProof{
+		ProofId:   proofID,
+		Slot:      block.Slot(),
+		BlockHash: hash[:],
+		BlockRoot: blockRoot[:],
+		ProofData: proofData,
+	}
+
+	return proof, nil
+}

beacon-chain/sync/options.go

@@ -167,17 +167,25 @@ func WithStateNotifier(n statefeed.Notifier) Option {
 }
 
 // WithBlobStorage gives the sync package direct access to BlobStorage.
-func WithBlobStorage(b *filesystem.BlobStorage) Option {
+func WithBlobStorage(storage *filesystem.BlobStorage) Option {
 	return func(s *Service) error {
-		s.cfg.blobStorage = b
+		s.cfg.blobStorage = storage
 		return nil
 	}
 }
 
 // WithDataColumnStorage gives the sync package direct access to DataColumnStorage.
-func WithDataColumnStorage(b *filesystem.DataColumnStorage) Option {
+func WithDataColumnStorage(storage *filesystem.DataColumnStorage) Option {
 	return func(s *Service) error {
-		s.cfg.dataColumnStorage = b
+		s.cfg.dataColumnStorage = storage
+		return nil
+	}
+}
+
+// WithDataColumnStorage gives the sync package direct access to DataColumnStorage.
+func WithExecutionProofStorage(storage *filesystem.ProofStorage) Option {
+	return func(s *Service) error {
+		s.cfg.proofStorage = storage
 		return nil
 	}
 }

beacon-chain/sync/pending_blocks_queue.go

@@ -259,6 +259,10 @@ func (s *Service) processBlock(ctx context.Context, b interfaces.ReadOnlySignedB
 			return errors.Wrap(err, "request and save missing data column sidecars")
 		}
 
+		if err := s.requestAndSaveMissingExecutionProofs([]blocks.ROBlock{roBlock}); err != nil {
+			return errors.Wrap(err, "request and save missing execution proofs")
+		}
+
 		return nil
 	}
 

beacon-chain/sync/rate_limiter.go

@@ -100,6 +100,10 @@ func newRateLimiter(p2pProvider p2p.P2P) *limiter {
 	topicMap[addEncoding(p2p.RPCDataColumnSidecarsByRootTopicV1)] = dataColumnSidecars
 	// DataColumnSidecarsByRangeV1
 	topicMap[addEncoding(p2p.RPCDataColumnSidecarsByRangeTopicV1)] = dataColumnSidecars
+	
+	executionProofs := leakybucket.NewCollector(1, defaultBurstLimit, leakyBucketPeriod, false /* deleteEmptyBuckets */);
+	// ExecutionProofsByRootV1
+	topicMap[addEncoding(p2p.RPCExecutionProofsByRootTopicV1)] = executionProofs
 
 	// General topic for all rpc requests.
 	topicMap[rpcLimiterTopic] = leakybucket.NewCollector(5, defaultBurstLimit*2, leakyBucketPeriod, false /* deleteEmptyBuckets */)

beacon-chain/sync/rate_limiter_test.go

@@ -17,7 +17,7 @@ import (
 
 func TestNewRateLimiter(t *testing.T) {
 	rlimiter := newRateLimiter(mockp2p.NewTestP2P(t))
-	assert.Equal(t, len(rlimiter.limiterMap), 20, "correct number of topics not registered")
+	assert.Equal(t, len(rlimiter.limiterMap), 21, "correct number of topics not registered")
 }
 
 func TestNewRateLimiter_FreeCorrectly(t *testing.T) {

beacon-chain/sync/rpc.go

@@ -51,6 +51,7 @@ func (s *Service) rpcHandlerByTopicFromFork(forkIndex int) (map[string]rpcHandle
 			p2p.RPCBlobSidecarsByRangeTopicV1:       s.blobSidecarsByRangeRPCHandler,       // Modified in Fulu
 			p2p.RPCDataColumnSidecarsByRootTopicV1:  s.dataColumnSidecarByRootRPCHandler,   // Added in Fulu
 			p2p.RPCDataColumnSidecarsByRangeTopicV1: s.dataColumnSidecarsByRangeRPCHandler, // Added in Fulu
+			p2p.RPCExecutionProofsByRootTopicV1:     s.executionProofsByRootRPCHandler,     // Added in Fulu
 		}, nil
 	}
 

beacon-chain/sync/rpc_beacon_blocks_by_root.go

@@ -11,11 +11,14 @@ import (
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/p2p/types"
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/sync/verify"
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/verification"
+	"github.com/OffchainLabs/prysm/v7/config/features"
 	fieldparams "github.com/OffchainLabs/prysm/v7/config/fieldparams"
 	"github.com/OffchainLabs/prysm/v7/config/params"
 	"github.com/OffchainLabs/prysm/v7/consensus-types/blocks"
 	"github.com/OffchainLabs/prysm/v7/consensus-types/interfaces"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
 	eth "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
+	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
 	"github.com/OffchainLabs/prysm/v7/runtime/version"
 	"github.com/OffchainLabs/prysm/v7/time/slots"
 	libp2pcore "github.com/libp2p/go-libp2p/core"
@@ -87,9 +90,84 @@ func (s *Service) sendBeaconBlocksRequest(ctx context.Context, requests *types.B
 		return errors.Wrap(err, "request and save missing data columns")
 	}
 
+	if err := s.requestAndSaveMissingExecutionProofs(postFuluBlocks); err != nil {
+		return errors.Wrap(err, "request and save missing execution proofs")
+	}
+
 	return err
 }
 
+func (s *Service) requestAndSaveMissingExecutionProofs(blks []blocks.ROBlock) error {
+	if len(blks) == 0 {
+		return nil
+	}
+
+	// TODO: Parallelize requests for multiple blocks.
+	for _, blk := range blks {
+		if err := s.sendAndSaveExecutionProofs(s.ctx, blk); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (s *Service) sendAndSaveExecutionProofs(ctx context.Context, block blocks.ROBlock) error {
+	if !features.Get().EnableZkvm {
+		return nil
+	}
+
+	// Check proof retention period.
+	blockEpoch := slots.ToEpoch(block.Block().Slot())
+	currentEpoch := slots.ToEpoch(s.cfg.clock.CurrentSlot())
+	if !params.WithinExecutionProofPeriod(blockEpoch, currentEpoch) {
+		return nil
+	}
+	// Check how many proofs are needed with Execution Proof Pool.
+	// TODO: All should return the same type ExecutionProofId.
+	root := block.Root()
+	proofStorage := s.cfg.proofStorage
+	storedIds := proofStorage.Summary(root).All()
+
+	count := uint64(len(storedIds))
+	if count >= params.BeaconConfig().MinProofsRequired {
+		return nil
+	}
+
+	alreadyHave := make([]primitives.ExecutionProofId, 0, len(storedIds))
+	for _, id := range storedIds {
+		alreadyHave = append(alreadyHave, primitives.ExecutionProofId(id))
+	}
+
+	// Construct request
+	req := &ethpb.ExecutionProofsByRootRequest{
+		BlockRoot:   root[:],
+		CountNeeded: params.BeaconConfig().MinProofsRequired - count,
+		AlreadyHave: alreadyHave,
+	}
+
+	// Call SendExecutionProofByRootRequest
+	zkvmEnabledPeers := s.cfg.p2p.Peers().ZkvmEnabledPeers()
+	if len(zkvmEnabledPeers) == 0 {
+		return fmt.Errorf("no zkVM enabled peers available to request execution proofs")
+	}
+
+	// TODO: For simplicity, just pick the first peer for now.
+	// In the future, we can implement better peer selection logic.
+	pid := zkvmEnabledPeers[0]
+	proofs, err := SendExecutionProofsByRootRequest(ctx, s.cfg.clock, s.cfg.p2p, pid, req)
+	if err != nil {
+		return fmt.Errorf("send execution proofs by root request: %w", err)
+	}
+
+	// Save the proofs into storage.
+	if err := proofStorage.Save(proofs); err != nil {
+		return fmt.Errorf("proof storage save: %w", err)
+	}
+
+	return nil
+}
+
 // requestAndSaveMissingDataColumns checks if the data columns are missing for the given block.
 // If so, requests them and saves them to the storage.
 func (s *Service) requestAndSaveMissingDataColumnSidecars(blks []blocks.ROBlock) error {

beacon-chain/sync/rpc_chunked_response.go

@@ -182,3 +182,21 @@ func WriteDataColumnSidecarChunk(stream libp2pcore.Stream, tor blockchain.Tempor
 
 	return nil
 }
+
+func WriteExecutionProofChunk(stream libp2pcore.Stream, encoding encoder.NetworkEncoding, proof *ethpb.ExecutionProof) error {
+	// Success response code.
+	if _, err := stream.Write([]byte{responseCodeSuccess}); err != nil {
+		return errors.Wrap(err, "stream write")
+	}
+	ctxBytes := params.ForkDigest(slots.ToEpoch(proof.Slot))
+	if err := writeContextToStream(ctxBytes[:], stream); err != nil {
+		return errors.Wrap(err, "write context to stream")
+	}
+
+	// Execution proof.
+	if _, err := encoding.EncodeWithMaxLength(stream, proof); err != nil {
+		return errors.Wrap(err, "encode with max length")
+	}
+
+	return nil
+}

beacon-chain/sync/rpc_execution_proofs_by_root_topic.go

@@ -0,0 +1,228 @@
+package sync
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/blockchain"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/p2p"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
+	"github.com/OffchainLabs/prysm/v7/encoding/bytesutil"
+	"github.com/OffchainLabs/prysm/v7/monitoring/tracing/trace"
+	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
+	"github.com/OffchainLabs/prysm/v7/time/slots"
+	libp2pcore "github.com/libp2p/go-libp2p/core"
+	"github.com/libp2p/go-libp2p/core/peer"
+	"github.com/sirupsen/logrus"
+)
+
+// SendExecutionProofsByRootRequest sends ExecutionProofsByRoot request and returns fetched execution proofs, if any.
+func SendExecutionProofsByRootRequest(
+	ctx context.Context,
+	clock blockchain.TemporalOracle,
+	p2pProvider p2p.P2P,
+	pid peer.ID,
+	req *ethpb.ExecutionProofsByRootRequest,
+) ([]*ethpb.ExecutionProof, error) {
+	// Validate request
+	if req.CountNeeded == 0 {
+		return nil, errors.New("count_needed must be greater than 0")
+	}
+
+	topic, err := p2p.TopicFromMessage(p2p.ExecutionProofsByRootName, slots.ToEpoch(clock.CurrentSlot()))
+	if err != nil {
+		return nil, err
+	}
+
+	log.WithFields(logrus.Fields{
+		"topic":      topic,
+		"block_root": bytesutil.ToBytes32(req.BlockRoot),
+		"count":      req.CountNeeded,
+		"already":    len(req.AlreadyHave),
+	}).Debug("Sending execution proofs by root request")
+
+	stream, err := p2pProvider.Send(ctx, req, topic, pid)
+	if err != nil {
+		return nil, err
+	}
+	defer closeStream(stream, log)
+
+	// Read execution proofs from stream
+	proofs := make([]*ethpb.ExecutionProof, 0, req.CountNeeded)
+	alreadyHaveSet := make(map[primitives.ExecutionProofId]struct{})
+	for _, id := range req.AlreadyHave {
+		alreadyHaveSet[id] = struct{}{}
+	}
+
+	for i := uint64(0); i < req.CountNeeded; i++ {
+		isFirstChunk := i == 0
+		proof, err := ReadChunkedExecutionProof(stream, p2pProvider, isFirstChunk)
+		if errors.Is(err, io.EOF) {
+			break
+		}
+		if err != nil {
+			return nil, err
+		}
+
+		// Validate proof
+		if err := validateExecutionProof(proof, req, alreadyHaveSet); err != nil {
+			return nil, err
+		}
+
+		proofs = append(proofs, proof)
+	}
+
+	return proofs, nil
+}
+
+// ReadChunkedExecutionProof reads a chunked execution proof from the stream.
+func ReadChunkedExecutionProof(
+	stream libp2pcore.Stream,
+	encoding p2p.EncodingProvider,
+	isFirstChunk bool,
+) (*ethpb.ExecutionProof, error) {
+	// Read status code for each chunk (like data columns, not like blocks)
+	code, errMsg, err := ReadStatusCode(stream, encoding.Encoding())
+	if err != nil {
+		return nil, err
+	}
+	if code != 0 {
+		return nil, errors.New(errMsg)
+	}
+
+	// Read context bytes (fork digest)
+	_, err = readContextFromStream(stream)
+	if err != nil {
+		return nil, fmt.Errorf("read context from stream: %w", err)
+	}
+
+	// Decode the proof
+	proof := &ethpb.ExecutionProof{}
+	if err := encoding.Encoding().DecodeWithMaxLength(stream, proof); err != nil {
+		return nil, err
+	}
+
+	return proof, nil
+}
+
+// validateExecutionProof validates a received execution proof against the request.
+func validateExecutionProof(
+	proof *ethpb.ExecutionProof,
+	req *ethpb.ExecutionProofsByRootRequest,
+	alreadyHaveSet map[primitives.ExecutionProofId]struct{},
+) error {
+	// Check block root matches
+	proofRoot := bytesutil.ToBytes32(proof.BlockRoot)
+	reqRoot := bytesutil.ToBytes32(req.BlockRoot)
+	if proofRoot != reqRoot {
+		return fmt.Errorf("proof block root %#x does not match requested root %#x",
+			proofRoot, reqRoot)
+	}
+
+	// Check we didn't already have this proof
+	if _, ok := alreadyHaveSet[proof.ProofId]; ok {
+		return fmt.Errorf("received proof we already have: proof_id=%d", proof.ProofId)
+	}
+
+	// Check proof ID is valid (within max range)
+	if !proof.ProofId.IsValid() {
+		return fmt.Errorf("invalid proof_id: %d", proof.ProofId)
+	}
+
+	return nil
+}
+
+// executionProofsByRootRPCHandler handles incoming ExecutionProofsByRoot RPC requests.
+func (s *Service) executionProofsByRootRPCHandler(ctx context.Context, msg any, stream libp2pcore.Stream) error {
+	ctx, span := trace.StartSpan(ctx, "sync.executionProofsByRootRPCHandler")
+	defer span.End()
+
+	_, cancel := context.WithTimeout(ctx, ttfbTimeout)
+	defer cancel()
+
+	req, ok := msg.(*ethpb.ExecutionProofsByRootRequest)
+	if !ok {
+		return errors.New("message is not type ExecutionProofsByRootRequest")
+	}
+
+	remotePeer := stream.Conn().RemotePeer()
+	SetRPCStreamDeadlines(stream)
+
+	// Validate request
+	if err := s.rateLimiter.validateRequest(stream, 1); err != nil {
+		return err
+	}
+
+	// Penalize peers that send invalid requests.
+	if err := validateExecutionProofsByRootRequest(req); err != nil {
+		s.downscorePeer(remotePeer, "executionProofsByRootRPCHandlerValidationError")
+		s.writeErrorResponseToStream(responseCodeInvalidRequest, err.Error(), stream)
+		return fmt.Errorf("validate execution proofs by root request: %w", err)
+	}
+
+	blockRoot := bytesutil.ToBytes32(req.BlockRoot)
+
+	log := log.WithFields(logrus.Fields{
+		"blockroot":   fmt.Sprintf("%#x", blockRoot),
+		"neededCount": req.CountNeeded,
+		"alreadyHave": req.AlreadyHave,
+		"peer":        remotePeer.String(),
+	})
+
+	s.rateLimiter.add(stream, 1)
+	defer closeStream(stream, log)
+
+	// Get proofs from execution proof pool
+	summary := s.cfg.proofStorage.Summary(blockRoot)
+
+	// Filter out not requested proofs
+	alreadyHave := make(map[primitives.ExecutionProofId]bool)
+	for _, id := range req.AlreadyHave {
+		alreadyHave[id] = true
+	}
+
+	// Determine which proofs to fetch (not already had by requester)
+	proofIDsToFetch := make([]uint64, 0, len(summary.All()))
+	for _, proofId := range summary.All() {
+		if !alreadyHave[primitives.ExecutionProofId(proofId)] {
+			proofIDsToFetch = append(proofIDsToFetch, proofId)
+		}
+	}
+
+	// Load all proofs at once
+	proofs, err := s.cfg.proofStorage.Get(blockRoot, proofIDsToFetch)
+	if err != nil {
+		return fmt.Errorf("proof storage get: %w", err)
+	}
+
+	// Send proofs
+	sentCount := uint64(0)
+	for _, proof := range proofs {
+		if sentCount >= req.CountNeeded {
+			break
+		}
+
+		// Write proof to stream
+		SetStreamWriteDeadline(stream, defaultWriteDuration)
+		if err := WriteExecutionProofChunk(stream, s.cfg.p2p.Encoding(), proof); err != nil {
+			log.WithError(err).Debug("Could not send execution proof")
+			s.writeErrorResponseToStream(responseCodeServerError, "could not send execution proof", stream)
+			return err
+		}
+
+		sentCount++
+	}
+
+	log.WithField("sentCount", sentCount).Debug("Responded to execution proofs by root request")
+
+	return nil
+}
+
+func validateExecutionProofsByRootRequest(req *ethpb.ExecutionProofsByRootRequest) error {
+	if req.CountNeeded == 0 {
+		return errors.New("count_needed must be greater than 0")
+	}
+	return nil
+}

beacon-chain/sync/service.go

@@ -70,6 +70,7 @@ const (
 	seenProposerSlashingSize        = 100
 	badBlockSize                    = 1000
 	syncMetricsInterval             = 10 * time.Second
+	seenExecutionProofSize          = 100
 )
 
 var (
@@ -109,6 +110,7 @@ type config struct {
 	stateNotifier           statefeed.Notifier
 	blobStorage             *filesystem.BlobStorage
 	dataColumnStorage       *filesystem.DataColumnStorage
+	proofStorage            *filesystem.ProofStorage
 	batchVerifierLimit      int
 }
 
@@ -117,6 +119,7 @@ type blockchainService interface {
 	blockchain.BlockReceiver
 	blockchain.BlobReceiver
 	blockchain.DataColumnReceiver
+	blockchain.ProofReceiver
 	blockchain.HeadFetcher
 	blockchain.FinalizationFetcher
 	blockchain.ForkFetcher
@@ -149,6 +152,7 @@ type Service struct {
 	seenBlobLock                     sync.RWMutex
 	seenBlobCache                    *lru.Cache
 	seenDataColumnCache              *slotAwareCache
+	seenProofCache                   *slotAwareCache
 	seenAggregatedAttestationLock    sync.RWMutex
 	seenAggregatedAttestationCache   *lru.Cache
 	seenUnAggregatedAttestationLock  sync.RWMutex
@@ -173,6 +177,7 @@ type Service struct {
 	verifierWaiter                   *verification.InitializerWaiter
 	newBlobVerifier                  verification.NewBlobVerifier
 	newColumnsVerifier               verification.NewDataColumnsVerifier
+	newProofsVerifier                verification.NewExecutionProofsVerifier
 	columnSidecarsExecSingleFlight   singleflight.Group
 	reconstructionSingleFlight       singleflight.Group
 	availableBlocker                 coverage.AvailableBlocker
@@ -234,7 +239,6 @@ func NewService(ctx context.Context, opts ...Option) *Service {
 	r.subHandler = newSubTopicHandler()
 	r.rateLimiter = newRateLimiter(r.cfg.p2p)
 	r.initCaches()
-
 	return r
 }
 
@@ -250,6 +254,12 @@ func newDataColumnsVerifierFromInitializer(ini *verification.Initializer) verifi
 	}
 }
 
+func newExecutionProofsVerifierFromInitializer(ini *verification.Initializer) verification.NewExecutionProofsVerifier {
+	return func(proofs []blocks.ROExecutionProof, reqs []verification.Requirement) verification.ExecutionProofsVerifier {
+		return ini.NewExecutionProofsVerifier(proofs, reqs)
+	}
+}
+
 // Start the regular sync service.
 func (s *Service) Start() {
 	v, err := s.verifierWaiter.WaitForInitializer(s.ctx)
@@ -259,6 +269,7 @@ func (s *Service) Start() {
 	}
 	s.newBlobVerifier = newBlobVerifierFromInitializer(v)
 	s.newColumnsVerifier = newDataColumnsVerifierFromInitializer(v)
+	s.newProofsVerifier = newExecutionProofsVerifierFromInitializer(v)
 
 	go s.verifierRoutine()
 	go s.startDiscoveryAndSubscriptions()
@@ -348,6 +359,7 @@ func (s *Service) initCaches() {
 	s.seenBlockCache = lruwrpr.New(seenBlockSize)
 	s.seenBlobCache = lruwrpr.New(seenBlockSize * params.BeaconConfig().DeprecatedMaxBlobsPerBlockElectra)
 	s.seenDataColumnCache = newSlotAwareCache(seenDataColumnSize)
+	s.seenProofCache = newSlotAwareCache(seenExecutionProofSize)
 	s.seenAggregatedAttestationCache = lruwrpr.New(seenAggregatedAttSize)
 	s.seenUnAggregatedAttestationCache = lruwrpr.New(seenUnaggregatedAttSize)
 	s.seenSyncMessageCache = lruwrpr.New(seenSyncMsgSize)

beacon-chain/sync/subscriber.go

@@ -329,6 +329,17 @@ func (s *Service) registerSubscribers(nse params.NetworkScheduleEntry) bool {
 				getSubnetsRequiringPeers: s.allDataColumnSubnets,
 			})
 		})
+
+		if features.Get().EnableZkvm {
+			s.spawn(func() {
+				s.subscribe(
+					p2p.ExecutionProofSubnetTopicFormat,
+					s.validateExecutionProof,
+					s.executionProofSubscriber,
+					nse,
+				)
+			})
+		}
 	}
 	return true
 }

beacon-chain/sync/subscriber_beacon_blocks.go

@@ -11,6 +11,7 @@ import (
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/helpers"
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/peerdas"
 	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/transition/interop"
+	"github.com/OffchainLabs/prysm/v7/cmd/beacon-chain/flags"
 	"github.com/OffchainLabs/prysm/v7/config/features"
 	fieldparams "github.com/OffchainLabs/prysm/v7/config/fieldparams"
 	"github.com/OffchainLabs/prysm/v7/config/params"
@@ -22,6 +23,7 @@ import (
 	"github.com/OffchainLabs/prysm/v7/time/slots"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/sync/errgroup"
 	"google.golang.org/protobuf/proto"
 )
 
@@ -77,6 +79,11 @@ func (s *Service) beaconBlockSubscriber(ctx context.Context, msg proto.Message)
 		return err
 	}
 
+	// We use the service context to ensure this context is not cancelled
+	// when the current function returns.
+	// TODO: Do not broadcast proofs for blocks we have already seen.
+	go s.generateAndBroadcastExecutionProofs(s.ctx, roBlock)
+
 	if err := s.processPendingAttsForBlock(ctx, root); err != nil {
 		return errors.Wrap(err, "process pending atts for block")
 	}
@@ -84,6 +91,47 @@ func (s *Service) beaconBlockSubscriber(ctx context.Context, msg proto.Message)
 	return nil
 }
 
+func (s *Service) generateAndBroadcastExecutionProofs(ctx context.Context, roBlock blocks.ROBlock) {
+	const delay = 2 * time.Second
+	proofTypes := flags.Get().ProofGenerationTypes
+
+	// Exit early if proof generation is disabled.
+	if len(proofTypes) == 0 {
+		return
+	}
+
+	var wg errgroup.Group
+	for _, proofType := range proofTypes {
+		wg.Go(func() error {
+			execProof, err := generateExecProof(roBlock, primitives.ExecutionProofId(proofType), delay)
+
+			if err != nil {
+				return fmt.Errorf("generate exec proof: %w", err)
+			}
+
+			if err := s.cfg.p2p.Broadcast(ctx, execProof); err != nil {
+				return fmt.Errorf("broadcast exec proof: %w", err)
+			}
+
+			if err := s.cfg.chain.ReceiveProof(execProof); err != nil {
+				return errors.Wrap(err, "receive proof")
+			}
+
+			return nil
+		})
+	}
+
+	if err := wg.Wait(); err != nil {
+		log.WithError(err).Error("Failed to generate and broadcast execution proofs")
+	}
+
+	log.WithFields(logrus.Fields{
+		"root":  fmt.Sprintf("%#x", roBlock.Root()),
+		"slot":  roBlock.Block().Slot(),
+		"count": len(proofTypes),
+	}).Debug("Generated and broadcasted execution proofs")
+}
+
 // processSidecarsFromExecutionFromBlock retrieves (if available) sidecars data from the execution client,
 // builds corresponding sidecars, save them to the storage, and broadcasts them over P2P if necessary.
 func (s *Service) processSidecarsFromExecutionFromBlock(ctx context.Context, roBlock blocks.ROBlock) error {

beacon-chain/sync/subscriber_execution_proofs.go

@@ -0,0 +1,36 @@
+package sync
+
+import (
+	"context"
+
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/core/feed"
+	opfeed "github.com/OffchainLabs/prysm/v7/beacon-chain/core/feed/operation"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/blocks"
+	"github.com/pkg/errors"
+	"google.golang.org/protobuf/proto"
+)
+
+func (s *Service) executionProofSubscriber(_ context.Context, msg proto.Message) error {
+	verifiedProof, ok := msg.(blocks.VerifiedROExecutionProof)
+	if !ok {
+		return errors.Errorf("incorrect type of message received, wanted %T but got %T", blocks.VerifiedROExecutionProof{}, msg)
+	}
+
+	// Insert the execution proof into the pool
+	s.setSeenProof(verifiedProof.Slot(), verifiedProof.BlockRoot(), verifiedProof.ProofId())
+
+	// Save the proof to storage.
+	if err := s.cfg.chain.ReceiveProof(verifiedProof.ExecutionProof); err != nil {
+		return errors.Wrap(err, "receive proof")
+	}
+
+	// Notify subscribers about the new execution proof
+	s.cfg.operationNotifier.OperationFeed().Send(&feed.Event{
+		Type: opfeed.ExecutionProofReceived,
+		Data: &opfeed.ExecutionProofReceivedData{
+			ExecutionProof: verifiedProof.ExecutionProof,
+		},
+	})
+
+	return nil
+}

beacon-chain/sync/validate_execution_proof.go

@@ -0,0 +1,110 @@
+package sync
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/p2p"
+	"github.com/OffchainLabs/prysm/v7/beacon-chain/verification"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/blocks"
+	"github.com/OffchainLabs/prysm/v7/consensus-types/primitives"
+	"github.com/OffchainLabs/prysm/v7/encoding/bytesutil"
+	ethpb "github.com/OffchainLabs/prysm/v7/proto/prysm/v1alpha1"
+	pubsub "github.com/libp2p/go-libp2p-pubsub"
+	"github.com/libp2p/go-libp2p/core/peer"
+	"github.com/sirupsen/logrus"
+)
+
+func (s *Service) validateExecutionProof(ctx context.Context, pid peer.ID, msg *pubsub.Message) (pubsub.ValidationResult, error) {
+	// Always accept our own messages.
+	if pid == s.cfg.p2p.PeerID() {
+		return pubsub.ValidationAccept, nil
+	}
+
+	// Ignore messages during initial sync.
+	if s.cfg.initialSync.Syncing() {
+		return pubsub.ValidationIgnore, nil
+	}
+
+	// Reject messages with a nil topic.
+	if msg.Topic == nil {
+		return pubsub.ValidationReject, p2p.ErrInvalidTopic
+	}
+
+	// Decode the message, reject if it fails.
+	m, err := s.decodePubsubMessage(msg)
+	if err != nil {
+		log.WithError(err).Error("Failed to decode message")
+		return pubsub.ValidationReject, err
+	}
+
+	// Reject messages that are not of the expected type.
+	executionProof, ok := m.(*ethpb.ExecutionProof)
+	if !ok {
+		log.WithField("message", m).Error("Message is not of type *ethpb.ExecutionProof")
+		return pubsub.ValidationReject, errWrongMessage
+	}
+
+	// Convert to ROExecutionProof.
+	roProof, err := blocks.NewROExecutionProof(executionProof)
+	if err != nil {
+		return pubsub.ValidationReject, err
+	}
+
+	// Check if the proof has already been seen.
+	if s.hasSeenProof(roProof.BlockRoot(), roProof.ProofId()) {
+		return pubsub.ValidationIgnore, nil
+	}
+
+	// Create the verifier with gossip requirements.
+	verifier := s.newProofsVerifier([]blocks.ROExecutionProof{roProof}, verification.GossipExecutionProofRequirements)
+
+	// Run verifications.
+	if err := verifier.NotFromFutureSlot(); err != nil {
+		return pubsub.ValidationReject, err
+	}
+	if err := verifier.ProofSizeLimits(); err != nil {
+		return pubsub.ValidationReject, err
+	}
+	if err := verifier.ProofVerified(); err != nil {
+		return pubsub.ValidationReject, err
+	}
+
+	// Get verified proofs.
+	verifiedProofs, err := verifier.VerifiedROExecutionProofs()
+	if err != nil {
+		return pubsub.ValidationIgnore, err
+	}
+
+	log.WithFields(logrus.Fields{
+		"root": fmt.Sprintf("%#x", roProof.BlockRoot()),
+		"slot": roProof.Slot(),
+		"id":   roProof.ProofId(),
+	}).Debug("Accepted execution proof")
+
+	// Set validator data to the verified proof.
+	msg.ValidatorData = verifiedProofs[0]
+	return pubsub.ValidationAccept, nil
+}
+
+// hasSeenProof returns true if the proof with the same block root and proof ID has been seen before.
+func (s *Service) hasSeenProof(blockRoot [32]byte, proofId primitives.ExecutionProofId) bool {
+	key := computeProofCacheKey(blockRoot, proofId)
+	_, seen := s.seenProofCache.Get(key)
+	return seen
+}
+
+// setSeenProof marks the proof with the given block root and proof ID as seen.
+func (s *Service) setSeenProof(slot primitives.Slot, blockRoot [32]byte, proofId primitives.ExecutionProofId) {
+	key := computeProofCacheKey(blockRoot, proofId)
+	s.seenProofCache.Add(slot, key, true)
+}
+
+func computeProofCacheKey(blockRoot [32]byte, proofId primitives.ExecutionProofId) string {
+	key := make([]byte, 0, 33)
+
+	key = append(key, blockRoot[:]...)
+	key = append(key, bytesutil.Bytes1(uint64(proofId))...)
+
+	return string(key)
+}

beacon-chain/verification/BUILD.bazel

@@ -8,6 +8,7 @@ go_library(
         "cache.go",
         "data_column.go",
         "error.go",
+        "execution_proof.go",
         "fake.go",
         "filesystem.go",
         "initializer.go",

beacon-chain/verification/blob.go

@@ -30,6 +30,10 @@ const (
 	// Data columns specific.
 	RequireValidFields
 	RequireCorrectSubnet
+
+	// Execution proof specific.
+	RequireProofSizeLimits
+	RequireProofVerified
 )
 
 var allBlobSidecarRequirements = []Requirement{

beacon-chain/verification/data_column_test.go

@@ -1027,10 +1027,10 @@ func TestGetVerifyingStateEdgeCases(t *testing.T) {
 				sc: signatureCache,
 				sr: &mockStateByRooter{sbr: sbrErrorIfCalled(t)}, // Should not be called
 				hsp: &mockHeadStateProvider{
-					headRoot:          parentRoot[:],    // Same as parent
-					headSlot:          32,               // Epoch 1
-					headState:         fuluState.Copy(), // HeadState (not ReadOnly) for ProcessSlots
-					headStateReadOnly: nil,              // Should not use ReadOnly path
+					headRoot: parentRoot[:],     // Same as parent
+					headSlot: 32,                // Epoch 1
+					headState: fuluState.Copy(), // HeadState (not ReadOnly) for ProcessSlots
+					headStateReadOnly: nil,      // Should not use ReadOnly path
 				},
 				fc: &mockForkchoicer{
 					// Return same root for both to simulate same chain
@@ -1045,8 +1045,8 @@ func TestGetVerifyingStateEdgeCases(t *testing.T) {
 		// Wrap to detect HeadState call
 		originalHsp := initializer.shared.hsp.(*mockHeadStateProvider)
 		wrappedHsp := &mockHeadStateProvider{
-			headRoot:  originalHsp.headRoot,
-			headSlot:  originalHsp.headSlot,
+			headRoot: originalHsp.headRoot,
+			headSlot: originalHsp.headSlot,
 			headState: originalHsp.headState,
 		}
 		initializer.shared.hsp = &headStateCallTracker{