separate commit with spectest changes

* add in github workflow for fuzzing that runs with cron

* every day

* go version

---------

Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com>

.bazelrc

@@ -1,233 +1,49 @@
-# Print warnings for tests with inappropriate test size or timeout.
-test --test_verbose_timeout_warnings
+# Import bazelrc presets
+import %workspace%/build/bazelrc/convenience.bazelrc
+import %workspace%/build/bazelrc/correctness.bazelrc
+import %workspace%/build/bazelrc/cross.bazelrc
+import %workspace%/build/bazelrc/debug.bazelrc
+import %workspace%/build/bazelrc/hermetic-cc.bazelrc
+import %workspace%/build/bazelrc/performance.bazelrc
 
-# Only build test targets when running bazel test //...
-test --build_tests_only
-test --test_output=errors
+# E2E run with debug gotag
+test:e2e --define gotags=debug
 
 # Clearly indicate that coverage is enabled to disable certain nogo checks.
 coverage --define=coverage_enabled=1
 
-# Fix for rules_docker. See: https://github.com/bazelbuild/rules_docker/issues/842
-build --host_force_python=PY2
-test --host_force_python=PY2
-run --host_force_python=PY2
+# Stamp binaries with git information
+build --workspace_status_command=./hack/workspace_status.sh
 
-# Networking is blocked for tests by default, add "requires-network" tag to your test if networking
-# is required within the sandbox. This flag is no longer experimental after 0.29.0.
-# Network sandboxing only works on linux.
---experimental_sandbox_default_allow_network=false
+build --define blst_disabled=false --define blst_modern=true
+run --define blst_disabled=false
 
-# Use mainnet protobufs at runtime
-run --define ssz=mainnet
-test --define ssz=mainnet
-build --define ssz=mainnet
+build:blst_disabled --define blst_disabled=true
+build:blst_disabled --define gotags=blst_disabled
 
-# Prevent PATH changes from rebuilding when switching from IDE to command line.
-build --incompatible_strict_action_env
-test --incompatible_strict_action_env
-run --incompatible_strict_action_env
-
-# Disable kafka by default, it takes a long time to build...
-build --define kafka_enabled=false
-test --define kafka_enabled=false
-run --define kafka_enabled=false
-
-build:kafka_enabled --define kafka_enabled=true
-build:kafka_enabled --define gotags=kafka_enabled
+build:minimal --//proto:network=minimal
+build:minimal --@io_bazel_rules_go//go/config:tags=minimal
 
 # Release flags
-build:release --workspace_status_command=./scripts/workspace_status.sh
-build:release --stamp
 build:release --compilation_mode=opt
-build:release --config=llvm
-
-# LLVM compiler for building C/C++ dependencies.
-build:llvm --crosstool_top=@llvm_toolchain//:toolchain
-build:llvm --define compiler=llvm
-build:llvm --copt -fno-sanitize=vptr,function
-build:llvm --linkopt -fno-sanitize=vptr,function
-
-build:asan --copt -fsanitize=address,undefined
-build:asan --copt -fno-omit-frame-pointer
-build:asan --linkopt -fsanitize=address,undefined
-build:asan --copt -fno-sanitize=vptr,function
-build:asan --linkopt -fno-sanitize=vptr,function
-build:asan --copt -DADDRESS_SANITIZER=1
-build:asan --copt -D__SANITIZE_ADDRESS__
-build:asan --linkopt -ldl
-
-build:llvm-asan --config=llvm
-build:llvm-asan --config=asan
-build:llvm-asan --linkopt -fuse-ld=ld.lld
-
-build:fuzz --define=gotags=libfuzzer
-build:fuzz --config=llvm-asan
-build:fuzz --copt=-fsanitize=fuzzer-no-link
-build:fuzz --linkopt=-fsanitize=fuzzer
-build:fuzz --copt=-fno-omit-frame-pointer
-build:fuzz --define=FUZZING_ENGINE=libfuzzer
-build:fuzz --copt=-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-build:fuzz --linkopt -Wl,--no-as-needed
-build:fuzz --define=gc_goopts=-d=libfuzzer
-build:fuzz --run_under=//tools:fuzz_wrapper
-build:fuzz --compilation_mode=opt
-
-test:fuzz --local_test_jobs="HOST_CPUS*.5"
-
-test:fuzzit --config=fuzz
-test:fuzzit --test_env=FUZZIT_API_KEY
-test:fuzzit --test_env=PRYSM_BUILD_IMAGE=gcr.io/prysmaticlabs/prysm-fuzzit:v0.11.0
-test:fuzzit --test_timeout=1200
-test:fuzzit --run_under=//tools:fuzzit_wrapper
+build:release --stamp
 
 # Build binary with cgo symbolizer for debugging / profiling.
-build:cgo_symbolizer --config=llvm
 build:cgo_symbolizer --copt=-g
 build:cgo_symbolizer --define=USE_CGO_SYMBOLIZER=true
 build:cgo_symbolizer -c dbg
 build:cgo_symbolizer --define=gotags=cgosymbolizer_enabled
 
-# multi-arch cross-compiling toolchain configs:
------------------------------------------------
-build:cross --crosstool_top=@prysm_toolchains//:multiarch_toolchain
-build:cross --host_platform=@io_bazel_rules_go//go/toolchain:linux_amd64
-build:cross --host_crosstool_top=@prysm_toolchains//:hostonly_toolchain
-
-# linux_amd64 config for cross compiler toolchain, not strictly necessary since host/exec env is amd64
-build:linux_amd64 --platforms=@io_bazel_rules_go//go/toolchain:linux_amd64_cgo
-
-# osx_amd64 config for cross compiler toolchain
-build:osx_amd64 --config=cross
-build:osx_amd64 --platforms=@io_bazel_rules_go//go/toolchain:darwin_amd64_cgo
-build:osx_amd64 --compiler=osxcross
-
-# windows
-build:windows_amd64 --config=cross
-build:windows_amd64  --platforms=@io_bazel_rules_go//go/toolchain:windows_amd64_cgo
-build:windows_amd64 --compiler=mingw-w64
-
-# linux_arm64 conifg for cross compiler toolchain
-build:linux_arm64 --config=cross
-build:linux_arm64 --platforms=@io_bazel_rules_go//go/toolchain:linux_arm64_cgo
-build:linux_arm64 --copt=-funsafe-math-optimizations
-build:linux_arm64 --copt=-ftree-vectorize
-build:linux_arm64 --copt=-fomit-frame-pointer
-build:linux_arm64 --cpu=aarch64
-build:linux_arm64 --compiler=clang
-build:linux_arm64 --copt=-march=armv8-a
-
-
 # toolchain build debug configs
 #------------------------------
 build:debug --sandbox_debug
-build:debug --toolchain_resolution_debug
+build:debug --toolchain_resolution_debug=".*"
 build:debug --verbose_failures
 build:debug -s
 
-# windows debug
-build:windows_amd64_debug --config=windows_amd64
-build:windows_amd64_debug --config=debug
+# Set bazel gotag
+build --define gotags=bazel
 
-# osx_amd64 debug config
-build:osx_amd64_debug --config=debug
-build:osx_amd64_debug --config=osx_amd64
-
-# linux_arm64_debug
-build:linux_arm64_debug --config=linux_arm64
-build:linux_arm64_debug --config=debug
-
-# linux_amd64_debug
-build:linux_amd64_debug --config=linux_amd64
-build:linux_amd64_debug --config=debug
-
-
-# Docker Sandbox Configs
-#-----------------------
-# Note all docker sandbox configs must run from a linux x86_64 host
-# build:docker-sandbox --experimental_docker_image=gcr.io/prysmaticlabs/rbe-worker:latest
-build:docker-sandbox --spawn_strategy=docker --strategy=Javac=docker --genrule_strategy=docker
-build:docker-sandbox --define=EXECUTOR=remote
-build:docker-sandbox --experimental_docker_verbose
-build:docker-sandbox --experimental_enable_docker_sandbox
-build:docker-sandbox --crosstool_top=@rbe_ubuntu_clang//cc:toolchain 
-build:docker-sandbox --host_javabase=@rbe_ubuntu_clang//java:jdk 
-build:docker-sandbox --javabase=@rbe_ubuntu_clang//java:jdk 
-build:docker-sandbox --host_java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8 
-build:docker-sandbox --java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8 
-build:docker-sandbox --extra_execution_platforms=@rbe_ubuntu_clang//config:platform 
-build:docker-sandbox --host_platform=@rbe_ubuntu_clang//config:platform 
-build:docker-sandbox --platforms=@rbe_ubuntu_clang//config:platform
-build:docker-sandbox --extra_toolchains=@prysm_toolchains//:cc-toolchain-multiarch
-
-# windows_amd64 docker sandbox build config
-build:windows_amd64_docker --config=docker-sandbox --config=windows_amd64
-build:windows_amd64_docker_debug --config=windows_amd64_docker --config=debug
-
-# osx_amd64 docker sandbox build config
-build:osx_amd64_docker --config=docker-sandbox --config=osx_amd64
-build:osx_amd64_docker_debug --config=osx_amd64_docker --config=debug
-
-# linux_arm64 docker sandbox build config
-build:linux_arm64_docker --config=docker-sandbox --config=linux_arm64
-build:linux_arm64_docker_debug --config=linux_arm64_docker --config=debug
-
-# linux_amd64 docker sandbox build config
-build:linux_amd64_docker --config=docker-sandbox --config=linux_amd64
-build:linux_amd64_docker_debug --config=linux_amd64_docker --config=debug
-
-
-# Remote Build Execution
-#-----------------------
-# Originally from https://github.com/bazelbuild/bazel-toolchains/blob/master/bazelrc/bazel-2.0.0.bazelrc
-#
-# Depending on how many machines are in the remote execution instance, setting
-# this higher can make builds faster by allowing more jobs to run in parallel.
-# Setting it too high can result in jobs that timeout, however, while waiting
-# for a remote machine to execute them.
-build:remote --jobs=50
-
-# Set several flags related to specifying the platform, toolchain and java
-# properties.
-# These flags should only be used as is for the rbe-ubuntu16-04 container
-# and need to be adapted to work with other toolchain containers.
-build:remote --host_javabase=@rbe_ubuntu_clang//java:jdk
-build:remote --javabase=@rbe_ubuntu_clang//java:jdk
-build:remote --host_java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8
-build:remote --java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8
-build:remote --crosstool_top=@rbe_ubuntu_clang//cc:toolchain
-build:remote --action_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1
-# Platform flags:
-# The toolchain container used for execution is defined in the target indicated
-# by "extra_execution_platforms", "host_platform" and "platforms".
-# More about platforms: https://docs.bazel.build/versions/master/platforms.html
-build:remote --extra_toolchains=@rbe_ubuntu_clang//config:cc-toolchain
-build:remote --extra_execution_platforms=@rbe_ubuntu_clang//config:platform
-build:remote --host_platform=@rbe_ubuntu_clang//config:platform
-build:remote --platforms=@rbe_ubuntu_clang//config:platform
-
-# Starting with Bazel 0.27.0 strategies do not need to be explicitly
-# defined. See https://github.com/bazelbuild/bazel/issues/7480
-build:remote --define=EXECUTOR=remote
-
-# Enable remote execution so actions are performed on the remote systems.
-# build:remote --remote_executor=grpcs://remotebuildexecution.googleapis.com
-
-# Enforce stricter environment rules, which eliminates some non-hermetic
-# behavior and therefore improves both the remote cache hit rate and the
-# correctness and repeatability of the build.
-build:remote --incompatible_strict_action_env=true
-
-# Set a higher timeout value, just in case.
-build:remote --remote_timeout=3600
-
-# Enable authentication. This will pick up application default credentials by
-# default. You can use --google_credentials=some_file.json to use a service
-# account credential instead.
-# build:remote --google_default_credentials=true
-
-# Enable build without the bytes
-# See: https://github.com/bazelbuild/bazel/issues/6862
-build:remote --experimental_remote_download_outputs=toplevel --experimental_inmemory_jdeps_files --experimental_inmemory_dotd_files
-
-build:remote --remote_local_fallback
+# Abseil requires c++14 or greater.
+build --cxxopt=-std=c++20
+build --host_cxxopt=-std=c++20

.bazelversion

@@ -1 +1 @@
-3.2.0
+6.3.2

.buildkite-bazelrc

@@ -2,7 +2,7 @@
 # across machines, developers, and workspaces.
 # 
 # This config is loaded from https://github.com/bazelbuild/bazel-toolchains/blob/master/bazelrc/latest.bazelrc
-build:remote-cache --remote_timeout=3600
+#build:remote-cache --remote_timeout=3600
 #build:remote-cache --spawn_strategy=standalone
 #build:remote-cache --strategy=Javac=standalone
 #build:remote-cache --strategy=Closure=standalone
@@ -10,40 +10,45 @@ build:remote-cache --remote_timeout=3600
 
 # Prysm specific remote-cache properties.
 #build:remote-cache --disk_cache=
-build:remote-cache --remote_download_minimal
+build:remote-cache --remote_download_toplevel
+build:remote-cache --remote_cache=grpc://bazel-remote-cache:9092
+build:remote-cache --experimental_remote_downloader=grpc://bazel-remote-cache:9092
+build:remote-cache --remote_local_fallback
+build:remote-cache --experimental_remote_cache_async
+build:remote-cache --experimental_remote_merkle_tree_cache
+build:remote-cache --experimental_action_cache_store_output_metadata
+build:remote-cache --experimental_remote_cache_compression
+# Enforce stricter environment rules, which eliminates some non-hermetic
+# behavior and therefore improves both the remote cache hit rate and the
+# correctness and repeatability of the build.
+build:remote-cache --incompatible_strict_action_env=true
+
+build --experimental_use_hermetic_linux_sandbox
 
 # Import workspace options.
 import %workspace%/.bazelrc
 
-startup --host_jvm_args=-Xmx1000m --host_jvm_args=-Xms1000m
-query --repository_cache=/tmp/repositorycache
-query --experimental_repository_cache_hardlinks
-build --repository_cache=/tmp/repositorycache
-build --experimental_repository_cache_hardlinks
+startup --host_jvm_args=-Xmx4g --host_jvm_args=-Xms2g
 build --experimental_strict_action_env
-build --disk_cache=/tmp/bazelbuilds
-build --experimental_multi_threaded_digest
 build --sandbox_tmpfs_path=/tmp
 build --verbose_failures
 build --announce_rc
 build --show_progress_rate_limit=5
-build --curses=yes --color=no
+build --curses=no --color=no
 build --keep_going
 build --test_output=errors
 build --flaky_test_attempts=5
 # Disabled race detection due to unstable test results under constrained environment build kite
 # build --features=race
 
-# Enable kafka for CI tests only.
-test --config=kafka_enabled
+# Better caching
+build:nostamp --nostamp
 
-build --bes_backend=grpcs://builds.prylabs.net:1985
-build --bes_results_url=https://builds.prylabs.net/invocation/
+# Build metadata
+build --build_metadata=ROLE=CI
+build --build_metadata=REPO_URL=https://github.com/prysmaticlabs/prysm.git
+build --workspace_status_command=./hack/workspace_status_ci.sh
 
-# Disable flaky test detection for fuzzing.
-test:fuzz --flaky_test_attempts=1
-
-# Expose test environment variables in CI
-test:fuzzit --test_env=GITHUB_REF
-test:fuzzit --test_env=GITHUB_SHA
-test:fuzzit --test_env=DOCKER_HOST
+# Buildbuddy
+build --bes_results_url=https://app.buildbuddy.io/invocation/
+build --bes_backend=grpcs://remote.buildbuddy.io

.codecov.yml

@@ -30,4 +30,4 @@ comment:
 
 ignore:
   - "**/*.pb.go"
-  - "**/*_mock.go"
+  - "**/testing/**/*"

.deepsource.toml

@@ -0,0 +1,26 @@
+version = 1
+
+exclude_patterns = [
+  "tools/analyzers/**",
+  "validator/keymanager/remote/keymanager_test.go",
+  "validator/web/site_data.go"
+]
+
+[[analyzers]]
+name = "go"
+enabled = true
+
+[analyzers.meta]
+import_paths = ["github.com/prysmaticlabs/prysm/v4"]
+
+[[analyzers]]
+name = "test-coverage"
+enabled = true
+
+[[analyzers]]
+name = "shell"
+enabled = true
+
+[[analyzers]]
+name = "secrets"
+enabled = true

.github/CODEOWNERS

@@ -5,4 +5,4 @@
 *.bzl @prestonvanloon
 
 # Anyone on prylabs team can approve dependency updates.
-deps.bzl @prysmaticlabs/core-team
+deps.bzl @prysmaticlabs/core-team

.github/ISSUE_TEMPLATE/feature_request.md

@@ -16,12 +16,12 @@ Existing issues often contain information about workarounds, resolution, or prog
 
 ### Description
 
-<!-- ✍️--> A clear and concise description of the problem or missing capability...
+<!-- ✍️ A clear and concise description of the problem or missing capability... --> 
 
 ### Describe the solution you'd like
 
-<!-- ✍️--> If you have a solution in mind, please describe it.
+<!-- ✍️ If you have a solution in mind, please describe it. --> 
 
 ### Describe alternatives you've considered
 
-<!-- ✍️--> Have you considered any alternative solutions or workarounds?
+<!-- ✍️ Have you considered any alternative solutions or workarounds? --> 

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,8 +1,8 @@
 <!-- Thanks for sending a PR! Before submitting:
 
-1. If this is your first PR, please read CONTRIBUTING.md and sign the CLA
-   first. We cannot review code without a signed CLA.
-2. Please file an issue *first*. All features and most bug fixes should have
+1. If this is your first PR, check out our contribution guide here https://docs.prylabs.network/docs/contribute/contribution-guidelines
+   You will then need to sign our Contributor License Agreement (CLA), which will show up as a comment from a bot in this pull request after you open it. We cannot review code without a signed CLA.
+2. Please file an associated tracking issue if this pull request is non-trivial and requires context for our team to understand. All features and most bug fixes should have
    an associated issue with a design discussed and decided upon. Small bug
    fixes and documentation improvements don't need issues.
 3. New features and bug fixes must have tests. Documentation may need to

.github/actions/gofmt/Dockerfile

@@ -1,5 +0,0 @@
-FROM cytopia/gofmt
-
-COPY entrypoint.sh /entrypoint.sh
-
-ENTRYPOINT ["/entrypoint.sh"]

.github/actions/gofmt/action.yml

@@ -1,12 +0,0 @@
-name: 'Gofmt checker'
-description: 'Checks that all project files have been properly formatted.'
-inputs:
-  path:
-    description: 'Path to check'
-    required: true
-    default: './'
-runs:
-  using: 'docker'
-  image: 'Dockerfile'
-  args:
-    - ${{ inputs.path }}

.github/actions/gofmt/entrypoint.sh

@@ -1,15 +0,0 @@
-#!/bin/sh -l
-set -e
-
-cd $GITHUB_WORKSPACE
-
-# Check if any files are not formatted.
-nonformatted="$(gofmt -l $1 2>&1)"
-
-# Return if `go fmt` passes.
-[ -z "$nonformatted" ] && exit 0
-
-# Notify of issues with formatting.
-echo "Following files need to be properly formatted:"
-echo "$nonformatted"
-exit 1

.github/actions/gomodtidy/entrypoint.sh

@@ -1,13 +1,13 @@
 #!/bin/sh -l
 set -e
-export PATH=$PATH:/usr/local/go/bin
+export PATH="$PATH:/usr/local/go/bin"
 
-cd $GITHUB_WORKSPACE
+cd "$GITHUB_WORKSPACE"
 
 cp go.mod go.mod.orig
 cp go.sum go.sum.orig
 
-go mod tidy
+go mod tidy -compat=1.17
 
 echo "Checking go.mod and go.sum:"
 checks=0

.github/workflows/dappnode-release-trigger.yml

@@ -1,41 +0,0 @@
-name: Update DAppNodePackages
-
-on:
-  push:
-    tags:
-    - '*'
-
-jobs:
-  dappnode-update-beacon-chain:
-    name: Trigger a beacon-chain release
-    runs-on: ubuntu-latest
-    steps:
-    - name: Get latest tag
-      id: get_tag
-      run: echo ::set-output name=TAG::${GITHUB_REF/refs\/tags\//}
-    - name: Send dispatch event to DAppNodePackage-prysm-beacon-chain
-      env: 
-        DISPATCH_REPO: dappnode/DAppNodePackage-prysm-beacon-chain
-      run: |
-        curl -v -X POST -u "${{ secrets.PAT_GITHUB }}" \
-        -H "Accept: application/vnd.github.everest-preview+json" \
-        -H "Content-Type: application/json" \
-        --data '{"event_type":"new_release", "client_payload": { "tag":"${{ steps.get_tag.outputs.TAG }}"}}' \
-        https://api.github.com/repos/$DISPATCH_REPO/dispatches
-        
-  dappnode-update-validator:
-    name: Trigger a validator release
-    runs-on: ubuntu-latest
-    steps:
-    - name: Get latest tag
-      id: get_tag
-      run: echo ::set-output name=TAG::${GITHUB_REF/refs\/tags\//}
-    - name: Send dispatch event to DAppNodePackage validator repository
-      env: 
-        DISPATCH_REPO: dappnode/DAppNodePackage-prysm-validator
-      run: |
-        curl -v -X POST -u "${{ secrets.PAT_GITHUB }}" \
-        -H "Accept: application/vnd.github.everest-preview+json" \
-        -H "Content-Type: application/json" \
-        --data '{"event_type":"new_release", "client_payload": { "tag":"${{ steps.get_tag.outputs.TAG }}"}}' \
-        https://api.github.com/repos/$DISPATCH_REPO/dispatches

.github/workflows/fuzz.yml

@@ -0,0 +1,42 @@
+name: "fuzz"
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 12 * * *"
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  list:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.20'
+      - id: list
+        uses: shogo82148/actions-go-fuzz/list@v0
+    outputs:
+      fuzz-tests: ${{steps.list.outputs.fuzz-tests}}
+
+  fuzz:
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    needs: list
+    strategy:
+      fail-fast: false
+      matrix:
+        include: ${{fromJson(needs.list.outputs.fuzz-tests)}}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.20'
+      - uses: shogo82148/actions-go-fuzz/run@v0
+        with:
+          packages: ${{ matrix.package }}
+          fuzz-regexp: ${{ matrix.func }}
+          fuzz-time: "20m"

.github/workflows/go.yml

@@ -7,23 +7,53 @@ on:
     branches: [ '*' ]
 
 jobs:
-
-  check:
-    name: Check
+  formatting:
+    name: Formatting
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
 
       - name: Go mod tidy checker
         id: gomodtidy
         uses: ./.github/actions/gomodtidy
 
-      - name: Gofmt checker
-        id: gofmt
-        uses: ./.github/actions/gofmt
+  gosec:
+    name: Gosec scan
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Set up Go 1.20
+        uses: actions/setup-go@v3
         with:
-          path: ./
+          go-version: '1.20'
+      - name: Run Gosec Security Scanner
+        run: | # https://github.com/securego/gosec/issues/469
+          export PATH=$PATH:$(go env GOPATH)/bin
+          go install github.com/securego/gosec/v2/cmd/gosec@v2.15.0
+          gosec -exclude=G307 -exclude-dir=crypto/bls/herumi ./...
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up Go 1.20
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.20'
+          id: go
+
+      - name: Golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: v1.52.2
+          args: --config=.golangci.yml --out-${NO_FUTURE}format colored-line-number
 
   build:
     name: Build
@@ -32,7 +62,7 @@ jobs:
       - name: Set up Go 1.x
         uses: actions/setup-go@v2
         with:
-          go-version: ^1.14
+          go-version: '1.20'
         id: go
 
       - name: Check out code into the Go module directory
@@ -43,7 +73,16 @@ jobs:
           go get -v -t -d ./...
 
       - name: Build
+        # Use blst tag to allow go and bazel builds for blst.
         run: go build -v ./...
+        env: 
+           CGO_CFLAGS: "-O -D__BLST_PORTABLE__"
+        # fuzz leverage go tag based stubs at compile time.
+        # Building and testing with these tags should be checked and enforced at pre-submit.
+      - name: Test for fuzzing
+        run: go test  -tags=fuzz,develop ./...  -test.run=^Fuzz
+        env: 
+           CGO_CFLAGS: "-O -D__BLST_PORTABLE__"
 
 # Tests run via Bazel for now...
 #      - name: Test

.github/workflows/horusec.yaml

@@ -0,0 +1,22 @@
+name: Horusec Security Scan
+
+on:
+  schedule:
+    # Runs cron at 16.00 UTC on
+    - cron: '0 0 * * SUN'
+
+jobs:
+  Horusec_Scan:
+    name: horusec-Scan
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/develop'
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v2
+      with: # Required when commit authors is enabled
+        fetch-depth: 0
+        
+    - name: Running Security Scan
+      run: |
+        curl -fsSL https://raw.githubusercontent.com/ZupIT/horusec/main/deployments/scripts/install.sh | bash -s latest
+        horusec start -t="10000" -p="./" -e="true" -i="**/crypto/bls/herumi/**, **/**/*_test.go, **/third_party/afl/**, **/crypto/keystore/key.go"

.gitignore

@@ -29,3 +29,15 @@ password.txt
 
 # Dist files
 dist
+
+# deepsource cli
+bin
+
+# p2p metaData
+metaData
+
+# execution API authentication
+jwt.hex
+
+# manual testing
+tmp

.golangci.yml

@@ -1,69 +1,32 @@
-linters-settings:
-  govet:
-    check-shadowing: true
-    settings:
-      printf:
-        funcs:
-          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof
-          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
-          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
-          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
-  golint:
-    min-confidence: 0
-  gocyclo:
-    min-complexity: 10
-  maligned:
-    suggest-new: true
-  dupl:
-    threshold: 100
-  goconst:
-    min-len: 2
-    min-occurrences: 2
-  depguard:
-    list-type: blacklist
-    packages:
-      # logging is allowed only by logutils.Log, logrus
-      # is allowed to use only in logutils package
-      - github.com/sirupsen/logrus
-  misspell:
-    locale: US
-  lll:
-    line-length: 140
-  goimports:
-    local-prefixes: github.com/golangci/golangci-lint
-  gocritic:
-    enabled-tags:
-      - performance
-      - style
-      - experimental
-    disabled-checks:
-      - wrapperFunc
+run:
+  skip-files:
+    - validator/web/site_data.go
+    - .*_test.go
+  skip-dirs:
+    - proto
+    - tools/analyzers
+  timeout: 10m
+  go: '1.19'
 
 linters:
-  enable:
-    - deadcode
-    - goconst
-    - goimports
-    - golint
-    - gosec
-    - misspell
-    - structcheck
-    - typecheck
-    - unparam
-    - varcheck
-    - gofmt
-    - unused
   disable-all: true
+  enable:
+    - gofmt
+    - goimports
+    - unused
+    - errcheck
+    - gosimple
+    - gocognit
+    - dupword
+    - nilerr
+    - whitespace
+    - misspell
 
-run:
-  skip-dirs:
-    - proto/
-    - ^contracts/
-  deadline: 10m
+linters-settings:
+  gocognit:
+    # TODO: We should target for < 50
+    min-complexity: 65
 
-# golangci.com configuration
-# https://github.com/golangci/golangci/wiki/Configuration
-service:
-  golangci-lint-version: 1.15.0 # use the fixed version to not introduce new linters unexpectedly
-  prepare:
-    - echo "here I can run custom commands, but no preparation needed for this repo"
+output:
+  print-issued-lines: true
+  sort-results: true

.policy.yml

@@ -0,0 +1,91 @@
+policy:
+  approval:
+    - or:
+        - only test files are changed
+        - only proto files are changed
+        - touches consensus critical code
+        - touches sync/blockchain/p2p code
+        - large line count
+        - is critical priority
+approval_rules:
+  - name: only test files are changed
+    if:
+      only_changed_files:
+        paths:
+          - "*_test.go"
+          - "*.bazel"
+    options:
+      ignore_commits_by:
+        users: ["bulldozer[bot]"]
+    requires:
+      count: 1
+      teams:
+        - "prysmaticlabs/core-team"
+  - name: only proto files are changed
+    if:
+      only_changed_files:
+        paths:
+          - "*pb.go"
+          - "*pb.gw.go"
+          - "*.bazel"
+    options:
+      ignore_commits_by:
+        users: ["bulldozer[bot]"]
+    requires:
+      count: 1
+      teams:
+        - "prysmaticlabs/core-team"
+  - name: touches consensus critical code
+    if:
+      only_changed_files:
+        paths:
+          - "beacon-chain/core/*"
+          - "beacon-chain/state/*"
+    options:
+      ignore_commits_by:
+        users: ["bulldozer[bot]"]
+    requires:
+      count: 2
+      teams:
+        - "prysmaticlabs/core-team"
+  - name: touches sync/blockchain/p2p code
+    if:
+      only_changed_files:
+        paths:
+          - "beacon-chain/blockchain/*"
+          - "beacon-chain/sync/*"
+          - "beacon-chain/p2p/*"
+    options:
+      ignore_commits_by:
+        users: ["bulldozer[bot]"]
+    requires:
+      count: 2
+      teams:
+        - "prysmaticlabs/core-team"
+  - name: large line count
+    if:
+      modified_lines:
+        total: "> 1000"
+      changed_files:
+        ignore:
+          - "*pb.go"
+          - "*pb.gw.go"
+          - "*.bazel"
+    options:
+      ignore_commits_by:
+        users: ["bulldozer[bot]"]
+    requires:
+      count: 2
+      teams:
+        - "prysmaticlabs/core-team"
+  - name: is critical priority
+    if:
+      has_labels:
+        - "Priority: Critical"
+    options:
+      ignore_commits_by:
+        users: ["bulldozer[bot]"]
+    requires:
+      count: 3
+      teams:
+        - "prysmaticlabs/core-team"

.well-known/security.pub

@@ -0,0 +1,218 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFpZUO0BEAC/tqN6QctJKSOF+A7jrBzvNvs6rVEi9Hn55u/scKNIPkSRJRTy
+8kVsDMha+EKXka8oQiVM+sHoHMIMCa3tdicm1/k5f67X8dqadQmFP4DhYRYIKCKT
+TkntNG568ynf/yUs/YY9Ce8H17JvgytkLK50mxMxycUlYREMaRPMR8Wt1Arrd9QT
+U0I2cZemeqUORKuiVuZjj/7BVDHvSXHvzpi5zKI86sJQTnzcuGqyNsrUU4n4sYrb
+I+0TfEHzmSdxoAXSaMYjomPLmbaSdBiK/CeNKF8xuFCKJRd8wOUe5FcIN3DCdk0e
+yoFye5RMC+W09Ro+tK/jTQ/sTUuNLJm0VUlddQQeoGlhQdLLwiU4PJqcyeL4KaN1
+l8cVml7xr1CdemhGV4wmEqAgxnNFN5mKnS2KcDaHxRz7MoGNdgVVQuxxaE0+OsdJ
+zCKtA12Q/OcR24qYVFg5+O+bUNhy23mqIxx0HiQ0DsK+IDvcLLWqta0aP9wd9wxG
+eObh9WkCxELTLg8xlbe0d7R3juaRjBLdD5d3UyjqGh+7zUflMsFhpUPraNXdKzvm
+AqT25cveadM7q/CNzFXeCwmKjZab8Jic8VB80KcikmX6y9eGOHwjFixBogxowlBq
+3KpeNTqJMNHYBzEb0V18P8huKVO0SMfg11Z1/nU4NA4lcjiVImb5xnJS0wARAQAB
+tCxQcmVzdG9uIFZhbiBMb29uIDxwcmVzdG9uQHByeXNtYXRpY2xhYnMuY29tPokC
+NwQTAQgAIQUCWuZ7uwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBy4z5N
+8aUDbtchD/4hQDTj7qsccQKpaL8furw+OWuoZtX38smO9LrcSoLaZlk5NRxFNlhQ
+FaL6iyDLoDkWUXEPg94x1dMFBUfMdIuh6iEF2pcvCN6WG3Pd2j2kG6OxaIx+rI7a
+eaD2Wds312etYATu+7AI6pxlQVqPeZi6kZVvXo8r9qzEnl1nifo7d3L4ut6FerDz
+/ptvIuhW++BEgksILkwMA44U7owTllkZ5wSbXRJer0bI/jLPLTaRETVMgWmF5L2n
+PWKhBnhBXf/P00zTHVoba0peJ/RGdzlb1JZH+uCQk0wGBl0rBMUmiihIB8DZBZDX
+5prwMdoHG9qAT9SuJ8ZOjPKaBHVVVw4JOU6rX2+p9E49CVATsdoPfWVbNyVRGi5f
+Oo0bJPZU3uO10Q09CIeyqT6JPDCZYS7po2bpfFjQTDkoIv0uPWOsV5l3cvFxVlcD
+Pvir4669xhujmoVBOrp18mn/W/rMft2TJ84inp0seKSKdwBUeEyIZwwu1YTorFe4
+bgJghDu/Y+K4y0wq7rpPimoiXSoJOaaIPrOzsKAVu20zJB4eoulXlPwHexix8wwf
+xeVH4bGl3wtTFWKja0+EQVdxpt+uUlABvrheQbNlNGz5ROOAtjvwASI3YW/jVVaG
+wSbOUuMEHfC1rSnj5Y9fN6FbilxJAZ2UbvZE6iXqqemfRdFuB5yedbQmUHJlc3Rv
+biBWYW4gTG9vbiA8cHJlc3RvbjkwQGdtYWlsLmNvbT6JAjcEEwEIACEFAlqrvbMC
+GwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQcuM+TfGlA269zg/9FynobfLE
+Vh+Aid7l5C6pprHflHpdNVhdHzjvosLKfPMCcBJLyCLAIueKC0vvKbt5kyNV6Adl
+6fibdO/vRrNsEdmKXTdfDnN03yVX+VO54rqyuweR09CbLHakECh5awWpk0x9E/Gc
+3MlU8YDCVNPcWAw8JPZZ0y6s50/MFFXya+/opw45neH6WXrbqbIapzZ4V1bhkloF
+TTz7LYp1dk6qjus/f1jHgujclJ6FazG+OqCpzJ22lnuwNYs8sv1DclW+lEUfIin5
+PvzcSRCCd6NilFRSGzfBhM7wxZrAp0JzWXpM1jmd2WHtgErusTaTXRTATjPf9Chg
+SE9UT3EJvJ5fPxuxm+qOAowpJwe8Irv+YuMzL8C6C2BhZIV8XID3/cErNeQbPocj
+QFksmBEwpe9EG3Yhd5SmSXRhCtBFnyFKyOqPpAE2s+U0b7qsnWc50UFbIytPEm4C
+YmdNL6IVilp/+LYFcRWWK/ppOtvtgbj8r7+Foidi/tCauJGt2BzhWH7DkLEdXGxk
+PfR/rTgyuAQZowl03DaNwAPKegY2SIuROO9kpQACwTWZNg4l2yrZv09qrKBhohyn
+b2i4pwHPZ5/bWLikdzENcJuvbH5qhf6tV0FIaNGbTkWX00uI++bvWAxxE25jZv56
+e7VTaWuMt8Ly4DBcwl5JyWuvZ74+yv7QGp20WlByZXN0b24gVmFuIExvb24gKDB4
+ZjcxRTlDNzY2Q2RmMTY5ZURGYkUyNzQ5NDkwOTQzQzFEQzZiOEE1NSkgPHByZXN0
+b25AbWFjaGluZXBvd2VyZWQuY29tPokCNwQTAQgAIQUCWllQ7QIbAwULCQgHAgYV
+CAkKCwIEFgIDAQIeAQIXgAAKCRBy4z5N8aUDbmvdD/4jkT1IXJyj65sgHus0HHYC
+MBp6mzvtpDcPljg/5Nl1WXydv4zYGnEnIwWIqDYwwvokOKllxAjgevcplHqZa0cb
+7XKCFk5h+56FLPHv9e0WK1fOFeo2ad3imNRstSHgaumGAWHJMg9vWbDisGv1zjQ0
+usFkrMKoX34YzMt8KBD7IuQyeBkYNupT8EfByeA9Ta+wkvS+X6BojsFB1UWDAFCY
+z8RgTcWIFjWtGZwIkWUKCzebqXbElpJF8ckZU9q4qVhyZ2DT+8BS/Lm0Sf4z6VTC
+4EN10ZuN+F+J3DMR2Zuudp4X5OUGkDG4KuU/kvj6EJRWpbTS1D9ReK7hoApIbV72
+Um6Mf7kC9EKvxgL1gOfl4aj3Io9M0R8FT/0WSMduQzf/jI3XqdNH0nYo2kTDdZm8
+S972cyvt6frKYy6RsOlPz1+S61iCmupsRY+HyKDTa0vnpXg2c4dE1neF5eMI6SVw
+viJvCG2cflctJ2PLiINZJYAg87gV5Rm1i/Lt2YG5zdxAXXJt2R0uuU9fv4DcHZLU
+yx69Yuh+5UiEaXYU7xoRCdZJYyHbvaC2hPcDGnEa3K1QbgnI5hGAtG3cwdbYC5e3
+bcaJb/LdwzkdRnHLgpxa/UTAIfejEI1U2kvVvNoe/HvEXq/OPrhFDvE4rW8AzbX+
+ISTWWRY0lLSr8/SD0TDJMbkBDQRam2geAQgA0kESOibOO3CcXrHtqP9lPGmj6rVe
+G18fRmPDJiWtx863QqJeByuuUKwrGkPW/sqtIa5Ano+iXVHpk7m955nRjBmz4gd8
+xqSGZd9XpNObYPA5iirAO8ztpgQvuvsHH9y9Ge50NnR7hQSMUbGVeCUU/vljwT60
+/U+UPnsTAmkhvkEI72x50l5Ih9ihcBcr5jJpi08XktE3sFOoannac0kZQJ6WXFrY
+4ILbv8fVqcRf44xMKOlFB9qHhleGW0H9ZUjTKs9quRt7r5D1MOiwrZDjNN3LqMco
+oWj37hb+3KkmIIsAYB2DjnWYkMPu2B0O4uSOHYAWfEJtRvA8qW7sWj+q1wARAQAB
+iQIlBBgBCAAPBQJam2geAhsgBQkB4TOAAAoJEHLjPk3xpQNulz0P/2m9veAAGGCO
+yPsqiNVVa8lrhmLGh/W+BaoszQ/r+pfin4xTOV5K5h3MC5CVJM0JxP/cxNol+Nmr
+cYGbZgq4QhLlH6PdQ7cReL5ED6Wi+eHb4ocvXJqUuZ2Gl8Z7gzQzp+WFbLrn8vXj
+LcyGGEETV84jy+X5cKu24eAjTFK+unfqwfxXFZP5vhIEVe7+uG6A/pMB5eLDqEUh
+FQUcWqCF2Imt08Kcn7HL31GoIY0ABHdD+ICXZE5lTm6iJGzpFBKdTMm/e5igCJ3v
+/tgtWZbnvyseLR/T/gU1JyheS9kNXP5sICwicBbY/vnGdEP6OKpDOSfQam5x4BBj
+cvsBnsNuonY7OJn4iLY6LviQ0MM91PbaJUUJrp9Uyi4hj9iO/MZBaG0Giu0FKjG6
+Vk+RlCYPjYIvHflQLZHe9BWLPN1AvaLKszt3IYaxS5seXCu0ZqHDGCBVqVCNDDJk
+MJbHlrOVZ9T6mZhA+aQ1EJvTWk3MNj1AOyCJdiXtOOdg+4Fm5dN7nLpumLIg2yP2
+afI7YfrPGA7sm+T0IMnOWxkK+KODC7OV9h/QjyBJDcUYGXLapuK9eP80cr8hKvH7
+S3G4Top/rXDpnBNQ2azCqmUwaJWNRhLucC80Vd00d4pWIOwAPWpiV70Fq8OhQFhT
+PNXwFXVLwtNfPvPxN1s+Vk+BBXp+M19AuQENBFqbaC8BCADSq89Z9xWRS2fvWI/N
++yEWliIU8XiqC9Ch+/6mS2LEyzB1pPLIIQcRvM6rq2dxXIRveVGpb63ck9vUtuJG
+//es+DnDkO7re+ZmWHX+LAqMYNdaobSYxHkkR4CcY2HbPSEUbb//Zwk4BDyp3g3W
+bKK9noVbslZuSwWNrxjX/Hieh/dIGYkNFeWOlmNfUYsevzqNDjsziOagyXKxLc++
+hUM3GKgzXRQJBvBpgzQc4bRY+YGHXtZurk9AiZ4ZBhWv2Qrb5OYYislE9sdv3KWV
+Iv1EBpbkAJ9MM1HgS8bkIOIpNs4XxHY6fTWWdrXi+NgZXQwQRYaWTQsXL3mktarS
+fFfTABEBAAGJAiUEGAEIAA8FAlqbaC8CGwwFCQHhM4AACgkQcuM+TfGlA24vqg/8
+CsVBHO4mh8SSaxdWNEU+mG4pU230BRCwrfn42wuSKb7WNLTTcWMDNI0KY/JNcWSq
+G2qa6lngiAyOS72Jd635ptZ6Wvjd0WtBt90NN2jtn+aRqwQ8uItlYMQscofFzskj
+QnBF+NWER+44nxboghuQ041m6aI2XmYUErSOBZi6onbC3svH6coMldkkiueWFbdB
+qac3UXue4LUcaGR5T9pCQsLgTl3D8V5icEM+HpTVVGQZkVrOuKMKe6T9N5FS/WFu
+T6CuFf/OyU15a6RE4WW9QqKYsaHl8B6+0P7uqPoVIxs8hfJcwaUu9XwIiZYBZg7N
+yYCQ7JBapC5KZlIcTCfFSxby8lCJoZbIM3Pk/pgCuKxGaS9rHHUGuIvz8TfnM9FO
+2zlxl4E6k3NFgGKF3p6oiKayC74o6EOw50p6DMjrisG7kkWVsTRCMINF7CcfeVme
+MI9ljGAMB1hPtHPhl27hMRfq+/iIbR9gb7+Xw2yKQL2QRjMDIGGxP3q4NjD4tV8P
+VyTbAAwNARG8oMpNM628v3tsW+WYNot1SPUQuZbIx1pCwMeTqljWsdQxWRVW5UxM
+dnXTCqZhQwH0ICG/jbepbP6ciVB/CSa7TVohEK6jiTMorhqynRMMJ6p48Z6HIlyY
+0Ss8q9K29eXaqmLB8Oy3HmupqxH95TqMntqivzf6i6e5AQ0EWptoPQEIAL1OdDIl
+7E3VKAEWH5GnMzdnl9bju/ovoMjLqGevHS9Gyz4OPyZvCQ2pS8k0sgqwsn4F8vWM
+7L3xKTyQTSYOPby3do58+kxUrdTNlqGKEEcZDG+MSzxKyft7m+37fzbg6tcU+O3L
+/7m8nYWQSRKJeist7Q8HrQJzehuzcgAnNmpeBqXHnAwRBvtqORvz5cQAIQ4EsEvP
+f/unTjw95JtL1LtBOaOaynF9ap/TZ34OvDdARmZSdqPpRtEvjfgIboIYYt1dNmDH
+kiSaaKaqBLCJTD2z5KT8ccDeF8lzYHAYzNy8v2lTc9vagCZH+lf3d2d6umNcr4y1
+NGEN4ZEhrmt/lP0AEQEAAYkDRAQYAQgADwUCWptoPQIbAgUJAeEzgAEpCRBy4z5N
+8aUDbsBdIAQZAQgABgUCWptoPQAKCRD619WmVzqkJDTvB/49MQNQk8YJTwAnbdSH
+7stU2uQFBbkljE8Juz5WJK53lL6xUVUp/3gKrQio1F+z9uRVqRh0cQnqX6mPMe5a
+2dlHEIDHTJjSlR5GCCBRDbssV6SN72xSVgbxVGZ9L32qUYtiwGnxwXQC9D9KsonD
+YfGfUhD1CLAldr6HwhJkOq4QKz5GF4ty8sMKEcpM5UaR2sa2y6Ebn9Vzma10YaVp
+X7RlZM/iTiDhTmWuxLh7e21DI95k/eFqHpKA912N0n1BdzZPbwk83nVRxXg793NU
+RFpegzlLawtaCW9oVJOYqErMGOYN5nbXAHXsr5X7Or70v1Yo1khgzNOfnirO57T9
+VjT0J1QP/j1xobgMuNda7Fpwc0xo2oIKEf+SWY9GQrkUK7wCLDbpgbGVxTmREkyE
+6oyDzW1QpQXRjLS9Wvtun0J3Wn6r6Aar0VaGKa7uiiq8UORWtFkWQAzzyBj87Rjx
+eWZWV1dzLK7eMJdyN0gsOzcejrsOqf1sydzvhm4K66byjDZ78piv0DdyPIb4OsiQ
+QU2GH+QwGRYIkYlU9f9g+hSasAfzvrATHlJZNrOjOCgXbut/yP9ug3DHKj76wmoU
+n/Y4rpmskAzIQrZIpimkpNBmZVTGr4bkWcokVzrRFor3NCpl1qA1K9Cd43wARH8t
+Zwk4evI4abbqUId0vVNCKSSDyCCjgNwRsmU8RXdn7r0vs4ObKuWfY9Yl2y8tq3qO
+YPHr0r50YXWtKqUNy5JUc3Ow9DFR1p4O4yfmiSyTLUyOYbglfvtnO32OJkrrZ8Kq
+iSDnyiq9u2nYJAEHk7AchF5TJrTCnd8yWNIjohild+wc+rMKktspoEcxmT6zaK4T
+AymmEe3jzQhlxptpBm68t2E5kaYFQh+NnizXlRcmFjBgEhH2CxCoerUpK82Y+MuE
+S/ODmF9kULre14aXAAspj4vldQ/LJm0SYEfTkE1sDipJQUzv6oS5AFloQDXZPWTB
+15P+Xsj8sJV9hWCfJZVmppWuPg/pCYXwdjUHUYouTz3ZL6qnUbm2uQINBFpZUO0B
+EADZkfsbXPpDcMALUgVmB3cJU90tFqc8Q5guK9oSs3ibx4SmyhBVmeF2TF6PQNoK
+YvpUR50hAcx2AbwtY51u0XxrAr8kFiL6R5ce/0pVMfXGchcC58CJ3uf+O+OPt080
+ftyVSTsY9xEnBohMoJescn0L/IPaM6KkkIFIMAI4Ct3QCHox7WHgPLrqB7Efx2Dj
+Qkgjbioqj8zVKDwxTs0S3sknch675gOhsCkaI7KMcRGACDinKRF3wQha4brNa8En
+vPTV01Cv0ttCo6NCcbQzQi8QQYpMQcWVkquEJWweZQvL/OvYWdT13JgnIp66pkmo
++JvGTOqQpSnIx6OQnV9yqwqsg4E0dkCE+9rDYAHpwvmRkaI2sItjN4KAEQdTWES8
+RgGVgfCtvNH87PqpaPIgarMDY/j5KqTDp/7Nc5oGLCmhwZiYzQa7Bm5uVNnYIyOO
+d1IjfclgVdVAzMOmrFytvXFCBcga1khL15taC7s6Vuld89TgMZdSot2RVz8W8Xc+
+39ZrBvzrCeYsPq5/U0Z85cnOSw4skwh06wsxTvL1D70SilI2c0YdR1sVgbhq04HN
+7FyE7SDQ1GqxyTJAU+OPH3Pk97Bl25vWD43RCCIjSUHhKzQRPno2ItObFepE+QJH
+lSO1YMXmZDAfsRts3dca3VSDOdAQely6G7HQu5kXWXGtRQARAQABiQIfBBgBCAAJ
+BQJaWVDtAhsMAAoJEHLjPk3xpQNuRlsQAKnkyjjXRvfMB3eKZ1PrWf7DBx5WL8Hk
+r2QAnv0diDeRTzotQyzKivf3/W3gQc9kQi/ilaPuuXeW+yKiNQaIbai7EC0DdyHa
+qG9s8F7UDoojFOGCc3OVpQvuucVbv4a6EpqXBI6ayrQW0jMXakiuIF/dL5uCGRLn
+sPMB87xJfMrkqEziymJMooQTRckgj2S9J2QYDZFxmKChPl1kXMlmx6Y4FhzrsYwo
+I47hW9hHG1+8129FOgwYTwELEuX6FKShcKpyy77b4Tar3UvdzNkfaysFPvX3O7Oh
+Bes2VgfslEZSgK2CScigvLIz9Ehe9CUw6WEC6LZW3bbC+Cbz624gOsm/GYI9Llsc
+5/NMMwQTCoTRm+b0UAYQvzHDS7km9yceNSfFlkpE/lWnIt9E0H+8bOwEbYF8y2qy
+yLXIm7MYEm4UnUZ0j8kihP+wSHsZP2xPhjEUcQw1ZWhWLACvzlEC0a3zsovoJ6U8
+zrqqfEBtuQgfwwJRWArMLQn/rlEJSrTrFfehwhvH3dPVSU36N5nBA8ls5YlSHBQv
+38dChpBXu3wzFhetkSuHxdlfopeZMtDmljnIkBNTEFg01oqJNPbyiX2JQcfKizCt
+maCIiJY+hOYIKkJdkt1FyOhADBciebxCQrpIIzWupeyQNuVj3I4g6YaQX00+kgiB
+H1XKrAg/dpMNmQENBFrHiEoBCADASg9zHYzaSU0/1q1hcmTHU6H4syCQXHHd3zF7
+n/RcsGnt4RBuUi/BUvNp3zYR6uFOyyk6LPV1hq2Ca8e/oSFrDYxqLladESQd9GNN
+stDeK3HinsWJCVwSbkzNJbUtyr6SclmWt66vNqBZngMallJRQe8QDqpg0ZSZj/0d
+VGxPBR16zc/2ddGnXJFe/V5XAWAap9SEo44pyGK4xf87Bgq8jT33LuQtd8exOk3E
+atkK5jLEn9xmiheoSePEhOoQSrJMHfMjFka0PYZlCeaaHw7r7yXb/VoHFOAPxb6k
+a1cunbp39b4z7Jy9kLBy0tbDnAs/sLp4LUN3Vx1JLoXBSIsHABEBAAG0JFJhdWwg
+Sm9yZGFuIDxyYXVsQHByeXNtYXRpY2xhYnMuY29tPokBNwQTAQoAIQUCWseISgIb
+AwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRCVRSpwGBD+26lmB/wJxChWwva0
+StjMRSk3V7JTBPi5RNQm3VY8UydUNjsXzHVvtjUczOj+zHfo8tYUYa/ypWujXEX9
+bVYVMr9JGNjm+rysI1gmW1gcx9pZr9gde4CR4Owfpwjh8oFnSrBBrcaelb0Krrv4
+Okms43fEw1bWpllayal5SqknOIxpw1ZiNpG3jVe/C9n1/3Nw4XF5R0RHDxXTu6Hu
+H3t7zRQwAJcOod6ccRdzNR9CsGdnOoNPG3pqs9w6zWUp0QETMAMcEpSLCJumaVfQ
+24PK+MF92F5JRwNVt80xSLA9KMyNnv/ZvxZXXLjkIhsAmwYkHUs3WSm5HJ4qqOCX
+V8VwFbwnea3eiQIzBBABCgAdFiEECuAFHWR7o8GpF69AcuM+TfGlA24FAl9zs2AA
+CgkQcuM+TfGlA24dMA/+N31SPAXVgwiNasBknb+YSq2/OQPogxQUc8tupvDcQ62H
+u0kvA7pUPUFjITJ1xsm8CRXfb7Hge9rNUw9Y2MNKf4sIDQs3bFeKOiAGVbO8Z055
+5VCTWWPhXzjWoR84YWrx0Go8WT/V3Lahy4frGA3Vsza6wzi2P6c7LF4jqX2iBD1l
+OpAYNGyt0sX/RLp3s2jOTWJwVyRR4UKSZOgpi9OTGLXrq5oU2dpwEIzBmhaWIs+u
+oD5/4TaAt4lEFu3Sxk5w8fJlUXbM4IG8A1l+dnRPF5rtjtfvuX0GeQcDtJ5e1qHj
+7PvVj8HjGPwxqsAjYHpg6QjyQCdtHYHdboEIU+OXMYRPRh2Iv0GUoeuMqoSsvFgn
+c9PGN8Ai5u+oNzKeLJhpxpLV7s9zAbsripdnvDBn7RwuNx2ziqZayxoYvFRCAQl5
+wzr0/eo/wq36D9EI7uJ2I3yt1g/VkwWQsAeE2skuGGbwed263cWTkl6g1w+vlDY3
+/jc3a8HcS0zIUX194ChrbbNezGb74mQFoLk6PksLfhXseAKCs8bvPaTwIm0JGTMT
+YzkRufrv1+I9KPFy3fTpvnMZTbud4nPCLsK179whk+Jrdv866i+E2WZ1JyzIZ9bB
+P1x+ABi82PMdzhTw+pTkR1CVHmrmOiSi2MHRYGMedM9ECGnPIdab5d75r1qkuvO5
+AQ0EWseISgEIAKHrgTVeZ0CWZMETk7NFjDTvBpoTMQDT7DDe2vFQHc8D2AvR3Aod
++CUaOeY0Yp0GOemd7BEcUbpYbCQk1B9G8vHNcQqTMLjBgujXwF6w2c+lqEu2/tyI
+2/uGCOBDs4wuQZo+akCCMekqYjdZBfZV6nQzf/l7eQHIq+sNtnSiZmHdH46PLi7/
+17wR9GxzKvuv1R73DCyekCcz1Puo0b7lfGD28kESJK1Mg9SAOqVjtaS58Oxo+Y1M
+ZWRqh0tkAkgOBpdyddGy6TX/9c3a0U3eBQweRpNDh0eCEh5UsYDluL4NtXj7rVYd
+4mHONJzI3h1LnKWvpVYmk703MPmtgeJwNzEAEQEAAYkBHwQYAQoACQUCWseISgIb
+DAAKCRCVRSpwGBD+25PxCACNBj/2HBSpdYAxEGhNHSaw62y7Jwuf7NbsKIAqygzi
+m2+dxae7PbAm64jEXYJA5GaCOs4xO52S/2+1N87e5J86VRNg0vlA9/ivFzERAxEg
+rgIUyGXYfS8oA/4r5+PfKt/NvXO2wH3MPakrqZqXhOv+1IPvOt03wWoZKmYyVT6g
+YnzutOsvH6cbhUh/D0WpuU8ZgkrFu5Xe7ynZoLm1qQOA23pkxxQbeNs0uoKUja9v
+bx4eBtaliLc6rsXt+1WzdXA5ZRNqkdn87Tz5IU0FuQYVblYvPz9QoUlvx5siWVaP
+Mmc7dIctWaWyaJmgjkLKdy36ydS5axhqn158yIjOZV3emQINBF8h6lMBEACovC4z
+oieJ9iMZpWfylsLQKkeEmfSXnjcjW4RLUjs2CRWj+W6H7eCRy/MBOdx+6zAb8TE/
+n/TSlP5l5Xx40BGDAMUZVFrJVEkMPK5kUmNzybg7PiuMd3qZE+pNyHEXXlLU77Dn
+VO26TD9RvpKXdjm+ATsnQ6rvDNszkYI2Bj1tPxwZ7bRi96U/upL3WfYOsTLHirM3
+pEkI3zfMZj8ufDX9XlmGrQ384E/hTgjpLXmDm/jMRlX3mRzDkV1HO+gEicfePm5+
+K4eWlMCNXN5bcGwoEFY2LwAojRcbRaH/UH2S3btkG2eSK2fOFEwQ0G4vIyoLF60R
+cEk1s6cYIgk3kVsmNSzA5iJ81nD5bbfTceUKsjTZiw5RmN0Vh5g75pw+3uoXB+55
+egabEIt/GTZZlP6zhd/CKjTQR0R4+ZaEbZFOCtABukC5xfWGCRdNmXAWMBe0MYpW
+ub2TRLISLfNNc7GWM4Y17d9aRhaql9gY6QLIRNGYuvGPiRMaJADZx46LtbWo8YiG
+xLId7H8D+/0MSzMOg7RhELqYScYDigiVEXkTHA3QSprf/ohjm8woRhQY5CjCEZp5
+8MvhD40VAo4Gxgx1V8lwB3CD3kDgFEaUZh2H+N/fmRegACN2lzEm1krOiS7sAB48
+/Av99/1VXalLoBbzFTnuAYwnmLk8vdparT5LlwARAQABtChUZXJlbmNlIFRzYW8g
+PHRlcmVuY2VAcHJ5c21hdGljbGFicy5jb20+iQJOBBMBCAA4FiEEMX1ukQWPjzwj
+A7p3VjE+RFgSl6YFAl8h6lMCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ
+VjE+RFgSl6YJgBAAqIAMzMFf/+qE896kuXYSlmaYtzhrMXgQVD09UgSq4JfVYudE
+e8EfamWz8RFV7znxHO/5Fp4yoWeDGc2b40DhivvRb1p4XSJi+F64moeHt+qn4Hay
+CDs5wGv40KJk0+2r7iILc3Gw4NP6r4c2HU2EqSW8fn/bYM3yxLsYEXt5zhgipKpR
+CB4WmqojW+CxXkj8dv4CyY+HlKJ6nZWstK42h736njM44rjMDSDt3lv0ZYykopTw
+09THnHkWOXY4PSrKOzE+OqsPMPOD3Gq3bYPqQ0ZgdS4FeuDesqqHjJabRX+7DgJK
+lLEnylfDlvDKf6I/tqrAfqCCdQvEjpdQXG84GSdK//wT1biunHvGeyHM/PZx9V5O
+X8YoecswcYjozU1F7x8buk8GxV7ZuJ2pbdXr7jTou1dA7e4Nas9Qu1RcK39MoTYc
+Ub467ONFCX+Y3MzELTnEyx4hSwTxlWg7VjCQ63zrFOd8VG0WUydlqiHgIE8WCJVE
+pQlrr2v/A6ieM1HY1Ftjt+mk/qncqibCdyIofyV4o5FrVo8arx74jR+Lhvkp1T9N
+uRj8V6M3g9vxJdAsy1O5/ZrdwKJ6Yy1n62+9b/uxhklYONK7DpDlWU0ZLWHlKEIV
+zzfILCiLf+nxMQdVwuthlcysg8JwYEE8xDXc851ciuj0ygv3Wm0BY44V6/m5Ag0E
+XyHqUwEQALuKzOAlo75p2vSYD7TecE/E0hBOS+cjs8kRH+oIzm5fx7sf00SC1jU2
+q5QLYLixNeT+l0bD70R7b8r2uFu1aZL7pQqbGIGisLHlxu8611+PCpE5AsQi3Wui
+IZ6Y8K7grJ28vviBiZUBY3iCCRH0LuvyZN3R0zgyMGbzouQk5wuGJUkRHJKtV5by
+FVEl3CYudRtAp5LPFw6j7UzT5yQqBmY6tXp5WMmmAvOtnu8ohpRhzY21dJMlSykX
+Ne9rcARy8mVWNdcXJUIc85z0BmyrdiA4YY0XiZTHD9mslj+af4QHsaS+p3aorTLD
+5BKkp5Ek79a1BUxBjrao4W2fljYf129/SHbwds/Dup26zB2vi/fhbfVPvevXLPpi
+Vm4uz8fE4D5lPYZAdu5GtO2V9kWbhDtU1R1SJSdFDI9Sev3B+NLrstclGfdbFQKF
+shbUxydjSX56OJvh5hee50PcCz+Ab+usoyUPkcOfET/L55AdqJo3cVYtnAKpOJG/
+mKP5Ih3LZVm9wCdWTCzboEtDfLlcjCc5kLiE9Pq7sKMnXm/NcXNFWBkRuaHg+Mt5
+Yk659/Q6oUG3yUrS2d7cSeuNRWNlaRlnk3hZtB13xpmoHGYmrMOe7wiEE5xEnOju
+1ctRRRX6lNUPlSvID83Y9JSYL9hYMbidRmFY28AIddT/PjVTgfi1ABEBAAGJAjYE
+GAEIACAWIQQxfW6RBY+PPCMDundWMT5EWBKXpgUCXyHqUwIbDAAKCRBWMT5EWBKX
+poMOD/4/sRLnK94pY2qtSSfNZEumOdQVvges08u34saG4mT1iLD9TcRgsFvgwcTV
+Pec9Git4iJmoJpFylvOzoBWmtDzJ7TB3JxvtwUfFH2uZ22k12eChyAFHI8TxASqI
+TV2YwkIgB2PTmva1GrdNKM6y5bfS1BdS0u+Etgp4zN9nyQECY2sM2accUi2S7JBV
+7o6lEJWCRgFUwIfY6fdfxhZo/w0g2u5wftUQYlbXWSQLImFFZBc/13k8EMxsfbMi
+LQ/wxKEfe1ZwFoXqIS6cq8CHTdj70QO7K9ah6krGPmL23LVuxlkQIR7mT5yFJtv2
+VRT4IYgOUl6rAd08B6MOy6MOMa14FpNrAybPK8Yd/eSdUNciVf17q33Yc15x+trs
+En1hHbDS82xaLJ/Ld4mANeJVt3FodgVmzZGpKheFEOFXXeuX1ZZ4c9TgX+0wBKoh
+aBb8EGBVo4aV4GbZ/gEa8wls5NNTwd56H4G94hiq+qFM39x4YjhAvkM0hLRYzR05
+tSCdlEbkh2K6RbOhBPsNHCbypWRt2fN8/q4uLPJJt7NRQ2zi6H/x04HGblhXdX6H
+mmYjJv1LTbem9VptcpvPauNsibeIvIWA2nYM2ncDWt6gJpOH9Zh4fHuaG4aCdNmJ
+hPNeJNnmLcpDQvR9wU5w7e5tC/ZSeTZ5ul1zOKa1qZ4lJ50BDQ==
+=a30p
+-----END PGP PUBLIC KEY BLOCK-----

.well-known/security.txt

@@ -3,24 +3,24 @@ Hash: SHA512
 
 Contact: mailto:security@prysmaticlabs.com
 Encryption: openpgp4fpr:0AE0051D647BA3C1A917AF4072E33E4DF1A5036E
-Encryption: openpgp4fpr:341396BAFACC28C5082327F889725027FC8EC0D4
-Encryption: openpgp4fpr:FEE44615A19049DF0CA0C2735E2B7E5734DFADCB
+Encryption: openpgp4fpr:CD08DE68C60B82D3EE2A3F7D95452A701810FEDB
+Encryption: openpgp4fpr:317D6E91058F8F3C2303BA7756313E44581297A6
+Encryption: openpgp4fpr:79C59A585E3FD3AFFA00F5C22940A6479DA7C9EC
 Preferred-Languages: en
 Canonical: https://github.com/prysmaticlabs/prysm/tree/master/.well-known/security.txt
-
 -----BEGIN PGP SIGNATURE-----
 
-iQIzBAEBCgAdFiEECuAFHWR7o8GpF69AcuM+TfGlA24FAl6HrcwACgkQcuM+TfGl
-A26voQ/8DFB5wUHP0uyY8k7FGbxhLzSeImxomnUHJaUGfdczbCdYPMEHc9zI1iZP
-6LRiy9wS6qhqj/GSKVwvDPr+ZymXuV3L22GOP2lRhl7Z9Mm21ZJNOcoQBFOZnyHu
-DAy9HeTmeuJxYkf8weqZYXyzEoKJBDmfuWmEFjrtMcFXUfT3aJn1E2A/AQdcVQIC
-9L+iGWwFwjsPhcfaMuwcB7QMheDO6KSB7XPPCbrZ036Np8UTZ4qbZ5y73tlfkcOc
-tYTrMSPtS4eNutiDOP5Np36cLzRtNpm/BziAK+7ZKiYY0HI5h9IkCTLO4x2UmAMX
-sPoeaAB5z2QLIwmU9J2NhJrwiNMGTpJ+0bowy8U4cgzAX20CXVjRqGhy+cir8Ewg
-DjEGjWINUw6W0yzJp0mKSKzuOhdTTmzIYBeMBsyce+pgN1KGFCxeIwxGxyJzADdw
-mYQdljRXn4yEYP/KEpu/F2o8L4ptRO2jZWKvTvdzSSGGSyKyF4HsIRJ7m98DaB6S
-0oGq1KpbKKTbQi5g8UShGV2gPeMCs5ZIIqK2b/cRzUet18aUuofLmR4lkKZa9yEG
-rbzuJq/gB2vgQwExUEgVQ3/DfVc+y80e3YZ5s+rzV0vbLxl4Gh4yExpLo7hRf9iY
-EFvMzH+BEEb5VfCwByZyV1BmesZVIosr7K6UmVtPe0bZGvv3uIg=
-=5qpD
+iQIzBAEBCgAdFiEECuAFHWR7o8GpF69AcuM+TfGlA24FAmGOfiYACgkQcuM+TfGl
+A24YwRAAiQk3w6yzqSEggrOlNoNn04iu/rWZdn5ihkQgzACXy8XH2D1gdKLChE/X
+7e5bUtgE2aCuHryQjwoKxqZakviBJFstVmHgF64rXv2zKhpqA30Mj4fI+T3zn8I+
++FpFV0TTsxNLDx+AcR1eQ1nSayO7ImUDIfOQNDDnSZZy42Bc+F+QIGKB3aH/8bpG
+kT+bDTZrXvX+TE1gZTbAtZG8sH8g/zadoWEHIhfXUuYb0kTz+DRzAxoqU4j4Z4ee
+1zSfFAgfJwxJP4kWD7s4xkE1sBbCgGBeD6cW/C2lbcfIei+XSizLpHW3jD9dNqh4
+fLkmEspSa/LV/iXFq8nFzu/GLww4q+sQZDzzDKZyws54CrATinRitZMhzoIL0bTn
+yFZVOGHosFAMEVZ36dl1Aw2+B2W6tr2CVr9c5zfV+kup5/KZH1EmT5nYY/zFwfg2
+jYCFB5wmYeiyWZvuprgJXRArgVZLZaJxwWazlPVk4i/4vPvRgvfHqOwHCBe8DXy0
+VHPhpewwb/ECYek1KoaNQflgR8iH2GMHkC5RjhGDAt1S0AQDtite5m4ZYt1kvO9E
+k/znkv89dduhL9CKDvZvnI+DICwsTrf//4KJ8PM/qaPAJa4GvtiUU/eS/jKBivtv
+OP5dZQtX6KPc9ewqqZgn622uHSezoBidgeTkdZsJ6tw2eIu0lsY=
+=V7L0
 -----END PGP SIGNATURE-----

BUILD.bazel

@@ -3,7 +3,6 @@ load("@com_github_atlassian_bazel_tools//gometalinter:def.bzl", "gometalinter")
 load("@com_github_atlassian_bazel_tools//goimports:def.bzl", "goimports")
 load("@io_kubernetes_build//defs:run_in_workspace.bzl", "workspace_binary")
 load("@io_bazel_rules_go//go:def.bzl", "nogo")
-load("@graknlabs_bazel_distribution//common:rules.bzl", "assemble_targz", "assemble_versioned")
 load("@bazel_skylib//rules:common_settings.bzl", "string_setting")
 
 prefix = "github.com/prysmaticlabs/prysm"
@@ -12,9 +11,12 @@ exports_files([
     "LICENSE.md",
 ])
 
-# gazelle:prefix github.com/prysmaticlabs/prysm
+# gazelle:prefix github.com/prysmaticlabs/prysm/v4
 # gazelle:map_kind go_library go_library @prysm//tools/go:def.bzl
+# gazelle:map_kind go_test go_test @prysm//tools/go:def.bzl
 # gazelle:map_kind go_repository go_repository @prysm//tools/go:def.bzl
+# gazelle:build_tags bazel
+# gazelle:exclude tools/analyzers/**/testdata/**
 gazelle(
     name = "gazelle",
     prefix = prefix,
@@ -23,7 +25,16 @@ gazelle(
 # Protobuf compiler (non-gRPC)
 alias(
     name = "proto_compiler",
-    actual = "@io_bazel_rules_go//proto:gogofast_proto",
+    actual = "@io_bazel_rules_go//proto:go_proto",
+    visibility = [
+        "//proto:__subpackages__",
+    ],
+)
+
+# Cast protobuf compiler (non-gRPC)
+alias(
+    name = "cast_proto_compiler",
+    actual = "@com_github_prysmaticlabs_protoc_gen_go_cast//:go_cast",
     visibility = [
         "//proto:__subpackages__",
     ],
@@ -32,21 +43,21 @@ alias(
 # Protobuf compiler (gRPC)
 alias(
     name = "grpc_proto_compiler",
-    actual = "@io_bazel_rules_go//proto:gogofast_grpc",
+    actual = "@io_bazel_rules_go//proto:go_grpc",
     visibility = ["//visibility:public"],
 )
 
-# Protobuf gRPC compiler without gogoproto. Required for gRPC gateway.
+# Cast protobuf compiler (gRPC)
 alias(
-    name = "grpc_nogogo_proto_compiler",
-    actual = "@io_bazel_rules_go//proto:go_grpc",
+    name = "cast_grpc_proto_compiler",
+    actual = "@com_github_prysmaticlabs_protoc_gen_go_cast//:go_cast_grpc",
     visibility = ["//visibility:public"],
 )
 
 # Protobuf gRPC gateway compiler
 alias(
     name = "grpc_gateway_proto_compiler",
-    actual = "@com_github_grpc_ecosystem_grpc_gateway//protoc-gen-grpc-gateway:go_gen_grpc_gateway",
+    actual = "@com_github_grpc_ecosystem_grpc_gateway_v2//protoc-gen-grpc-gateway:go_gen_grpc_gateway",
     visibility = ["//visibility:public"],
 )
 
@@ -76,45 +87,54 @@ nogo(
     config = "nogo_config.json",
     visibility = ["//visibility:public"],
     deps = [
-        "@org_golang_x_tools//go/analysis/passes/unsafeptr:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/unreachable:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/unmarshal:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/tests:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/structtag:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/stdmethods:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/shift:go_tool_library",
-        # "@org_golang_x_tools//go/analysis/passes/shadow:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/printf:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/pkgfact:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/nilness:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/nilfunc:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/loopclosure:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/httpresponse:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/findcall:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/deepequalerrors:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/ctrlflow:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/copylock:go_tool_library",
-        #  "@org_golang_x_tools//go/analysis/passes/cgocall:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/buildtag:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/buildssa:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/bools:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/atomicalign:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/atomic:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/assign:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/inspect:go_tool_library",
-        "@org_golang_x_tools//go/analysis/passes/asmdecl:go_tool_library",
-        "//tools/analyzers/maligned:go_tool_library",
-        "//tools/analyzers/roughtime:go_tool_library",
-        "//tools/analyzers/cryptorand:go_tool_library",
-        "//tools/analyzers/errcheck:go_tool_library",
-        "//tools/analyzers/featureconfig:go_tool_library",
-        "//tools/analyzers/comparesame:go_tool_library",
+        "@org_golang_x_tools//go/analysis/passes/unsafeptr:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/unreachable:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/unmarshal:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/tests:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/structtag:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/stdmethods:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/shift:go_default_library",
+        # "@org_golang_x_tools//go/analysis/passes/shadow:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/printf:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/pkgfact:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/nilness:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/nilfunc:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/loopclosure:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/httpresponse:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/findcall:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/deepequalerrors:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/ctrlflow:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/copylock:go_default_library",
+        #  "@org_golang_x_tools//go/analysis/passes/cgocall:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/buildtag:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/buildssa:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/bools:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/atomicalign:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/atomic:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/assign:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/inspect:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/asmdecl:go_default_library",
+        "//tools/analyzers/comparesame:go_default_library",
+        "//tools/analyzers/cryptorand:go_default_library",
+        "//tools/analyzers/errcheck:go_default_library",
+        "//tools/analyzers/featureconfig:go_default_library",
+        "//tools/analyzers/gocognit:go_default_library",
+        "//tools/analyzers/ineffassign:go_default_library",
+        "//tools/analyzers/interfacechecker:go_default_library",
+        "//tools/analyzers/logruswitherror:go_default_library",
+        "//tools/analyzers/maligned:go_default_library",
+        "//tools/analyzers/nop:go_default_library",
+        "//tools/analyzers/properpermissions:go_default_library",
+        "//tools/analyzers/recursivelock:go_default_library",
+        "//tools/analyzers/shadowpredecl:go_default_library",
+        "//tools/analyzers/slicedirect:go_default_library",
+        "//tools/analyzers/uintcast:go_default_library",
     ] + select({
         # nogo checks that fail with coverage enabled.
         ":coverage_enabled": [],
         "//conditions:default": [
-            "@org_golang_x_tools//go/analysis/passes/lostcancel:go_tool_library",
-            "@org_golang_x_tools//go/analysis/passes/composite:go_tool_library",
+            "@org_golang_x_tools//go/analysis/passes/composite:go_default_library",
+            "@org_golang_x_tools//go/analysis/passes/lostcancel:go_default_library",
         ],
     }),
 )
@@ -129,17 +149,8 @@ common_files = {
     "//:README.md": "README.md",
 }
 
-toolchain(
-    name = "built_cmake_toolchain",
-    toolchain = "@rules_foreign_cc//tools/build_defs/native_tools:built_cmake",
-    toolchain_type = "@rules_foreign_cc//tools/build_defs:cmake_toolchain",
-)
-
-string_setting(
-    name = "gotags",
-    build_setting_default = "",
-    values = [
-        "",
-        "libfuzzer",
-    ],
+sh_binary(
+    name = "prysm_sh",
+    srcs = ["prysm.sh"],
+    visibility = ["//visibility:public"],
 )

CONTRIBUTING.md

@@ -1,18 +1,18 @@
 # Contribution Guidelines
 
-Note: The latest and most up to date documenation can be found on our [docs portal](https://docs.prylabs.network/docs/contribute/contribution-guidelines).
+Note: The latest and most up-to-date documentation can be found on our [docs portal](https://docs.prylabs.network/docs/contribute/contribution-guidelines).
 
 Excited by our work and want to get involved in building out our sharding releases? Or maybe you haven't learned as much about the Ethereum protocol but are a savvy developer? 
 
-You can explore our [Open Issues](https://github.com/prysmaticlabs/prysm/issues) in-the works for our different releases. Feel free to fork our repo and start creating PR’s after assigning yourself to an issue of interest. We are always chatting on [Discord](https://discord.gg/che9auJ) or [Gitter](https://gitter.im/prysmaticlabs/geth-sharding) drop us a line there if you want to get more involved or have any questions on our implementation!
+You can explore our [Open Issues](https://github.com/prysmaticlabs/prysm/issues) in-the works for our different releases. Feel free to fork our repo and start creating PR’s after assigning yourself to an issue of interest. We are always chatting on [Discord](https://discord.gg/CTYGPUJ) drop us a line there if you want to get more involved or have any questions on our implementation!
 
 ## Contribution Steps
 
 **1. Set up Prysm following the instructions in README.md.**
 
-**2. Fork the prysm repo.**
+**2. Fork the Prysm repo.**
 
-Sign in to your Github account or create a new account if you do not have one already. Then navigate your browser to https://github.com/prysmaticlabs/prysm/. In the upper right hand corner of the page, click “fork”. This will create a copy of the Prysm repo in your account.
+Sign in to your GitHub account or create a new account if you do not have one already. Then navigate your browser to https://github.com/prysmaticlabs/prysm/. In the upper right hand corner of the page, click “fork”. This will create a copy of the Prysm repo in your account.
 
 **3. Create a local clone of Prysm.**
 
@@ -23,7 +23,7 @@ $ git clone https://github.com/prysmaticlabs/prysm.git
 $ cd $GOPATH/src/github.com/prysmaticlabs/prysm
 ```
 
-**4. Link your local clone to the fork on your Github repo.**
+**4. Link your local clone to the fork on your GitHub repo.**
 
 ```
 $ git remote add myprysmrepo https://github.com/<your_github_user_name>/prysm.git
@@ -62,19 +62,13 @@ Changes that only affect a single file can be tested with
 $ go test <file_you_are_working_on>
 ```
 
-Changes that affect multiple files can be tested with ...
-
-```
-$ golangci-lint run && bazel test //...
-```
-
 **10. Stage the file or files that you want to commit.**
 
 ```
 $ git add --all
 ```
 
-This command stages all of the files that you have changed. You can add individual files by specifying the file name or names and eliminating the “-- all”.
+This command stages all the files that you have changed. You can add individual files by specifying the file name or names and eliminating the “-- all”.
 
 **11. Commit the file or files.**
 
@@ -102,8 +96,7 @@ If there are conflicts between your edits and those made by others since you sta
 $ git status
 ```
 
-Open those files one at a time and you
-will see lines inserted by Git that identify the conflicts:
+Open those files one at a time, and you will see lines inserted by Git that identify the conflicts:
 
 ```
 <<<<<< HEAD
@@ -125,7 +118,7 @@ $ git push myrepo feature-in-progress-branch
 
 **15. Check to be sure your fork of the Prysm repo contains your feature branch with the latest edits.**
 
-Navigate to your fork of the repo on Github. On the upper left where the current branch is listed, change the branch to your feature-in-progress-branch. Open the files that you have worked on and check to make sure they include your changes.
+Navigate to your fork of the repo on GitHub. On the upper left where the current branch is listed, change the branch to your feature-in-progress-branch. Open the files that you have worked on and check to make sure they include your changes.
 
 **16. Create a pull request.**
 
@@ -157,7 +150,7 @@ pick 	hash 	fix a bug
 pick 	hash 	add a feature
 ```
 
-Replace the word pick with the word “squash” for every line but the first so you end with ….
+Replace the word pick with the word “squash” for every line but the first, so you end with ….
 
 ```
 pick    hash	do some work
@@ -181,10 +174,10 @@ We consider two types of contributions to our repo and categorize them as follow
 
 ### Part-Time Contributors
 
-Anyone can become a part-time contributor and help out on implementing sharding. The responsibilities of a part-time contributor include:
+Anyone can become a part-time contributor and help out on implementing Ethereum consensus. The responsibilities of a part-time contributor include:
 
 -   Engaging in Gitter conversations, asking the questions on how to begin contributing to the project
--   Opening up github issues to express interest in code to implement
+-   Opening up GitHub issues to express interest in code to implement
 -   Opening up PRs referencing any open issue in the repo. PRs should include:
     -   Detailed context of what would be required for merge
     -   Tests that are consistent with how other tests are written in our implementation
@@ -192,16 +185,14 @@ Anyone can become a part-time contributor and help out on implementing sharding.
 -   Follow up on open PRs
     -   Have an estimated timeframe to completion and let the core contributors know if a PR will take longer than expected
 
-We do not expect all part-time contributors to be experts on all the latest sharding documentation, but all contributors should at least be familiarized with our sharding [README.md](https://github.com/prysmaticlabs/prysm/blob/master/validator/README.md) and have gone through the required Ethereum readings as posted on our [READINGS.md](https://github.com/prysmaticlabs/prysm/blob/master/docs/READINGS.md) document.
-
 ### Core Contributors
 
-Core contributors are remote contractors of Prysmatic Labs, LLC. and are considered critical team members of our organization. Core devs have all of the responsibilities of part-time contributors plus the majority of the following:
+Core contributors are remote contractors of Prysmatic Labs, LLC. and are considered critical team members of our organization. Core devs have all the responsibilities of part-time contributors plus the majority of the following:
 
--   Stay up to date on the latest beacon chain sepcification
--   Monitor github issues and PR’s to make sure owner, labels, descriptions are correct
+-   Stay up to date on the latest beacon chain specification
+-   Monitor GitHub issues and PR’s to make sure owner, labels, descriptions are correct
 -   Formulate independent ideas, suggest new work to do, point out improvements to existing approaches
--   Participate in code review, ensure code quality is excellent, and have ensure high code coverage
+-   Participate in code review, ensure code quality is excellent, and ensure high code coverage
 -   Help with social media presence, write bi-weekly development update
 -   Represent Prysmatic Labs at events to help spread the word on scalability research and solutions
 

DEPENDENCIES.md

@@ -1,4 +1,4 @@
-# Dependency Managagement in Prysm
+# Dependency Management in Prysm
 
 Prysm is go project with many complicated dependencies, including some c++ based libraries. There
 are two parts to Prysm's dependency management. Go modules and bazel managed dependencies. Be sure 
@@ -28,13 +28,13 @@ including complicated c++ dependencies.
 One key advantage of Bazel over vanilla `go build` is that Bazel automatically (re)builds generated
 pb.go files at build time when file changes are present in any protobuf definition file or after
 any updates to the protobuf compiler or other relevant dependencies. Vanilla go users should run
-the following scripts often to ensure their generated files are up to date. Further more, Prysm
+the following scripts often to ensure their generated files are up to date. Furthermore, Prysm
 generates SSZ marshal related code based on defined data structures. These generated files must
 also be updated and checked in as frequently.
 
 ```bash
-./scripts/update-go-pbs.sh
-./scripts/update-go-ssz.sh
+./hack/update-go-pbs.sh
+./hack/update-go-ssz.sh
 ```
 
 *Recommendation: Use go build only for local development and use bazel build for production.*
@@ -61,9 +61,20 @@ Example:
 
 ```bash
 go get github.com/prysmaticlabs/example@v1.2.3
-bazel run //:gazelle -- update-repos -from_file=go.mod -to_macro=deps.bzl%prysm_deps
+bazel run //:gazelle -- update-repos -from_file=go.mod -to_macro=deps.bzl%prysm_deps -prune=true
 ```
 
 The deps.bzl file should have been updated with the dependency and any transitive dependencies. 
 
 Do NOT add new `go_repository` to the WORKSPACE file. All dependencies should live in deps.bzl.
+
+## Running tests
+
+To enable conditional compilation and custom configuration for tests (where compiled code has more 
+debug info, while not being completely optimized), we rely on Go's build tags/constraints mechanism 
+(see official docs on [build constraints](https://golang.org/pkg/go/build/#hdr-Build_Constraints)). 
+Therefore, whenever using `go test`, do not forget to pass in extra build tag, eg:
+
+```bash
+go test ./beacon-chain/sync/initial-sync -tags develop 
+```

INTEROP.md

@@ -1,6 +1,6 @@
 # Prysm Client Interoperability Guide
 
-This README details how to setup Prysm for interop testing for usage with other Ethereum 2.0 clients.
+This README details how to setup Prysm for interop testing for usage with other Ethereum consensus clients.
 
 ## Installation & Setup
 
@@ -26,15 +26,18 @@ You can use `bazel run //tools/genesis-state-gen` to create a deterministic gene
 ### Usage
 
 - **--genesis-time** uint: Unix timestamp used as the genesis time in the generated genesis state (defaults to now)
-- **--mainnet-config** bool: Select whether genesis state should be generated with mainnet or minimal (default) params
 - **--num-validators** int: Number of validators to deterministically include in the generated genesis state
 - **--output-ssz** string: Output filename of the SSZ marshaling of the generated genesis state
+- **--config-name=interop** string: name of the beacon chain config to use when generating the state. ex mainnet|minimal|interop
+
+**deprecated flag: use --config-name instead**
+- **--mainnet-config** bool: Select whether genesis state should be generated with mainnet or minimal (default) params
 
 The example below creates 64 validator keys, instantiates a genesis state with those 64 validators and with genesis unix timestamp 1567542540,
-and finally writes a ssz encoded output to ~/Desktop/genesis.ssz. This file can be used to kickstart the beacon chain in the next section.
+and finally writes a ssz encoded output to ~/Desktop/genesis.ssz. This file can be used to kickstart the beacon chain in the next section. When using the `--interop-*` flags, the beacon node will assume the `interop` config should be used, unless a different config is specified on the command line.
 
 ```
-bazel run //tools/genesis-state-gen -- --output-ssz ~/Desktop/genesis.ssz --num-validators 64 --genesis-time 1567542540
+bazel run //tools/genesis-state-gen -- --config-name interop --output-ssz ~/Desktop/genesis.ssz --num-validators 64 --genesis-time 1567542540
 ```
 
 ## Launching a Beacon Node + Validator Client
@@ -46,8 +49,10 @@ Open up two terminal windows, run:
 ```
 bazel run //beacon-chain -- \
 --bootstrap-node= \
---deposit-contract $(curl -s https://prylabs.net/contract) \
+--deposit-contract 0x8A04d14125D0FDCDc742F4A05C051De07232EDa4 \
+--datadir=/tmp/beacon-chain-interop \
 --force-clear-db \
+--min-sync-peers=0 \
 --interop-num-validators 64 \
 --interop-eth1data-votes
 ```
@@ -69,8 +74,10 @@ Assuming you generated a `genesis.ssz` file with 64 validators, open up two term
 ```
  bazel run //beacon-chain -- \
 --bootstrap-node= \
---deposit-contract $(curl -s https://prylabs.net/contract) \
+--deposit-contract 0x8A04d14125D0FDCDc742F4A05C051De07232EDa4 \
+--datadir=/tmp/beacon-chain-interop \
 --force-clear-db \
+--min-sync-peers=0 \
 --interop-genesis-state /path/to/genesis.ssz \
 --interop-eth1data-votes
 ```

README.md

@@ -1,20 +1,37 @@
-# Prysm: An Ethereum 2.0 Client Written in Go
+# Prysm: An Ethereum Consensus Implementation Written in Go
 
 [![Build status](https://badge.buildkite.com/b555891daf3614bae4284dcf365b2340cefc0089839526f096.svg?branch=master)](https://buildkite.com/prysmatic-labs/prysm)
-[![ETH2.0_Spec_Version 0.12.2](https://img.shields.io/badge/ETH2.0%20Spec%20Version-v0.12.2-blue.svg)](https://github.com/ethereum/eth2.0-specs/tree/v0.12.2)
-[![Discord](https://user-images.githubusercontent.com/7288322/34471967-1df7808a-efbb-11e7-9088-ed0b04151291.png)](https://discord.gg/KSA7rPr)
-[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/prysmaticlabs/geth-sharding?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
+[![Go Report Card](https://goreportcard.com/badge/github.com/prysmaticlabs/prysm)](https://goreportcard.com/report/github.com/prysmaticlabs/prysm)
+[![Consensus_Spec_Version 1.3.0](https://img.shields.io/badge/Consensus%20Spec%20Version-v1.3.0-blue.svg)](https://github.com/ethereum/consensus-specs/tree/v1.3.0)
+[![Execution_API_Version 1.0.0-beta.2](https://img.shields.io/badge/Execution%20API%20Version-v1.0.0.beta.2-blue.svg)](https://github.com/ethereum/execution-apis/tree/v1.0.0-beta.2/src/engine)
+[![Discord](https://user-images.githubusercontent.com/7288322/34471967-1df7808a-efbb-11e7-9088-ed0b04151291.png)](https://discord.gg/prysmaticlabs)
+[![GitPOAP Badge](https://public-api.gitpoap.io/v1/repo/prysmaticlabs/prysm/badge)](https://www.gitpoap.io/gh/prysmaticlabs/prysm)
 
-This is the core repository for Prysm, a [Golang](https://golang.org/) implementation of the Ethereum 2.0 client specifications developed by [Prysmatic Labs](https://prysmaticlabs.com).
+This is the core repository for Prysm, a [Golang](https://golang.org/) implementation of the [Ethereum Consensus](https://ethereum.org/en/eth2/) specification, developed by [Prysmatic Labs](https://prysmaticlabs.com). See the [Changelog](https://github.com/prysmaticlabs/prysm/releases) for details of the latest releases and upcoming breaking changes.
 
 ### Getting Started
-A detailed set of installation and usage instructions as well as breakdowns of each individual component are available in the [official documentation portal](https://docs.prylabs.network). If you still have questions, feel free to stop by either our [Discord](https://discord.gg/KSA7rPr) or [Gitter](https://gitter.im/prysmaticlabs/geth-sharding?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) and a member of the team or our community will be happy to assist you.
 
-### Come join the testnet!
-Participation is now open to the public for our Ethereum 2.0 phase 0 testnet release. Visit [prylabs.net](https://prylabs.net) for more information on the project or to sign up as a validator on the network. You can visualize the nodes in the network on [eth2stats.io](https://eth2stats.io), explore validator rewards/penalties via Bitfly's block explorer: [beaconcha.in](https://beaconcha.in), and follow the latest blocks added to the chain on [Etherscan](https://beacon.etherscan.io).
+A detailed set of installation and usage instructions as well as breakdowns of each individual component are available in the [official documentation portal](https://docs.prylabs.network). If you still have questions, feel free to stop by our [Discord](https://discord.gg/prysmaticlabs).
+
+### Staking on Mainnet
+
+To participate in staking, you can join the [official eth2 launchpad](https://launchpad.ethereum.org). The launchpad is the only recommended way to become a validator on mainnet. You can explore validator rewards/penalties via Bitfly's block explorer: [beaconcha.in](https://beaconcha.in), and follow the latest blocks added to the chain on [beaconscan](https://beaconscan.com).
+
 
 ## Contributing
+### Branches
+Prysm maintains two permanent branches:
+
+* [master](https://github.com/prysmaticlabs/prysm/tree/master): This points to the latest stable release. It is ideal for most users.
+* [develop](https://github.com/prysmaticlabs/prysm/tree/develop): This is used for development, it contains the latest PRs. Developers should base their PRs on this branch.
+
+### Guide
 Want to get involved? Check out our [Contribution Guide](https://docs.prylabs.network/docs/contribute/contribution-guidelines/) to learn more!
 
 ## License
+
 [GNU General Public License v3.0](https://www.gnu.org/licenses/gpl-3.0.en.html)
+
+## Legal Disclaimer
+
+[Terms of Use](/TERMS_OF_SERVICE.md)

SECURITY.md

@@ -0,0 +1,11 @@
+# Security Policy
+
+## Supported Versions
+
+[Releases](https://github.com/prysmaticlabs/prysm/releases/) contains all available releases. We recommend using the [most recently released version](https://github.com/prysmaticlabs/prysm/releases/latest).
+
+## Reporting a Vulnerability
+
+Please see our signed [security.txt](https://github.com/prysmaticlabs/prysm/blob/develop/.well-known/security.txt) for preferred encryption and reporting destination.
+
+**Please do not file a public ticket** mentioning the vulnerability, as doing so could increase the likelihood of the vulnerability being used before a fix has been created, released and installed on the network.

TERMS_OF_SERVICE.md

@@ -0,0 +1,45 @@
+## Terms of Use
+
+Effective as of Oct 14, 2020
+
+By downloading, accessing or using the Prysm implementation (“Prysm”), you (referenced herein as “you” or the “user”) certify that you have read and agreed to the terms and conditions below (the “Terms”) which form a binding contract between you and Prysmatic Labs (referenced herein as “we” or “us”). If you do not agree to the Terms, do not download or use Prysm.
+
+### About Prysm
+Prysm is a client implementation for Ethereum consensus protocol for a proof-of-stake blockchain. To participate in the network, a user must send ETH from the Eth1.0 chain into a validator deposit contract, which will queue in the user as a validator in the system. Validators participate in proposing and voting on blocks in the protocol, and the network applies rewards/penalties based on their behavior. A detailed set of installation and usage instructions as well as breakdowns of each individual component are available in the official documentation portal, however, we do not warrant the accuracy, completeness or usefulness of this documentation. Any reliance you place on such information is strictly at your own risk.
+
+### Licensing Terms
+Prysm is a fully open-source software program licensed pursuant to the GNU General Public License v3.0.
+
+The Prysmatic Labs name, the term “Prysm” and all related names, logos, product and service names, designs and slogans are trademarks of Prysmatic Labs or its affiliates and/or licensors. You must not use such marks without our prior written permission.
+
+### Risks of Operating Prysm
+The use of Prysm and acting as a validator on the Ethereum network can lead to loss of money. Ethereum is still an experimental system and ETH remains a risky investment. You alone are responsible for your actions on Prysm including the security of your ETH and meeting any applicable minimum system requirements.
+
+Use of Prysm and the ability to receive rewards or penalties may be affected at any time by mistakes made by the user or other users, software problems such as bugs, errors, incorrectly constructed transactions, unsafe cryptographic libraries or malware affecting the network, technical failures in the hardware of a user, security problems experienced by a user and/or actions or inactions of third parties and/or events experienced by third parties, among other risks. We cannot and do not guarantee that any user of Prysm will make money, that the Prysm network will operate in accordance with the documentation or that transactions will be effective or secure.
+
+We make no claims that Prysm is appropriate or permitted for use in any specific jurisdiction. Access to Prysm may not be legal by certain persons or in certain jurisdictions or countries. If you access Prysm, you do so on your own initiative and are responsible for compliance with local laws.
+
+Some Internet plans will charge an additional amount for any excess upload bandwidth used that isn’t included in the plan and may terminate your connection without warning because of overuse. We advise that you check whether your Internet connection is subjected to such limitations and monitor your bandwidth use so that you can stop Prysm before you reach your upload limit.
+
+### Warranty Disclaimer
+PRYSM IS PROVIDED ON AN “AS-IS” BASIS AND MAY INCLUDE ERRORS, OMISSIONS, OR OTHER INACCURACIES. PRYSMATIC LABS AND ITS CONTRIBUTORS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT PRYSM FOR ANY PURPOSE, AND HEREBY EXPRESSLY DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OR ANY OTHER IMPLIED WARRANTY UNDER THE UNIFORM COMPUTER INFORMATION TRANSACTIONS ACT AS ENACTED BY ANY STATE. WE ALSO MAKE NO REPRESENTATIONS OR WARRANTIES THAT PRYSM WILL OPERATE ERROR-FREE, UNINTERRUPTED, OR IN A MANNER THAT WILL MEET YOUR REQUIREMENTS AND/OR NEEDS. THEREFORE, YOU ASSUME THE ENTIRE RISK REGARDING THE QUALITY AND/OR PERFORMANCE OF PRYSM AND ANY TRANSACTIONS ENTERED INTO THEREON.
+
+### Limitation of Liability
+In no event will Prysmatic Labs or any of its contributors be liable, whether in contract, warranty, tort (including negligence, whether active, passive or imputed), product liability, strict liability or other theory, breach of statutory duty or otherwise arising out of, or in connection with, your use of Prysm, for any direct, indirect, incidental, special or consequential damages (including any loss of profits or data, business interruption or other pecuniary loss, or damage, loss or other compromise of data, in each case whether direct, indirect, incidental, special or consequential) arising out of use Prysm, even if we or other users have been advised of the possibility of such damages. The foregoing limitations and disclaimers shall apply to the maximum extent permitted by applicable law, even if any remedy fails of its essential purpose. You acknowledge and agree that the limitations of liability afforded us hereunder constitute a material and actual inducement and condition to entering into these Terms, and are reasonable, fair and equitable in scope to protect our legitimate interests in light of the fact that we are not receiving consideration from you for providing Prysm.
+
+### Indemnification
+To the maximum extent permitted by law, you will defend, indemnify and hold Prysmatic Labs and its contributors harmless from and against any and all claims, actions, suits, investigations, or proceedings by any third party (including any party or purported party to or beneficiary or purported beneficiary of any transaction on Prysm), as well as any and all losses, liabilities,
+damages, costs, and expenses (including reasonable attorneys’ fees) arising out of, accruing from, or in any way related to (i) your breach of the terms of this Agreement, (ii) any transaction, or the failure to occur of any transaction on Prysm, and (iii) your negligence, fraud, or willful misconduct.
+
+### Compliance with Laws and Tax Obligations
+Your use of Prysm is subject to all applicable laws of any governmental authority, including, without limitation, federal, state and foreign securities laws, tax laws, tariff and trade laws, ordinances, judgments, decrees, injunctions, writs and orders or like actions of any governmental authority and rules, regulations, orders, interpretations, licenses, and permits of any federal,
+regional, state, county, municipal or other governmental authority and you agree to comply with all such laws in your use of Prysm. The users of Prysm are solely responsible to determinate what, if any, taxes apply to their ETH transactions. The owners of, or contributors to, Prysm are not responsible for determining the taxes that apply to ETH transactions.
+
+### Miscellaneous
+These Terms will be construed and enforced in accordance with the laws of the state of Illinois as applied to agreements entered into and completely performed in Illinois. You agree to the personal jurisdiction by and venue in Illinois and waive any objection to such jurisdiction or venue.
+
+We reserve the right to revise these Terms, and your rights and obligations are at all times subject to the then-current Terms provided on Prysm. Your continued use of Prysm constitutes acceptance of such revised Terms.
+
+These Terms constitute the entire agreement between you and Prysmatic Labs regarding use of Prysm and will supersede all prior agreements whether, written or oral. No usage of trade or other regular practice or method of dealing between the parties will be used to modify, interpret, supplement, or alter the terms of these Terms.
+
+If any portion of these Terms is held invalid or unenforceable, such invalidity or enforceability will not affect the other provisions of these Terms, which will remain in full force and effect, and the invalid or unenforceable portion will be given effect to the greatest extent possible. The failure of a party to require performance of any provision will not affect that party’s right to require performance at any time thereafter, nor will a waiver of any breach or default of these Terms or any provision of these Terms constitute a waiver of any subsequent breach or default or a waiver of the provision itself.

TESTNET.md

@@ -1,43 +0,0 @@
-# Testnet 
-
-The Prysmatic Labs test network is available for anyone to join. The easiest way to participate is by joining through the website, https://prylabs.net.
-
-## Interop
-
-For developers looking to connect a client other than Prysm to the test network, here is the relevant information for compatability. 
-
-
-**Spec version** - [v0.8.3](https://github.com/ethereum/eth2.0-specs/tree/v0.8.3)
-
-**ETH 1 Deposit Contract Address** - See https://prylabs.net/contract. This contract is deployed on the [goerli](https://goerli.net/) network. 
-
-**Genesis time** - The ETH1 block time in which the 64th deposit to start ETH2 was included. This is NOT midnight of the next day as required by spec.
-
-### ETH 2 Configuration
-
-Use the [minimal config](https://github.com/ethereum/eth2.0-specs/blob/v0.8.3/configs/minimal.yaml) with the following changes.
-
-| field | value |
-|-------|-------|
-| MIN_DEPOSIT_AMOUNT | 100 |
-| MAX_EFFECTIVE_BALANCE | 3.2 * 1e9 |
-| EJECTION_BALANCE | 1.6 * 1e9 |
-| EFFECTIVE_BALANCE_INCREMENT | 0.1 * 1e9 |
-| ETH1_FOLLOW_DISTANCE | 16 | 
-| GENESIS_FORK_VERSION | See [latest code](https://github.com/prysmaticlabs/prysm/blob/master/shared/params/config.go#L236) |
-
-These parameters reduce the minimal config to 1/10 of the required ETH.
-
-We have a genesis.ssz file available for download [here](https://prysmaticlabs.com/uploads/genesis.ssz)
-
-### Connecting to the network
-
-We have a libp2p bootstrap node available at `/dns4/prylabs.net/tcp/30001/p2p/16Uiu2HAm7Qwe19vz9WzD2Mxn7fXd1vgHHp4iccuyq7TxwRXoAGfc`.
-
-Some of the Prysmatic Labs hosted nodes are behind a libp2p relay, so your libp2p implementation protocol should understand this functionality.
-
-### Other
-
-Undoubtably, you will have bugs. Reach out to us on [Discord](https://discord.gg/KSA7rPr) and be sure to capture issues on Github at https://github.com/prysmaticlabs/prysm/issues. 
-
-If you have instructions for you client, we would love to attempt this on your behalf. Kindly send over the instructions via github issue, PR, email to team@prysmaticlabs.com, or discord.

VERSION

@@ -1 +0,0 @@
-0.2.0

WORKSPACE

@@ -4,53 +4,60 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")
 
 http_archive(
-    name = "bazel_toolchains",
-    sha256 = "db48eed61552e25d36fe051a65d2a329cc0fb08442627e8f13960c5ab087a44e",
-    strip_prefix = "bazel-toolchains-3.2.0",
+    name = "rules_pkg",
+    sha256 = "8c20f74bca25d2d442b327ae26768c02cf3c99e93fad0381f32be9aab1967675",
     urls = [
-        "https://mirror.bazel.build/github.com/bazelbuild/bazel-toolchains/releases/download/3.2.0/bazel-toolchains-3.2.0.tar.gz",
-        "https://github.com/bazelbuild/bazel-toolchains/releases/download/3.2.0/bazel-toolchains-3.2.0.tar.gz",
+        "https://mirror.bazel.build/github.com/bazelbuild/rules_pkg/releases/download/0.8.1/rules_pkg-0.8.1.tar.gz",
+        "https://github.com/bazelbuild/rules_pkg/releases/download/0.8.1/rules_pkg-0.8.1.tar.gz",
     ],
 )
 
+load("@rules_pkg//:deps.bzl", "rules_pkg_dependencies")
+
+rules_pkg_dependencies()
+
 http_archive(
-    name = "com_grail_bazel_toolchain",
-    sha256 = "0bec89e35d8a141c87f28cfc506d6d344785c8eb2ff3a453140a1fe972ada79d",
-    strip_prefix = "bazel-toolchain-77a87103145f86f03f90475d19c2c8854398a444",
-    urls = ["https://github.com/grailbio/bazel-toolchain/archive/77a87103145f86f03f90475d19c2c8854398a444.tar.gz"],
+    name = "hermetic_cc_toolchain",
+    sha256 = "973ab22945b921ef45b8e1d6ce01ca7ce1b8a462167449a36e297438c4ec2755",
+    strip_prefix = "hermetic_cc_toolchain-5098046bccc15d2962f3cc8e7e53d6a2a26072dc",
+    urls = [
+        "https://github.com/uber/hermetic_cc_toolchain/archive/5098046bccc15d2962f3cc8e7e53d6a2a26072dc.tar.gz",  # 2023-06-28
+    ],
 )
 
-load("@com_grail_bazel_toolchain//toolchain:deps.bzl", "bazel_toolchain_dependencies")
+load("@hermetic_cc_toolchain//toolchain:defs.bzl", zig_toolchains = "toolchains")
 
-bazel_toolchain_dependencies()
+zig_toolchains()
 
-load("@com_grail_bazel_toolchain//toolchain:rules.bzl", "llvm_toolchain")
-
-llvm_toolchain(
-    name = "llvm_toolchain",
-    llvm_version = "9.0.0",
+# Register zig sdk toolchains with support for Ubuntu 20.04 (Focal Fossa) which has an EOL date of April, 2025.
+# For ubuntu glibc support, see https://launchpad.net/ubuntu/+source/glibc
+register_toolchains(
+    "@zig_sdk//toolchain:linux_amd64_gnu.2.31",
+    "@zig_sdk//toolchain:linux_arm64_gnu.2.31",
+    # Hermetic cc toolchain is not yet supported on darwin. Sysroot needs to be provided.
+    # See https://github.com/uber/hermetic_cc_toolchain#osx-sysroot
+    #    "@zig_sdk//toolchain:darwin_amd64",
+    #    "@zig_sdk//toolchain:darwin_arm64",
+    # Windows builds are not supported yet.
+    #    "@zig_sdk//toolchain:windows_amd64",
 )
 
-load("@llvm_toolchain//:toolchains.bzl", "llvm_register_toolchains")
+load("@prysm//tools/cross-toolchain:darwin_cc_hack.bzl", "configure_nonhermetic_darwin")
 
-llvm_register_toolchains()
+configure_nonhermetic_darwin()
 
 load("@prysm//tools/cross-toolchain:prysm_toolchains.bzl", "configure_prysm_toolchains")
 
 configure_prysm_toolchains()
 
-load("@prysm//tools/cross-toolchain:rbe_toolchains_config.bzl", "rbe_toolchains_config")
-
-rbe_toolchains_config()
-
 load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 
 http_archive(
     name = "bazel_skylib",
-    sha256 = "97e70364e9249702246c0e9444bccdc4b847bed1eb03c5a3ece4f83dfe6abc44",
+    sha256 = "1c531376ac7e5a180e0237938a2536de0c54d93f5c278634818e0efc952dd56c",
     urls = [
-        "https://mirror.bazel.build/github.com/bazelbuild/bazel-skylib/releases/download/1.0.2/bazel-skylib-1.0.2.tar.gz",
-        "https://github.com/bazelbuild/bazel-skylib/releases/download/1.0.2/bazel-skylib-1.0.2.tar.gz",
+        "https://github.com/bazelbuild/bazel-skylib/releases/download/1.0.3/bazel-skylib-1.0.3.tar.gz",
+        "https://mirror.bazel.build/github.com/bazelbuild/bazel-skylib/releases/download/1.0.3/bazel-skylib-1.0.3.tar.gz",
     ],
 )
 
@@ -60,10 +67,10 @@ bazel_skylib_workspace()
 
 http_archive(
     name = "bazel_gazelle",
-    sha256 = "d8c45ee70ec39a57e7a05e5027c32b1576cc7f16d9dd37135b0eddde45cf1b10",
+    sha256 = "29d5dafc2a5582995488c6735115d1d366fcd6a0fc2e2a153f02988706349825",
     urls = [
-        "https://storage.googleapis.com/bazel-mirror/github.com/bazelbuild/bazel-gazelle/releases/download/v0.20.0/bazel-gazelle-v0.20.0.tar.gz",
-        "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.20.0/bazel-gazelle-v0.20.0.tar.gz",
+        "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.31.0/bazel-gazelle-v0.31.0.tar.gz",
+        "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.31.0/bazel-gazelle-v0.31.0.tar.gz",
     ],
 )
 
@@ -76,23 +83,21 @@ http_archive(
 
 http_archive(
     name = "io_bazel_rules_docker",
-    sha256 = "dc97fccceacd4c6be14e800b2a00693d5e8d07f69ee187babfd04a80a9f8e250",
-    strip_prefix = "rules_docker-0.14.1",
-    url = "https://github.com/bazelbuild/rules_docker/archive/v0.14.1.tar.gz",
+    sha256 = "b1e80761a8a8243d03ebca8845e9cc1ba6c82ce7c5179ce2b295cd36f7e394bf",
+    urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.25.0/rules_docker-v0.25.0.tar.gz"],
 )
 
 http_archive(
     name = "io_bazel_rules_go",
     patch_args = ["-p1"],
     patches = [
-        # Required until https://github.com/bazelbuild/rules_go/pull/2450 merges otherwise nilness
-        # nogo check fails for certain third_party dependencies.
-        "//third_party:io_bazel_rules_go.patch",
+        # Expose internals of go_test for custom build transitions.
+        "//third_party:io_bazel_rules_go_test.patch",
     ],
-    sha256 = "7b9bbe3ea1fccb46dcfa6c3f3e29ba7ec740d8733370e21cdc8937467b4a4349",
+    sha256 = "bfc5ce70b9d1634ae54f4e7b495657a18a04e0d596785f672d35d5f505ab491a",
     urls = [
-        "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.22.4/rules_go-v0.22.4.tar.gz",
-        "https://github.com/bazelbuild/rules_go/releases/download/v0.22.4/rules_go-v0.22.4.tar.gz",
+        "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.40.0/rules_go-v0.40.0.zip",
+        "https://github.com/bazelbuild/rules_go/releases/download/v0.40.0/rules_go-v0.40.0.zip",
     ],
 )
 
@@ -100,31 +105,17 @@ http_archive(
 # https://github.com/gogo/protobuf/pull/582 is merged.
 git_repository(
     name = "com_github_gogo_protobuf",
-    commit = "5628607bb4c51c3157aacc3a50f0ab707582b805",
+    commit = "b03c65ea87cdc3521ede29f62fe3ce239267c1bc",
     patch_args = ["-p1"],
     patches = [
         "@io_bazel_rules_go//third_party:com_github_gogo_protobuf-gazelle.patch",
         "//third_party:com_github_gogo_protobuf-equal.patch",
     ],
     remote = "https://github.com/gogo/protobuf",
-    shallow_since = "1571033717 +0200",
+    shallow_since = "1610265707 +0000",
     # gazelle args: -go_prefix github.com/gogo/protobuf -proto legacy
 )
 
-http_archive(
-    name = "fuzzit_linux",
-    build_file_content = "exports_files([\"fuzzit\"])",
-    sha256 = "9ca76ac1c22d9360936006efddf992977ebf8e4788ded8e5f9d511285c9ac774",
-    urls = ["https://github.com/fuzzitdev/fuzzit/releases/download/v2.4.76/fuzzit_Linux_x86_64.zip"],
-)
-
-git_repository(
-    name = "graknlabs_bazel_distribution",
-    commit = "962f3a7e56942430c0ec120c24f9e9f2a9c2ce1a",
-    remote = "https://github.com/graknlabs/bazel-distribution",
-    shallow_since = "1569509514 +0300",
-)
-
 load(
     "@io_bazel_rules_docker//repositories:repositories.bzl",
     container_repositories = "repositories",
@@ -137,33 +128,215 @@ load(
     "container_pull",
 )
 
+# Pulled gcr.io/distroless/cc-debian11:latest on 2022-02-23
 container_pull(
-    name = "alpine_cc_linux_amd64",
-    digest = "sha256:3f7f4dfcb6dceac3a902f36609cc232262e49f5656a6dc4bb3da89e35fecc8a5",
-    registry = "index.docker.io",
-    repository = "fasibio/alpine-libgcc",
+    name = "cc_image_base_amd64",
+    digest = "sha256:2a0daf90a7deb78465bfca3ef2eee6e91ce0a5706059f05d79d799a51d339523",
+    registry = "gcr.io",
+    repository = "distroless/cc-debian11",
+)
+
+# Pulled gcr.io/distroless/cc-debian11:debug on 2022-02-23
+container_pull(
+    name = "cc_debug_image_base_amd64",
+    digest = "sha256:7bd596f5f200588f13a69c268eea6ce428b222b67cd7428d6a7fef95e75c052a",
+    registry = "gcr.io",
+    repository = "distroless/cc-debian11",
+)
+
+# Pulled from gcr.io/distroless/base-debian11:latest on 2022-02-23
+container_pull(
+    name = "go_image_base_amd64",
+    digest = "sha256:34e682800774ecbd0954b1663d90238505f1ba5543692dbc75feef7dd4839e90",
+    registry = "gcr.io",
+    repository = "distroless/base-debian11",
+)
+
+# Pulled from gcr.io/distroless/base-debian11:debug on 2022-02-23
+container_pull(
+    name = "go_debug_image_base_amd64",
+    digest = "sha256:0f503c6bfd207793bc416f20a35bf6b75d769a903c48f180ad73f60f7b60d7bd",
+    registry = "gcr.io",
+    repository = "distroless/base-debian11",
 )
 
 container_pull(
-    name = "fuzzit_base",
-    digest = "sha256:24a39a4360b07b8f0121eb55674a2e757ab09f0baff5569332fefd227ee4338f",
-    registry = "gcr.io",
-    repository = "fuzzit-public/stretch-llvm8",
+    name = "alpine_cc_linux_amd64",
+    digest = "sha256:752aa0c9a88461ffc50c5267bb7497ef03a303e38b2c8f7f2ded9bebe5f1f00e",
+    registry = "index.docker.io",
+    repository = "pinglamb/alpine-glibc",
 )
 
 load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
 
 go_rules_dependencies()
 
-go_register_toolchains(nogo = "@//:nogo")
+go_register_toolchains(
+    go_version = "1.20.7",
+    nogo = "@//:nogo",
+)
 
-load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies")
+http_archive(
+    name = "io_kubernetes_build",
+    sha256 = "b84fbd1173acee9d02a7d3698ad269fdf4f7aa081e9cecd40e012ad0ad8cfa2a",
+    strip_prefix = "repo-infra-6537f2101fb432b679f3d103ee729dd8ac5d30a0",
+    url = "https://github.com/kubernetes/repo-infra/archive/6537f2101fb432b679f3d103ee729dd8ac5d30a0.tar.gz",
+)
 
-gazelle_dependencies()
+http_archive(
+    name = "eip3076_spec_tests",
+    build_file_content = """
+filegroup(
+    name = "test_data",
+    srcs = glob([
+        "**/*.json",
+    ]),
+    visibility = ["//visibility:public"],
+)
+    """,
+    sha256 = "91434d5fd5e1c6eb7b0174fed2afe25e09bddf00e1e4c431db931b2cee4e7773",
+    url = "https://github.com/eth-clients/slashing-protection-interchange-tests/archive/b8413ca42dc92308019d0d4db52c87e9e125c4e9.tar.gz",
+)
 
-load("@com_github_atlassian_bazel_tools//gometalinter:deps.bzl", "gometalinter_dependencies")
+http_archive(
+    name = "eip4881_spec_tests",
+    build_file_content = """
+filegroup(
+    name = "test_data",
+    srcs = glob([
+        "**/*.yaml",
+    ]),
+    visibility = ["//visibility:public"],
+)
+    """,
+    sha256 = "89cb659498c0d196fc9f957f8b849b2e1a5c041c3b2b3ae5432ac5c26944297e",
+    url = "https://github.com/ethereum/EIPs/archive/5480440fe51742ed23342b68cf106cefd427e39d.tar.gz",
+)
 
-gometalinter_dependencies()
+consensus_spec_version = "v1.4.0-alpha.1"
+
+bls_test_version = "v0.1.1"
+
+http_archive(
+    name = "consensus_spec_tests_general",
+    build_file_content = """
+filegroup(
+    name = "test_data",
+    srcs = glob([
+        "**/*.ssz_snappy",
+        "**/*.yaml",
+    ]),
+    visibility = ["//visibility:public"],
+)
+    """,
+    sha256 = "1118a663be4a00ba00f0635eb20287157f2b2f993aed64335bfbcd04af424c2b",
+    url = "https://github.com/ethereum/consensus-spec-tests/releases/download/%s/general.tar.gz" % consensus_spec_version,
+)
+
+http_archive(
+    name = "consensus_spec_tests_minimal",
+    build_file_content = """
+filegroup(
+    name = "test_data",
+    srcs = glob([
+        "**/*.ssz_snappy",
+        "**/*.yaml",
+    ]),
+    visibility = ["//visibility:public"],
+)
+    """,
+    sha256 = "acde6e10940d14f22277eda5b55b65a24623ac88e4c7a2e34134a6069f5eea82",
+    url = "https://github.com/ethereum/consensus-spec-tests/releases/download/%s/minimal.tar.gz" % consensus_spec_version,
+)
+
+http_archive(
+    name = "consensus_spec_tests_mainnet",
+    build_file_content = """
+filegroup(
+    name = "test_data",
+    srcs = glob([
+        "**/*.ssz_snappy",
+        "**/*.yaml",
+    ]),
+    visibility = ["//visibility:public"],
+)
+    """,
+    sha256 = "49c022f3a3478cea849ba8f877a9f7e4c1ded549edddc09993550bbc5bb192e1",
+    url = "https://github.com/ethereum/consensus-spec-tests/releases/download/%s/mainnet.tar.gz" % consensus_spec_version,
+)
+
+http_archive(
+    name = "consensus_spec",
+    build_file_content = """
+filegroup(
+    name = "spec_data",
+    srcs = glob([
+        "**/*.yaml",
+    ]),
+    visibility = ["//visibility:public"],
+)
+    """,
+    sha256 = "c3e246ff01f6b7b9e9e41939954a6ff89dfca7297415f88781809165fa83267c",
+    strip_prefix = "consensus-specs-" + consensus_spec_version[1:],
+    url = "https://github.com/ethereum/consensus-specs/archive/refs/tags/%s.tar.gz" % consensus_spec_version,
+)
+
+http_archive(
+    name = "bls_spec_tests",
+    build_file_content = """
+filegroup(
+    name = "test_data",
+    srcs = glob([
+        "**/*.yaml",
+    ]),
+    visibility = ["//visibility:public"],
+)
+    """,
+    sha256 = "93c7d006e7c5b882cbd11dc9ec6c5d0e07f4a8c6b27a32f964eb17cf2db9763a",
+    url = "https://github.com/ethereum/bls12-381-tests/releases/download/%s/bls_tests_yaml.tar.gz" % bls_test_version,
+)
+
+http_archive(
+    name = "eth2_networks",
+    build_file_content = """
+filegroup(
+    name = "configs",
+    srcs = glob([
+        "shared/**/config.yaml",
+    ]),
+    visibility = ["//visibility:public"],
+)
+    """,
+    sha256 = "2701e1e1a3ec10c673fe7dbdbbe6f02c8ae8c922aebbf6e720d8c72d5458aafe",
+    strip_prefix = "eth2-networks-7b4897888cebef23801540236f73123e21774954",
+    url = "https://github.com/eth-clients/eth2-networks/archive/7b4897888cebef23801540236f73123e21774954.tar.gz",
+)
+
+http_archive(
+    name = "com_google_protobuf",
+    sha256 = "4e176116949be52b0408dfd24f8925d1eb674a781ae242a75296b17a1c721395",
+    strip_prefix = "protobuf-23.3",
+    urls = [
+        "https://github.com/protocolbuffers/protobuf/archive/v23.3.tar.gz",
+    ],
+)
+
+# Group the sources of the library so that CMake rule have access to it
+all_content = """filegroup(name = "all", srcs = glob(["**"]), visibility = ["//visibility:public"])"""
+
+# External dependencies
+load("//:deps.bzl", "prysm_deps")
+
+# gazelle:repository_macro deps.bzl%prysm_deps
+prysm_deps()
+
+load("@prysm//third_party/herumi:herumi.bzl", "bls_dependencies")
+
+bls_dependencies()
+
+load("@prysm//testing/endtoend:deps.bzl", "e2e_deps")
+
+e2e_deps()
 
 load(
     "@io_bazel_rules_docker//go:image.bzl",
@@ -183,174 +356,16 @@ load(
 
 _cc_image_repos()
 
-http_archive(
-    name = "prysm_testnet_site",
-    build_file_content = """
-proto_library(
-  name = "faucet_proto",
-  srcs = ["src/proto/faucet.proto"],
-  visibility = ["//visibility:public"],
-)""",
-    sha256 = "29742136ff9faf47343073c4569a7cf21b8ed138f726929e09e3c38ab83544f7",
-    strip_prefix = "prysm-testnet-site-5c711600f0a77fc553b18cf37b880eaffef4afdb",
-    url = "https://github.com/prestonvanloon/prysm-testnet-site/archive/5c711600f0a77fc553b18cf37b880eaffef4afdb.tar.gz",
-)
+load("@com_github_atlassian_bazel_tools//gometalinter:deps.bzl", "gometalinter_dependencies")
 
-http_archive(
-    name = "io_kubernetes_build",
-    sha256 = "b84fbd1173acee9d02a7d3698ad269fdf4f7aa081e9cecd40e012ad0ad8cfa2a",
-    strip_prefix = "repo-infra-6537f2101fb432b679f3d103ee729dd8ac5d30a0",
-    url = "https://github.com/kubernetes/repo-infra/archive/6537f2101fb432b679f3d103ee729dd8ac5d30a0.tar.gz",
-)
+gometalinter_dependencies()
 
-http_archive(
-    name = "eth2_spec_tests_general",
-    build_file_content = """
-filegroup(
-    name = "test_data",
-    srcs = glob([
-        "**/*.ssz",
-        "**/*.yaml",
-    ]),
-    visibility = ["//visibility:public"],
-)
-    """,
-    sha256 = "9e09ada15c5f494388ecdb3ab49f4554d9ed53ce904cd21c42c350e6d7b2f323",
-    url = "https://github.com/ethereum/eth2.0-spec-tests/releases/download/v0.12.2/general.tar.gz",
-)
+load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies")
 
-http_archive(
-    name = "eth2_spec_tests_minimal",
-    build_file_content = """
-filegroup(
-    name = "test_data",
-    srcs = glob([
-        "**/*.ssz",
-        "**/*.yaml",
-    ]),
-    visibility = ["//visibility:public"],
-)
-    """,
-    sha256 = "5fc930e200af7682a176d6025db56cec79807112bb860dca2e1e91fb160312de",
-    url = "https://github.com/ethereum/eth2.0-spec-tests/releases/download/v0.12.2/minimal.tar.gz",
-)
-
-http_archive(
-    name = "eth2_spec_tests_mainnet",
-    build_file_content = """
-filegroup(
-    name = "test_data",
-    srcs = glob([
-        "**/*.ssz",
-        "**/*.yaml",
-    ]),
-    visibility = ["//visibility:public"],
-)
-    """,
-    sha256 = "fbab14605a0178ef4c8f7efea0de275a22b815a8d3245099f0f5525f7a33faf8",
-    url = "https://github.com/ethereum/eth2.0-spec-tests/releases/download/v0.12.2/mainnet.tar.gz",
-)
-
-http_archive(
-    name = "com_github_bazelbuild_buildtools",
-    sha256 = "b5d7dbc6832f11b6468328a376de05959a1a9e4e9f5622499d3bab509c26b46a",
-    strip_prefix = "buildtools-bf564b4925ab5876a3f64d8b90fab7f769013d42",
-    url = "https://github.com/bazelbuild/buildtools/archive/bf564b4925ab5876a3f64d8b90fab7f769013d42.zip",
-)
-
-load("@com_github_bazelbuild_buildtools//buildifier:deps.bzl", "buildifier_dependencies")
-
-buildifier_dependencies()
-
-git_repository(
-    name = "com_google_protobuf",
-    commit = "4059c61f27eb1b06c4ee979546a238be792df0a4",
-    remote = "https://github.com/protocolbuffers/protobuf",
-    shallow_since = "1558721209 -0700",
-)
+gazelle_dependencies()
 
 load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps")
 
 protobuf_deps()
 
-# Group the sources of the library so that CMake rule have access to it
-all_content = """filegroup(name = "all", srcs = glob(["**"]), visibility = ["//visibility:public"])"""
-
-http_archive(
-    name = "rules_foreign_cc",
-    sha256 = "b85ce66a3410f7370d1a9a61dfe3a29c7532b7637caeb2877d8d0dfd41d77abb",
-    strip_prefix = "rules_foreign_cc-3515b20a2417c4dd51c8a4a8cac1f6ecf3c6d934",
-    url = "https://github.com/bazelbuild/rules_foreign_cc/archive/3515b20a2417c4dd51c8a4a8cac1f6ecf3c6d934.zip",
-)
-
-load("@rules_foreign_cc//:workspace_definitions.bzl", "rules_foreign_cc_dependencies")
-
-rules_foreign_cc_dependencies([
-    "@prysm//:built_cmake_toolchain",
-])
-
-http_archive(
-    name = "librdkafka",
-    build_file_content = all_content,
-    sha256 = "3b99a36c082a67ef6295eabd4fb3e32ab0bff7c6b0d397d6352697335f4e57eb",
-    strip_prefix = "librdkafka-1.4.2",
-    urls = ["https://github.com/edenhill/librdkafka/archive/v1.4.2.tar.gz"],
-)
-
-http_archive(
-    name = "sigp_beacon_fuzz_corpora",
-    build_file = "//third_party:beacon-fuzz/corpora.BUILD",
-    sha256 = "42993d0901a316afda45b4ba6d53c7c21f30c551dcec290a4ca131c24453d1ef",
-    strip_prefix = "beacon-fuzz-corpora-bac24ad78d45cc3664c0172241feac969c1ac29b",
-    urls = [
-        "https://github.com/sigp/beacon-fuzz-corpora/archive/bac24ad78d45cc3664c0172241feac969c1ac29b.tar.gz",
-    ],
-)
-
-# External dependencies
-
-http_archive(
-    name = "sszgen",  # Hack because we don't want to build this binary with libfuzzer, but need it to build.
-    build_file_content = """
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_binary")
-
-go_library(
-    name = "go_default_library",
-    srcs = [
-        "sszgen/main.go",
-        "sszgen/marshal.go",
-        "sszgen/size.go",
-        "sszgen/unmarshal.go",
-    ],
-    importpath = "github.com/ferranbt/fastssz/sszgen",
-    visibility = ["//visibility:private"],
-)
-
-go_binary(
-    name = "sszgen",
-    embed = [":go_default_library"],
-    visibility = ["//visibility:public"],
-)
-    """,
-    strip_prefix = "fastssz-06015a5d84f9e4eefe2c21377ca678fa8f1a1b09",
-    urls = ["https://github.com/ferranbt/fastssz/archive/06015a5d84f9e4eefe2c21377ca678fa8f1a1b09.tar.gz"],
-)
-
-load("//:deps.bzl", "prysm_deps")
-
-# gazelle:repository_macro deps.bzl%prysm_deps
-prysm_deps()
-
-load("@com_github_prysmaticlabs_go_ssz//:deps.bzl", "go_ssz_dependencies")
-
-go_ssz_dependencies()
-
-load("@prysm//third_party/herumi:herumi.bzl", "bls_dependencies")
-
-bls_dependencies()
-
-load("@com_github_ethereum_go_ethereum//:deps.bzl", "geth_dependencies")
-
-geth_dependencies()
-
 # Do NOT add new go dependencies here! Refer to DEPENDENCIES.md!

api/BUILD.bazel

@@ -0,0 +1,8 @@
+load("@prysm//tools/go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["headers.go"],
+    importpath = "github.com/prysmaticlabs/prysm/v4/api",
+    visibility = ["//visibility:public"],
+)

api/client/BUILD.bazel

@@ -0,0 +1,20 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "client.go",
+        "errors.go",
+        "options.go",
+    ],
+    importpath = "github.com/prysmaticlabs/prysm/v4/api/client",
+    visibility = ["//visibility:public"],
+    deps = ["@com_github_pkg_errors//:go_default_library"],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["client_test.go"],
+    embed = [":go_default_library"],
+    deps = ["//testing/require:go_default_library"],
+)

api/client/beacon/BUILD.bazel

@@ -0,0 +1,57 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "checkpoint.go",
+        "client.go",
+        "doc.go",
+    ],
+    importpath = "github.com/prysmaticlabs/prysm/v4/api/client/beacon",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//api/client:go_default_library",
+        "//beacon-chain/core/helpers:go_default_library",
+        "//beacon-chain/rpc/apimiddleware:go_default_library",
+        "//beacon-chain/state:go_default_library",
+        "//consensus-types/interfaces:go_default_library",
+        "//consensus-types/primitives:go_default_library",
+        "//encoding/bytesutil:go_default_library",
+        "//encoding/ssz/detect:go_default_library",
+        "//io/file:go_default_library",
+        "//network/forks:go_default_library",
+        "//proto/eth/v1:go_default_library",
+        "//proto/prysm/v1alpha1:go_default_library",
+        "//runtime/version:go_default_library",
+        "//time/slots:go_default_library",
+        "@com_github_ethereum_go_ethereum//common/hexutil:go_default_library",
+        "@com_github_pkg_errors//:go_default_library",
+        "@com_github_sirupsen_logrus//:go_default_library",
+        "@org_golang_x_mod//semver:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = [
+        "checkpoint_test.go",
+        "client_test.go",
+    ],
+    embed = [":go_default_library"],
+    deps = [
+        "//api/client:go_default_library",
+        "//beacon-chain/state:go_default_library",
+        "//config/params:go_default_library",
+        "//consensus-types/blocks:go_default_library",
+        "//consensus-types/blocks/testing:go_default_library",
+        "//consensus-types/primitives:go_default_library",
+        "//encoding/ssz/detect:go_default_library",
+        "//network/forks:go_default_library",
+        "//proto/prysm/v1alpha1:go_default_library",
+        "//runtime/version:go_default_library",
+        "//testing/require:go_default_library",
+        "//testing/util:go_default_library",
+        "//time/slots:go_default_library",
+        "@com_github_pkg_errors//:go_default_library",
+    ],
+)

api/client/beacon/checkpoint.go

@@ -0,0 +1,271 @@
+package beacon
+
+import (
+	"context"
+	"fmt"
+	"path"
+
+	"github.com/ethereum/go-ethereum/common/hexutil"
+	"github.com/pkg/errors"
+	base "github.com/prysmaticlabs/prysm/v4/api/client"
+	"github.com/prysmaticlabs/prysm/v4/beacon-chain/core/helpers"
+	"github.com/prysmaticlabs/prysm/v4/beacon-chain/state"
+	"github.com/prysmaticlabs/prysm/v4/consensus-types/interfaces"
+	"github.com/prysmaticlabs/prysm/v4/consensus-types/primitives"
+	"github.com/prysmaticlabs/prysm/v4/encoding/bytesutil"
+	"github.com/prysmaticlabs/prysm/v4/encoding/ssz/detect"
+	"github.com/prysmaticlabs/prysm/v4/io/file"
+	"github.com/prysmaticlabs/prysm/v4/runtime/version"
+	"github.com/prysmaticlabs/prysm/v4/time/slots"
+	log "github.com/sirupsen/logrus"
+	"golang.org/x/mod/semver"
+)
+
+var errCheckpointBlockMismatch = errors.New("mismatch between checkpoint sync state and block")
+
+// OriginData represents the BeaconState and ReadOnlySignedBeaconBlock necessary to start an empty Beacon Node
+// using Checkpoint Sync.
+type OriginData struct {
+	sb []byte
+	bb []byte
+	st state.BeaconState
+	b  interfaces.ReadOnlySignedBeaconBlock
+	vu *detect.VersionedUnmarshaler
+	br [32]byte
+	sr [32]byte
+}
+
+// SaveBlock saves the downloaded block to a unique file in the given path.
+// For readability and collision avoidance, the file name includes: type, config name, slot and root
+func (o *OriginData) SaveBlock(dir string) (string, error) {
+	blockPath := path.Join(dir, fname("block", o.vu, o.b.Block().Slot(), o.br))
+	return blockPath, file.WriteFile(blockPath, o.BlockBytes())
+}
+
+// SaveState saves the downloaded state to a unique file in the given path.
+// For readability and collision avoidance, the file name includes: type, config name, slot and root
+func (o *OriginData) SaveState(dir string) (string, error) {
+	statePath := path.Join(dir, fname("state", o.vu, o.st.Slot(), o.sr))
+	return statePath, file.WriteFile(statePath, o.StateBytes())
+}
+
+// StateBytes returns the ssz-encoded bytes of the downloaded BeaconState value.
+func (o *OriginData) StateBytes() []byte {
+	return o.sb
+}
+
+// BlockBytes returns the ssz-encoded bytes of the downloaded ReadOnlySignedBeaconBlock value.
+func (o *OriginData) BlockBytes() []byte {
+	return o.bb
+}
+
+func fname(prefix string, vu *detect.VersionedUnmarshaler, slot primitives.Slot, root [32]byte) string {
+	return fmt.Sprintf("%s_%s_%s_%d-%#x.ssz", prefix, vu.Config.ConfigName, version.String(vu.Fork), slot, root)
+}
+
+// DownloadFinalizedData downloads the most recently finalized state, and the block most recently applied to that state.
+// This pair can be used to initialize a new beacon node via checkpoint sync.
+func DownloadFinalizedData(ctx context.Context, client *Client) (*OriginData, error) {
+	sb, err := client.GetState(ctx, IdFinalized)
+	if err != nil {
+		return nil, err
+	}
+	vu, err := detect.FromState(sb)
+	if err != nil {
+		return nil, errors.Wrap(err, "error detecting chain config for finalized state")
+	}
+	log.Printf("detected supported config in remote finalized state, name=%s, fork=%s", vu.Config.ConfigName, version.String(vu.Fork))
+	s, err := vu.UnmarshalBeaconState(sb)
+	if err != nil {
+		return nil, errors.Wrap(err, "error unmarshaling finalized state to correct version")
+	}
+
+	slot := s.LatestBlockHeader().Slot
+	bb, err := client.GetBlock(ctx, IdFromSlot(slot))
+	if err != nil {
+		return nil, errors.Wrapf(err, "error requesting block by slot = %d", slot)
+	}
+	b, err := vu.UnmarshalBeaconBlock(bb)
+	if err != nil {
+		return nil, errors.Wrap(err, "unable to unmarshal block to a supported type using the detected fork schedule")
+	}
+	br, err := b.Block().HashTreeRoot()
+	if err != nil {
+		return nil, errors.Wrap(err, "error computing hash_tree_root of retrieved block")
+	}
+	bodyRoot, err := b.Block().Body().HashTreeRoot()
+	if err != nil {
+		return nil, errors.Wrap(err, "error computing hash_tree_root of retrieved block body")
+	}
+
+	sbr := bytesutil.ToBytes32(s.LatestBlockHeader().BodyRoot)
+	if sbr != bodyRoot {
+		return nil, errors.Wrapf(errCheckpointBlockMismatch, "state body root = %#x, block body root = %#x", sbr, bodyRoot)
+	}
+	sr, err := s.HashTreeRoot(ctx)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to compute htr for finalized state at slot=%d", s.Slot())
+	}
+
+	log.
+		WithField("block_slot", b.Block().Slot()).
+		WithField("state_slot", s.Slot()).
+		WithField("state_root", hexutil.Encode(sr[:])).
+		WithField("block_root", hexutil.Encode(br[:])).
+		Info("Downloaded checkpoint sync state and block.")
+	return &OriginData{
+		st: s,
+		b:  b,
+		sb: sb,
+		bb: bb,
+		vu: vu,
+		br: br,
+		sr: sr,
+	}, nil
+}
+
+// WeakSubjectivityData represents the state root, block root and epoch of the BeaconState + ReadOnlySignedBeaconBlock
+// that falls at the beginning of the current weak subjectivity period. These values can be used to construct
+// a weak subjectivity checkpoint beacon node flag to be used for validation.
+type WeakSubjectivityData struct {
+	BlockRoot [32]byte
+	StateRoot [32]byte
+	Epoch     primitives.Epoch
+}
+
+// CheckpointString returns the standard string representation of a Checkpoint.
+// The format is a hex-encoded block root, followed by the epoch of the block, separated by a colon. For example:
+// "0x1c35540cac127315fabb6bf29181f2ae0de1a3fc909d2e76ba771e61312cc49a:74888"
+func (wsd *WeakSubjectivityData) CheckpointString() string {
+	return fmt.Sprintf("%#x:%d", wsd.BlockRoot, wsd.Epoch)
+}
+
+// ComputeWeakSubjectivityCheckpoint attempts to use the prysm weak_subjectivity api
+// to obtain the current weak_subjectivity checkpoint.
+// For non-prysm nodes, the same computation will be performed with extra steps,
+// using the head state downloaded from the beacon node api.
+func ComputeWeakSubjectivityCheckpoint(ctx context.Context, client *Client) (*WeakSubjectivityData, error) {
+	ws, err := client.GetWeakSubjectivity(ctx)
+	if err != nil {
+		// a 404/405 is expected if querying an endpoint that doesn't support the weak subjectivity checkpoint api
+		if !errors.Is(err, base.ErrNotOK) {
+			return nil, errors.Wrap(err, "unexpected API response for prysm-only weak subjectivity checkpoint API")
+		}
+		// fall back to vanilla Beacon Node API method
+		return computeBackwardsCompatible(ctx, client)
+	}
+	log.Printf("server weak subjectivity checkpoint response - epoch=%d, block_root=%#x, state_root=%#x", ws.Epoch, ws.BlockRoot, ws.StateRoot)
+	return ws, nil
+}
+
+const (
+	prysmMinimumVersion     = "v2.0.7"
+	prysmImplementationName = "Prysm"
+)
+
+// errUnsupportedPrysmCheckpointVersion indicates remote beacon node can't be used for checkpoint retrieval.
+var errUnsupportedPrysmCheckpointVersion = errors.New("node does not meet minimum version requirements for checkpoint retrieval")
+
+// for older endpoints or clients that do not support the weak_subjectivity api method
+// we gather the necessary data for a checkpoint sync by:
+// - inspecting the remote server's head state and computing the weak subjectivity epoch locally
+// - requesting the state at the first slot of the epoch
+// - using hash_tree_root(state.latest_block_header) to compute the block the state integrates
+// - requesting that block by its root
+func computeBackwardsCompatible(ctx context.Context, client *Client) (*WeakSubjectivityData, error) {
+	log.Print("falling back to generic checkpoint derivation, weak_subjectivity API not supported by server")
+	nv, err := client.GetNodeVersion(ctx)
+	if err != nil {
+		return nil, errors.Wrap(err, "unable to proceed with fallback method without confirming node version")
+	}
+	if nv.implementation == prysmImplementationName && semver.Compare(nv.semver, prysmMinimumVersion) < 0 {
+		return nil, errors.Wrapf(errUnsupportedPrysmCheckpointVersion, "%s < minimum (%s)", nv.semver, prysmMinimumVersion)
+	}
+	epoch, err := getWeakSubjectivityEpochFromHead(ctx, client)
+	if err != nil {
+		return nil, errors.Wrap(err, "error computing weak subjectivity epoch via head state inspection")
+	}
+
+	// use first slot of the epoch for the state slot
+	slot, err := slots.EpochStart(epoch)
+	if err != nil {
+		return nil, errors.Wrapf(err, "error computing first slot of epoch=%d", epoch)
+	}
+
+	log.Printf("requesting checkpoint state at slot %d", slot)
+	// get the state at the first slot of the epoch
+	sb, err := client.GetState(ctx, IdFromSlot(slot))
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to request state by slot from api, slot=%d", slot)
+	}
+
+	// ConfigFork is used to unmarshal the BeaconState so we can read the block root in latest_block_header
+	vu, err := detect.FromState(sb)
+	if err != nil {
+		return nil, errors.Wrap(err, "error detecting chain config for beacon state")
+	}
+	log.Printf("detected supported config in checkpoint state, name=%s, fork=%s", vu.Config.ConfigName, version.String(vu.Fork))
+
+	s, err := vu.UnmarshalBeaconState(sb)
+	if err != nil {
+		return nil, errors.Wrap(err, "error using detected config fork to unmarshal state bytes")
+	}
+
+	// compute state and block roots
+	sr, err := s.HashTreeRoot(ctx)
+	if err != nil {
+		return nil, errors.Wrap(err, "error computing hash_tree_root of state")
+	}
+
+	h := s.LatestBlockHeader()
+	h.StateRoot = sr[:]
+	br, err := h.HashTreeRoot()
+	if err != nil {
+		return nil, errors.Wrap(err, "error while computing block root using state data")
+	}
+
+	bb, err := client.GetBlock(ctx, IdFromRoot(br))
+	if err != nil {
+		return nil, errors.Wrapf(err, "error requesting block by root = %d", br)
+	}
+	b, err := vu.UnmarshalBeaconBlock(bb)
+	if err != nil {
+		return nil, errors.Wrap(err, "unable to unmarshal block to a supported type using the detected fork schedule")
+	}
+	br, err = b.Block().HashTreeRoot()
+	if err != nil {
+		return nil, errors.Wrap(err, "error computing hash_tree_root for block obtained via root")
+	}
+
+	return &WeakSubjectivityData{
+		Epoch:     epoch,
+		BlockRoot: br,
+		StateRoot: sr,
+	}, nil
+}
+
+// this method downloads the head state, which can be used to find the correct chain config
+// and use prysm's helper methods to compute the latest weak subjectivity epoch.
+func getWeakSubjectivityEpochFromHead(ctx context.Context, client *Client) (primitives.Epoch, error) {
+	headBytes, err := client.GetState(ctx, IdHead)
+	if err != nil {
+		return 0, err
+	}
+	vu, err := detect.FromState(headBytes)
+	if err != nil {
+		return 0, errors.Wrap(err, "error detecting chain config for beacon state")
+	}
+	log.Printf("detected supported config in remote head state, name=%s, fork=%s", vu.Config.ConfigName, version.String(vu.Fork))
+	headState, err := vu.UnmarshalBeaconState(headBytes)
+	if err != nil {
+		return 0, errors.Wrap(err, "error unmarshaling state to correct version")
+	}
+
+	epoch, err := helpers.LatestWeakSubjectivityEpoch(ctx, headState, vu.Config)
+	if err != nil {
+		return 0, errors.Wrap(err, "error computing the weak subjectivity epoch from head state")
+	}
+
+	log.Printf("(computed client-side) weak subjectivity epoch = %d", epoch)
+	return epoch, nil
+}

api/client/beacon/checkpoint_test.go

@@ -0,0 +1,483 @@
+package beacon
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+
+	"github.com/prysmaticlabs/prysm/v4/api/client"
+	"github.com/prysmaticlabs/prysm/v4/beacon-chain/state"
+	"github.com/prysmaticlabs/prysm/v4/consensus-types/blocks"
+	blocktest "github.com/prysmaticlabs/prysm/v4/consensus-types/blocks/testing"
+	"github.com/prysmaticlabs/prysm/v4/network/forks"
+	ethpb "github.com/prysmaticlabs/prysm/v4/proto/prysm/v1alpha1"
+	"github.com/prysmaticlabs/prysm/v4/testing/util"
+	"github.com/prysmaticlabs/prysm/v4/time/slots"
+
+	"github.com/prysmaticlabs/prysm/v4/config/params"
+	"github.com/prysmaticlabs/prysm/v4/consensus-types/primitives"
+	"github.com/prysmaticlabs/prysm/v4/encoding/ssz/detect"
+	"github.com/prysmaticlabs/prysm/v4/runtime/version"
+
+	"github.com/pkg/errors"
+	"github.com/prysmaticlabs/prysm/v4/testing/require"
+)
+
+type testRT struct {
+	rt func(*http.Request) (*http.Response, error)
+}
+
+func (rt *testRT) RoundTrip(req *http.Request) (*http.Response, error) {
+	if rt.rt != nil {
+		return rt.rt(req)
+	}
+	return nil, errors.New("RoundTripper not implemented")
+}
+
+var _ http.RoundTripper = &testRT{}
+
+func marshalToEnvelope(val interface{}) ([]byte, error) {
+	raw, err := json.Marshal(val)
+	if err != nil {
+		return nil, errors.Wrap(err, "error marshaling value to place in data envelope")
+	}
+	env := struct {
+		Data json.RawMessage `json:"data"`
+	}{
+		Data: raw,
+	}
+	return json.Marshal(env)
+}
+
+func TestMarshalToEnvelope(t *testing.T) {
+	d := struct {
+		Version string `json:"version"`
+	}{
+		Version: "Prysm/v2.0.5 (linux amd64)",
+	}
+	encoded, err := marshalToEnvelope(d)
+	require.NoError(t, err)
+	expected := `{"data":{"version":"Prysm/v2.0.5 (linux amd64)"}}`
+	require.Equal(t, expected, string(encoded))
+}
+
+func TestFallbackVersionCheck(t *testing.T) {
+	trans := &testRT{rt: func(req *http.Request) (*http.Response, error) {
+		res := &http.Response{Request: req}
+		switch req.URL.Path {
+		case getNodeVersionPath:
+			res.StatusCode = http.StatusOK
+			b := bytes.NewBuffer(nil)
+			d := struct {
+				Version string `json:"version"`
+			}{
+				Version: "Prysm/v2.0.5 (linux amd64)",
+			}
+			encoded, err := marshalToEnvelope(d)
+			require.NoError(t, err)
+			b.Write(encoded)
+			res.Body = io.NopCloser(b)
+		case getWeakSubjectivityPath:
+			res.StatusCode = http.StatusNotFound
+		}
+		return res, nil
+	}}
+
+	c, err := NewClient("http://localhost:3500", client.WithRoundTripper(trans))
+	require.NoError(t, err)
+	ctx := context.Background()
+	_, err = ComputeWeakSubjectivityCheckpoint(ctx, c)
+	require.ErrorIs(t, err, errUnsupportedPrysmCheckpointVersion)
+}
+
+func TestFname(t *testing.T) {
+	vu := &detect.VersionedUnmarshaler{
+		Config: params.MainnetConfig(),
+		Fork:   version.Phase0,
+	}
+	slot := primitives.Slot(23)
+	prefix := "block"
+	var root [32]byte
+	copy(root[:], []byte{0x23, 0x23, 0x23})
+	expected := "block_mainnet_phase0_23-0x2323230000000000000000000000000000000000000000000000000000000000.ssz"
+	actual := fname(prefix, vu, slot, root)
+	require.Equal(t, expected, actual)
+
+	vu.Config = params.MinimalSpecConfig()
+	vu.Fork = version.Altair
+	slot = 17
+	prefix = "state"
+	copy(root[29:], []byte{0x17, 0x17, 0x17})
+	expected = "state_minimal_altair_17-0x2323230000000000000000000000000000000000000000000000000000171717.ssz"
+	actual = fname(prefix, vu, slot, root)
+	require.Equal(t, expected, actual)
+}
+
+func TestDownloadWeakSubjectivityCheckpoint(t *testing.T) {
+	ctx := context.Background()
+	cfg := params.MainnetConfig().Copy()
+
+	epoch := cfg.AltairForkEpoch - 1
+	// set up checkpoint state, using the epoch that will be computed as the ws checkpoint state based on the head state
+	wSlot, err := slots.EpochStart(epoch)
+	require.NoError(t, err)
+	wst, err := util.NewBeaconState()
+	require.NoError(t, err)
+	fork, err := forkForEpoch(cfg, epoch)
+	require.NoError(t, err)
+	require.NoError(t, wst.SetFork(fork))
+
+	// set up checkpoint block
+	b, err := blocks.NewSignedBeaconBlock(util.NewBeaconBlock())
+	require.NoError(t, err)
+	b, err = blocktest.SetBlockParentRoot(b, cfg.ZeroHash)
+	require.NoError(t, err)
+	b, err = blocktest.SetBlockSlot(b, wSlot)
+	require.NoError(t, err)
+	b, err = blocktest.SetProposerIndex(b, 0)
+	require.NoError(t, err)
+
+	// set up state header pointing at checkpoint block - this is how the block is downloaded by root
+	header, err := b.Header()
+	require.NoError(t, err)
+	require.NoError(t, wst.SetLatestBlockHeader(header.Header))
+
+	// order of operations can be confusing here:
+	// - when computing the state root, make sure block header is complete, EXCEPT the state root should be zero-value
+	// - before computing the block root (to match the request route), the block should include the state root
+	//   *computed from the state with a header that does not have a state root set yet*
+	wRoot, err := wst.HashTreeRoot(ctx)
+	require.NoError(t, err)
+
+	b, err = blocktest.SetBlockStateRoot(b, wRoot)
+	require.NoError(t, err)
+	serBlock, err := b.MarshalSSZ()
+	require.NoError(t, err)
+	bRoot, err := b.Block().HashTreeRoot()
+	require.NoError(t, err)
+
+	wsSerialized, err := wst.MarshalSSZ()
+	require.NoError(t, err)
+	expectedWSD := WeakSubjectivityData{
+		BlockRoot: bRoot,
+		StateRoot: wRoot,
+		Epoch:     epoch,
+	}
+
+	trans := &testRT{rt: func(req *http.Request) (*http.Response, error) {
+		res := &http.Response{Request: req}
+		switch req.URL.Path {
+		case getWeakSubjectivityPath:
+			res.StatusCode = http.StatusOK
+			cp := struct {
+				Epoch string `json:"epoch"`
+				Root  string `json:"root"`
+			}{
+				Epoch: fmt.Sprintf("%d", slots.ToEpoch(b.Block().Slot())),
+				Root:  fmt.Sprintf("%#x", bRoot),
+			}
+			wsr := struct {
+				Checkpoint interface{} `json:"ws_checkpoint"`
+				StateRoot  string      `json:"state_root"`
+			}{
+				Checkpoint: cp,
+				StateRoot:  fmt.Sprintf("%#x", wRoot),
+			}
+			rb, err := marshalToEnvelope(wsr)
+			require.NoError(t, err)
+			res.Body = io.NopCloser(bytes.NewBuffer(rb))
+		case renderGetStatePath(IdFromSlot(wSlot)):
+			res.StatusCode = http.StatusOK
+			res.Body = io.NopCloser(bytes.NewBuffer(wsSerialized))
+		case renderGetBlockPath(IdFromRoot(bRoot)):
+			res.StatusCode = http.StatusOK
+			res.Body = io.NopCloser(bytes.NewBuffer(serBlock))
+		}
+
+		return res, nil
+	}}
+
+	c, err := NewClient("http://localhost:3500", client.WithRoundTripper(trans))
+	require.NoError(t, err)
+
+	wsd, err := ComputeWeakSubjectivityCheckpoint(ctx, c)
+	require.NoError(t, err)
+	require.Equal(t, expectedWSD.Epoch, wsd.Epoch)
+	require.Equal(t, expectedWSD.StateRoot, wsd.StateRoot)
+	require.Equal(t, expectedWSD.BlockRoot, wsd.BlockRoot)
+}
+
+// runs computeBackwardsCompatible directly
+// and via ComputeWeakSubjectivityCheckpoint with a round tripper that triggers the backwards compatible code path
+func TestDownloadBackwardsCompatibleCombined(t *testing.T) {
+	ctx := context.Background()
+	cfg := params.MainnetConfig()
+
+	st, expectedEpoch := defaultTestHeadState(t, cfg)
+	serialized, err := st.MarshalSSZ()
+	require.NoError(t, err)
+
+	// set up checkpoint state, using the epoch that will be computed as the ws checkpoint state based on the head state
+	wSlot, err := slots.EpochStart(expectedEpoch)
+	require.NoError(t, err)
+	wst, err := util.NewBeaconState()
+	require.NoError(t, err)
+	fork, err := forkForEpoch(cfg, cfg.GenesisEpoch)
+	require.NoError(t, err)
+	require.NoError(t, wst.SetFork(fork))
+
+	// set up checkpoint block
+	b, err := blocks.NewSignedBeaconBlock(util.NewBeaconBlock())
+	require.NoError(t, err)
+	b, err = blocktest.SetBlockParentRoot(b, cfg.ZeroHash)
+	require.NoError(t, err)
+	b, err = blocktest.SetBlockSlot(b, wSlot)
+	require.NoError(t, err)
+	b, err = blocktest.SetProposerIndex(b, 0)
+	require.NoError(t, err)
+
+	// set up state header pointing at checkpoint block - this is how the block is downloaded by root
+	header, err := b.Header()
+	require.NoError(t, err)
+	require.NoError(t, wst.SetLatestBlockHeader(header.Header))
+
+	// order of operations can be confusing here:
+	// - when computing the state root, make sure block header is complete, EXCEPT the state root should be zero-value
+	// - before computing the block root (to match the request route), the block should include the state root
+	//   *computed from the state with a header that does not have a state root set yet*
+	wRoot, err := wst.HashTreeRoot(ctx)
+	require.NoError(t, err)
+
+	b, err = blocktest.SetBlockStateRoot(b, wRoot)
+	require.NoError(t, err)
+	serBlock, err := b.MarshalSSZ()
+	require.NoError(t, err)
+	bRoot, err := b.Block().HashTreeRoot()
+	require.NoError(t, err)
+
+	wsSerialized, err := wst.MarshalSSZ()
+	require.NoError(t, err)
+
+	trans := &testRT{rt: func(req *http.Request) (*http.Response, error) {
+		res := &http.Response{Request: req}
+		switch req.URL.Path {
+		case getNodeVersionPath:
+			res.StatusCode = http.StatusOK
+			b := bytes.NewBuffer(nil)
+			d := struct {
+				Version string `json:"version"`
+			}{
+				Version: "Lighthouse/v0.1.5 (Linux x86_64)",
+			}
+			encoded, err := marshalToEnvelope(d)
+			require.NoError(t, err)
+			b.Write(encoded)
+			res.Body = io.NopCloser(b)
+		case getWeakSubjectivityPath:
+			res.StatusCode = http.StatusNotFound
+		case renderGetStatePath(IdHead):
+			res.StatusCode = http.StatusOK
+			res.Body = io.NopCloser(bytes.NewBuffer(serialized))
+		case renderGetStatePath(IdFromSlot(wSlot)):
+			res.StatusCode = http.StatusOK
+			res.Body = io.NopCloser(bytes.NewBuffer(wsSerialized))
+		case renderGetBlockPath(IdFromRoot(bRoot)):
+			res.StatusCode = http.StatusOK
+			res.Body = io.NopCloser(bytes.NewBuffer(serBlock))
+		}
+
+		return res, nil
+	}}
+
+	c, err := NewClient("http://localhost:3500", client.WithRoundTripper(trans))
+	require.NoError(t, err)
+
+	wsPub, err := ComputeWeakSubjectivityCheckpoint(ctx, c)
+	require.NoError(t, err)
+
+	wsPriv, err := computeBackwardsCompatible(ctx, c)
+	require.NoError(t, err)
+	require.DeepEqual(t, wsPriv, wsPub)
+}
+
+func TestGetWeakSubjectivityEpochFromHead(t *testing.T) {
+	st, expectedEpoch := defaultTestHeadState(t, params.MainnetConfig())
+	serialized, err := st.MarshalSSZ()
+	require.NoError(t, err)
+	trans := &testRT{rt: func(req *http.Request) (*http.Response, error) {
+		res := &http.Response{Request: req}
+		if req.URL.Path == renderGetStatePath(IdHead) {
+			res.StatusCode = http.StatusOK
+			res.Body = io.NopCloser(bytes.NewBuffer(serialized))
+		}
+		return res, nil
+	}}
+	c, err := NewClient("http://localhost:3500", client.WithRoundTripper(trans))
+	require.NoError(t, err)
+	actualEpoch, err := getWeakSubjectivityEpochFromHead(context.Background(), c)
+	require.NoError(t, err)
+	require.Equal(t, expectedEpoch, actualEpoch)
+}
+
+func forkForEpoch(cfg *params.BeaconChainConfig, epoch primitives.Epoch) (*ethpb.Fork, error) {
+	os := forks.NewOrderedSchedule(cfg)
+	currentVersion, err := os.VersionForEpoch(epoch)
+	if err != nil {
+		return nil, err
+	}
+	prevVersion, err := os.Previous(currentVersion)
+	if err != nil {
+		if !errors.Is(err, forks.ErrNoPreviousVersion) {
+			return nil, err
+		}
+		// use same version for both in the case of genesis
+		prevVersion = currentVersion
+	}
+	forkEpoch := cfg.ForkVersionSchedule[currentVersion]
+	return &ethpb.Fork{
+		PreviousVersion: prevVersion[:],
+		CurrentVersion:  currentVersion[:],
+		Epoch:           forkEpoch,
+	}, nil
+}
+
+func defaultTestHeadState(t *testing.T, cfg *params.BeaconChainConfig) (state.BeaconState, primitives.Epoch) {
+	st, err := util.NewBeaconStateAltair()
+	require.NoError(t, err)
+
+	fork, err := forkForEpoch(cfg, cfg.AltairForkEpoch)
+	require.NoError(t, err)
+	require.NoError(t, st.SetFork(fork))
+
+	slot, err := slots.EpochStart(cfg.AltairForkEpoch)
+	require.NoError(t, err)
+	require.NoError(t, st.SetSlot(slot))
+
+	var validatorCount, avgBalance uint64 = 100, 35
+	require.NoError(t, populateValidators(cfg, st, validatorCount, avgBalance))
+	require.NoError(t, st.SetFinalizedCheckpoint(&ethpb.Checkpoint{
+		Epoch: fork.Epoch - 10,
+		Root:  make([]byte, 32),
+	}))
+	// to see the math for this, look at helpers.LatestWeakSubjectivityEpoch
+	// and for the values use mainnet config values, the validatorCount and avgBalance above, and altair fork epoch
+	expectedEpoch := slots.ToEpoch(st.Slot()) - 224
+	return st, expectedEpoch
+}
+
+// TODO(10429): refactor beacon state options in testing/util to take a state.BeaconState so this can become an option
+func populateValidators(cfg *params.BeaconChainConfig, st state.BeaconState, valCount, avgBalance uint64) error {
+	validators := make([]*ethpb.Validator, valCount)
+	balances := make([]uint64, len(validators))
+	for i := uint64(0); i < valCount; i++ {
+		validators[i] = &ethpb.Validator{
+			PublicKey:             make([]byte, cfg.BLSPubkeyLength),
+			WithdrawalCredentials: make([]byte, 32),
+			EffectiveBalance:      avgBalance * 1e9,
+			ExitEpoch:             cfg.FarFutureEpoch,
+		}
+		balances[i] = validators[i].EffectiveBalance
+	}
+
+	if err := st.SetValidators(validators); err != nil {
+		return err
+	}
+	return st.SetBalances(balances)
+}
+
+func TestDownloadFinalizedData(t *testing.T) {
+	ctx := context.Background()
+	cfg := params.MainnetConfig().Copy()
+
+	// avoid the altair zone because genesis tests are easier to set up
+	epoch := cfg.AltairForkEpoch - 1
+	// set up checkpoint state, using the epoch that will be computed as the ws checkpoint state based on the head state
+	slot, err := slots.EpochStart(epoch)
+	require.NoError(t, err)
+	st, err := util.NewBeaconState()
+	require.NoError(t, err)
+	fork, err := forkForEpoch(cfg, epoch)
+	require.NoError(t, err)
+	require.NoError(t, st.SetFork(fork))
+	require.NoError(t, st.SetSlot(slot))
+
+	// set up checkpoint block
+	b, err := blocks.NewSignedBeaconBlock(util.NewBeaconBlock())
+	require.NoError(t, err)
+	b, err = blocktest.SetBlockParentRoot(b, cfg.ZeroHash)
+	require.NoError(t, err)
+	b, err = blocktest.SetBlockSlot(b, slot)
+	require.NoError(t, err)
+	b, err = blocktest.SetProposerIndex(b, 0)
+	require.NoError(t, err)
+
+	// set up state header pointing at checkpoint block - this is how the block is downloaded by root
+	header, err := b.Header()
+	require.NoError(t, err)
+	require.NoError(t, st.SetLatestBlockHeader(header.Header))
+
+	// order of operations can be confusing here:
+	// - when computing the state root, make sure block header is complete, EXCEPT the state root should be zero-value
+	// - before computing the block root (to match the request route), the block should include the state root
+	//   *computed from the state with a header that does not have a state root set yet*
+	sr, err := st.HashTreeRoot(ctx)
+	require.NoError(t, err)
+
+	b, err = blocktest.SetBlockStateRoot(b, sr)
+	require.NoError(t, err)
+	mb, err := b.MarshalSSZ()
+	require.NoError(t, err)
+	br, err := b.Block().HashTreeRoot()
+	require.NoError(t, err)
+
+	ms, err := st.MarshalSSZ()
+	require.NoError(t, err)
+
+	trans := &testRT{rt: func(req *http.Request) (*http.Response, error) {
+		res := &http.Response{Request: req}
+		switch req.URL.Path {
+		case renderGetStatePath(IdFinalized):
+			res.StatusCode = http.StatusOK
+			res.Body = io.NopCloser(bytes.NewBuffer(ms))
+		case renderGetBlockPath(IdFromSlot(b.Block().Slot())):
+			res.StatusCode = http.StatusOK
+			res.Body = io.NopCloser(bytes.NewBuffer(mb))
+		default:
+			res.StatusCode = http.StatusInternalServerError
+			res.Body = io.NopCloser(bytes.NewBufferString(""))
+		}
+
+		return res, nil
+	}}
+	c, err := NewClient("http://localhost:3500", client.WithRoundTripper(trans))
+	require.NoError(t, err)
+	// sanity check before we go through checkpoint
+	// make sure we can download the state and unmarshal it with the VersionedUnmarshaler
+	sb, err := c.GetState(ctx, IdFinalized)
+	require.NoError(t, err)
+	require.Equal(t, true, bytes.Equal(sb, ms))
+	vu, err := detect.FromState(sb)
+	require.NoError(t, err)
+	us, err := vu.UnmarshalBeaconState(sb)
+	require.NoError(t, err)
+	ushtr, err := us.HashTreeRoot(ctx)
+	require.NoError(t, err)
+	require.Equal(t, sr, ushtr)
+
+	expected := &OriginData{
+		sb: ms,
+		bb: mb,
+		br: br,
+		sr: sr,
+	}
+	od, err := DownloadFinalizedData(ctx, c)
+	require.NoError(t, err)
+	require.Equal(t, true, bytes.Equal(expected.sb, od.sb))
+	require.Equal(t, true, bytes.Equal(expected.bb, od.bb))
+	require.Equal(t, expected.br, od.br)
+	require.Equal(t, expected.sr, od.sr)
+}

api/client/beacon/client.go

@@ -0,0 +1,396 @@
+package beacon
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"path"
+	"regexp"
+	"sort"
+	"strconv"
+	"text/template"
+
+	"github.com/prysmaticlabs/prysm/v4/api/client"
+	"github.com/prysmaticlabs/prysm/v4/network/forks"
+	v1 "github.com/prysmaticlabs/prysm/v4/proto/eth/v1"
+
+	"github.com/ethereum/go-ethereum/common/hexutil"
+	"github.com/pkg/errors"
+	"github.com/prysmaticlabs/prysm/v4/beacon-chain/rpc/apimiddleware"
+	"github.com/prysmaticlabs/prysm/v4/consensus-types/primitives"
+	"github.com/prysmaticlabs/prysm/v4/encoding/bytesutil"
+	ethpb "github.com/prysmaticlabs/prysm/v4/proto/prysm/v1alpha1"
+	log "github.com/sirupsen/logrus"
+)
+
+const (
+	getSignedBlockPath       = "/eth/v2/beacon/blocks"
+	getBlockRootPath         = "/eth/v1/beacon/blocks/{{.Id}}/root"
+	getForkForStatePath      = "/eth/v1/beacon/states/{{.Id}}/fork"
+	getWeakSubjectivityPath  = "/eth/v1/beacon/weak_subjectivity"
+	getForkSchedulePath      = "/eth/v1/config/fork_schedule"
+	getConfigSpecPath        = "/eth/v1/config/spec"
+	getStatePath             = "/eth/v2/debug/beacon/states"
+	getNodeVersionPath       = "/eth/v1/node/version"
+	changeBLStoExecutionPath = "/eth/v1/beacon/pool/bls_to_execution_changes"
+)
+
+// StateOrBlockId represents the block_id / state_id parameters that several of the Eth Beacon API methods accept.
+// StateOrBlockId constants are defined for named identifiers, and helper methods are provided
+// for slot and root identifiers. Example text from the Eth Beacon Node API documentation:
+//
+// "Block identifier can be one of: "head" (canonical head in node's view), "genesis", "finalized",
+// <slot>, <hex encoded blockRoot with 0x prefix>."
+type StateOrBlockId string
+
+const (
+	IdGenesis   StateOrBlockId = "genesis"
+	IdHead      StateOrBlockId = "head"
+	IdFinalized StateOrBlockId = "finalized"
+)
+
+// IdFromRoot encodes a block root in the format expected by the API in places where a root can be used to identify
+// a BeaconState or SignedBeaconBlock.
+func IdFromRoot(r [32]byte) StateOrBlockId {
+	return StateOrBlockId(fmt.Sprintf("%#x", r))
+}
+
+// IdFromSlot encodes a Slot in the format expected by the API in places where a slot can be used to identify
+// a BeaconState or SignedBeaconBlock.
+func IdFromSlot(s primitives.Slot) StateOrBlockId {
+	return StateOrBlockId(strconv.FormatUint(uint64(s), 10))
+}
+
+// idTemplate is used to create template functions that can interpolate StateOrBlockId values.
+func idTemplate(ts string) func(StateOrBlockId) string {
+	t := template.Must(template.New("").Parse(ts))
+	f := func(id StateOrBlockId) string {
+		b := bytes.NewBuffer(nil)
+		err := t.Execute(b, struct{ Id string }{Id: string(id)})
+		if err != nil {
+			panic(fmt.Sprintf("invalid idTemplate: %s", ts))
+		}
+		return b.String()
+	}
+	// run the template to ensure that it is valid
+	// this should happen load time (using package scoped vars) to ensure runtime errors aren't possible
+	_ = f(IdGenesis)
+	return f
+}
+
+func renderGetBlockPath(id StateOrBlockId) string {
+	return path.Join(getSignedBlockPath, string(id))
+}
+
+// Client provides a collection of helper methods for calling the Eth Beacon Node API endpoints.
+type Client struct {
+	*client.Client
+}
+
+// NewClient returns a new Client that includes functions for rest calls to Beacon API.
+func NewClient(host string, opts ...client.ClientOpt) (*Client, error) {
+	c, err := client.NewClient(host, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return &Client{c}, nil
+}
+
+// GetBlock retrieves the SignedBeaconBlock for the given block id.
+// Block identifier can be one of: "head" (canonical head in node's view), "genesis", "finalized",
+// <slot>, <hex encoded blockRoot with 0x prefix>. Variables of type StateOrBlockId are exported by this package
+// for the named identifiers.
+// The return value contains the ssz-encoded bytes.
+func (c *Client) GetBlock(ctx context.Context, blockId StateOrBlockId) ([]byte, error) {
+	blockPath := renderGetBlockPath(blockId)
+	b, err := c.Get(ctx, blockPath, client.WithSSZEncoding())
+	if err != nil {
+		return nil, errors.Wrapf(err, "error requesting state by id = %s", blockId)
+	}
+	return b, nil
+}
+
+var getBlockRootTpl = idTemplate(getBlockRootPath)
+
+// GetBlockRoot retrieves the hash_tree_root of the BeaconBlock for the given block id.
+// Block identifier can be one of: "head" (canonical head in node's view), "genesis", "finalized",
+// <slot>, <hex encoded blockRoot with 0x prefix>. Variables of type StateOrBlockId are exported by this package
+// for the named identifiers.
+func (c *Client) GetBlockRoot(ctx context.Context, blockId StateOrBlockId) ([32]byte, error) {
+	rootPath := getBlockRootTpl(blockId)
+	b, err := c.Get(ctx, rootPath)
+	if err != nil {
+		return [32]byte{}, errors.Wrapf(err, "error requesting block root by id = %s", blockId)
+	}
+	jsonr := &struct{ Data struct{ Root string } }{}
+	err = json.Unmarshal(b, jsonr)
+	if err != nil {
+		return [32]byte{}, errors.Wrap(err, "error decoding json data from get block root response")
+	}
+	rs, err := hexutil.Decode(jsonr.Data.Root)
+	if err != nil {
+		return [32]byte{}, errors.Wrap(err, fmt.Sprintf("error decoding hex-encoded value %s", jsonr.Data.Root))
+	}
+	return bytesutil.ToBytes32(rs), nil
+}
+
+var getForkTpl = idTemplate(getForkForStatePath)
+
+// GetFork queries the Beacon Node API for the Fork from the state identified by stateId.
+// Block identifier can be one of: "head" (canonical head in node's view), "genesis", "finalized",
+// <slot>, <hex encoded blockRoot with 0x prefix>. Variables of type StateOrBlockId are exported by this package
+// for the named identifiers.
+func (c *Client) GetFork(ctx context.Context, stateId StateOrBlockId) (*ethpb.Fork, error) {
+	body, err := c.Get(ctx, getForkTpl(stateId))
+	if err != nil {
+		return nil, errors.Wrapf(err, "error requesting fork by state id = %s", stateId)
+	}
+	fr := &forkResponse{}
+	dataWrapper := &struct{ Data *forkResponse }{Data: fr}
+	err = json.Unmarshal(body, dataWrapper)
+	if err != nil {
+		return nil, errors.Wrap(err, "error decoding json response in GetFork")
+	}
+
+	return fr.Fork()
+}
+
+// GetForkSchedule retrieve all forks, past present and future, of which this node is aware.
+func (c *Client) GetForkSchedule(ctx context.Context) (forks.OrderedSchedule, error) {
+	body, err := c.Get(ctx, getForkSchedulePath)
+	if err != nil {
+		return nil, errors.Wrap(err, "error requesting fork schedule")
+	}
+	fsr := &forkScheduleResponse{}
+	err = json.Unmarshal(body, fsr)
+	if err != nil {
+		return nil, err
+	}
+	ofs, err := fsr.OrderedForkSchedule()
+	if err != nil {
+		return nil, errors.Wrap(err, fmt.Sprintf("problem unmarshaling %s response", getForkSchedulePath))
+	}
+	return ofs, nil
+}
+
+// GetConfigSpec retrieve the current configs of the network used by the beacon node.
+func (c *Client) GetConfigSpec(ctx context.Context) (*v1.SpecResponse, error) {
+	body, err := c.Get(ctx, getConfigSpecPath)
+	if err != nil {
+		return nil, errors.Wrap(err, "error requesting configSpecPath")
+	}
+	fsr := &v1.SpecResponse{}
+	err = json.Unmarshal(body, fsr)
+	if err != nil {
+		return nil, err
+	}
+	return fsr, nil
+}
+
+type NodeVersion struct {
+	implementation string
+	semver         string
+	systemInfo     string
+}
+
+var versionRE = regexp.MustCompile(`^(\w+)/(v\d+\.\d+\.\d+[-a-zA-Z0-9]*)\s*/?(.*)$`)
+
+func parseNodeVersion(v string) (*NodeVersion, error) {
+	groups := versionRE.FindStringSubmatch(v)
+	if len(groups) != 4 {
+		return nil, errors.Wrapf(client.ErrInvalidNodeVersion, "could not be parsed: %s", v)
+	}
+	return &NodeVersion{
+		implementation: groups[1],
+		semver:         groups[2],
+		systemInfo:     groups[3],
+	}, nil
+}
+
+// GetNodeVersion requests that the beacon node identify information about its implementation in a format
+// similar to a HTTP User-Agent field. ex: Lighthouse/v0.1.5 (Linux x86_64)
+func (c *Client) GetNodeVersion(ctx context.Context) (*NodeVersion, error) {
+	b, err := c.Get(ctx, getNodeVersionPath)
+	if err != nil {
+		return nil, errors.Wrap(err, "error requesting node version")
+	}
+	d := struct {
+		Data struct {
+			Version string `json:"version"`
+		} `json:"data"`
+	}{}
+	err = json.Unmarshal(b, &d)
+	if err != nil {
+		return nil, errors.Wrapf(err, "error unmarshaling response body: %s", string(b))
+	}
+	return parseNodeVersion(d.Data.Version)
+}
+
+func renderGetStatePath(id StateOrBlockId) string {
+	return path.Join(getStatePath, string(id))
+}
+
+// GetState retrieves the BeaconState for the given state id.
+// State identifier can be one of: "head" (canonical head in node's view), "genesis", "finalized",
+// <slot>, <hex encoded stateRoot with 0x prefix>. Variables of type StateOrBlockId are exported by this package
+// for the named identifiers.
+// The return value contains the ssz-encoded bytes.
+func (c *Client) GetState(ctx context.Context, stateId StateOrBlockId) ([]byte, error) {
+	statePath := path.Join(getStatePath, string(stateId))
+	b, err := c.Get(ctx, statePath, client.WithSSZEncoding())
+	if err != nil {
+		return nil, errors.Wrapf(err, "error requesting state by id = %s", stateId)
+	}
+	return b, nil
+}
+
+// GetWeakSubjectivity calls a proposed API endpoint that is unique to prysm
+// This api method does the following:
+// - computes weak subjectivity epoch
+// - finds the highest non-skipped block preceding the epoch
+// - returns the htr of the found block and returns this + the value of state_root from the block
+func (c *Client) GetWeakSubjectivity(ctx context.Context) (*WeakSubjectivityData, error) {
+	body, err := c.Get(ctx, getWeakSubjectivityPath)
+	if err != nil {
+		return nil, err
+	}
+	v := &apimiddleware.WeakSubjectivityResponse{}
+	err = json.Unmarshal(body, v)
+	if err != nil {
+		return nil, err
+	}
+	epoch, err := strconv.ParseUint(v.Data.Checkpoint.Epoch, 10, 64)
+	if err != nil {
+		return nil, err
+	}
+	blockRoot, err := hexutil.Decode(v.Data.Checkpoint.Root)
+	if err != nil {
+		return nil, err
+	}
+	stateRoot, err := hexutil.Decode(v.Data.StateRoot)
+	if err != nil {
+		return nil, err
+	}
+	return &WeakSubjectivityData{
+		Epoch:     primitives.Epoch(epoch),
+		BlockRoot: bytesutil.ToBytes32(blockRoot),
+		StateRoot: bytesutil.ToBytes32(stateRoot),
+	}, nil
+}
+
+// SubmitChangeBLStoExecution calls a beacon API endpoint to set the withdrawal addresses based on the given signed messages.
+// If the API responds with something other than OK there will be failure messages associated to the corresponding request message.
+func (c *Client) SubmitChangeBLStoExecution(ctx context.Context, request []*apimiddleware.SignedBLSToExecutionChangeJson) error {
+	u := c.BaseURL().ResolveReference(&url.URL{Path: changeBLStoExecutionPath})
+	body, err := json.Marshal(request)
+	if err != nil {
+		return errors.Wrap(err, "failed to marshal JSON")
+	}
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, u.String(), bytes.NewBuffer(body))
+	if err != nil {
+		return errors.Wrap(err, "invalid format, failed to create new POST request object")
+	}
+	req.Header.Set("Content-Type", "application/json")
+	resp, err := c.Do(req)
+	if err != nil {
+		return err
+	}
+	defer func() {
+		err = resp.Body.Close()
+	}()
+	if resp.StatusCode != http.StatusOK {
+		decoder := json.NewDecoder(resp.Body)
+		decoder.DisallowUnknownFields()
+		errorJson := &apimiddleware.IndexedVerificationFailureErrorJson{}
+		if err := decoder.Decode(errorJson); err != nil {
+			return errors.Wrapf(err, "failed to decode error JSON for %s", resp.Request.URL)
+		}
+		for _, failure := range errorJson.Failures {
+			w := request[failure.Index].Message
+			log.WithFields(log.Fields{
+				"validator_index":    w.ValidatorIndex,
+				"withdrawal_address": w.ToExecutionAddress,
+			}).Error(failure.Message)
+		}
+		return errors.Errorf("POST error %d: %s", errorJson.Code, errorJson.Message)
+	}
+	return nil
+}
+
+// GetBLStoExecutionChanges gets all the set withdrawal messages in the node's operation pool.
+// Returns a struct representation of json response.
+func (c *Client) GetBLStoExecutionChanges(ctx context.Context) (*apimiddleware.BLSToExecutionChangesPoolResponseJson, error) {
+	body, err := c.Get(ctx, changeBLStoExecutionPath)
+	if err != nil {
+		return nil, err
+	}
+	poolResponse := &apimiddleware.BLSToExecutionChangesPoolResponseJson{}
+	err = json.Unmarshal(body, poolResponse)
+	if err != nil {
+		return nil, err
+	}
+	return poolResponse, nil
+}
+
+type forkResponse struct {
+	PreviousVersion string `json:"previous_version"`
+	CurrentVersion  string `json:"current_version"`
+	Epoch           string `json:"epoch"`
+}
+
+func (f *forkResponse) Fork() (*ethpb.Fork, error) {
+	epoch, err := strconv.ParseUint(f.Epoch, 10, 64)
+	if err != nil {
+		return nil, err
+	}
+	cSlice, err := hexutil.Decode(f.CurrentVersion)
+	if err != nil {
+		return nil, err
+	}
+	if len(cSlice) != 4 {
+		return nil, fmt.Errorf("got %d byte version for CurrentVersion, expected 4 bytes. hex=%s", len(cSlice), f.CurrentVersion)
+	}
+	pSlice, err := hexutil.Decode(f.PreviousVersion)
+	if err != nil {
+		return nil, err
+	}
+	if len(pSlice) != 4 {
+		return nil, fmt.Errorf("got %d byte version, expected 4 bytes. version hex=%s", len(pSlice), f.PreviousVersion)
+	}
+	return &ethpb.Fork{
+		CurrentVersion:  cSlice,
+		PreviousVersion: pSlice,
+		Epoch:           primitives.Epoch(epoch),
+	}, nil
+}
+
+type forkScheduleResponse struct {
+	Data []forkResponse
+}
+
+func (fsr *forkScheduleResponse) OrderedForkSchedule() (forks.OrderedSchedule, error) {
+	ofs := make(forks.OrderedSchedule, 0)
+	for _, d := range fsr.Data {
+		epoch, err := strconv.Atoi(d.Epoch)
+		if err != nil {
+			return nil, err
+		}
+		vSlice, err := hexutil.Decode(d.CurrentVersion)
+		if err != nil {
+			return nil, err
+		}
+		if len(vSlice) != 4 {
+			return nil, fmt.Errorf("got %d byte version, expected 4 bytes. version hex=%s", len(vSlice), d.CurrentVersion)
+		}
+		version := bytesutil.ToBytes4(vSlice)
+		ofs = append(ofs, forks.ForkScheduleEntry{
+			Version: version,
+			Epoch:   primitives.Epoch(uint64(epoch)),
+		})
+	}
+	sort.Sort(ofs)
+	return ofs, nil
+}

api/client/beacon/client_test.go

@@ -0,0 +1,139 @@
+package beacon
+
+import (
+	"net/url"
+	"testing"
+
+	"github.com/prysmaticlabs/prysm/v4/api/client"
+	"github.com/prysmaticlabs/prysm/v4/testing/require"
+)
+
+func TestParseNodeVersion(t *testing.T) {
+	cases := []struct {
+		name string
+		v    string
+		err  error
+		nv   *NodeVersion
+	}{
+		{
+			name: "empty string",
+			v:    "",
+			err:  client.ErrInvalidNodeVersion,
+		},
+		{
+			name: "Prysm as the version string",
+			v:    "Prysm",
+			err:  client.ErrInvalidNodeVersion,
+		},
+		{
+			name: "semver only",
+			v:    "v2.0.6",
+			err:  client.ErrInvalidNodeVersion,
+		},
+		{
+			name: "complete version",
+			v:    "Prysm/v2.0.6 (linux amd64)",
+			nv: &NodeVersion{
+				implementation: "Prysm",
+				semver:         "v2.0.6",
+				systemInfo:     "(linux amd64)",
+			},
+		},
+		{
+			name: "nimbus version",
+			v:    "Nimbus/v22.4.0-039bec-stateofus",
+			nv: &NodeVersion{
+				implementation: "Nimbus",
+				semver:         "v22.4.0-039bec-stateofus",
+				systemInfo:     "",
+			},
+		},
+		{
+			name: "teku version",
+			v:    "teku/v22.3.2/linux-x86_64/oracle-java-11",
+			nv: &NodeVersion{
+				implementation: "teku",
+				semver:         "v22.3.2",
+				systemInfo:     "linux-x86_64/oracle-java-11",
+			},
+		},
+		{
+			name: "lighthouse version",
+			v:    "Lighthouse/v2.1.1-5f628a7/x86_64-linux",
+			nv: &NodeVersion{
+				implementation: "Lighthouse",
+				semver:         "v2.1.1-5f628a7",
+				systemInfo:     "x86_64-linux",
+			},
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			nv, err := parseNodeVersion(c.v)
+			if c.err != nil {
+				require.ErrorIs(t, err, c.err)
+			} else {
+				require.NoError(t, err)
+				require.DeepEqual(t, c.nv, nv)
+			}
+		})
+	}
+}
+
+func TestValidHostname(t *testing.T) {
+	cases := []struct {
+		name    string
+		hostArg string
+		path    string
+		joined  string
+		err     error
+	}{
+		{
+			name:    "hostname without port",
+			hostArg: "mydomain.org",
+			err:     client.ErrMalformedHostname,
+		},
+		{
+			name:    "hostname with port",
+			hostArg: "mydomain.org:3500",
+			path:    getNodeVersionPath,
+			joined:  "http://mydomain.org:3500/eth/v1/node/version",
+		},
+		{
+			name:    "https scheme, hostname with port",
+			hostArg: "https://mydomain.org:3500",
+			path:    getNodeVersionPath,
+			joined:  "https://mydomain.org:3500/eth/v1/node/version",
+		},
+		{
+			name:    "http scheme, hostname without port",
+			hostArg: "http://mydomain.org",
+			path:    getNodeVersionPath,
+			joined:  "http://mydomain.org/eth/v1/node/version",
+		},
+		{
+			name:    "http scheme, trailing slash, hostname without port",
+			hostArg: "http://mydomain.org/",
+			path:    getNodeVersionPath,
+			joined:  "http://mydomain.org/eth/v1/node/version",
+		},
+		{
+			name:    "http scheme, hostname with basic auth creds and no port",
+			hostArg: "http://username:pass@mydomain.org/",
+			path:    getNodeVersionPath,
+			joined:  "http://username:pass@mydomain.org/eth/v1/node/version",
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			cl, err := NewClient(c.hostArg)
+			if c.err != nil {
+				require.ErrorIs(t, err, c.err)
+				return
+			}
+			require.NoError(t, err)
+			require.Equal(t, c.joined, cl.BaseURL().ResolveReference(&url.URL{Path: c.path}).String())
+		})
+	}
+}

api/client/beacon/doc.go

@@ -0,0 +1,5 @@
+/*
+Package beacon provides a client for interacting with the standard Eth Beacon Node API.
+Interactive swagger documentation for the API is available here: https://ethereum.github.io/beacon-APIs/
+*/
+package beacon

api/client/builder/BUILD.bazel

@@ -0,0 +1,55 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "bid.go",
+        "client.go",
+        "errors.go",
+        "types.go",
+    ],
+    importpath = "github.com/prysmaticlabs/prysm/v4/api/client/builder",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//consensus-types:go_default_library",
+        "//consensus-types/blocks:go_default_library",
+        "//consensus-types/interfaces:go_default_library",
+        "//consensus-types/primitives:go_default_library",
+        "//encoding/bytesutil:go_default_library",
+        "//math:go_default_library",
+        "//monitoring/tracing:go_default_library",
+        "//network:go_default_library",
+        "//network/authorization:go_default_library",
+        "//proto/engine/v1:go_default_library",
+        "//proto/prysm/v1alpha1:go_default_library",
+        "//runtime/version:go_default_library",
+        "@com_github_ethereum_go_ethereum//common/hexutil:go_default_library",
+        "@com_github_pkg_errors//:go_default_library",
+        "@com_github_prysmaticlabs_fastssz//:go_default_library",
+        "@com_github_sirupsen_logrus//:go_default_library",
+        "@io_opencensus_go//trace:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = [
+        "client_test.go",
+        "types_test.go",
+    ],
+    data = glob(["testdata/**"]),
+    embed = [":go_default_library"],
+    deps = [
+        "//config/params:go_default_library",
+        "//consensus-types/blocks:go_default_library",
+        "//consensus-types/primitives:go_default_library",
+        "//encoding/bytesutil:go_default_library",
+        "//proto/engine/v1:go_default_library",
+        "//proto/prysm/v1alpha1:go_default_library",
+        "//testing/assert:go_default_library",
+        "//testing/require:go_default_library",
+        "@com_github_ethereum_go_ethereum//common/hexutil:go_default_library",
+        "@com_github_golang_protobuf//proto:go_default_library",
+        "@com_github_prysmaticlabs_go_bitfield//:go_default_library",
+    ],
+)

api/client/builder/bid.go

@@ -0,0 +1,197 @@
+package builder
+
+import (
+	"math/big"
+
+	ssz "github.com/prysmaticlabs/fastssz"
+	consensus_types "github.com/prysmaticlabs/prysm/v4/consensus-types"
+	"github.com/prysmaticlabs/prysm/v4/consensus-types/blocks"
+	"github.com/prysmaticlabs/prysm/v4/consensus-types/interfaces"
+	"github.com/prysmaticlabs/prysm/v4/encoding/bytesutil"
+	"github.com/prysmaticlabs/prysm/v4/math"
+	ethpb "github.com/prysmaticlabs/prysm/v4/proto/prysm/v1alpha1"
+	"github.com/prysmaticlabs/prysm/v4/runtime/version"
+)
+
+// SignedBid is an interface describing the method set of a signed builder bid.
+type SignedBid interface {
+	Message() (Bid, error)
+	Signature() []byte
+	Version() int
+	IsNil() bool
+}
+
+// Bid is an interface describing the method set of a builder bid.
+type Bid interface {
+	Header() (interfaces.ExecutionData, error)
+	Value() []byte
+	Pubkey() []byte
+	Version() int
+	IsNil() bool
+	HashTreeRoot() ([32]byte, error)
+	HashTreeRootWith(hh *ssz.Hasher) error
+}
+
+type signedBuilderBid struct {
+	p *ethpb.SignedBuilderBid
+}
+
+// WrappedSignedBuilderBid is a constructor which wraps a protobuf signed bit into an interface.
+func WrappedSignedBuilderBid(p *ethpb.SignedBuilderBid) (SignedBid, error) {
+	w := signedBuilderBid{p: p}
+	if w.IsNil() {
+		return nil, consensus_types.ErrNilObjectWrapped
+	}
+	return w, nil
+}
+
+// Message --
+func (b signedBuilderBid) Message() (Bid, error) {
+	return WrappedBuilderBid(b.p.Message)
+}
+
+// Signature --
+func (b signedBuilderBid) Signature() []byte {
+	return b.p.Signature
+}
+
+// Version --
+func (b signedBuilderBid) Version() int {
+	return version.Bellatrix
+}
+
+// IsNil --
+func (b signedBuilderBid) IsNil() bool {
+	return b.p == nil
+}
+
+type signedBuilderBidCapella struct {
+	p *ethpb.SignedBuilderBidCapella
+}
+
+// WrappedSignedBuilderBidCapella is a constructor which wraps a protobuf signed bit into an interface.
+func WrappedSignedBuilderBidCapella(p *ethpb.SignedBuilderBidCapella) (SignedBid, error) {
+	w := signedBuilderBidCapella{p: p}
+	if w.IsNil() {
+		return nil, consensus_types.ErrNilObjectWrapped
+	}
+	return w, nil
+}
+
+// Message --
+func (b signedBuilderBidCapella) Message() (Bid, error) {
+	return WrappedBuilderBidCapella(b.p.Message)
+}
+
+// Signature --
+func (b signedBuilderBidCapella) Signature() []byte {
+	return b.p.Signature
+}
+
+// Version --
+func (b signedBuilderBidCapella) Version() int {
+	return version.Capella
+}
+
+// IsNil --
+func (b signedBuilderBidCapella) IsNil() bool {
+	return b.p == nil
+}
+
+type builderBid struct {
+	p *ethpb.BuilderBid
+}
+
+// WrappedBuilderBid is a constructor which wraps a protobuf bid into an interface.
+func WrappedBuilderBid(p *ethpb.BuilderBid) (Bid, error) {
+	w := builderBid{p: p}
+	if w.IsNil() {
+		return nil, consensus_types.ErrNilObjectWrapped
+	}
+	return w, nil
+}
+
+// Header --
+func (b builderBid) Header() (interfaces.ExecutionData, error) {
+	return blocks.WrappedExecutionPayloadHeader(b.p.Header)
+}
+
+// Version --
+func (b builderBid) Version() int {
+	return version.Bellatrix
+}
+
+// Value --
+func (b builderBid) Value() []byte {
+	return b.p.Value
+}
+
+// Pubkey --
+func (b builderBid) Pubkey() []byte {
+	return b.p.Pubkey
+}
+
+// IsNil --
+func (b builderBid) IsNil() bool {
+	return b.p == nil
+}
+
+// HashTreeRoot --
+func (b builderBid) HashTreeRoot() ([32]byte, error) {
+	return b.p.HashTreeRoot()
+}
+
+// HashTreeRootWith --
+func (b builderBid) HashTreeRootWith(hh *ssz.Hasher) error {
+	return b.p.HashTreeRootWith(hh)
+}
+
+type builderBidCapella struct {
+	p *ethpb.BuilderBidCapella
+}
+
+// WrappedBuilderBidCapella is a constructor which wraps a protobuf bid into an interface.
+func WrappedBuilderBidCapella(p *ethpb.BuilderBidCapella) (Bid, error) {
+	w := builderBidCapella{p: p}
+	if w.IsNil() {
+		return nil, consensus_types.ErrNilObjectWrapped
+	}
+	return w, nil
+}
+
+// Header returns the execution data interface.
+func (b builderBidCapella) Header() (interfaces.ExecutionData, error) {
+	// We have to convert big endian to little endian because the value is coming from the execution layer.
+	v := big.NewInt(0).SetBytes(bytesutil.ReverseByteOrder(b.p.Value))
+	return blocks.WrappedExecutionPayloadHeaderCapella(b.p.Header, math.WeiToGwei(v))
+}
+
+// Version --
+func (b builderBidCapella) Version() int {
+	return version.Capella
+}
+
+// Value --
+func (b builderBidCapella) Value() []byte {
+	return b.p.Value
+}
+
+// Pubkey --
+func (b builderBidCapella) Pubkey() []byte {
+	return b.p.Pubkey
+}
+
+// IsNil --
+func (b builderBidCapella) IsNil() bool {
+	return b.p == nil
+}
+
+// HashTreeRoot --
+func (b builderBidCapella) HashTreeRoot() ([32]byte, error) {
+	return b.p.HashTreeRoot()
+}
+
+// HashTreeRootWith --
+func (b builderBidCapella) HashTreeRootWith(hh *ssz.Hasher) error {
+	return b.p.HashTreeRootWith(hh)
+}

api/client/builder/client.go

@@ -0,0 +1,402 @@
+package builder
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"net/url"
+	"strings"
+	"text/template"
+
+	"github.com/pkg/errors"
+	"github.com/prysmaticlabs/prysm/v4/consensus-types/blocks"
+	"github.com/prysmaticlabs/prysm/v4/consensus-types/interfaces"
+	"github.com/prysmaticlabs/prysm/v4/consensus-types/primitives"
+	"github.com/prysmaticlabs/prysm/v4/monitoring/tracing"
+	"github.com/prysmaticlabs/prysm/v4/network"
+	"github.com/prysmaticlabs/prysm/v4/network/authorization"
+	ethpb "github.com/prysmaticlabs/prysm/v4/proto/prysm/v1alpha1"
+	"github.com/prysmaticlabs/prysm/v4/runtime/version"
+	log "github.com/sirupsen/logrus"
+	"go.opencensus.io/trace"
+)
+
+const (
+	getExecHeaderPath          = "/eth/v1/builder/header/{{.Slot}}/{{.ParentHash}}/{{.Pubkey}}"
+	getStatus                  = "/eth/v1/builder/status"
+	postBlindedBeaconBlockPath = "/eth/v1/builder/blinded_blocks"
+	postRegisterValidatorPath  = "/eth/v1/builder/validators"
+)
+
+var errMalformedHostname = errors.New("hostname must include port, separated by one colon, like example.com:3500")
+var errMalformedRequest = errors.New("required request data are missing")
+var errNotBlinded = errors.New("submitted block is not blinded")
+
+// ClientOpt is a functional option for the Client type (http.Client wrapper)
+type ClientOpt func(*Client)
+
+type observer interface {
+	observe(r *http.Request) error
+}
+
+func WithObserver(m observer) ClientOpt {
+	return func(c *Client) {
+		c.obvs = append(c.obvs, m)
+	}
+}
+
+type requestLogger struct{}
+
+func (*requestLogger) observe(r *http.Request) (e error) {
+	b := bytes.NewBuffer(nil)
+	if r.Body == nil {
+		log.WithFields(log.Fields{
+			"body-base64": "(nil value)",
+			"url":         r.URL.String(),
+		}).Info("builder http request")
+		return nil
+	}
+	t := io.TeeReader(r.Body, b)
+	defer func() {
+		if r.Body != nil {
+			e = r.Body.Close()
+		}
+	}()
+	body, err := io.ReadAll(t)
+	if err != nil {
+		return err
+	}
+	r.Body = io.NopCloser(b)
+	log.WithFields(log.Fields{
+		"body-base64": string(body),
+		"url":         r.URL.String(),
+	}).Info("builder http request")
+
+	return nil
+}
+
+var _ observer = &requestLogger{}
+
+// BuilderClient provides a collection of helper methods for calling Builder API endpoints.
+type BuilderClient interface {
+	NodeURL() string
+	GetHeader(ctx context.Context, slot primitives.Slot, parentHash [32]byte, pubkey [48]byte) (SignedBid, error)
+	RegisterValidator(ctx context.Context, svr []*ethpb.SignedValidatorRegistrationV1) error
+	SubmitBlindedBlock(ctx context.Context, sb interfaces.ReadOnlySignedBeaconBlock) (interfaces.ExecutionData, error)
+	Status(ctx context.Context) error
+}
+
+// Client provides a collection of helper methods for calling Builder API endpoints.
+type Client struct {
+	hc      *http.Client
+	baseURL *url.URL
+	obvs    []observer
+}
+
+// NewClient constructs a new client with the provided options (ex WithTimeout).
+// `host` is the base host + port used to construct request urls. This value can be
+// a URL string, or NewClient will assume an http endpoint if just `host:port` is used.
+func NewClient(host string, opts ...ClientOpt) (*Client, error) {
+	endpoint := covertEndPoint(host)
+	u, err := urlForHost(endpoint.Url)
+	if err != nil {
+		return nil, err
+	}
+	c := &Client{
+		hc:      &http.Client{},
+		baseURL: u,
+	}
+	for _, o := range opts {
+		o(c)
+	}
+	return c, nil
+}
+
+func urlForHost(h string) (*url.URL, error) {
+	// try to parse as url (being permissive)
+	u, err := url.Parse(h)
+	if err == nil && u.Host != "" {
+		return u, nil
+	}
+	// try to parse as host:port
+	host, port, err := net.SplitHostPort(h)
+	if err != nil {
+		return nil, errMalformedHostname
+	}
+	return &url.URL{Host: net.JoinHostPort(host, port), Scheme: "http"}, nil
+}
+
+// NodeURL returns a human-readable string representation of the beacon node base url.
+func (c *Client) NodeURL() string {
+	return c.baseURL.String()
+}
+
+type reqOption func(*http.Request)
+
+// do is a generic, opinionated request function to reduce boilerplate amongst the methods in this package api/client/builder/types.go.
+func (c *Client) do(ctx context.Context, method string, path string, body io.Reader, opts ...reqOption) (res []byte, err error) {
+	ctx, span := trace.StartSpan(ctx, "builder.client.do")
+	defer func() {
+		tracing.AnnotateError(span, err)
+		span.End()
+	}()
+
+	u := c.baseURL.ResolveReference(&url.URL{Path: path})
+
+	span.AddAttributes(trace.StringAttribute("url", u.String()),
+		trace.StringAttribute("method", method))
+
+	req, err := http.NewRequestWithContext(ctx, method, u.String(), body)
+	if err != nil {
+		return
+	}
+	req.Header.Add("User-Agent", version.BuildData())
+	for _, o := range opts {
+		o(req)
+	}
+	for _, o := range c.obvs {
+		if err = o.observe(req); err != nil {
+			return
+		}
+	}
+	r, err := c.hc.Do(req)
+	if err != nil {
+		return
+	}
+	defer func() {
+		closeErr := r.Body.Close()
+		if closeErr != nil {
+			log.WithError(closeErr).Error("Failed to close response body")
+		}
+	}()
+	if r.StatusCode != http.StatusOK {
+		err = non200Err(r)
+		return
+	}
+	res, err = io.ReadAll(r.Body)
+	if err != nil {
+		err = errors.Wrap(err, "error reading http response body from builder server")
+		return
+	}
+	return
+}
+
+var execHeaderTemplate = template.Must(template.New("").Parse(getExecHeaderPath))
+
+func execHeaderPath(slot primitives.Slot, parentHash [32]byte, pubkey [48]byte) (string, error) {
+	v := struct {
+		Slot       primitives.Slot
+		ParentHash string
+		Pubkey     string
+	}{
+		Slot:       slot,
+		ParentHash: fmt.Sprintf("%#x", parentHash),
+		Pubkey:     fmt.Sprintf("%#x", pubkey),
+	}
+	b := bytes.NewBuffer(nil)
+	err := execHeaderTemplate.Execute(b, v)
+	if err != nil {
+		return "", errors.Wrapf(err, "error rendering exec header template with slot=%d, parentHash=%#x, pubkey=%#x", slot, parentHash, pubkey)
+	}
+	return b.String(), nil
+}
+
+// GetHeader is used by a proposing validator to request an execution payload header from the Builder node.
+func (c *Client) GetHeader(ctx context.Context, slot primitives.Slot, parentHash [32]byte, pubkey [48]byte) (SignedBid, error) {
+	path, err := execHeaderPath(slot, parentHash, pubkey)
+	if err != nil {
+		return nil, err
+	}
+	hb, err := c.do(ctx, http.MethodGet, path, nil)
+	if err != nil {
+		return nil, err
+	}
+	v := &VersionResponse{}
+	if err := json.Unmarshal(hb, v); err != nil {
+		return nil, errors.Wrapf(err, "error unmarshaling the builder GetHeader response, using slot=%d, parentHash=%#x, pubkey=%#x", slot, parentHash, pubkey)
+	}
+	switch strings.ToLower(v.Version) {
+	case strings.ToLower(version.String(version.Capella)):
+		hr := &ExecHeaderResponseCapella{}
+		if err := json.Unmarshal(hb, hr); err != nil {
+			return nil, errors.Wrapf(err, "error unmarshaling the builder GetHeader response, using slot=%d, parentHash=%#x, pubkey=%#x", slot, parentHash, pubkey)
+		}
+		p, err := hr.ToProto()
+		if err != nil {
+			return nil, errors.Wrapf(err, "could not extract proto message from header")
+		}
+		return WrappedSignedBuilderBidCapella(p)
+	case strings.ToLower(version.String(version.Bellatrix)):
+		hr := &ExecHeaderResponse{}
+		if err := json.Unmarshal(hb, hr); err != nil {
+			return nil, errors.Wrapf(err, "error unmarshaling the builder GetHeader response, using slot=%d, parentHash=%#x, pubkey=%#x", slot, parentHash, pubkey)
+		}
+		p, err := hr.ToProto()
+		if err != nil {
+			return nil, errors.Wrap(err, "could not extract proto message from header")
+		}
+		return WrappedSignedBuilderBid(p)
+	default:
+		return nil, fmt.Errorf("unsupported header version %s", strings.ToLower(v.Version))
+	}
+}
+
+// RegisterValidator encodes the SignedValidatorRegistrationV1 message to json (including hex-encoding the byte
+// fields with 0x prefixes) and posts to the builder validator registration endpoint.
+func (c *Client) RegisterValidator(ctx context.Context, svr []*ethpb.SignedValidatorRegistrationV1) error {
+	ctx, span := trace.StartSpan(ctx, "builder.client.RegisterValidator")
+	defer span.End()
+	span.AddAttributes(trace.Int64Attribute("num_reqs", int64(len(svr))))
+
+	if len(svr) == 0 {
+		err := errors.Wrap(errMalformedRequest, "empty validator registration list")
+		tracing.AnnotateError(span, err)
+		return err
+	}
+	vs := make([]*SignedValidatorRegistration, len(svr))
+	for i := 0; i < len(svr); i++ {
+		vs[i] = &SignedValidatorRegistration{SignedValidatorRegistrationV1: svr[i]}
+	}
+	body, err := json.Marshal(vs)
+	if err != nil {
+		err := errors.Wrap(err, "error encoding the SignedValidatorRegistration value body in RegisterValidator")
+		tracing.AnnotateError(span, err)
+		return err
+	}
+
+	_, err = c.do(ctx, http.MethodPost, postRegisterValidatorPath, bytes.NewBuffer(body))
+	return err
+}
+
+// SubmitBlindedBlock calls the builder API endpoint that binds the validator to the builder and submits the block.
+// The response is the full execution payload used to create the blinded block.
+func (c *Client) SubmitBlindedBlock(ctx context.Context, sb interfaces.ReadOnlySignedBeaconBlock) (interfaces.ExecutionData, error) {
+	if !sb.IsBlinded() {
+		return nil, errNotBlinded
+	}
+	switch sb.Version() {
+	case version.Bellatrix:
+		psb, err := sb.PbBlindedBellatrixBlock()
+		if err != nil {
+			return nil, errors.Wrapf(err, "could not get protobuf block")
+		}
+		b := &SignedBlindedBeaconBlockBellatrix{SignedBlindedBeaconBlockBellatrix: psb}
+		body, err := json.Marshal(b)
+		if err != nil {
+			return nil, errors.Wrap(err, "error encoding the SignedBlindedBeaconBlockBellatrix value body in SubmitBlindedBlock")
+		}
+
+		versionOpt := func(r *http.Request) {
+			r.Header.Add("Eth-Consensus-Version", version.String(version.Bellatrix))
+		}
+		rb, err := c.do(ctx, http.MethodPost, postBlindedBeaconBlockPath, bytes.NewBuffer(body), versionOpt)
+
+		if err != nil {
+			return nil, errors.Wrap(err, "error posting the SignedBlindedBeaconBlockBellatrix to the builder api")
+		}
+		ep := &ExecPayloadResponse{}
+		if err := json.Unmarshal(rb, ep); err != nil {
+			return nil, errors.Wrap(err, "error unmarshaling the builder SubmitBlindedBlock response")
+		}
+		if strings.ToLower(ep.Version) != version.String(version.Bellatrix) {
+			return nil, errors.New("not a bellatrix payload")
+		}
+		p, err := ep.ToProto()
+		if err != nil {
+			return nil, errors.Wrapf(err, "could not extract proto message from payload")
+		}
+		return blocks.WrappedExecutionPayload(p)
+	case version.Capella:
+		psb, err := sb.PbBlindedCapellaBlock()
+		if err != nil {
+			return nil, errors.Wrapf(err, "could not get protobuf block")
+		}
+		b := &SignedBlindedBeaconBlockCapella{SignedBlindedBeaconBlockCapella: psb}
+		body, err := json.Marshal(b)
+		if err != nil {
+			return nil, errors.Wrap(err, "error encoding the SignedBlindedBeaconBlockCapella value body in SubmitBlindedBlockCapella")
+		}
+
+		versionOpt := func(r *http.Request) {
+			r.Header.Add("Eth-Consensus-Version", version.String(version.Capella))
+		}
+		rb, err := c.do(ctx, http.MethodPost, postBlindedBeaconBlockPath, bytes.NewBuffer(body), versionOpt)
+
+		if err != nil {
+			return nil, errors.Wrap(err, "error posting the SignedBlindedBeaconBlockCapella to the builder api")
+		}
+		ep := &ExecPayloadResponseCapella{}
+		if err := json.Unmarshal(rb, ep); err != nil {
+			return nil, errors.Wrap(err, "error unmarshaling the builder SubmitBlindedBlockCapella response")
+		}
+		if strings.ToLower(ep.Version) != version.String(version.Capella) {
+			return nil, errors.New("not a capella payload")
+		}
+		p, err := ep.ToProto()
+		if err != nil {
+			return nil, errors.Wrapf(err, "could not extract proto message from payload")
+		}
+		return blocks.WrappedExecutionPayloadCapella(p, 0)
+	default:
+		return nil, fmt.Errorf("unsupported block version %s", version.String(sb.Version()))
+	}
+}
+
+// Status asks the remote builder server for a health check. A response of 200 with an empty body is the success/healthy
+// response, and an error response may have an error message. This method will return a nil value for error in the
+// happy path, and an error with information about the server response body for a non-200 response.
+func (c *Client) Status(ctx context.Context) error {
+	_, err := c.do(ctx, http.MethodGet, getStatus, nil)
+	return err
+}
+
+func non200Err(response *http.Response) error {
+	bodyBytes, err := io.ReadAll(response.Body)
+	var errMessage ErrorMessage
+	var body string
+	if err != nil {
+		body = "(Unable to read response body.)"
+	} else {
+		body = "response body:\n" + string(bodyBytes)
+	}
+	msg := fmt.Sprintf("code=%d, url=%s, body=%s", response.StatusCode, response.Request.URL, body)
+	switch response.StatusCode {
+	case 204:
+		log.WithError(ErrNoContent).Debug(msg)
+		return ErrNoContent
+	case 400:
+		if jsonErr := json.Unmarshal(bodyBytes, &errMessage); jsonErr != nil {
+			return errors.Wrap(jsonErr, "unable to read response body")
+		}
+		log.WithError(ErrBadRequest).Debug(msg)
+		return errors.Wrap(ErrBadRequest, errMessage.Message)
+	case 404:
+		if jsonErr := json.Unmarshal(bodyBytes, &errMessage); jsonErr != nil {
+			return errors.Wrap(jsonErr, "unable to read response body")
+		}
+		log.WithError(ErrNotFound).Debug(msg)
+		return errors.Wrap(ErrNotFound, errMessage.Message)
+	case 500:
+		if jsonErr := json.Unmarshal(bodyBytes, &errMessage); jsonErr != nil {
+			return errors.Wrap(jsonErr, "unable to read response body")
+		}
+		log.WithError(ErrNotOK).Debug(msg)
+		return errors.Wrap(ErrNotOK, errMessage.Message)
+	default:
+		log.WithError(ErrNotOK).Debug(msg)
+		return errors.Wrap(ErrNotOK, fmt.Sprintf("unsupported error code: %d", response.StatusCode))
+	}
+}
+
+func covertEndPoint(ep string) network.Endpoint {
+	return network.Endpoint{
+		Url: ep,
+		Auth: network.AuthorizationData{ // Auth is not used for builder.
+			Method: authorization.None,
+			Value:  "",
+		}}
+}

api/client/builder/client_test.go

@@ -0,0 +1,648 @@
+package builder
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"math/big"
+	"net/http"
+	"net/url"
+	"strconv"
+	"testing"
+
+	"github.com/prysmaticlabs/go-bitfield"
+	"github.com/prysmaticlabs/prysm/v4/config/params"
+	"github.com/prysmaticlabs/prysm/v4/consensus-types/blocks"
+	types "github.com/prysmaticlabs/prysm/v4/consensus-types/primitives"
+	"github.com/prysmaticlabs/prysm/v4/encoding/bytesutil"
+	v1 "github.com/prysmaticlabs/prysm/v4/proto/engine/v1"
+	eth "github.com/prysmaticlabs/prysm/v4/proto/prysm/v1alpha1"
+	"github.com/prysmaticlabs/prysm/v4/testing/assert"
+	"github.com/prysmaticlabs/prysm/v4/testing/require"
+)
+
+type roundtrip func(*http.Request) (*http.Response, error)
+
+func (fn roundtrip) RoundTrip(r *http.Request) (*http.Response, error) {
+	return fn(r)
+}
+
+func TestClient_Status(t *testing.T) {
+	ctx := context.Background()
+	statusPath := "/eth/v1/builder/status"
+	hc := &http.Client{
+		Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+			defer func() {
+				if r.Body == nil {
+					return
+				}
+				require.NoError(t, r.Body.Close())
+			}()
+			require.Equal(t, statusPath, r.URL.Path)
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(bytes.NewBuffer(nil)),
+				Request:    r.Clone(ctx),
+			}, nil
+		}),
+	}
+	c := &Client{
+		hc:      hc,
+		baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+	}
+	require.NoError(t, c.Status(ctx))
+	hc = &http.Client{
+		Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+			defer func() {
+				if r.Body == nil {
+					return
+				}
+				require.NoError(t, r.Body.Close())
+			}()
+			require.Equal(t, statusPath, r.URL.Path)
+			message := ErrorMessage{
+				Code:    500,
+				Message: "Internal server error",
+			}
+			resp, err := json.Marshal(message)
+			require.NoError(t, err)
+			return &http.Response{
+				StatusCode: http.StatusInternalServerError,
+				Body:       io.NopCloser(bytes.NewBuffer(resp)),
+				Request:    r.Clone(ctx),
+			}, nil
+		}),
+	}
+	c = &Client{
+		hc:      hc,
+		baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+	}
+	require.ErrorIs(t, c.Status(ctx), ErrNotOK)
+}
+
+func TestClient_RegisterValidator(t *testing.T) {
+	ctx := context.Background()
+	expectedBody := `[{"message":{"fee_recipient":"0x0000000000000000000000000000000000000000","gas_limit":"23","timestamp":"42","pubkey":"0x93247f2209abcacf57b75a51dafae777f9dd38bc7053d1af526f220a7489a6d3a2753e5f3e8b1cfe39b56f43611df74a"},"signature":"0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"}]`
+	expectedPath := "/eth/v1/builder/validators"
+	hc := &http.Client{
+		Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+			body, err := io.ReadAll(r.Body)
+			defer func() {
+				require.NoError(t, r.Body.Close())
+			}()
+			require.NoError(t, err)
+			require.Equal(t, expectedBody, string(body))
+			require.Equal(t, expectedPath, r.URL.Path)
+			require.Equal(t, http.MethodPost, r.Method)
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(bytes.NewBuffer(nil)),
+				Request:    r.Clone(ctx),
+			}, nil
+		}),
+	}
+	c := &Client{
+		hc:      hc,
+		baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+	}
+	reg := &eth.SignedValidatorRegistrationV1{
+		Message: &eth.ValidatorRegistrationV1{
+			FeeRecipient: ezDecode(t, params.BeaconConfig().EthBurnAddressHex),
+			GasLimit:     23,
+			Timestamp:    42,
+			Pubkey:       ezDecode(t, "0x93247f2209abcacf57b75a51dafae777f9dd38bc7053d1af526f220a7489a6d3a2753e5f3e8b1cfe39b56f43611df74a"),
+		},
+		Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+	}
+	require.NoError(t, c.RegisterValidator(ctx, []*eth.SignedValidatorRegistrationV1{reg}))
+}
+
+func TestClient_GetHeader(t *testing.T) {
+	ctx := context.Background()
+	expectedPath := "/eth/v1/builder/header/23/0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2/0x93247f2209abcacf57b75a51dafae777f9dd38bc7053d1af526f220a7489a6d3a2753e5f3e8b1cfe39b56f43611df74a"
+	var slot types.Slot = 23
+	parentHash := ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2")
+	pubkey := ezDecode(t, "0x93247f2209abcacf57b75a51dafae777f9dd38bc7053d1af526f220a7489a6d3a2753e5f3e8b1cfe39b56f43611df74a")
+
+	t.Run("server error", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, expectedPath, r.URL.Path)
+				message := ErrorMessage{
+					Code:    500,
+					Message: "Internal server error",
+				}
+				resp, err := json.Marshal(message)
+				require.NoError(t, err)
+				return &http.Response{
+					StatusCode: http.StatusInternalServerError,
+					Body:       io.NopCloser(bytes.NewBuffer(resp)),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+
+		_, err := c.GetHeader(ctx, slot, bytesutil.ToBytes32(parentHash), bytesutil.ToBytes48(pubkey))
+		require.ErrorIs(t, err, ErrNotOK)
+	})
+	t.Run("header not available", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, expectedPath, r.URL.Path)
+				return &http.Response{
+					StatusCode: http.StatusNoContent,
+					Body:       io.NopCloser(bytes.NewBuffer([]byte("No header is available."))),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+		_, err := c.GetHeader(ctx, slot, bytesutil.ToBytes32(parentHash), bytesutil.ToBytes48(pubkey))
+		require.ErrorIs(t, err, ErrNoContent)
+	})
+	t.Run("bellatrix", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, expectedPath, r.URL.Path)
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       io.NopCloser(bytes.NewBufferString(testExampleHeaderResponse)),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+		h, err := c.GetHeader(ctx, slot, bytesutil.ToBytes32(parentHash), bytesutil.ToBytes48(pubkey))
+		require.NoError(t, err)
+		expectedSig := ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505")
+		require.Equal(t, true, bytes.Equal(expectedSig, h.Signature()))
+		expectedTxRoot := ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2")
+		bid, err := h.Message()
+		require.NoError(t, err)
+		bidHeader, err := bid.Header()
+		require.NoError(t, err)
+		withdrawalsRoot, err := bidHeader.TransactionsRoot()
+		require.NoError(t, err)
+		require.Equal(t, true, bytes.Equal(expectedTxRoot, withdrawalsRoot))
+		require.Equal(t, uint64(1), bidHeader.GasUsed())
+		value, err := stringToUint256("652312848583266388373324160190187140051835877600158453279131187530910662656")
+		require.NoError(t, err)
+		require.Equal(t, fmt.Sprintf("%#x", value.SSZBytes()), fmt.Sprintf("%#x", bid.Value()))
+		bidValue := bytesutil.ReverseByteOrder(bid.Value())
+		require.DeepEqual(t, bidValue, value.Bytes())
+		require.DeepEqual(t, big.NewInt(0).SetBytes(bidValue), value.Int)
+	})
+	t.Run("capella", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, expectedPath, r.URL.Path)
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       io.NopCloser(bytes.NewBufferString(testExampleHeaderResponseCapella)),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+		h, err := c.GetHeader(ctx, slot, bytesutil.ToBytes32(parentHash), bytesutil.ToBytes48(pubkey))
+		require.NoError(t, err)
+		expectedWithdrawalsRoot := ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2")
+		bid, err := h.Message()
+		require.NoError(t, err)
+		bidHeader, err := bid.Header()
+		require.NoError(t, err)
+		withdrawalsRoot, err := bidHeader.WithdrawalsRoot()
+		require.NoError(t, err)
+		require.Equal(t, true, bytes.Equal(expectedWithdrawalsRoot, withdrawalsRoot))
+		value, err := stringToUint256("652312848583266388373324160190187140051835877600158453279131187530910662656")
+		require.NoError(t, err)
+		require.Equal(t, fmt.Sprintf("%#x", value.SSZBytes()), fmt.Sprintf("%#x", bid.Value()))
+		bidValue := bytesutil.ReverseByteOrder(bid.Value())
+		require.DeepEqual(t, bidValue, value.Bytes())
+		require.DeepEqual(t, big.NewInt(0).SetBytes(bidValue), value.Int)
+	})
+	t.Run("unsupported version", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, expectedPath, r.URL.Path)
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       io.NopCloser(bytes.NewBufferString(testExampleHeaderResponseUnknownVersion)),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+		_, err := c.GetHeader(ctx, slot, bytesutil.ToBytes32(parentHash), bytesutil.ToBytes48(pubkey))
+		require.ErrorContains(t, "unsupported header version", err)
+	})
+}
+
+func TestSubmitBlindedBlock(t *testing.T) {
+	ctx := context.Background()
+
+	t.Run("bellatrix", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, postBlindedBeaconBlockPath, r.URL.Path)
+				require.Equal(t, "bellatrix", r.Header.Get("Eth-Consensus-Version"))
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       io.NopCloser(bytes.NewBufferString(testExampleExecutionPayload)),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+		sbbb, err := blocks.NewSignedBeaconBlock(testSignedBlindedBeaconBlockBellatrix(t))
+		require.NoError(t, err)
+		ep, err := c.SubmitBlindedBlock(ctx, sbbb)
+		require.NoError(t, err)
+		require.Equal(t, true, bytes.Equal(ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"), ep.ParentHash()))
+		bfpg, err := stringToUint256("452312848583266388373324160190187140051835877600158453279131187530910662656")
+		require.NoError(t, err)
+		require.Equal(t, fmt.Sprintf("%#x", bfpg.SSZBytes()), fmt.Sprintf("%#x", ep.BaseFeePerGas()))
+		require.Equal(t, uint64(1), ep.GasLimit())
+	})
+	t.Run("capella", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, postBlindedBeaconBlockPath, r.URL.Path)
+				require.Equal(t, "capella", r.Header.Get("Eth-Consensus-Version"))
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       io.NopCloser(bytes.NewBufferString(testExampleExecutionPayloadCapella)),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+		sbb, err := blocks.NewSignedBeaconBlock(testSignedBlindedBeaconBlockCapella(t))
+		require.NoError(t, err)
+		ep, err := c.SubmitBlindedBlock(ctx, sbb)
+		require.NoError(t, err)
+		withdrawals, err := ep.Withdrawals()
+		require.NoError(t, err)
+		require.Equal(t, 1, len(withdrawals))
+		assert.Equal(t, uint64(1), withdrawals[0].Index)
+		assert.Equal(t, types.ValidatorIndex(1), withdrawals[0].ValidatorIndex)
+		assert.DeepEqual(t, ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943"), withdrawals[0].Address)
+		assert.Equal(t, uint64(1), withdrawals[0].Amount)
+	})
+	t.Run("mismatched versions, expected bellatrix got capella", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, postBlindedBeaconBlockPath, r.URL.Path)
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       io.NopCloser(bytes.NewBufferString(testExampleExecutionPayloadCapella)), // send a Capella payload
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+		sbbb, err := blocks.NewSignedBeaconBlock(testSignedBlindedBeaconBlockBellatrix(t))
+		require.NoError(t, err)
+		_, err = c.SubmitBlindedBlock(ctx, sbbb)
+		require.ErrorContains(t, "not a bellatrix payload", err)
+	})
+	t.Run("not blinded", func(t *testing.T) {
+		sbb, err := blocks.NewSignedBeaconBlock(&eth.SignedBeaconBlockBellatrix{Block: &eth.BeaconBlockBellatrix{Body: &eth.BeaconBlockBodyBellatrix{}}})
+		require.NoError(t, err)
+		_, err = (&Client{}).SubmitBlindedBlock(ctx, sbb)
+		require.ErrorIs(t, err, errNotBlinded)
+	})
+}
+
+func testSignedBlindedBeaconBlockBellatrix(t *testing.T) *eth.SignedBlindedBeaconBlockBellatrix {
+	return &eth.SignedBlindedBeaconBlockBellatrix{
+		Block: &eth.BlindedBeaconBlockBellatrix{
+			Slot:          1,
+			ProposerIndex: 1,
+			ParentRoot:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+			StateRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+			Body: &eth.BlindedBeaconBlockBodyBellatrix{
+				RandaoReveal: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+				Eth1Data: &eth.Eth1Data{
+					DepositRoot:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					DepositCount: 1,
+					BlockHash:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+				},
+				Graffiti: ezDecode(t, "0xdeadbeefc0ffee"),
+				ProposerSlashings: []*eth.ProposerSlashing{
+					{
+						Header_1: &eth.SignedBeaconBlockHeader{
+							Header: &eth.BeaconBlockHeader{
+								Slot:          1,
+								ProposerIndex: 1,
+								ParentRoot:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								StateRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								BodyRoot:      ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+						Header_2: &eth.SignedBeaconBlockHeader{
+							Header: &eth.BeaconBlockHeader{
+								Slot:          1,
+								ProposerIndex: 1,
+								ParentRoot:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								StateRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								BodyRoot:      ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+					},
+				},
+				AttesterSlashings: []*eth.AttesterSlashing{
+					{
+						Attestation_1: &eth.IndexedAttestation{
+							AttestingIndices: []uint64{1},
+							Data: &eth.AttestationData{
+								Slot:            1,
+								CommitteeIndex:  1,
+								BeaconBlockRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								Source: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+								Target: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+						Attestation_2: &eth.IndexedAttestation{
+							AttestingIndices: []uint64{1},
+							Data: &eth.AttestationData{
+								Slot:            1,
+								CommitteeIndex:  1,
+								BeaconBlockRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								Source: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+								Target: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+					},
+				},
+				Attestations: []*eth.Attestation{
+					{
+						AggregationBits: bitfield.Bitlist{0x01},
+						Data: &eth.AttestationData{
+							Slot:            1,
+							CommitteeIndex:  1,
+							BeaconBlockRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							Source: &eth.Checkpoint{
+								Epoch: 1,
+								Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+							Target: &eth.Checkpoint{
+								Epoch: 1,
+								Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+						},
+						Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+					},
+				},
+				Deposits: []*eth.Deposit{
+					{
+						Proof: [][]byte{ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2")},
+						Data: &eth.Deposit_Data{
+							PublicKey:             ezDecode(t, "0x93247f2209abcacf57b75a51dafae777f9dd38bc7053d1af526f220a7489a6d3a2753e5f3e8b1cfe39b56f43611df74a"),
+							WithdrawalCredentials: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							Amount:                1,
+							Signature:             ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+					},
+				},
+				VoluntaryExits: []*eth.SignedVoluntaryExit{
+					{
+						Exit: &eth.VoluntaryExit{
+							Epoch:          1,
+							ValidatorIndex: 1,
+						},
+						Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+					},
+				},
+				SyncAggregate: &eth.SyncAggregate{
+					SyncCommitteeSignature: make([]byte, 48),
+					SyncCommitteeBits:      bitfield.Bitvector512{0x01},
+				},
+				ExecutionPayloadHeader: &v1.ExecutionPayloadHeader{
+					ParentHash:       ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					FeeRecipient:     ezDecode(t, "0xabcf8e0d4e9587369b2301d0790347320302cc09"),
+					StateRoot:        ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					ReceiptsRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					LogsBloom:        ezDecode(t, "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"),
+					PrevRandao:       ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					BlockNumber:      1,
+					GasLimit:         1,
+					GasUsed:          1,
+					Timestamp:        1,
+					ExtraData:        ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					BaseFeePerGas:    []byte(strconv.FormatUint(1, 10)),
+					BlockHash:        ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					TransactionsRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+				},
+			},
+		},
+		Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+	}
+}
+
+func testSignedBlindedBeaconBlockCapella(t *testing.T) *eth.SignedBlindedBeaconBlockCapella {
+	return &eth.SignedBlindedBeaconBlockCapella{
+		Block: &eth.BlindedBeaconBlockCapella{
+			Slot:          1,
+			ProposerIndex: 1,
+			ParentRoot:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+			StateRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+			Body: &eth.BlindedBeaconBlockBodyCapella{
+				RandaoReveal: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+				Eth1Data: &eth.Eth1Data{
+					DepositRoot:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					DepositCount: 1,
+					BlockHash:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+				},
+				Graffiti: ezDecode(t, "0xdeadbeefc0ffee"),
+				ProposerSlashings: []*eth.ProposerSlashing{
+					{
+						Header_1: &eth.SignedBeaconBlockHeader{
+							Header: &eth.BeaconBlockHeader{
+								Slot:          1,
+								ProposerIndex: 1,
+								ParentRoot:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								StateRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								BodyRoot:      ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+						Header_2: &eth.SignedBeaconBlockHeader{
+							Header: &eth.BeaconBlockHeader{
+								Slot:          1,
+								ProposerIndex: 1,
+								ParentRoot:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								StateRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								BodyRoot:      ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+					},
+				},
+				AttesterSlashings: []*eth.AttesterSlashing{
+					{
+						Attestation_1: &eth.IndexedAttestation{
+							AttestingIndices: []uint64{1},
+							Data: &eth.AttestationData{
+								Slot:            1,
+								CommitteeIndex:  1,
+								BeaconBlockRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								Source: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+								Target: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+						Attestation_2: &eth.IndexedAttestation{
+							AttestingIndices: []uint64{1},
+							Data: &eth.AttestationData{
+								Slot:            1,
+								CommitteeIndex:  1,
+								BeaconBlockRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								Source: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+								Target: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+					},
+				},
+				Attestations: []*eth.Attestation{
+					{
+						AggregationBits: bitfield.Bitlist{0x01},
+						Data: &eth.AttestationData{
+							Slot:            1,
+							CommitteeIndex:  1,
+							BeaconBlockRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							Source: &eth.Checkpoint{
+								Epoch: 1,
+								Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+							Target: &eth.Checkpoint{
+								Epoch: 1,
+								Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+						},
+						Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+					},
+				},
+				Deposits: []*eth.Deposit{
+					{
+						Proof: [][]byte{ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2")},
+						Data: &eth.Deposit_Data{
+							PublicKey:             ezDecode(t, "0x93247f2209abcacf57b75a51dafae777f9dd38bc7053d1af526f220a7489a6d3a2753e5f3e8b1cfe39b56f43611df74a"),
+							WithdrawalCredentials: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							Amount:                1,
+							Signature:             ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+					},
+				},
+				VoluntaryExits: []*eth.SignedVoluntaryExit{
+					{
+						Exit: &eth.VoluntaryExit{
+							Epoch:          1,
+							ValidatorIndex: 1,
+						},
+						Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+					},
+				},
+				SyncAggregate: &eth.SyncAggregate{
+					SyncCommitteeSignature: make([]byte, 48),
+					SyncCommitteeBits:      bitfield.Bitvector512{0x01},
+				},
+				ExecutionPayloadHeader: &v1.ExecutionPayloadHeaderCapella{
+					ParentHash:       ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					FeeRecipient:     ezDecode(t, "0xabcf8e0d4e9587369b2301d0790347320302cc09"),
+					StateRoot:        ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					ReceiptsRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					LogsBloom:        ezDecode(t, "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"),
+					PrevRandao:       ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					BlockNumber:      1,
+					GasLimit:         1,
+					GasUsed:          1,
+					Timestamp:        1,
+					ExtraData:        ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					BaseFeePerGas:    []byte(strconv.FormatUint(1, 10)),
+					BlockHash:        ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					TransactionsRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					WithdrawalsRoot:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+				},
+			},
+		},
+		Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+	}
+}
+
+func TestRequestLogger(t *testing.T) {
+	wo := WithObserver(&requestLogger{})
+	c, err := NewClient("localhost:3500", wo)
+	require.NoError(t, err)
+
+	ctx := context.Background()
+	hc := &http.Client{
+		Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+			require.Equal(t, getStatus, r.URL.Path)
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(bytes.NewBufferString(testExampleExecutionPayload)),
+				Request:    r.Clone(ctx),
+			}, nil
+		}),
+	}
+	c.hc = hc
+	err = c.Status(ctx)
+	require.NoError(t, err)
+}

api/client/builder/errors.go

@@ -0,0 +1,17 @@
+package builder
+
+import "github.com/pkg/errors"
+
+// ErrNotOK is used to indicate when an HTTP request to the Beacon Node API failed with any non-2xx response code.
+// More specific errors may be returned, but an error in reaction to a non-2xx response will always wrap ErrNotOK.
+var ErrNotOK = errors.New("did not receive 200 response from API")
+
+// ErrNotFound specifically means that a '404 - NOT FOUND' response was received from the API.
+var ErrNotFound = errors.Wrap(ErrNotOK, "recv 404 NotFound response from API")
+
+// ErrBadRequest specifically means that a '400 - BAD REQUEST' response was received from the API.
+var ErrBadRequest = errors.Wrap(ErrNotOK, "recv 400 BadRequest response from API")
+
+// ErrNoContent specifically means that a '204 - No Content' response was received from the API.
+// Typically, a 204 is a success but in this case for the Header API means No header is available
+var ErrNoContent = errors.New("recv 204 no content response from API, No header is available")

api/client/builder/testdata/execution-payload-capella.json

@@ -0,0 +1 @@
+{"parent_hash":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","fee_recipient":"0xabcf8e0d4e9587369b2301d0790347320302cc09","state_root":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","receipts_root":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","logs_bloom":"0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","prev_randao":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","block_number":"1","gas_limit":"1","gas_used":"1","timestamp":"1","extra_data":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","base_fee_per_gas":"14074904626401341155369551180448584754667373453244490859944217516317499064576","block_hash":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","transactions_root":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","withdrawals_root":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"}

api/client/builder/testdata/execution-payload.json

@@ -0,0 +1 @@
+{"parent_hash":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","fee_recipient":"0xabcf8e0d4e9587369b2301d0790347320302cc09","state_root":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","receipts_root":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","logs_bloom":"0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","prev_randao":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","block_number":"1","gas_limit":"1","gas_used":"1","timestamp":"1","extra_data":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","base_fee_per_gas":"14074904626401341155369551180448584754667373453244490859944217516317499064576","block_hash":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","transactions_root":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"}

api/client/builder/testing/BUILD.bazel

@@ -0,0 +1,15 @@
+load("@prysm//tools/go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["mock.go"],
+    importpath = "github.com/prysmaticlabs/prysm/v4/api/client/builder/testing",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//api/client/builder:go_default_library",
+        "//consensus-types/interfaces:go_default_library",
+        "//consensus-types/primitives:go_default_library",
+        "//encoding/bytesutil:go_default_library",
+        "//proto/prysm/v1alpha1:go_default_library",
+    ],
+)

api/client/builder/testing/mock.go

@@ -0,0 +1,50 @@
+package testing
+
+import (
+	"context"
+
+	"github.com/prysmaticlabs/prysm/v4/api/client/builder"
+	"github.com/prysmaticlabs/prysm/v4/consensus-types/interfaces"
+	"github.com/prysmaticlabs/prysm/v4/consensus-types/primitives"
+	"github.com/prysmaticlabs/prysm/v4/encoding/bytesutil"
+	ethpb "github.com/prysmaticlabs/prysm/v4/proto/prysm/v1alpha1"
+)
+
+// MockClient is a mock implementation of BuilderClient.
+type MockClient struct {
+	RegisteredVals map[[48]byte]bool
+}
+
+// NewClient creates a new, correctly initialized mock.
+func NewClient() MockClient {
+	return MockClient{RegisteredVals: map[[48]byte]bool{}}
+}
+
+// NodeURL --
+func (MockClient) NodeURL() string {
+	return ""
+}
+
+// GetHeader --
+func (MockClient) GetHeader(_ context.Context, _ primitives.Slot, _ [32]byte, _ [48]byte) (builder.SignedBid, error) {
+	return nil, nil
+}
+
+// RegisterValidator --
+func (m MockClient) RegisterValidator(_ context.Context, svr []*ethpb.SignedValidatorRegistrationV1) error {
+	for _, r := range svr {
+		b := bytesutil.ToBytes48(r.Message.Pubkey)
+		m.RegisteredVals[b] = true
+	}
+	return nil
+}
+
+// SubmitBlindedBlock --
+func (MockClient) SubmitBlindedBlock(_ context.Context, _ interfaces.ReadOnlySignedBeaconBlock) (interfaces.ExecutionData, error) {
+	return nil, nil
+}
+
+// Status --
+func (MockClient) Status(_ context.Context) error {
+	return nil
+}

api/client/client.go

@@ -0,0 +1,97 @@
+package client
+
+import (
+	"context"
+	"io"
+	"net"
+	"net/http"
+	"net/url"
+
+	"github.com/pkg/errors"
+)
+
+// Client is a wrapper object around the HTTP client.
+type Client struct {
+	hc      *http.Client
+	baseURL *url.URL
+	token   string
+}
+
+// NewClient constructs a new client with the provided options (ex WithTimeout).
+// `host` is the base host + port used to construct request urls. This value can be
+// a URL string, or NewClient will assume an http endpoint if just `host:port` is used.
+func NewClient(host string, opts ...ClientOpt) (*Client, error) {
+	u, err := urlForHost(host)
+	if err != nil {
+		return nil, err
+	}
+	c := &Client{
+		hc:      &http.Client{},
+		baseURL: u,
+	}
+	for _, o := range opts {
+		o(c)
+	}
+	return c, nil
+}
+
+// Token returns the bearer token used for jwt authentication
+func (c *Client) Token() string {
+	return c.token
+}
+
+// BaseURL returns the base url of the client
+func (c *Client) BaseURL() *url.URL {
+	return c.baseURL
+}
+
+// Do execute the request against the http client
+func (c *Client) Do(req *http.Request) (*http.Response, error) {
+	return c.hc.Do(req)
+}
+
+func urlForHost(h string) (*url.URL, error) {
+	// try to parse as url (being permissive)
+	u, err := url.Parse(h)
+	if err == nil && u.Host != "" {
+		return u, nil
+	}
+	// try to parse as host:port
+	host, port, err := net.SplitHostPort(h)
+	if err != nil {
+		return nil, ErrMalformedHostname
+	}
+	return &url.URL{Host: net.JoinHostPort(host, port), Scheme: "http"}, nil
+}
+
+// NodeURL returns a human-readable string representation of the beacon node base url.
+func (c *Client) NodeURL() string {
+	return c.baseURL.String()
+}
+
+// Get is a generic, opinionated GET function to reduce boilerplate amongst the getters in this package.
+func (c *Client) Get(ctx context.Context, path string, opts ...ReqOption) ([]byte, error) {
+	u := c.baseURL.ResolveReference(&url.URL{Path: path})
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, u.String(), nil)
+	if err != nil {
+		return nil, err
+	}
+	for _, o := range opts {
+		o(req)
+	}
+	r, err := c.hc.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		err = r.Body.Close()
+	}()
+	if r.StatusCode != http.StatusOK {
+		return nil, Non200Err(r)
+	}
+	b, err := io.ReadAll(r.Body)
+	if err != nil {
+		return nil, errors.Wrap(err, "error reading http response body")
+	}
+	return b, nil
+}

api/client/client_test.go

@@ -0,0 +1,48 @@
+package client
+
+import (
+	"net/url"
+	"testing"
+
+	"github.com/prysmaticlabs/prysm/v4/testing/require"
+)
+
+func TestValidHostname(t *testing.T) {
+	cases := []struct {
+		name    string
+		hostArg string
+		path    string
+		joined  string
+		err     error
+	}{
+		{
+			name:    "hostname without port",
+			hostArg: "mydomain.org",
+			err:     ErrMalformedHostname,
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			cl, err := NewClient(c.hostArg)
+			if c.err != nil {
+				require.ErrorIs(t, err, c.err)
+				return
+			}
+			require.NoError(t, err)
+			require.Equal(t, c.joined, cl.BaseURL().ResolveReference(&url.URL{Path: c.path}).String())
+		})
+	}
+}
+
+func TestWithAuthenticationToken(t *testing.T) {
+	cl, err := NewClient("https://www.offchainlabs.com:3500", WithAuthenticationToken("my token"))
+	require.NoError(t, err)
+	require.Equal(t, cl.Token(), "my token")
+}
+
+func TestBaseURL(t *testing.T) {
+	cl, err := NewClient("https://www.offchainlabs.com:3500")
+	require.NoError(t, err)
+	require.Equal(t, "www.offchainlabs.com", cl.BaseURL().Hostname())
+	require.Equal(t, "3500", cl.BaseURL().Port())
+}

api/client/errors.go

@@ -0,0 +1,40 @@
+package client
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/pkg/errors"
+)
+
+// ErrMalformedHostname is used to indicate if a host name's format is incorrect.
+var ErrMalformedHostname = errors.New("hostname must include port, separated by one colon, like example.com:3500")
+
+// ErrNotOK is used to indicate when an HTTP request to the API failed with any non-2xx response code.
+// More specific errors may be returned, but an error in reaction to a non-2xx response will always wrap ErrNotOK.
+var ErrNotOK = errors.New("did not receive 2xx response from API")
+
+// ErrNotFound specifically means that a '404 - NOT FOUND' response was received from the API.
+var ErrNotFound = errors.Wrap(ErrNotOK, "recv 404 NotFound response from API")
+
+// ErrInvalidNodeVersion indicates that the /eth/v1/node/version API response format was not recognized.
+var ErrInvalidNodeVersion = errors.New("invalid node version response")
+
+// Non200Err is a function that parses an HTTP response to handle responses that are not 200 with a formatted error.
+func Non200Err(response *http.Response) error {
+	bodyBytes, err := io.ReadAll(response.Body)
+	var body string
+	if err != nil {
+		body = "(Unable to read response body.)"
+	} else {
+		body = "response body:\n" + string(bodyBytes)
+	}
+	msg := fmt.Sprintf("code=%d, url=%s, body=%s", response.StatusCode, response.Request.URL, body)
+	switch response.StatusCode {
+	case 404:
+		return errors.Wrap(ErrNotFound, msg)
+	default:
+		return errors.Wrap(ErrNotOK, msg)
+	}
+}

api/client/options.go

@@ -0,0 +1,48 @@
+package client
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+)
+
+// ReqOption is a request functional option.
+type ReqOption func(*http.Request)
+
+// WithSSZEncoding is a request functional option that adds SSZ encoding header.
+func WithSSZEncoding() ReqOption {
+	return func(req *http.Request) {
+		req.Header.Set("Accept", "application/octet-stream")
+	}
+}
+
+// WithAuthorizationToken is a request functional option that adds header for authorization token.
+func WithAuthorizationToken(token string) ReqOption {
+	return func(req *http.Request) {
+		req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
+	}
+}
+
+// ClientOpt is a functional option for the Client type (http.Client wrapper)
+type ClientOpt func(*Client)
+
+// WithTimeout sets the .Timeout attribute of the wrapped http.Client.
+func WithTimeout(timeout time.Duration) ClientOpt {
+	return func(c *Client) {
+		c.hc.Timeout = timeout
+	}
+}
+
+// WithRoundTripper replaces the underlying HTTP's transport with a custom one.
+func WithRoundTripper(t http.RoundTripper) ClientOpt {
+	return func(c *Client) {
+		c.hc.Transport = t
+	}
+}
+
+// WithAuthenticationToken sets an oauth token to be used.
+func WithAuthenticationToken(token string) ClientOpt {
+	return func(c *Client) {
+		c.token = token
+	}
+}

api/client/validator/BUILD.bazel

@@ -0,0 +1,13 @@
+load("@prysm//tools/go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["client.go"],
+    importpath = "github.com/prysmaticlabs/prysm/v4/api/client/validator",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//api/client:go_default_library",
+        "//validator/rpc/apimiddleware:go_default_library",
+        "@com_github_pkg_errors//:go_default_library",
+    ],
+)

api/client/validator/client.go

@@ -0,0 +1,121 @@
+package validator
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/pkg/errors"
+	"github.com/prysmaticlabs/prysm/v4/api/client"
+	"github.com/prysmaticlabs/prysm/v4/validator/rpc/apimiddleware"
+)
+
+const (
+	localKeysPath    = "/eth/v1/keystores"
+	remoteKeysPath   = "/eth/v1/remotekeys"
+	feeRecipientPath = "/eth/v1/validator/{pubkey}/feerecipient"
+)
+
+// Client provides a collection of helper methods for calling the Keymanager API endpoints.
+type Client struct {
+	*client.Client
+}
+
+// NewClient returns a new Client that includes functions for REST calls to keymanager APIs.
+func NewClient(host string, opts ...client.ClientOpt) (*Client, error) {
+	c, err := client.NewClient(host, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return &Client{c}, nil
+}
+
+// GetValidatorPubKeys gets the current list of web3signer or the local validator public keys in hex format.
+func (c *Client) GetValidatorPubKeys(ctx context.Context) ([]string, error) {
+	jsonlocal, err := c.GetLocalValidatorKeys(ctx)
+	if err != nil {
+		return nil, err
+	}
+	jsonremote, err := c.GetRemoteValidatorKeys(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if len(jsonlocal.Keystores) == 0 && len(jsonremote.Keystores) == 0 {
+		return nil, errors.New("there are no local keys or remote keys on the validator")
+	}
+
+	hexKeys := make(map[string]bool)
+
+	for index := range jsonlocal.Keystores {
+		hexKeys[jsonlocal.Keystores[index].ValidatingPubkey] = true
+	}
+	for index := range jsonremote.Keystores {
+		hexKeys[jsonremote.Keystores[index].Pubkey] = true
+	}
+	keys := make([]string, 0)
+	for k := range hexKeys {
+		keys = append(keys, k)
+	}
+	return keys, nil
+}
+
+// GetLocalValidatorKeys calls the keymanager APIs for local validator keys
+func (c *Client) GetLocalValidatorKeys(ctx context.Context) (*apimiddleware.ListKeystoresResponseJson, error) {
+	localBytes, err := c.Get(ctx, localKeysPath, client.WithAuthorizationToken(c.Token()))
+	if err != nil {
+		return nil, err
+	}
+	jsonlocal := &apimiddleware.ListKeystoresResponseJson{}
+	if err := json.Unmarshal(localBytes, jsonlocal); err != nil {
+		return nil, errors.Wrap(err, "failed to parse local keystore list")
+	}
+	return jsonlocal, nil
+}
+
+// GetRemoteValidatorKeys calls the keymanager APIs for web3signer validator keys
+func (c *Client) GetRemoteValidatorKeys(ctx context.Context) (*apimiddleware.ListRemoteKeysResponseJson, error) {
+	remoteBytes, err := c.Get(ctx, remoteKeysPath, client.WithAuthorizationToken(c.Token()))
+	if err != nil {
+		if !strings.Contains(err.Error(), "Prysm Wallet is not of type Web3Signer") {
+			return nil, err
+		}
+	}
+	jsonremote := &apimiddleware.ListRemoteKeysResponseJson{}
+	if len(remoteBytes) != 0 {
+		if err := json.Unmarshal(remoteBytes, jsonremote); err != nil {
+			return nil, errors.Wrap(err, "failed to parse remote keystore list")
+		}
+	}
+	return jsonremote, nil
+}
+
+// GetFeeRecipientAddresses takes a list of validators in hex format and returns an equal length list of fee recipients in hex format.
+func (c *Client) GetFeeRecipientAddresses(ctx context.Context, validators []string) ([]string, error) {
+	feeRecipients := make([]string, len(validators))
+	for index, validator := range validators {
+		feejson, err := c.GetFeeRecipientAddress(ctx, validator)
+		if err != nil {
+			return nil, errors.Wrap(err, fmt.Sprintf("keymanager API failed to retrieve fee recipient for validator %s", validators[index]))
+		}
+		if feejson.Data == nil {
+			continue
+		}
+		feeRecipients[index] = feejson.Data.Ethaddress
+	}
+	return feeRecipients, nil
+}
+
+// GetFeeRecipientAddress takes a public key and calls the keymanager API to return its fee recipient.
+func (c *Client) GetFeeRecipientAddress(ctx context.Context, pubkey string) (*apimiddleware.GetFeeRecipientByPubkeyResponseJson, error) {
+	path := strings.Replace(feeRecipientPath, "{pubkey}", pubkey, 1)
+	b, err := c.Get(ctx, path, client.WithAuthorizationToken(c.Token()))
+	if err != nil {
+		return nil, err
+	}
+	feejson := &apimiddleware.GetFeeRecipientByPubkeyResponseJson{}
+	if err := json.Unmarshal(b, feejson); err != nil {
+		return nil, errors.Wrap(err, "failed to parse fee recipient")
+	}
+	return feejson, nil
+}

api/gateway/BUILD.bazel

@@ -0,0 +1,44 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "gateway.go",
+        "log.go",
+        "modifiers.go",
+        "options.go",
+    ],
+    importpath = "github.com/prysmaticlabs/prysm/v4/api/gateway",
+    visibility = [
+        "//beacon-chain:__subpackages__",
+        "//validator:__subpackages__",
+    ],
+    deps = [
+        "//api/gateway/apimiddleware:go_default_library",
+        "//runtime:go_default_library",
+        "@com_github_gorilla_mux//:go_default_library",
+        "@com_github_grpc_ecosystem_grpc_gateway_v2//runtime:go_default_library",
+        "@com_github_pkg_errors//:go_default_library",
+        "@com_github_rs_cors//:go_default_library",
+        "@com_github_sirupsen_logrus//:go_default_library",
+        "@org_golang_google_grpc//:go_default_library",
+        "@org_golang_google_grpc//connectivity:go_default_library",
+        "@org_golang_google_grpc//credentials:go_default_library",
+        "@org_golang_google_protobuf//proto:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["gateway_test.go"],
+    embed = [":go_default_library"],
+    deps = [
+        "//api/gateway/apimiddleware:go_default_library",
+        "//cmd/beacon-chain/flags:go_default_library",
+        "//testing/assert:go_default_library",
+        "//testing/require:go_default_library",
+        "@com_github_gorilla_mux//:go_default_library",
+        "@com_github_sirupsen_logrus//hooks/test:go_default_library",
+        "@com_github_urfave_cli_v2//:go_default_library",
+    ],
+)

api/gateway/apimiddleware/BUILD.bazel

@@ -0,0 +1,43 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "api_middleware.go",
+        "log.go",
+        "param_handling.go",
+        "process_field.go",
+        "process_request.go",
+        "structs.go",
+    ],
+    importpath = "github.com/prysmaticlabs/prysm/v4/api/gateway/apimiddleware",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//api:go_default_library",
+        "//api/grpc:go_default_library",
+        "//encoding/bytesutil:go_default_library",
+        "@com_github_ethereum_go_ethereum//common:go_default_library",
+        "@com_github_ethereum_go_ethereum//common/hexutil:go_default_library",
+        "@com_github_gorilla_mux//:go_default_library",
+        "@com_github_pkg_errors//:go_default_library",
+        "@com_github_sirupsen_logrus//:go_default_library",
+        "@com_github_wealdtech_go_bytesutil//:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = [
+        "param_handling_test.go",
+        "process_request_test.go",
+    ],
+    embed = [":go_default_library"],
+    deps = [
+        "//api:go_default_library",
+        "//api/grpc:go_default_library",
+        "//testing/assert:go_default_library",
+        "//testing/require:go_default_library",
+        "@com_github_gorilla_mux//:go_default_library",
+        "@com_github_sirupsen_logrus//hooks/test:go_default_library",
+    ],
+)

api/gateway/apimiddleware/api_middleware.go

@@ -0,0 +1,265 @@
+package apimiddleware
+
+import (
+	"net/http"
+	"reflect"
+	"time"
+
+	"github.com/gorilla/mux"
+)
+
+// ApiProxyMiddleware is a proxy between an Ethereum consensus API HTTP client and grpc-gateway.
+// The purpose of the proxy is to handle HTTP requests and gRPC responses in such a way that:
+//   - Ethereum consensus API requests can be handled by grpc-gateway correctly
+//   - gRPC responses can be returned as spec-compliant Ethereum consensus API responses
+type ApiProxyMiddleware struct {
+	GatewayAddress  string
+	EndpointCreator EndpointFactory
+	Timeout         time.Duration
+	router          *mux.Router
+}
+
+// EndpointFactory is responsible for creating new instances of Endpoint values.
+type EndpointFactory interface {
+	Create(path string) (*Endpoint, error)
+	Paths() []string
+	IsNil() bool
+}
+
+// Endpoint is a representation of an API HTTP endpoint that should be proxied by the middleware.
+type Endpoint struct {
+	Path               string          // The path of the HTTP endpoint.
+	GetResponse        interface{}     // The struct corresponding to the JSON structure used in a GET response.
+	PostRequest        interface{}     // The struct corresponding to the JSON structure used in a POST request.
+	PostResponse       interface{}     // The struct corresponding to the JSON structure used in a POST response.
+	DeleteRequest      interface{}     // The struct corresponding to the JSON structure used in a DELETE request.
+	DeleteResponse     interface{}     // The struct corresponding to the JSON structure used in a DELETE response.
+	RequestURLLiterals []string        // Names of URL parameters that should not be base64-encoded.
+	RequestQueryParams []QueryParam    // Query parameters of the request.
+	Err                ErrorJson       // The struct corresponding to the error that should be returned in case of a request failure.
+	Hooks              HookCollection  // A collection of functions that can be invoked at various stages of the request/response cycle.
+	CustomHandlers     []CustomHandler // Functions that will be executed instead of the default request/response behaviour.
+}
+
+// RunDefault expresses whether the default processing logic should be carried out after running a pre hook.
+type RunDefault bool
+
+// DefaultEndpoint returns an Endpoint with default configuration, e.g. DefaultErrorJson for error handling.
+func DefaultEndpoint() Endpoint {
+	return Endpoint{
+		Err: &DefaultErrorJson{},
+	}
+}
+
+// QueryParam represents a single query parameter's metadata.
+type QueryParam struct {
+	Name string
+	Hex  bool
+	Enum bool
+}
+
+// CustomHandler is a function that can be invoked at the very beginning of the request,
+// essentially replacing the whole default request/response logic with custom logic for a specific endpoint.
+type CustomHandler = func(m *ApiProxyMiddleware, endpoint Endpoint, w http.ResponseWriter, req *http.Request) (handled bool)
+
+// HookCollection contains hooks that can be used to amend the default request/response cycle with custom logic for a specific endpoint.
+type HookCollection struct {
+	OnPreDeserializeRequestBodyIntoContainer      func(endpoint *Endpoint, w http.ResponseWriter, req *http.Request) (RunDefault, ErrorJson)
+	OnPostDeserializeRequestBodyIntoContainer     func(endpoint *Endpoint, w http.ResponseWriter, req *http.Request) ErrorJson
+	OnPreDeserializeGrpcResponseBodyIntoContainer func([]byte, interface{}) (RunDefault, ErrorJson)
+	OnPreSerializeMiddlewareResponseIntoJson      func(interface{}) (RunDefault, []byte, ErrorJson)
+}
+
+// fieldProcessor applies the processing function f to a value when the tag is present on the field.
+type fieldProcessor struct {
+	tag string
+	f   func(value reflect.Value) error
+}
+
+// Run starts the proxy, registering all proxy endpoints.
+func (m *ApiProxyMiddleware) Run(gatewayRouter *mux.Router) {
+	for _, path := range m.EndpointCreator.Paths() {
+		gatewayRouter.HandleFunc(path, m.WithMiddleware(path))
+	}
+	m.router = gatewayRouter
+}
+
+// ServeHTTP for the proxy middleware.
+func (m *ApiProxyMiddleware) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	m.router.ServeHTTP(w, req)
+}
+
+// WithMiddleware wraps the given endpoint handler with the middleware logic.
+func (m *ApiProxyMiddleware) WithMiddleware(path string) http.HandlerFunc {
+	return func(w http.ResponseWriter, req *http.Request) {
+		endpoint, err := m.EndpointCreator.Create(path)
+		if err != nil {
+			log.WithError(err).Errorf("Could not create endpoint for path: %s", path)
+			return
+		}
+
+		for _, handler := range endpoint.CustomHandlers {
+			if handler(m, *endpoint, w, req) {
+				return
+			}
+		}
+
+		if req.Method == "POST" {
+			if errJson := handlePostRequestForEndpoint(endpoint, w, req); errJson != nil {
+				WriteError(w, errJson, nil)
+				return
+			}
+		}
+
+		if req.Method == "DELETE" && req.Body != http.NoBody {
+			if errJson := handleDeleteRequestForEndpoint(endpoint, req); errJson != nil {
+				WriteError(w, errJson, nil)
+				return
+			}
+		}
+
+		if errJson := m.PrepareRequestForProxying(*endpoint, req); errJson != nil {
+			WriteError(w, errJson, nil)
+			return
+		}
+		grpcResp, errJson := m.ProxyRequest(req)
+		if errJson != nil {
+			WriteError(w, errJson, nil)
+			return
+		}
+		grpcRespBody, errJson := ReadGrpcResponseBody(grpcResp.Body)
+		if errJson != nil {
+			WriteError(w, errJson, nil)
+			return
+		}
+
+		var respJson []byte
+		if !GrpcResponseIsEmpty(grpcRespBody) {
+			respHasError, errJson := HandleGrpcResponseError(endpoint.Err, grpcResp, grpcRespBody, w)
+			if errJson != nil {
+				WriteError(w, errJson, nil)
+				return
+			}
+			if respHasError {
+				return
+			}
+
+			var resp interface{}
+			if req.Method == "GET" {
+				resp = endpoint.GetResponse
+			} else if req.Method == "DELETE" {
+				resp = endpoint.DeleteResponse
+			} else {
+				resp = endpoint.PostResponse
+			}
+			if errJson := deserializeGrpcResponseBodyIntoContainerWrapped(endpoint, grpcRespBody, resp); errJson != nil {
+				WriteError(w, errJson, nil)
+				return
+			}
+			if errJson := ProcessMiddlewareResponseFields(resp); errJson != nil {
+				WriteError(w, errJson, nil)
+				return
+			}
+
+			respJson, errJson = serializeMiddlewareResponseIntoJsonWrapped(endpoint, respJson, resp)
+			if errJson != nil {
+				WriteError(w, errJson, nil)
+				return
+			}
+		}
+
+		if errJson := WriteMiddlewareResponseHeadersAndBody(grpcResp, respJson, w); errJson != nil {
+			WriteError(w, errJson, nil)
+			return
+		}
+		if errJson := Cleanup(grpcResp.Body); errJson != nil {
+			WriteError(w, errJson, nil)
+			return
+		}
+	}
+}
+
+func handlePostRequestForEndpoint(endpoint *Endpoint, w http.ResponseWriter, req *http.Request) ErrorJson {
+	if errJson := deserializeRequestBodyIntoContainerWrapped(endpoint, req, w); errJson != nil {
+		return errJson
+	}
+	if errJson := ProcessRequestContainerFields(endpoint.PostRequest); errJson != nil {
+		return errJson
+	}
+	return SetRequestBodyToRequestContainer(endpoint.PostRequest, req)
+}
+
+func handleDeleteRequestForEndpoint(endpoint *Endpoint, req *http.Request) ErrorJson {
+	if errJson := DeserializeRequestBodyIntoContainer(req.Body, endpoint.DeleteRequest); errJson != nil {
+		return errJson
+	}
+	if errJson := ProcessRequestContainerFields(endpoint.DeleteRequest); errJson != nil {
+		return errJson
+	}
+	return SetRequestBodyToRequestContainer(endpoint.DeleteRequest, req)
+}
+
+func deserializeRequestBodyIntoContainerWrapped(endpoint *Endpoint, req *http.Request, w http.ResponseWriter) ErrorJson {
+	runDefault := true
+	if endpoint.Hooks.OnPreDeserializeRequestBodyIntoContainer != nil {
+		run, errJson := endpoint.Hooks.OnPreDeserializeRequestBodyIntoContainer(endpoint, w, req)
+		if errJson != nil {
+			return errJson
+		}
+		if !run {
+			runDefault = false
+		}
+	}
+	if runDefault {
+		if errJson := DeserializeRequestBodyIntoContainer(req.Body, endpoint.PostRequest); errJson != nil {
+			return errJson
+		}
+	}
+	if endpoint.Hooks.OnPostDeserializeRequestBodyIntoContainer != nil {
+		if errJson := endpoint.Hooks.OnPostDeserializeRequestBodyIntoContainer(endpoint, w, req); errJson != nil {
+			return errJson
+		}
+	}
+	return nil
+}
+
+func deserializeGrpcResponseBodyIntoContainerWrapped(endpoint *Endpoint, grpcResponseBody []byte, resp interface{}) ErrorJson {
+	runDefault := true
+	if endpoint.Hooks.OnPreDeserializeGrpcResponseBodyIntoContainer != nil {
+		run, errJson := endpoint.Hooks.OnPreDeserializeGrpcResponseBodyIntoContainer(grpcResponseBody, resp)
+		if errJson != nil {
+			return errJson
+		}
+		if !run {
+			runDefault = false
+		}
+	}
+	if runDefault {
+		if errJson := DeserializeGrpcResponseBodyIntoContainer(grpcResponseBody, resp); errJson != nil {
+			return errJson
+		}
+	}
+	return nil
+}
+
+func serializeMiddlewareResponseIntoJsonWrapped(endpoint *Endpoint, respJson []byte, resp interface{}) ([]byte, ErrorJson) {
+	runDefault := true
+	var errJson ErrorJson
+	if endpoint.Hooks.OnPreSerializeMiddlewareResponseIntoJson != nil {
+		var run RunDefault
+		run, respJson, errJson = endpoint.Hooks.OnPreSerializeMiddlewareResponseIntoJson(resp)
+		if errJson != nil {
+			return nil, errJson
+		}
+		if !run {
+			runDefault = false
+		}
+	}
+	if runDefault {
+		respJson, errJson = SerializeMiddlewareResponseIntoJson(resp)
+		if errJson != nil {
+			return nil, errJson
+		}
+	}
+	return respJson, nil
+}

api/gateway/apimiddleware/log.go

@@ -0,0 +1,5 @@
+package apimiddleware
+
+import "github.com/sirupsen/logrus"
+
+var log = logrus.WithField("prefix", "apimiddleware")

api/gateway/apimiddleware/param_handling.go

@@ -0,0 +1,103 @@
+package apimiddleware
+
+import (
+	"encoding/base64"
+	"net/http"
+	"net/url"
+	"strings"
+
+	"github.com/gorilla/mux"
+	butil "github.com/prysmaticlabs/prysm/v4/encoding/bytesutil"
+	"github.com/wealdtech/go-bytesutil"
+)
+
+// HandleURLParameters processes URL parameters, allowing parameterized URLs to be safely and correctly proxied to grpc-gateway.
+func HandleURLParameters(url string, req *http.Request, literals []string) ErrorJson {
+	segments := strings.Split(url, "/")
+
+segmentsLoop:
+	for i, s := range segments {
+		// We only care about segments which are parameterized.
+		if isRequestParam(s) {
+			// Don't do anything with parameters which should be forwarded literally to gRPC.
+			for _, l := range literals {
+				if s == "{"+l+"}" {
+					continue segmentsLoop
+				}
+			}
+
+			routeVar := mux.Vars(req)[s[1:len(s)-1]]
+			bRouteVar := []byte(routeVar)
+			if butil.IsHex(bRouteVar) {
+				var err error
+				bRouteVar, err = bytesutil.FromHexString(string(bRouteVar))
+				if err != nil {
+					return InternalServerErrorWithMessage(err, "could not process URL parameter")
+				}
+			}
+			// Converting hex to base64 may result in a value which malforms the URL.
+			// We use URLEncoding to safely escape such values.
+			base64RouteVar := base64.URLEncoding.EncodeToString(bRouteVar)
+
+			// Merge segments back into the full URL.
+			splitPath := strings.Split(req.URL.Path, "/")
+			splitPath[i] = base64RouteVar
+			req.URL.Path = strings.Join(splitPath, "/")
+		}
+	}
+	return nil
+}
+
+// HandleQueryParameters processes query parameters, allowing them to be safely and correctly proxied to grpc-gateway.
+func HandleQueryParameters(req *http.Request, params []QueryParam) ErrorJson {
+	queryParams := req.URL.Query()
+
+	normalizeQueryValues(queryParams)
+
+	for key, vals := range queryParams {
+		for _, p := range params {
+			if key == p.Name {
+				if p.Hex {
+					queryParams.Del(key)
+					for _, v := range vals {
+						b := []byte(v)
+						if butil.IsHex(b) {
+							var err error
+							b, err = bytesutil.FromHexString(v)
+							if err != nil {
+								return InternalServerErrorWithMessage(err, "could not process query parameter")
+							}
+						}
+						queryParams.Add(key, base64.URLEncoding.EncodeToString(b))
+					}
+				}
+				if p.Enum {
+					queryParams.Del(key)
+					for _, v := range vals {
+						// gRPC expects uppercase enum values.
+						queryParams.Add(key, strings.ToUpper(v))
+					}
+				}
+			}
+		}
+	}
+	req.URL.RawQuery = queryParams.Encode()
+	return nil
+}
+
+// isRequestParam verifies whether the passed string is a request parameter.
+// Request parameters are enclosed in { and }.
+func isRequestParam(s string) bool {
+	return len(s) > 2 && s[0] == '{' && s[len(s)-1] == '}'
+}
+
+func normalizeQueryValues(queryParams url.Values) {
+	// Replace comma-separated values with individual values.
+	for key, vals := range queryParams {
+		splitVals := make([]string, 0)
+		for _, v := range vals {
+			splitVals = append(splitVals, strings.Split(v, ",")...)
+		}
+		queryParams[key] = splitVals
+	}
+}

api/gateway/apimiddleware/param_handling_test.go

@@ -0,0 +1,124 @@
+package apimiddleware
+
+import (
+	"bytes"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/gorilla/mux"
+	"github.com/prysmaticlabs/prysm/v4/testing/assert"
+	"github.com/prysmaticlabs/prysm/v4/testing/require"
+)
+
+func TestHandleURLParameters(t *testing.T) {
+	var body bytes.Buffer
+
+	t.Run("no_params", func(t *testing.T) {
+		request := httptest.NewRequest("GET", "http://foo.example/bar", &body)
+
+		errJson := HandleURLParameters("/not_param", request, []string{})
+		require.Equal(t, true, errJson == nil)
+		assert.Equal(t, "/bar", request.URL.Path)
+	})
+
+	t.Run("with_params", func(t *testing.T) {
+		muxVars := make(map[string]string)
+		muxVars["bar_param"] = "bar"
+		muxVars["quux_param"] = "quux"
+		request := httptest.NewRequest("GET", "http://foo.example/bar/baz/quux", &body)
+		request = mux.SetURLVars(request, muxVars)
+
+		errJson := HandleURLParameters("/{bar_param}/not_param/{quux_param}", request, []string{})
+		require.Equal(t, true, errJson == nil)
+		assert.Equal(t, "/YmFy/baz/cXV1eA==", request.URL.Path)
+	})
+
+	t.Run("with_literal", func(t *testing.T) {
+		muxVars := make(map[string]string)
+		muxVars["bar_param"] = "bar"
+		request := httptest.NewRequest("GET", "http://foo.example/bar/baz", &body)
+		request = mux.SetURLVars(request, muxVars)
+
+		errJson := HandleURLParameters("/{bar_param}/not_param/", request, []string{"bar_param"})
+		require.Equal(t, true, errJson == nil)
+		assert.Equal(t, "/bar/baz", request.URL.Path)
+	})
+
+	t.Run("with_hex", func(t *testing.T) {
+		muxVars := make(map[string]string)
+		muxVars["hex_param"] = "0x626172"
+		request := httptest.NewRequest("GET", "http://foo.example/0x626172/baz", &body)
+		request = mux.SetURLVars(request, muxVars)
+
+		errJson := HandleURLParameters("/{hex_param}/not_param/", request, []string{})
+		require.Equal(t, true, errJson == nil)
+		assert.Equal(t, "/YmFy/baz", request.URL.Path)
+	})
+}
+
+func TestHandleQueryParameters(t *testing.T) {
+	var body bytes.Buffer
+
+	t.Run("regular_params", func(t *testing.T) {
+		request := httptest.NewRequest("GET", "http://foo.example?bar=bar&baz=baz", &body)
+
+		errJson := HandleQueryParameters(request, []QueryParam{{Name: "bar"}, {Name: "baz"}})
+		require.Equal(t, true, errJson == nil)
+		query := request.URL.Query()
+		v, ok := query["bar"]
+		require.Equal(t, true, ok, "query param not found")
+		require.Equal(t, 1, len(v), "wrong number of query param values")
+		assert.Equal(t, "bar", v[0])
+		v, ok = query["baz"]
+		require.Equal(t, true, ok, "query param not found")
+		require.Equal(t, 1, len(v), "wrong number of query param values")
+		assert.Equal(t, "baz", v[0])
+	})
+
+	t.Run("hex_and_enum_params", func(t *testing.T) {
+		request := httptest.NewRequest("GET", "http://foo.example?hex=0x626172&baz=baz", &body)
+
+		errJson := HandleQueryParameters(request, []QueryParam{{Name: "hex", Hex: true}, {Name: "baz", Enum: true}})
+		require.Equal(t, true, errJson == nil)
+		query := request.URL.Query()
+		v, ok := query["hex"]
+		require.Equal(t, true, ok, "query param not found")
+		require.Equal(t, 1, len(v), "wrong number of query param values")
+		assert.Equal(t, "YmFy", v[0])
+		v, ok = query["baz"]
+		require.Equal(t, true, ok, "query param not found")
+		require.Equal(t, 1, len(v), "wrong number of query param values")
+		assert.Equal(t, "BAZ", v[0])
+	})
+}
+
+func TestIsRequestParam(t *testing.T) {
+	tests := []struct {
+		s string
+		b bool
+	}{
+		{"", false},
+		{"{", false},
+		{"}", false},
+		{"{}", false},
+		{"{x}", true},
+		{"{very_long_parameter_name_with_underscores}", true},
+	}
+	for _, tt := range tests {
+		b := isRequestParam(tt.s)
+		assert.Equal(t, tt.b, b)
+	}
+}
+
+func TestNormalizeQueryValues(t *testing.T) {
+	input := make(map[string][]string)
+	input["key"] = []string{"value1", "value2,value3,value4", "value5"}
+
+	normalizeQueryValues(input)
+	require.Equal(t, 5, len(input["key"]))
+	assert.Equal(t, "value1", input["key"][0])
+	assert.Equal(t, "value2", input["key"][1])
+	assert.Equal(t, "value3", input["key"][2])
+	assert.Equal(t, "value4", input["key"][3])
+	assert.Equal(t, "value5", input["key"][4])
+}

api/gateway/apimiddleware/process_field.go

@@ -0,0 +1,179 @@
+package apimiddleware
+
+import (
+	"encoding/base64"
+	"fmt"
+	"math/big"
+	"reflect"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/common/hexutil"
+	"github.com/pkg/errors"
+	"github.com/wealdtech/go-bytesutil"
+)
+
+// processField calls each processor function on any field that has the matching tag set.
+// It is a recursive function.
+func processField(s interface{}, processors []fieldProcessor) error {
+	kind := reflect.TypeOf(s).Kind()
+	if kind != reflect.Ptr && kind != reflect.Slice && kind != reflect.Array {
+		return fmt.Errorf("processing fields of kind '%v' is unsupported", kind)
+	}
+
+	t := reflect.TypeOf(s).Elem()
+	v := reflect.Indirect(reflect.ValueOf(s))
+
+	for i := 0; i < t.NumField(); i++ {
+		switch v.Field(i).Kind() {
+		case reflect.Slice:
+			sliceElem := t.Field(i).Type.Elem()
+			kind := sliceElem.Kind()
+			// Recursively process slices to struct pointers.
+			switch {
+			case kind == reflect.Ptr && sliceElem.Elem().Kind() == reflect.Struct:
+				for j := 0; j < v.Field(i).Len(); j++ {
+					if err := processField(v.Field(i).Index(j).Interface(), processors); err != nil {
+						return errors.Wrapf(err, "could not process field '%s'", t.Field(i).Name)
+					}
+				}
+			// Process each string in string slices.
+			case kind == reflect.String:
+				for _, proc := range processors {
+					_, hasTag := t.Field(i).Tag.Lookup(proc.tag)
+					if !hasTag {
+						continue
+					}
+					for j := 0; j < v.Field(i).Len(); j++ {
+						if err := proc.f(v.Field(i).Index(j)); err != nil {
+							return errors.Wrapf(err, "could not process field '%s'", t.Field(i).Name)
+						}
+					}
+				}
+			}
+		// Recursively process struct pointers.
+		case reflect.Ptr:
+			if v.Field(i).Elem().Kind() == reflect.Struct {
+				if err := processField(v.Field(i).Interface(), processors); err != nil {
+					return errors.Wrapf(err, "could not process field '%s'", t.Field(i).Name)
+				}
+			}
+		default:
+			field := t.Field(i)
+			for _, proc := range processors {
+				if _, hasTag := field.Tag.Lookup(proc.tag); hasTag {
+					if err := proc.f(v.Field(i)); err != nil {
+						return errors.Wrapf(err, "could not process field '%s'", t.Field(i).Name)
+					}
+				}
+			}
+		}
+	}
+	return nil
+}
+
+func hexToBase64Processor(v reflect.Value) error {
+	if v.String() == "0x" {
+		v.SetString("")
+		return nil
+	}
+	b, err := bytesutil.FromHexString(v.String())
+	if err != nil {
+		return err
+	}
+	v.SetString(base64.StdEncoding.EncodeToString(b))
+	return nil
+}
+
+func base64ToHexProcessor(v reflect.Value) error {
+	if v.String() == "" {
+		// Empty hex values are represented as "0x".
+		v.SetString("0x")
+		return nil
+	}
+	b, err := base64.StdEncoding.DecodeString(v.String())
+	if err != nil {
+		return err
+	}
+	v.SetString(hexutil.Encode(b))
+	return nil
+}
+
+func base64ToChecksumAddressProcessor(v reflect.Value) error {
+	if v.String() == "" {
+		// Empty hex values are represented as "0x".
+		v.SetString("0x")
+		return nil
+	}
+	b, err := base64.StdEncoding.DecodeString(v.String())
+	if err != nil {
+		return err
+	}
+	v.SetString(common.BytesToAddress(b).Hex())
+	return nil
+}
+
+func base64ToUint256Processor(v reflect.Value) error {
+	if v.String() == "" {
+		return nil
+	}
+	littleEndian, err := base64.StdEncoding.DecodeString(v.String())
+	if err != nil {
+		return err
+	}
+	if len(littleEndian) != 32 {
+		return errors.New("invalid length for Uint256")
+	}
+
+	// Integers are stored as little-endian, but
+	// big.Int expects big-endian. So we need to reverse
+	// the byte order before decoding.
+	var bigEndian [32]byte
+	for i := 0; i < len(littleEndian); i++ {
+		bigEndian[i] = littleEndian[len(littleEndian)-1-i]
+	}
+	var uint256 big.Int
+	uint256.SetBytes(bigEndian[:])
+	v.SetString(uint256.String())
+	return nil
+}
+
+func uint256ToBase64Processor(v reflect.Value) error {
+	if v.String() == "" {
+		return nil
+	}
+	uint256, ok := new(big.Int).SetString(v.String(), 10)
+	if !ok {
+		return fmt.Errorf("could not parse Uint256")
+	}
+	bigEndian := uint256.Bytes()
+	if len(bigEndian) > 32 {
+		return fmt.Errorf("number too big for Uint256")
+	}
+
+	// Integers are stored as little-endian, but
+	// big.Int gives big-endian. So we need to reverse
+	// the byte order before encoding.
+	var littleEndian [32]byte
+	for i := 0; i < len(bigEndian); i++ {
+		littleEndian[i] = bigEndian[len(bigEndian)-1-i]
+	}
+	v.SetString(base64.StdEncoding.EncodeToString(littleEndian[:]))
+	return nil
+}
+
+func enumToLowercaseProcessor(v reflect.Value) error {
+	v.SetString(strings.ToLower(v.String()))
+	return nil
+}
+
+func timeToUnixProcessor(v reflect.Value) error {
+	t, err := time.Parse(time.RFC3339, v.String())
+	if err != nil {
+		return err
+	}
+	v.SetString(strconv.FormatUint(uint64(t.Unix()), 10))
+	return nil
+}

api/gateway/apimiddleware/process_request.go

@@ -0,0 +1,283 @@
+package apimiddleware
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"net"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"github.com/pkg/errors"
+	"github.com/prysmaticlabs/prysm/v4/api"
+	"github.com/prysmaticlabs/prysm/v4/api/grpc"
+)
+
+// DeserializeRequestBodyIntoContainer deserializes the request's body into an endpoint-specific struct.
+func DeserializeRequestBodyIntoContainer(body io.Reader, requestContainer interface{}) ErrorJson {
+	decoder := json.NewDecoder(body)
+	decoder.DisallowUnknownFields()
+	if err := decoder.Decode(&requestContainer); err != nil {
+		if strings.Contains(err.Error(), "json: unknown field") {
+			e := errors.Wrap(err, "could not decode request body")
+			return &DefaultErrorJson{
+				Message: e.Error(),
+				Code:    http.StatusBadRequest,
+			}
+		}
+		return InternalServerErrorWithMessage(err, "could not decode request body")
+	}
+	return nil
+}
+
+// ProcessRequestContainerFields processes fields of an endpoint-specific container according to field tags.
+func ProcessRequestContainerFields(requestContainer interface{}) ErrorJson {
+	if err := processField(requestContainer, []fieldProcessor{
+		{
+			tag: "hex",
+			f:   hexToBase64Processor,
+		},
+		{
+			tag: "uint256",
+			f:   uint256ToBase64Processor,
+		},
+	}); err != nil {
+		return InternalServerErrorWithMessage(err, "could not process request data")
+	}
+	return nil
+}
+
+// SetRequestBodyToRequestContainer makes the endpoint-specific container the new body of the request.
+func SetRequestBodyToRequestContainer(requestContainer interface{}, req *http.Request) ErrorJson {
+	// Serialize the struct, which now includes a base64-encoded value, into JSON.
+	j, err := json.Marshal(requestContainer)
+	if err != nil {
+		return InternalServerErrorWithMessage(err, "could not marshal request")
+	}
+	// Set the body to the new JSON.
+	req.Body = io.NopCloser(bytes.NewReader(j))
+	req.Header.Set("Content-Length", strconv.Itoa(len(j)))
+	req.ContentLength = int64(len(j))
+	return nil
+}
+
+// PrepareRequestForProxying applies additional logic to the request so that it can be correctly proxied to grpc-gateway.
+func (m *ApiProxyMiddleware) PrepareRequestForProxying(endpoint Endpoint, req *http.Request) ErrorJson {
+	req.URL.Scheme = "http"
+	req.URL.Host = m.GatewayAddress
+	req.RequestURI = ""
+	if errJson := HandleURLParameters(endpoint.Path, req, endpoint.RequestURLLiterals); errJson != nil {
+		return errJson
+	}
+	if errJson := HandleQueryParameters(req, endpoint.RequestQueryParams); errJson != nil {
+		return errJson
+	}
+	// We have to add the prefix after handling parameters because adding the prefix changes URL segment indexing.
+	req.URL.Path = "/internal" + req.URL.Path
+	return nil
+}
+
+// ProxyRequest proxies the request to grpc-gateway.
+func (m *ApiProxyMiddleware) ProxyRequest(req *http.Request) (*http.Response, ErrorJson) {
+	// We do not use http.DefaultClient because it does not have any timeout.
+	netClient := &http.Client{Timeout: m.Timeout}
+	grpcResp, err := netClient.Do(req)
+	if err != nil {
+		if err, ok := err.(net.Error); ok && err.Timeout() {
+			return nil, TimeoutError()
+		}
+		return nil, InternalServerErrorWithMessage(err, "could not proxy request")
+	}
+	if grpcResp == nil {
+		return nil, &DefaultErrorJson{Message: "nil response from gRPC-gateway", Code: http.StatusInternalServerError}
+	}
+	return grpcResp, nil
+}
+
+// ReadGrpcResponseBody reads the body from the grpc-gateway's response.
+func ReadGrpcResponseBody(r io.Reader) ([]byte, ErrorJson) {
+	body, err := io.ReadAll(r)
+	if err != nil {
+		return nil, InternalServerErrorWithMessage(err, "could not read response body")
+	}
+	return body, nil
+}
+
+// HandleGrpcResponseError acts on an error that resulted from a grpc-gateway's response.
+// Whether there was an error is indicated by the bool return value. In case of an error,
+// there is no need to write to the response because it's taken care of by the function.
+func HandleGrpcResponseError(errJson ErrorJson, resp *http.Response, respBody []byte, w http.ResponseWriter) (bool, ErrorJson) {
+	responseHasError := false
+	if err := json.Unmarshal(respBody, errJson); err != nil {
+		return false, InternalServerErrorWithMessage(err, "could not unmarshal error")
+	}
+	if errJson.Msg() != "" {
+		responseHasError = true
+		// Something went wrong, but the request completed, meaning we can write headers and the error message.
+		for h, vs := range resp.Header {
+			for _, v := range vs {
+				if strings.HasSuffix(h, api.VersionHeader) {
+					w.Header().Set(api.VersionHeader, v)
+				} else {
+					w.Header().Set(h, v)
+				}
+			}
+		}
+		// Handle gRPC timeout.
+		if resp.StatusCode == http.StatusGatewayTimeout {
+			WriteError(w, TimeoutError(), resp.Header)
+		} else {
+			// Set code to HTTP code because unmarshalled body contained gRPC code.
+			errJson.SetCode(resp.StatusCode)
+			WriteError(w, errJson, resp.Header)
+		}
+	}
+	return responseHasError, nil
+}
+
+// GrpcResponseIsEmpty determines whether the grpc-gateway's response body contains no data.
+func GrpcResponseIsEmpty(grpcResponseBody []byte) bool {
+	return len(grpcResponseBody) == 0 || string(grpcResponseBody) == "{}"
+}
+
+// DeserializeGrpcResponseBodyIntoContainer deserializes the grpc-gateway's response body into an endpoint-specific struct.
+func DeserializeGrpcResponseBodyIntoContainer(body []byte, responseContainer interface{}) ErrorJson {
+	if err := json.Unmarshal(body, &responseContainer); err != nil {
+		return InternalServerErrorWithMessage(err, "could not unmarshal response")
+	}
+	return nil
+}
+
+// ProcessMiddlewareResponseFields processes fields of an endpoint-specific container according to field tags.
+func ProcessMiddlewareResponseFields(responseContainer interface{}) ErrorJson {
+	if err := processField(responseContainer, []fieldProcessor{
+		{
+			tag: "hex",
+			f:   base64ToHexProcessor,
+		},
+		{
+			tag: "address",
+			f:   base64ToChecksumAddressProcessor,
+		},
+		{
+			tag: "enum",
+			f:   enumToLowercaseProcessor,
+		},
+		{
+			tag: "time",
+			f:   timeToUnixProcessor,
+		},
+		{
+			tag: "uint256",
+			f:   base64ToUint256Processor,
+		},
+	}); err != nil {
+		return InternalServerErrorWithMessage(err, "could not process response data")
+	}
+	return nil
+}
+
+// SerializeMiddlewareResponseIntoJson serializes the endpoint-specific response struct into a JSON representation.
+func SerializeMiddlewareResponseIntoJson(responseContainer interface{}) (jsonResponse []byte, errJson ErrorJson) {
+	j, err := json.Marshal(responseContainer)
+	if err != nil {
+		return nil, InternalServerErrorWithMessage(err, "could not marshal response")
+	}
+	return j, nil
+}
+
+// WriteMiddlewareResponseHeadersAndBody populates headers and the body of the final response.
+func WriteMiddlewareResponseHeadersAndBody(grpcResp *http.Response, responseJson []byte, w http.ResponseWriter) ErrorJson {
+	var statusCodeHeader string
+	for h, vs := range grpcResp.Header {
+		// We don't want to expose any gRPC metadata in the HTTP response, so we skip forwarding metadata headers.
+		if strings.HasPrefix(h, grpc.MetadataPrefix) {
+			if h == grpc.WithPrefix(grpc.HttpCodeMetadataKey) {
+				statusCodeHeader = vs[0]
+			} else if strings.HasSuffix(h, api.VersionHeader) {
+				w.Header().Set(api.VersionHeader, vs[0])
+			}
+		} else {
+			for _, v := range vs {
+				w.Header().Set(h, v)
+			}
+		}
+	}
+	if !GrpcResponseIsEmpty(responseJson) {
+		w.Header().Set("Content-Length", strconv.Itoa(len(responseJson)))
+		if statusCodeHeader != "" {
+			code, err := strconv.Atoi(statusCodeHeader)
+			if err != nil {
+				return InternalServerErrorWithMessage(err, "could not parse status code")
+			}
+			w.WriteHeader(code)
+		} else {
+			w.WriteHeader(grpcResp.StatusCode)
+		}
+		if _, err := io.Copy(w, io.NopCloser(bytes.NewReader(responseJson))); err != nil {
+			return InternalServerErrorWithMessage(err, "could not write response message")
+		}
+	} else {
+		w.Header().Set("Content-Length", "0")
+		w.WriteHeader(grpcResp.StatusCode)
+	}
+	return nil
+}
+
+// WriteError writes the error by manipulating headers and the body of the final response.
+func WriteError(w http.ResponseWriter, errJson ErrorJson, responseHeader http.Header) {
+	// Include custom error in the error JSON.
+	hasCustomError := false
+	if responseHeader != nil {
+		customError, ok := responseHeader[grpc.WithPrefix(grpc.CustomErrorMetadataKey)]
+		if ok {
+			hasCustomError = true
+			// Assume header has only one value and read the 0 index.
+			if err := json.Unmarshal([]byte(customError[0]), errJson); err != nil {
+				log.WithError(err).Error("Could not unmarshal custom error message")
+				return
+			}
+		}
+	}
+
+	var j []byte
+	if hasCustomError {
+		var err error
+		j, err = json.Marshal(errJson)
+		if err != nil {
+			log.WithError(err).Error("Could not marshal error message")
+			return
+		}
+	} else {
+		var err error
+		// We marshal the response body into a DefaultErrorJson if the custom error is not present.
+		// This is because the ErrorJson argument is the endpoint's error definition, which may contain custom fields.
+		// In such a scenario marhaling the endpoint's error would populate the resulting JSON
+		// with these fields even if they are not present in the gRPC header.
+		d := &DefaultErrorJson{
+			Message: errJson.Msg(),
+			Code:    errJson.StatusCode(),
+		}
+		j, err = json.Marshal(d)
+		if err != nil {
+			log.WithError(err).Error("Could not marshal error message")
+			return
+		}
+	}
+
+	w.Header().Set("Content-Length", strconv.Itoa(len(j)))
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(errJson.StatusCode())
+	if _, err := io.Copy(w, io.NopCloser(bytes.NewReader(j))); err != nil {
+		log.WithError(err).Error("Could not write error message")
+	}
+}
+
+// Cleanup performs final cleanup on the initial response from grpc-gateway.
+func Cleanup(grpcResponseBody io.ReadCloser) ErrorJson {
+	if err := grpcResponseBody.Close(); err != nil {
+		return InternalServerErrorWithMessage(err, "could not close response body")
+	}
+	return nil
+}

api/gateway/apimiddleware/process_request_test.go

@@ -0,0 +1,435 @@
+package apimiddleware
+
+import (
+	"bytes"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	"github.com/prysmaticlabs/prysm/v4/api"
+	"github.com/prysmaticlabs/prysm/v4/api/grpc"
+	"github.com/prysmaticlabs/prysm/v4/testing/assert"
+	"github.com/prysmaticlabs/prysm/v4/testing/require"
+	"github.com/sirupsen/logrus/hooks/test"
+)
+
+type testRequestContainer struct {
+	TestString         string
+	TestHexString      string `hex:"true"`
+	TestEmptyHexString string `hex:"true"`
+	TestUint256String  string `uint256:"true"`
+}
+
+func defaultRequestContainer() *testRequestContainer {
+	return &testRequestContainer{
+		TestString:         "test string",
+		TestHexString:      "0x666F6F", // hex encoding of "foo"
+		TestEmptyHexString: "0x",
+		TestUint256String:  "4196",
+	}
+}
+
+type testResponseContainer struct {
+	TestString       string
+	TestHex          string `hex:"true"`
+	TestEmptyHex     string `hex:"true"`
+	TestAddress      string `address:"true"`
+	TestEmptyAddress string `address:"true"`
+	TestUint256      string `uint256:"true"`
+	TestEnum         string `enum:"true"`
+	TestTime         string `time:"true"`
+}
+
+func defaultResponseContainer() *testResponseContainer {
+	return &testResponseContainer{
+		TestString:       "test string",
+		TestHex:          "Zm9v", // base64 encoding of "foo"
+		TestEmptyHex:     "",
+		TestAddress:      "Zm9v",
+		TestEmptyAddress: "",
+		TestEnum:         "Test Enum",
+		TestTime:         "2006-01-02T15:04:05Z",
+
+		// base64 encoding of 4196 in little-endian
+		TestUint256: "ZBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=",
+	}
+}
+
+type testErrorJson struct {
+	Message     string
+	Code        int
+	CustomField string
+}
+
+// StatusCode returns the error's underlying error code.
+func (e *testErrorJson) StatusCode() int {
+	return e.Code
+}
+
+// Msg returns the error's underlying message.
+func (e *testErrorJson) Msg() string {
+	return e.Message
+}
+
+// SetCode sets the error's underlying error code.
+func (e *testErrorJson) SetCode(code int) {
+	e.Code = code
+}
+
+// SetMsg sets the error's underlying message.
+func (e *testErrorJson) SetMsg(msg string) {
+	e.Message = msg
+}
+
+func TestDeserializeRequestBodyIntoContainer(t *testing.T) {
+	t.Run("ok", func(t *testing.T) {
+		var bodyJson bytes.Buffer
+		err := json.NewEncoder(&bodyJson).Encode(defaultRequestContainer())
+		require.NoError(t, err)
+
+		container := &testRequestContainer{}
+		errJson := DeserializeRequestBodyIntoContainer(&bodyJson, container)
+		require.Equal(t, true, errJson == nil)
+		assert.Equal(t, "test string", container.TestString)
+	})
+
+	t.Run("error", func(t *testing.T) {
+		var bodyJson bytes.Buffer
+		bodyJson.Write([]byte("foo"))
+		errJson := DeserializeRequestBodyIntoContainer(&bodyJson, &testRequestContainer{})
+		require.NotNil(t, errJson)
+		assert.Equal(t, true, strings.Contains(errJson.Msg(), "could not decode request body"))
+		assert.Equal(t, http.StatusInternalServerError, errJson.StatusCode())
+	})
+
+	t.Run("unknown field", func(t *testing.T) {
+		var bodyJson bytes.Buffer
+		bodyJson.Write([]byte("{\"foo\":\"foo\"}"))
+		errJson := DeserializeRequestBodyIntoContainer(&bodyJson, &testRequestContainer{})
+		require.NotNil(t, errJson)
+		assert.Equal(t, true, strings.Contains(errJson.Msg(), "could not decode request body"))
+		assert.Equal(t, http.StatusBadRequest, errJson.StatusCode())
+	})
+}
+
+func TestProcessRequestContainerFields(t *testing.T) {
+	t.Run("ok", func(t *testing.T) {
+		container := defaultRequestContainer()
+
+		errJson := ProcessRequestContainerFields(container)
+		require.Equal(t, true, errJson == nil)
+		assert.Equal(t, "Zm9v", container.TestHexString)
+		assert.Equal(t, "", container.TestEmptyHexString)
+		assert.Equal(t, "ZBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", container.TestUint256String)
+	})
+
+	t.Run("error", func(t *testing.T) {
+		errJson := ProcessRequestContainerFields("foo")
+		require.NotNil(t, errJson)
+		assert.Equal(t, true, strings.Contains(errJson.Msg(), "could not process request data"))
+		assert.Equal(t, http.StatusInternalServerError, errJson.StatusCode())
+	})
+}
+
+func TestSetRequestBodyToRequestContainer(t *testing.T) {
+	var body bytes.Buffer
+	request := httptest.NewRequest("GET", "http://foo.example", &body)
+
+	errJson := SetRequestBodyToRequestContainer(defaultRequestContainer(), request)
+	require.Equal(t, true, errJson == nil)
+	container := &testRequestContainer{}
+	require.NoError(t, json.NewDecoder(request.Body).Decode(container))
+	assert.Equal(t, "test string", container.TestString)
+	contentLengthHeader, ok := request.Header["Content-Length"]
+	require.Equal(t, true, ok)
+	require.Equal(t, 1, len(contentLengthHeader), "wrong number of header values")
+	assert.Equal(t, "108", contentLengthHeader[0])
+	assert.Equal(t, int64(108), request.ContentLength)
+}
+
+func TestPrepareRequestForProxying(t *testing.T) {
+	middleware := &ApiProxyMiddleware{
+		GatewayAddress: "http://gateway.example",
+	}
+	// We will set some params to make the request more interesting.
+	endpoint := Endpoint{
+		Path:               "/{url_param}",
+		RequestURLLiterals: []string{"url_param"},
+		RequestQueryParams: []QueryParam{{Name: "query_param"}},
+	}
+	var body bytes.Buffer
+	request := httptest.NewRequest("GET", "http://foo.example?query_param=bar", &body)
+
+	errJson := middleware.PrepareRequestForProxying(endpoint, request)
+	require.Equal(t, true, errJson == nil)
+	assert.Equal(t, "http", request.URL.Scheme)
+	assert.Equal(t, middleware.GatewayAddress, request.URL.Host)
+	assert.Equal(t, "", request.RequestURI)
+}
+
+func TestReadGrpcResponseBody(t *testing.T) {
+	var b bytes.Buffer
+	b.Write([]byte("foo"))
+
+	body, jsonErr := ReadGrpcResponseBody(&b)
+	require.Equal(t, true, jsonErr == nil)
+	assert.Equal(t, "foo", string(body))
+}
+
+func TestHandleGrpcResponseError(t *testing.T) {
+	response := &http.Response{
+		StatusCode: 400,
+		Header: http.Header{
+			"Foo": []string{"foo"},
+			"Bar": []string{"bar"},
+		},
+	}
+	writer := httptest.NewRecorder()
+	errJson := &testErrorJson{
+		Message: "foo",
+		Code:    400,
+	}
+	b, err := json.Marshal(errJson)
+	require.NoError(t, err)
+
+	hasError, e := HandleGrpcResponseError(errJson, response, b, writer)
+	require.Equal(t, true, e == nil)
+	assert.Equal(t, true, hasError)
+	v, ok := writer.Header()["Foo"]
+	require.Equal(t, true, ok, "header not found")
+	require.Equal(t, 1, len(v), "wrong number of header values")
+	assert.Equal(t, "foo", v[0])
+	v, ok = writer.Header()["Bar"]
+	require.Equal(t, true, ok, "header not found")
+	require.Equal(t, 1, len(v), "wrong number of header values")
+	assert.Equal(t, "bar", v[0])
+	assert.Equal(t, 400, errJson.StatusCode())
+}
+
+func TestGrpcResponseIsEmpty(t *testing.T) {
+	t.Run("nil", func(t *testing.T) {
+		assert.Equal(t, true, GrpcResponseIsEmpty(nil))
+	})
+	t.Run("empty_slice", func(t *testing.T) {
+		assert.Equal(t, true, GrpcResponseIsEmpty(make([]byte, 0)))
+	})
+	t.Run("empty_brackets", func(t *testing.T) {
+		assert.Equal(t, true, GrpcResponseIsEmpty([]byte("{}")))
+	})
+	t.Run("non_empty", func(t *testing.T) {
+		assert.Equal(t, false, GrpcResponseIsEmpty([]byte("{\"foo\":\"bar\"})")))
+	})
+}
+
+func TestDeserializeGrpcResponseBodyIntoContainer(t *testing.T) {
+	t.Run("ok", func(t *testing.T) {
+		body, err := json.Marshal(defaultRequestContainer())
+		require.NoError(t, err)
+
+		container := &testRequestContainer{}
+		errJson := DeserializeGrpcResponseBodyIntoContainer(body, container)
+		require.Equal(t, true, errJson == nil)
+		assert.Equal(t, "test string", container.TestString)
+	})
+
+	t.Run("error", func(t *testing.T) {
+		var bodyJson bytes.Buffer
+		bodyJson.Write([]byte("foo"))
+		errJson := DeserializeGrpcResponseBodyIntoContainer(bodyJson.Bytes(), &testRequestContainer{})
+		require.NotNil(t, errJson)
+		assert.Equal(t, true, strings.Contains(errJson.Msg(), "could not unmarshal response"))
+		assert.Equal(t, http.StatusInternalServerError, errJson.StatusCode())
+	})
+}
+
+func TestProcessMiddlewareResponseFields(t *testing.T) {
+	t.Run("Ok", func(t *testing.T) {
+		container := defaultResponseContainer()
+
+		errJson := ProcessMiddlewareResponseFields(container)
+		require.Equal(t, true, errJson == nil)
+		assert.Equal(t, "0x666f6f", container.TestHex)
+		assert.Equal(t, "0x", container.TestEmptyHex)
+		assert.Equal(t, "0x0000000000000000000000000000000000666F6f", container.TestAddress)
+		assert.Equal(t, "0x", container.TestEmptyAddress)
+		assert.Equal(t, "4196", container.TestUint256)
+		assert.Equal(t, "test enum", container.TestEnum)
+		assert.Equal(t, "1136214245", container.TestTime)
+	})
+
+	t.Run("error", func(t *testing.T) {
+		errJson := ProcessMiddlewareResponseFields("foo")
+		require.NotNil(t, errJson)
+		assert.Equal(t, true, strings.Contains(errJson.Msg(), "could not process response data"))
+		assert.Equal(t, http.StatusInternalServerError, errJson.StatusCode())
+	})
+}
+
+func TestSerializeMiddlewareResponseIntoJson(t *testing.T) {
+	container := defaultResponseContainer()
+	j, errJson := SerializeMiddlewareResponseIntoJson(container)
+	assert.Equal(t, true, errJson == nil)
+	cToDeserialize := &testResponseContainer{}
+	require.NoError(t, json.Unmarshal(j, cToDeserialize))
+	assert.Equal(t, "test string", cToDeserialize.TestString)
+}
+
+func TestWriteMiddlewareResponseHeadersAndBody(t *testing.T) {
+	t.Run("GET", func(t *testing.T) {
+		response := &http.Response{
+			Header: http.Header{
+				"Foo": []string{"foo"},
+				grpc.WithPrefix(grpc.HttpCodeMetadataKey): []string{"204"},
+				grpc.WithPrefix(api.VersionHeader):        []string{"capella"},
+			},
+		}
+		container := defaultResponseContainer()
+		responseJson, err := json.Marshal(container)
+		require.NoError(t, err)
+		writer := httptest.NewRecorder()
+		writer.Body = &bytes.Buffer{}
+
+		errJson := WriteMiddlewareResponseHeadersAndBody(response, responseJson, writer)
+		require.Equal(t, true, errJson == nil)
+		v, ok := writer.Header()["Foo"]
+		require.Equal(t, true, ok, "header not found")
+		require.Equal(t, 1, len(v), "wrong number of header values")
+		assert.Equal(t, "foo", v[0])
+		v, ok = writer.Header()["Content-Length"]
+		require.Equal(t, true, ok, "header not found")
+		require.Equal(t, 1, len(v), "wrong number of header values")
+		assert.Equal(t, "224", v[0])
+		v, ok = writer.Header()["Eth-Consensus-Version"]
+		require.Equal(t, true, ok, "header not found")
+		assert.Equal(t, "capella", v[0])
+		assert.Equal(t, 204, writer.Code)
+		assert.DeepEqual(t, responseJson, writer.Body.Bytes())
+	})
+
+	t.Run("GET_no_grpc_status_code_header", func(t *testing.T) {
+		response := &http.Response{
+			Header:     http.Header{},
+			StatusCode: 204,
+		}
+		container := defaultResponseContainer()
+		responseJson, err := json.Marshal(container)
+		require.NoError(t, err)
+		writer := httptest.NewRecorder()
+
+		errJson := WriteMiddlewareResponseHeadersAndBody(response, responseJson, writer)
+		require.Equal(t, true, errJson == nil)
+		assert.Equal(t, 204, writer.Code)
+	})
+
+	t.Run("GET_invalid_status_code", func(t *testing.T) {
+		response := &http.Response{
+			Header: http.Header{"Grpc-Metadata-Eth-Consensus-Version": []string{"capella"}},
+		}
+
+		// Set invalid status code.
+		response.Header[grpc.WithPrefix(grpc.HttpCodeMetadataKey)] = []string{"invalid"}
+		response.Header[grpc.WithPrefix(api.VersionHeader)] = []string{"capella"}
+
+		container := defaultResponseContainer()
+		responseJson, err := json.Marshal(container)
+		require.NoError(t, err)
+		writer := httptest.NewRecorder()
+
+		errJson := WriteMiddlewareResponseHeadersAndBody(response, responseJson, writer)
+		require.Equal(t, false, errJson == nil)
+		assert.Equal(t, true, strings.Contains(errJson.Msg(), "could not parse status code"))
+		assert.Equal(t, http.StatusInternalServerError, errJson.StatusCode())
+	})
+
+	t.Run("POST", func(t *testing.T) {
+		response := &http.Response{
+			Header:     http.Header{},
+			StatusCode: 204,
+		}
+		container := defaultResponseContainer()
+		responseJson, err := json.Marshal(container)
+		require.NoError(t, err)
+		writer := httptest.NewRecorder()
+
+		errJson := WriteMiddlewareResponseHeadersAndBody(response, responseJson, writer)
+		require.Equal(t, true, errJson == nil)
+		assert.Equal(t, 204, writer.Code)
+	})
+
+	t.Run("POST_with_response_body", func(t *testing.T) {
+		response := &http.Response{
+			Header:     http.Header{},
+			StatusCode: 204,
+		}
+		container := defaultResponseContainer()
+		responseJson, err := json.Marshal(container)
+		require.NoError(t, err)
+		writer := httptest.NewRecorder()
+		writer.Body = &bytes.Buffer{}
+
+		errJson := WriteMiddlewareResponseHeadersAndBody(response, responseJson, writer)
+		require.Equal(t, true, errJson == nil)
+		assert.Equal(t, 204, writer.Code)
+		assert.DeepEqual(t, responseJson, writer.Body.Bytes())
+	})
+
+	t.Run("POST_with_empty_json_body", func(t *testing.T) {
+		response := &http.Response{
+			Header:     http.Header{},
+			StatusCode: 204,
+		}
+		responseJson, err := json.Marshal(struct{}{})
+		require.NoError(t, err)
+		writer := httptest.NewRecorder()
+		writer.Body = &bytes.Buffer{}
+
+		errJson := WriteMiddlewareResponseHeadersAndBody(response, responseJson, writer)
+		require.Equal(t, true, errJson == nil)
+		assert.Equal(t, 204, writer.Code)
+		assert.DeepEqual(t, []byte(nil), writer.Body.Bytes())
+		assert.Equal(t, "0", writer.Header()["Content-Length"][0])
+	})
+}
+
+func TestWriteError(t *testing.T) {
+	t.Run("ok", func(t *testing.T) {
+		responseHeader := http.Header{
+			grpc.WithPrefix(grpc.CustomErrorMetadataKey): []string{"{\"CustomField\":\"bar\"}"},
+		}
+		errJson := &testErrorJson{
+			Message: "foo",
+			Code:    500,
+		}
+		writer := httptest.NewRecorder()
+		writer.Body = &bytes.Buffer{}
+
+		WriteError(writer, errJson, responseHeader)
+		v, ok := writer.Header()["Content-Length"]
+		require.Equal(t, true, ok, "header not found")
+		require.Equal(t, 1, len(v), "wrong number of header values")
+		assert.Equal(t, "48", v[0])
+		v, ok = writer.Header()["Content-Type"]
+		require.Equal(t, true, ok, "header not found")
+		require.Equal(t, 1, len(v), "wrong number of header values")
+		assert.Equal(t, "application/json", v[0])
+		assert.Equal(t, 500, writer.Code)
+		eDeserialize := &testErrorJson{}
+		require.NoError(t, json.Unmarshal(writer.Body.Bytes(), eDeserialize))
+		assert.Equal(t, "foo", eDeserialize.Message)
+		assert.Equal(t, 500, eDeserialize.Code)
+		assert.Equal(t, "bar", eDeserialize.CustomField)
+	})
+
+	t.Run("invalid_custom_error_header", func(t *testing.T) {
+		logHook := test.NewGlobal()
+
+		responseHeader := http.Header{
+			grpc.WithPrefix(grpc.CustomErrorMetadataKey): []string{"invalid"},
+		}
+
+		WriteError(httptest.NewRecorder(), &testErrorJson{}, responseHeader)
+		assert.LogsContain(t, logHook, "Could not unmarshal custom error message")
+	})
+}

api/gateway/apimiddleware/structs.go

@@ -0,0 +1,69 @@
+package apimiddleware
+
+import (
+	"net/http"
+
+	"github.com/pkg/errors"
+)
+
+// ---------------
+// Error handling.
+// ---------------
+
+// ErrorJson describes common functionality of all JSON error representations.
+type ErrorJson interface {
+	StatusCode() int
+	SetCode(code int)
+	Msg() string
+	SetMsg(msg string)
+}
+
+// DefaultErrorJson is a JSON representation of a simple error value, containing only a message and an error code.
+type DefaultErrorJson struct {
+	Message string `json:"message"`
+	Code    int    `json:"code"`
+}
+
+// InternalServerErrorWithMessage returns a DefaultErrorJson with 500 code and a custom message.
+func InternalServerErrorWithMessage(err error, message string) *DefaultErrorJson {
+	e := errors.Wrapf(err, message)
+	return &DefaultErrorJson{
+		Message: e.Error(),
+		Code:    http.StatusInternalServerError,
+	}
+}
+
+// InternalServerError returns a DefaultErrorJson with 500 code.
+func InternalServerError(err error) *DefaultErrorJson {
+	return &DefaultErrorJson{
+		Message: err.Error(),
+		Code:    http.StatusInternalServerError,
+	}
+}
+
+func TimeoutError() *DefaultErrorJson {
+	return &DefaultErrorJson{
+		Message: "Request timeout",
+		Code:    http.StatusRequestTimeout,
+	}
+}
+
+// StatusCode returns the error's underlying error code.
+func (e *DefaultErrorJson) StatusCode() int {
+	return e.Code
+}
+
+// Msg returns the error's underlying message.
+func (e *DefaultErrorJson) Msg() string {
+	return e.Message
+}
+
+// SetCode sets the error's underlying error code.
+func (e *DefaultErrorJson) SetCode(code int) {
+	e.Code = code
+}
+
+// SetMsg sets the error's underlying message.
+func (e *DefaultErrorJson) SetMsg(msg string) {
+	e.Message = msg
+}

api/gateway/gateway.go

@@ -0,0 +1,258 @@
+// Package gateway defines a grpc-gateway server that serves HTTP-JSON traffic and acts a proxy between HTTP and gRPC.
+package gateway
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"net/http"
+	"path"
+	"strings"
+	"time"
+
+	"github.com/gorilla/mux"
+	gwruntime "github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
+	"github.com/pkg/errors"
+	"github.com/prysmaticlabs/prysm/v4/api/gateway/apimiddleware"
+	"github.com/prysmaticlabs/prysm/v4/runtime"
+	"github.com/rs/cors"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/connectivity"
+	"google.golang.org/grpc/credentials"
+)
+
+var _ runtime.Service = (*Gateway)(nil)
+
+// PbMux serves grpc-gateway requests for selected patterns using registered protobuf handlers.
+type PbMux struct {
+	Registrations []PbHandlerRegistration // Protobuf registrations to be registered in Mux.
+	Patterns      []string                // URL patterns that will be handled by Mux.
+	Mux           *gwruntime.ServeMux     // The router that will be used for grpc-gateway requests.
+}
+
+// PbHandlerRegistration is a function that registers a protobuf handler.
+type PbHandlerRegistration func(context.Context, *gwruntime.ServeMux, *grpc.ClientConn) error
+
+// MuxHandler is a function that implements the mux handler functionality.
+type MuxHandler func(
+	apiMiddlewareHandler *apimiddleware.ApiProxyMiddleware,
+	h http.HandlerFunc,
+	w http.ResponseWriter,
+	req *http.Request,
+)
+
+// Config parameters for setting up the gateway service.
+type config struct {
+	maxCallRecvMsgSize           uint64
+	remoteCert                   string
+	gatewayAddr                  string
+	remoteAddr                   string
+	allowedOrigins               []string
+	apiMiddlewareEndpointFactory apimiddleware.EndpointFactory
+	muxHandler                   MuxHandler
+	pbHandlers                   []*PbMux
+	router                       *mux.Router
+	timeout                      time.Duration
+}
+
+// Gateway is the gRPC gateway to serve HTTP JSON traffic as a proxy and forward it to the gRPC server.
+type Gateway struct {
+	cfg          *config
+	conn         *grpc.ClientConn
+	server       *http.Server
+	cancel       context.CancelFunc
+	proxy        *apimiddleware.ApiProxyMiddleware
+	ctx          context.Context
+	startFailure error
+}
+
+// New returns a new instance of the Gateway.
+func New(ctx context.Context, opts ...Option) (*Gateway, error) {
+	g := &Gateway{
+		ctx: ctx,
+		cfg: &config{},
+	}
+	for _, opt := range opts {
+		if err := opt(g); err != nil {
+			return nil, err
+		}
+	}
+	if g.cfg.router == nil {
+		g.cfg.router = mux.NewRouter()
+	}
+	return g, nil
+}
+
+// Start the gateway service.
+func (g *Gateway) Start() {
+	ctx, cancel := context.WithCancel(g.ctx)
+	g.cancel = cancel
+
+	conn, err := g.dial(ctx, "tcp", g.cfg.remoteAddr)
+	if err != nil {
+		log.WithError(err).Error("Failed to connect to gRPC server")
+		g.startFailure = err
+		return
+	}
+	g.conn = conn
+
+	for _, h := range g.cfg.pbHandlers {
+		for _, r := range h.Registrations {
+			if err := r(ctx, h.Mux, g.conn); err != nil {
+				log.WithError(err).Error("Failed to register handler")
+				g.startFailure = err
+				return
+			}
+		}
+		for _, p := range h.Patterns {
+			g.cfg.router.PathPrefix(p).Handler(h.Mux)
+		}
+	}
+
+	corsMux := g.corsMiddleware(g.cfg.router)
+
+	if g.cfg.apiMiddlewareEndpointFactory != nil && !g.cfg.apiMiddlewareEndpointFactory.IsNil() {
+		g.registerApiMiddleware()
+	}
+
+	if g.cfg.muxHandler != nil {
+		g.cfg.router.PathPrefix("/").HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			g.cfg.muxHandler(g.proxy, corsMux.ServeHTTP, w, r)
+		})
+	}
+
+	g.server = &http.Server{
+		Addr:              g.cfg.gatewayAddr,
+		Handler:           corsMux,
+		ReadHeaderTimeout: time.Second,
+	}
+
+	go func() {
+		log.WithField("address", g.cfg.gatewayAddr).Info("Starting gRPC gateway")
+		if err := g.server.ListenAndServe(); err != http.ErrServerClosed {
+			log.WithError(err).Error("Failed to start gRPC gateway")
+			g.startFailure = err
+			return
+		}
+	}()
+}
+
+// Status of grpc gateway. Returns an error if this service is unhealthy.
+func (g *Gateway) Status() error {
+	if g.startFailure != nil {
+		return g.startFailure
+	}
+	if s := g.conn.GetState(); s != connectivity.Ready {
+		return fmt.Errorf("grpc server is %s", s)
+	}
+	return nil
+}
+
+// Stop the gateway with a graceful shutdown.
+func (g *Gateway) Stop() error {
+	if g.server != nil {
+		shutdownCtx, shutdownCancel := context.WithTimeout(g.ctx, 2*time.Second)
+		defer shutdownCancel()
+		if err := g.server.Shutdown(shutdownCtx); err != nil {
+			if errors.Is(err, context.DeadlineExceeded) {
+				log.Warn("Existing connections terminated")
+			} else {
+				log.WithError(err).Error("Failed to gracefully shut down server")
+			}
+		}
+	}
+	if g.cancel != nil {
+		g.cancel()
+	}
+	return nil
+}
+
+func (g *Gateway) corsMiddleware(h http.Handler) http.Handler {
+	c := cors.New(cors.Options{
+		AllowedOrigins:   g.cfg.allowedOrigins,
+		AllowedMethods:   []string{http.MethodPost, http.MethodGet, http.MethodDelete, http.MethodOptions},
+		AllowCredentials: true,
+		MaxAge:           600,
+		AllowedHeaders:   []string{"*"},
+	})
+	return c.Handler(h)
+}
+
+const swaggerDir = "proto/prysm/v1alpha1/"
+
+// SwaggerServer returns swagger specification files located under "/swagger/"
+func SwaggerServer() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if !strings.HasSuffix(r.URL.Path, ".swagger.json") {
+			log.Debugf("Not found: %s", r.URL.Path)
+			http.NotFound(w, r)
+			return
+		}
+
+		log.Debugf("Serving %s\n", r.URL.Path)
+		p := strings.TrimPrefix(r.URL.Path, "/swagger/")
+		p = path.Join(swaggerDir, p)
+		http.ServeFile(w, r, p)
+	}
+}
+
+// dial the gRPC server.
+func (g *Gateway) dial(ctx context.Context, network, addr string) (*grpc.ClientConn, error) {
+	switch network {
+	case "tcp":
+		return g.dialTCP(ctx, addr)
+	case "unix":
+		return g.dialUnix(ctx, addr)
+	default:
+		return nil, fmt.Errorf("unsupported network type %q", network)
+	}
+}
+
+// dialTCP creates a client connection via TCP.
+// "addr" must be a valid TCP address with a port number.
+func (g *Gateway) dialTCP(ctx context.Context, addr string) (*grpc.ClientConn, error) {
+	security := grpc.WithInsecure()
+	if len(g.cfg.remoteCert) > 0 {
+		creds, err := credentials.NewClientTLSFromFile(g.cfg.remoteCert, "")
+		if err != nil {
+			return nil, err
+		}
+		security = grpc.WithTransportCredentials(creds)
+	}
+	opts := []grpc.DialOption{
+		security,
+		grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(int(g.cfg.maxCallRecvMsgSize))),
+	}
+
+	return grpc.DialContext(ctx, addr, opts...)
+}
+
+// dialUnix creates a client connection via a unix domain socket.
+// "addr" must be a valid path to the socket.
+func (g *Gateway) dialUnix(ctx context.Context, addr string) (*grpc.ClientConn, error) {
+	d := func(addr string, timeout time.Duration) (net.Conn, error) {
+		return net.DialTimeout("unix", addr, timeout)
+	}
+	f := func(ctx context.Context, addr string) (net.Conn, error) {
+		if deadline, ok := ctx.Deadline(); ok {
+			return d(addr, time.Until(deadline))
+		}
+		return d(addr, 0)
+	}
+	opts := []grpc.DialOption{
+		grpc.WithInsecure(),
+		grpc.WithContextDialer(f),
+		grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(int(g.cfg.maxCallRecvMsgSize))),
+	}
+	return grpc.DialContext(ctx, addr, opts...)
+}
+
+func (g *Gateway) registerApiMiddleware() {
+	g.proxy = &apimiddleware.ApiProxyMiddleware{
+		GatewayAddress:  g.cfg.gatewayAddr,
+		EndpointCreator: g.cfg.apiMiddlewareEndpointFactory,
+		Timeout:         g.cfg.timeout,
+	}
+	log.Info("Starting API middleware")
+	g.proxy.Run(g.cfg.router)
+}

api/gateway/gateway_test.go

@@ -0,0 +1,128 @@
+package gateway
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+
+	"github.com/gorilla/mux"
+	"github.com/prysmaticlabs/prysm/v4/api/gateway/apimiddleware"
+	"github.com/prysmaticlabs/prysm/v4/cmd/beacon-chain/flags"
+	"github.com/prysmaticlabs/prysm/v4/testing/assert"
+	"github.com/prysmaticlabs/prysm/v4/testing/require"
+	logTest "github.com/sirupsen/logrus/hooks/test"
+	"github.com/urfave/cli/v2"
+)
+
+type mockEndpointFactory struct {
+}
+
+func (*mockEndpointFactory) Paths() []string {
+	return []string{}
+}
+
+func (*mockEndpointFactory) Create(_ string) (*apimiddleware.Endpoint, error) {
+	return nil, nil
+}
+
+func (*mockEndpointFactory) IsNil() bool {
+	return false
+}
+
+func TestGateway_Customized(t *testing.T) {
+	r := mux.NewRouter()
+	cert := "cert"
+	origins := []string{"origin"}
+	size := uint64(100)
+	endpointFactory := &mockEndpointFactory{}
+
+	opts := []Option{
+		WithRouter(r),
+		WithRemoteCert(cert),
+		WithAllowedOrigins(origins),
+		WithMaxCallRecvMsgSize(size),
+		WithApiMiddleware(endpointFactory),
+		WithMuxHandler(func(
+			_ *apimiddleware.ApiProxyMiddleware,
+			_ http.HandlerFunc,
+			_ http.ResponseWriter,
+			_ *http.Request,
+		) {
+		}),
+	}
+
+	g, err := New(context.Background(), opts...)
+	require.NoError(t, err)
+
+	assert.Equal(t, r, g.cfg.router)
+	assert.Equal(t, cert, g.cfg.remoteCert)
+	require.Equal(t, 1, len(g.cfg.allowedOrigins))
+	assert.Equal(t, origins[0], g.cfg.allowedOrigins[0])
+	assert.Equal(t, size, g.cfg.maxCallRecvMsgSize)
+	assert.Equal(t, endpointFactory, g.cfg.apiMiddlewareEndpointFactory)
+}
+
+func TestGateway_StartStop(t *testing.T) {
+	hook := logTest.NewGlobal()
+
+	app := cli.App{}
+	set := flag.NewFlagSet("test", 0)
+	ctx := cli.NewContext(&app, set, nil)
+
+	gatewayPort := ctx.Int(flags.GRPCGatewayPort.Name)
+	gatewayHost := ctx.String(flags.GRPCGatewayHost.Name)
+	rpcHost := ctx.String(flags.RPCHost.Name)
+	selfAddress := fmt.Sprintf("%s:%d", rpcHost, ctx.Int(flags.RPCPort.Name))
+	gatewayAddress := fmt.Sprintf("%s:%d", gatewayHost, gatewayPort)
+
+	opts := []Option{
+		WithGatewayAddr(gatewayAddress),
+		WithRemoteAddr(selfAddress),
+		WithMuxHandler(func(
+			_ *apimiddleware.ApiProxyMiddleware,
+			_ http.HandlerFunc,
+			_ http.ResponseWriter,
+			_ *http.Request,
+		) {
+		}),
+	}
+
+	g, err := New(context.Background(), opts...)
+	require.NoError(t, err)
+
+	g.Start()
+	go func() {
+		require.LogsContain(t, hook, "Starting gRPC gateway")
+		require.LogsDoNotContain(t, hook, "Starting API middleware")
+	}()
+	err = g.Stop()
+	require.NoError(t, err)
+}
+
+func TestGateway_NilHandler_NotFoundHandlerRegistered(t *testing.T) {
+	app := cli.App{}
+	set := flag.NewFlagSet("test", 0)
+	ctx := cli.NewContext(&app, set, nil)
+
+	gatewayPort := ctx.Int(flags.GRPCGatewayPort.Name)
+	gatewayHost := ctx.String(flags.GRPCGatewayHost.Name)
+	rpcHost := ctx.String(flags.RPCHost.Name)
+	selfAddress := fmt.Sprintf("%s:%d", rpcHost, ctx.Int(flags.RPCPort.Name))
+	gatewayAddress := fmt.Sprintf("%s:%d", gatewayHost, gatewayPort)
+
+	opts := []Option{
+		WithGatewayAddr(gatewayAddress),
+		WithRemoteAddr(selfAddress),
+	}
+
+	g, err := New(context.Background(), opts...)
+	require.NoError(t, err)
+
+	writer := httptest.NewRecorder()
+	g.cfg.router.ServeHTTP(writer, &http.Request{Method: "GET", Host: "localhost", URL: &url.URL{Path: "/foo"}})
+	assert.Equal(t, http.StatusNotFound, writer.Code)
+}

api/gateway/modifiers.go

@@ -0,0 +1,30 @@
+package gateway
+
+import (
+	"context"
+	"net/http"
+	"strconv"
+
+	gwruntime "github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
+	"google.golang.org/protobuf/proto"
+)
+
+func HttpResponseModifier(ctx context.Context, w http.ResponseWriter, _ proto.Message) error {
+	md, ok := gwruntime.ServerMetadataFromContext(ctx)
+	if !ok {
+		return nil
+	}
+	// set http status code
+	if vals := md.HeaderMD.Get("x-http-code"); len(vals) > 0 {
+		code, err := strconv.Atoi(vals[0])
+		if err != nil {
+			return err
+		}
+		// delete the headers to not expose any grpc-metadata in http response
+		delete(md.HeaderMD, "x-http-code")
+		delete(w.Header(), "Grpc-Metadata-X-Http-Code")
+		w.WriteHeader(code)
+	}
+
+	return nil
+}

api/gateway/options.go

@@ -0,0 +1,88 @@
+package gateway
+
+import (
+	"time"
+
+	"github.com/gorilla/mux"
+	gwruntime "github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
+	"github.com/prysmaticlabs/prysm/v4/api/gateway/apimiddleware"
+)
+
+type Option func(g *Gateway) error
+
+func WithPbHandlers(handlers []*PbMux) Option {
+	return func(g *Gateway) error {
+		g.cfg.pbHandlers = handlers
+		return nil
+	}
+}
+
+func WithMuxHandler(m MuxHandler) Option {
+	return func(g *Gateway) error {
+		g.cfg.muxHandler = m
+		return nil
+	}
+}
+
+func WithGatewayAddr(addr string) Option {
+	return func(g *Gateway) error {
+		g.cfg.gatewayAddr = addr
+		return nil
+	}
+}
+
+func WithRemoteAddr(addr string) Option {
+	return func(g *Gateway) error {
+		g.cfg.remoteAddr = addr
+		return nil
+	}
+}
+
+// WithRouter allows adding a custom mux router to the gateway.
+func WithRouter(r *mux.Router) Option {
+	return func(g *Gateway) error {
+		g.cfg.router = r
+		return nil
+	}
+}
+
+// WithAllowedOrigins allows adding a set of allowed origins to the gateway.
+func WithAllowedOrigins(origins []string) Option {
+	return func(g *Gateway) error {
+		g.cfg.allowedOrigins = origins
+		return nil
+	}
+}
+
+// WithRemoteCert allows adding a custom certificate to the gateway,
+func WithRemoteCert(cert string) Option {
+	return func(g *Gateway) error {
+		g.cfg.remoteCert = cert
+		return nil
+	}
+}
+
+// WithMaxCallRecvMsgSize allows specifying the maximum allowed gRPC message size.
+func WithMaxCallRecvMsgSize(size uint64) Option {
+	return func(g *Gateway) error {
+		g.cfg.maxCallRecvMsgSize = size
+		return nil
+	}
+}
+
+// WithApiMiddleware allows adding an API middleware proxy to the gateway.
+func WithApiMiddleware(endpointFactory apimiddleware.EndpointFactory) Option {
+	return func(g *Gateway) error {
+		g.cfg.apiMiddlewareEndpointFactory = endpointFactory
+		return nil
+	}
+}
+
+// WithTimeout allows changing the timeout value for API calls.
+func WithTimeout(seconds uint64) Option {
+	return func(g *Gateway) error {
+		g.cfg.timeout = time.Second * time.Duration(seconds)
+		gwruntime.DefaultContextTimeout = time.Second * time.Duration(seconds)
+		return nil
+	}
+}

api/grpc/BUILD.bazel

@@ -0,0 +1,30 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "grpcutils.go",
+        "parameters.go",
+    ],
+    importpath = "github.com/prysmaticlabs/prysm/v4/api/grpc",
+    visibility = ["//visibility:public"],
+    deps = [
+        "@com_github_sirupsen_logrus//:go_default_library",
+        "@org_golang_google_grpc//:go_default_library",
+        "@org_golang_google_grpc//metadata:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["grpcutils_test.go"],
+    embed = [":go_default_library"],
+    deps = [
+        "//testing/assert:go_default_library",
+        "//testing/require:go_default_library",
+        "@com_github_grpc_ecosystem_grpc_gateway_v2//runtime:go_default_library",
+        "@com_github_sirupsen_logrus//hooks/test:go_default_library",
+        "@org_golang_google_grpc//:go_default_library",
+        "@org_golang_google_grpc//metadata:go_default_library",
+    ],
+)

api/grpc/grpcutils.go

@@ -0,0 +1,96 @@
+package grpc
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/sirupsen/logrus"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/metadata"
+)
+
+// LogRequests logs the gRPC backend as well as request duration when the log level is set to debug
+// or higher.
+func LogRequests(
+	ctx context.Context,
+	method string, req,
+	reply interface{},
+	cc *grpc.ClientConn,
+	invoker grpc.UnaryInvoker,
+	opts ...grpc.CallOption,
+) error {
+	// Shortcut when debug logging is not enabled.
+	if logrus.GetLevel() < logrus.DebugLevel {
+		return invoker(ctx, method, req, reply, cc, opts...)
+	}
+
+	var header metadata.MD
+	opts = append(
+		opts,
+		grpc.Header(&header),
+	)
+	start := time.Now()
+	err := invoker(ctx, method, req, reply, cc, opts...)
+	logrus.WithField("backend", header["x-backend"]).
+		WithField("method", method).WithField("duration", time.Since(start)).
+		Debug("gRPC request finished.")
+	return err
+}
+
+// LogStream prints the method at DEBUG level at the start of the stream.
+func LogStream(
+	ctx context.Context,
+	sd *grpc.StreamDesc,
+	conn *grpc.ClientConn,
+	method string,
+	streamer grpc.Streamer,
+	opts ...grpc.CallOption,
+) (grpc.ClientStream, error) {
+	// Shortcut when debug logging is not enabled.
+	if logrus.GetLevel() < logrus.DebugLevel {
+		return streamer(ctx, sd, conn, method, opts...)
+	}
+
+	var header metadata.MD
+	opts = append(
+		opts,
+		grpc.Header(&header),
+	)
+	strm, err := streamer(ctx, sd, conn, method, opts...)
+	logrus.WithField("backend", header["x-backend"]).
+		WithField("method", method).
+		Debug("gRPC stream started.")
+	return strm, err
+}
+
+// AppendHeaders parses the provided GRPC headers
+// and attaches them to the provided context.
+func AppendHeaders(parent context.Context, headers []string) context.Context {
+	for _, h := range headers {
+		if h != "" {
+			keyValue := strings.Split(h, "=")
+			if len(keyValue) < 2 {
+				logrus.Warnf("Incorrect gRPC header flag format. Skipping %v", keyValue[0])
+				continue
+			}
+			parent = metadata.AppendToOutgoingContext(parent, keyValue[0], strings.Join(keyValue[1:], "="))
+		}
+	}
+	return parent
+}
+
+// AppendCustomErrorHeader sets a CustomErrorMetadataKey gRPC header on the passed in context,
+// using the passed in error data as the header's value. The data is serialized as JSON.
+func AppendCustomErrorHeader(ctx context.Context, errorData interface{}) error {
+	j, err := json.Marshal(errorData)
+	if err != nil {
+		return fmt.Errorf("could not marshal error data into JSON: %w", err)
+	}
+	if err := grpc.SetHeader(ctx, metadata.Pairs(CustomErrorMetadataKey, string(j))); err != nil {
+		return fmt.Errorf("could not set custom error header: %w", err)
+	}
+	return nil
+}

api/grpc/grpcutils_test.go

@@ -0,0 +1,78 @@
+package grpc
+
+import (
+	"context"
+	"encoding/json"
+	"strings"
+	"testing"
+
+	"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
+	"github.com/prysmaticlabs/prysm/v4/testing/assert"
+	"github.com/prysmaticlabs/prysm/v4/testing/require"
+	logTest "github.com/sirupsen/logrus/hooks/test"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/metadata"
+)
+
+type customErrorData struct {
+	Message string `json:"message"`
+}
+
+func TestAppendHeaders(t *testing.T) {
+	t.Run("one_header", func(t *testing.T) {
+		ctx := AppendHeaders(context.Background(), []string{"first=value1"})
+		md, ok := metadata.FromOutgoingContext(ctx)
+		require.Equal(t, true, ok, "Failed to read context metadata")
+		require.Equal(t, 1, md.Len(), "MetadataV0 contains wrong number of values")
+		assert.Equal(t, "value1", md.Get("first")[0])
+	})
+
+	t.Run("multiple_headers", func(t *testing.T) {
+		ctx := AppendHeaders(context.Background(), []string{"first=value1", "second=value2"})
+		md, ok := metadata.FromOutgoingContext(ctx)
+		require.Equal(t, true, ok, "Failed to read context metadata")
+		require.Equal(t, 2, md.Len(), "MetadataV0 contains wrong number of values")
+		assert.Equal(t, "value1", md.Get("first")[0])
+		assert.Equal(t, "value2", md.Get("second")[0])
+	})
+
+	t.Run("one_empty_header", func(t *testing.T) {
+		ctx := AppendHeaders(context.Background(), []string{"first=value1", ""})
+		md, ok := metadata.FromOutgoingContext(ctx)
+		require.Equal(t, true, ok, "Failed to read context metadata")
+		require.Equal(t, 1, md.Len(), "MetadataV0 contains wrong number of values")
+		assert.Equal(t, "value1", md.Get("first")[0])
+	})
+
+	t.Run("incorrect_header", func(t *testing.T) {
+		logHook := logTest.NewGlobal()
+		ctx := AppendHeaders(context.Background(), []string{"first=value1", "second"})
+		md, ok := metadata.FromOutgoingContext(ctx)
+		require.Equal(t, true, ok, "Failed to read context metadata")
+		require.Equal(t, 1, md.Len(), "MetadataV0 contains wrong number of values")
+		assert.Equal(t, "value1", md.Get("first")[0])
+		assert.LogsContain(t, logHook, "Skipping second")
+	})
+
+	t.Run("header_value_with_equal_sign", func(t *testing.T) {
+		ctx := AppendHeaders(context.Background(), []string{"first=value=1"})
+		md, ok := metadata.FromOutgoingContext(ctx)
+		require.Equal(t, true, ok, "Failed to read context metadata")
+		require.Equal(t, 1, md.Len(), "MetadataV0 contains wrong number of values")
+		assert.Equal(t, "value=1", md.Get("first")[0])
+	})
+}
+
+func TestAppendCustomErrorHeader(t *testing.T) {
+	stream := &runtime.ServerTransportStream{}
+	ctx := grpc.NewContextWithServerTransportStream(context.Background(), stream)
+	data := &customErrorData{Message: "foo"}
+	require.NoError(t, AppendCustomErrorHeader(ctx, data))
+	// The stream used in test setup sets the metadata key in lowercase.
+	value, ok := stream.Header()[strings.ToLower(CustomErrorMetadataKey)]
+	require.Equal(t, true, ok, "Failed to retrieve custom error metadata value")
+	expected, err := json.Marshal(data)
+	require.NoError(t, err)
+	assert.Equal(t, string(expected), value[0])
+
+}

api/grpc/parameters.go

@@ -0,0 +1,16 @@
+package grpc
+
+// CustomErrorMetadataKey is the name of the metadata key storing additional error information.
+// Metadata value is expected to be a byte-encoded JSON object.
+const CustomErrorMetadataKey = "Custom-Error"
+
+// HttpCodeMetadataKey is the key to use when setting custom HTTP status codes in gRPC metadata.
+const HttpCodeMetadataKey = "X-Http-Code"
+
+// MetadataPrefix is the prefix for grpc headers on metadata
+const MetadataPrefix = "Grpc-Metadata"
+
+// WithPrefix creates a new string with grpc metadata prefix
+func WithPrefix(value string) string {
+	return MetadataPrefix + "-" + value
+}

api/headers.go

@@ -0,0 +1,7 @@
+package api
+
+const (
+	VersionHeader        = "Eth-Consensus-Version"
+	JsonMediaType        = "application/json"
+	OctetStreamMediaType = "application/octet-stream"
+)

api/pagination/BUILD.bazel

@@ -0,0 +1,22 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["pagination.go"],
+    importpath = "github.com/prysmaticlabs/prysm/v4/api/pagination",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//config/params:go_default_library",
+        "@com_github_pkg_errors//:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["pagination_test.go"],
+    deps = [
+        ":go_default_library",
+        "//testing/assert:go_default_library",
+        "//testing/require:go_default_library",
+    ],
+)

api/pagination/pagination.go

@@ -6,12 +6,12 @@ import (
 	"strconv"
 
 	"github.com/pkg/errors"
-	"github.com/prysmaticlabs/prysm/shared/params"
+	"github.com/prysmaticlabs/prysm/v4/config/params"
 )
 
 // StartAndEndPage takes in the requested page token, wanted page size, total page size.
 // It returns start, end page and the next page token.
-func StartAndEndPage(pageToken string, pageSize int, totalSize int) (int, int, string, error) {
+func StartAndEndPage(pageToken string, pageSize, totalSize int) (int, int, string, error) {
 	if pageToken == "" {
 		pageToken = "0"
 	}

api/pagination/pagination_test.go

@@ -1,11 +1,11 @@
 package pagination_test
 
 import (
-	"strings"
 	"testing"
 
-	"github.com/prysmaticlabs/prysm/shared/pagination"
-	"github.com/prysmaticlabs/prysm/shared/testutil/require"
+	"github.com/prysmaticlabs/prysm/v4/api/pagination"
+	"github.com/prysmaticlabs/prysm/v4/testing/assert"
+	"github.com/prysmaticlabs/prysm/v4/testing/require"
 )
 
 func TestStartAndEndPage(t *testing.T) {
@@ -76,14 +76,12 @@ func TestStartAndEndPage(t *testing.T) {
 
 func TestStartAndEndPage_CannotConvertPage(t *testing.T) {
 	wanted := "could not convert page token: strconv.Atoi: parsing"
-	if _, _, _, err := pagination.StartAndEndPage("bad", 0, 0); !strings.Contains(err.Error(), wanted) {
-		t.Fatalf("wanted error: %v, got error: %v", wanted, err.Error())
-	}
+	_, _, _, err := pagination.StartAndEndPage("bad", 0, 0)
+	assert.ErrorContains(t, wanted, err)
 }
 
 func TestStartAndEndPage_ExceedsMaxPage(t *testing.T) {
 	wanted := "page start 0 >= list 0"
-	if _, _, _, err := pagination.StartAndEndPage("", 0, 0); !strings.Contains(err.Error(), wanted) {
-		t.Fatalf("wanted error: %v, got error: %v", wanted, err.Error())
-	}
+	_, _, _, err := pagination.StartAndEndPage("", 0, 0)
+	assert.ErrorContains(t, wanted, err)
 }

async/BUILD.bazel

@@ -0,0 +1,33 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "debounce.go",
+        "every.go",
+        "multilock.go",
+        "scatter.go",
+    ],
+    importpath = "github.com/prysmaticlabs/prysm/v4/async",
+    visibility = ["//visibility:public"],
+    deps = ["@com_github_sirupsen_logrus//:go_default_library"],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = [
+        "benchmark_test.go",
+        "debounce_test.go",
+        "every_test.go",
+        "multilock_test.go",
+        "scatter_test.go",
+    ],
+    embed = [":go_default_library"],
+    deps = [
+        "//testing/assert:go_default_library",
+        "//testing/require:go_default_library",
+        "//testing/util:go_default_library",
+        "@com_github_sirupsen_logrus//:go_default_library",
+        "@com_github_stretchr_testify//assert:go_default_library",
+    ],
+)

async/abool/BUILD.bazel

@@ -0,0 +1,14 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["abool.go"],
+    importpath = "github.com/prysmaticlabs/prysm/v4/async/abool",
+    visibility = ["//visibility:public"],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["abool_test.go"],
+    embed = [":go_default_library"],
+)

async/abool/abool.go

@@ -0,0 +1,72 @@
+// Package abool provides atomic Boolean type for cleaner code and
+// better performance.
+// All rights reserved to https://github.com/tevino/abool.
+package abool
+
+import "sync/atomic"
+
+// New creates an AtomicBool with default set to false.
+func New() *AtomicBool {
+	return new(AtomicBool)
+}
+
+// NewBool creates an AtomicBool with given default value.
+func NewBool(ok bool) *AtomicBool {
+	ab := New()
+	if ok {
+		ab.Set()
+	}
+	return ab
+}
+
+// AtomicBool is an atomic Boolean.
+// Its methods are all atomic, thus safe to be called by multiple goroutines simultaneously.
+// Note: When embedding into a struct one should always use *AtomicBool to avoid copy.
+type AtomicBool int32
+
+// Set sets the Boolean to true.
+func (ab *AtomicBool) Set() {
+	atomic.StoreInt32((*int32)(ab), 1)
+}
+
+// UnSet sets the Boolean to false.
+func (ab *AtomicBool) UnSet() {
+	atomic.StoreInt32((*int32)(ab), 0)
+}
+
+// IsSet returns whether the Boolean is true.
+func (ab *AtomicBool) IsSet() bool {
+	return atomic.LoadInt32((*int32)(ab))&1 == 1
+}
+
+// IsNotSet returns whether the Boolean is false.
+func (ab *AtomicBool) IsNotSet() bool {
+	return !ab.IsSet()
+}
+
+// SetTo sets the boolean with given Boolean.
+func (ab *AtomicBool) SetTo(yes bool) {
+	if yes {
+		atomic.StoreInt32((*int32)(ab), 1)
+	} else {
+		atomic.StoreInt32((*int32)(ab), 0)
+	}
+}
+
+// Toggle inverts the Boolean then returns the value before inverting.
+func (ab *AtomicBool) Toggle() bool {
+	return atomic.AddInt32((*int32)(ab), 1)&1 == 0
+}
+
+// SetToIf sets the Boolean to new only if the Boolean matches the old.
+// Returns whether the set was done.
+func (ab *AtomicBool) SetToIf(old, curr bool) (set bool) {
+	var o, n int32
+	if old {
+		o = 1
+	}
+	if curr {
+		n = 1
+	}
+	return atomic.CompareAndSwapInt32((*int32)(ab), o, n)
+}

async/abool/abool_test.go

@@ -0,0 +1,298 @@
+// All rights reserved to https://github.com/tevino/abool.
+package abool
+
+import (
+	"math"
+	"sync"
+	"sync/atomic"
+	"testing"
+)
+
+func TestDefaultValue(t *testing.T) {
+	t.Parallel()
+	v := New()
+	if v.IsSet() {
+		t.Fatal("Empty value of AtomicBool should be false")
+	}
+
+	v = NewBool(true)
+	if !v.IsSet() {
+		t.Fatal("NewValue(true) should be true")
+	}
+
+	v = NewBool(false)
+	if v.IsSet() {
+		t.Fatal("NewValue(false) should be false")
+	}
+}
+
+func TestIsNotSet(t *testing.T) {
+	t.Parallel()
+	v := New()
+
+	if v.IsSet() == v.IsNotSet() {
+		t.Fatal("AtomicBool.IsNotSet() should be the opposite of IsSet()")
+	}
+}
+
+func TestSetUnSet(t *testing.T) {
+	t.Parallel()
+	v := New()
+
+	v.Set()
+	if !v.IsSet() {
+		t.Fatal("AtomicBool.Set() failed")
+	}
+
+	v.UnSet()
+	if v.IsSet() {
+		t.Fatal("AtomicBool.UnSet() failed")
+	}
+}
+
+func TestSetTo(t *testing.T) {
+	t.Parallel()
+	v := New()
+
+	v.SetTo(true)
+	if !v.IsSet() {
+		t.Fatal("AtomicBool.SetTo(true) failed")
+	}
+
+	v.SetTo(false)
+	if v.IsSet() {
+		t.Fatal("AtomicBool.SetTo(false) failed")
+	}
+
+	if set := v.SetToIf(true, false); set || v.IsSet() {
+		t.Fatal("AtomicBool.SetTo(true, false) failed")
+	}
+
+	if set := v.SetToIf(false, true); !set || !v.IsSet() {
+		t.Fatal("AtomicBool.SetTo(false, true) failed")
+	}
+}
+
+func TestToggle(t *testing.T) {
+	t.Parallel()
+	v := New()
+
+	_ = v.Toggle()
+	if !v.IsSet() {
+		t.Fatal("AtomicBool.Toggle() to true failed")
+	}
+
+	prev := v.Toggle()
+	if v.IsSet() == prev {
+		t.Fatal("AtomicBool.Toggle() to false failed")
+	}
+}
+
+func TestToogleMultipleTimes(t *testing.T) {
+	t.Parallel()
+
+	v := New()
+	pre := !v.IsSet()
+	for i := 0; i < 100; i++ {
+		v.SetTo(false)
+		for j := 0; j < i; j++ {
+			pre = v.Toggle()
+		}
+
+		expected := i%2 != 0
+		if v.IsSet() != expected {
+			t.Fatalf("AtomicBool.Toogle() doesn't work after %d calls, expected: %v, got %v", i, expected, v.IsSet())
+		}
+
+		if pre == v.IsSet() {
+			t.Fatalf("AtomicBool.Toogle() returned wrong value at the %dth calls, expected: %v, got %v", i, !v.IsSet(), pre)
+		}
+	}
+}
+
+func TestToogleAfterOverflow(t *testing.T) {
+	t.Parallel()
+
+	var value int32 = math.MaxInt32
+	v := (*AtomicBool)(&value)
+
+	valueBeforeToggle := *(*int32)(v)
+
+	// test first toggle after overflow
+	v.Toggle()
+	expected := math.MaxInt32%2 == 0
+	if v.IsSet() != expected {
+		t.Fatalf("AtomicBool.Toogle() doesn't work after overflow, expected: %v, got %v", expected, v.IsSet())
+	}
+
+	// make sure overflow happened
+	var valueAfterToggle = *(*int32)(v)
+	if valueAfterToggle >= valueBeforeToggle {
+		t.Fatalf("Overflow does not happen as expected, before %d, after: %d", valueBeforeToggle, valueAfterToggle)
+	}
+
+	// test second toggle after overflow
+	v.Toggle()
+	expected = !expected
+	if v.IsSet() != expected {
+		t.Fatalf("AtomicBool.Toogle() doesn't work after the second call after overflow, expected: %v, got %v", expected, v.IsSet())
+	}
+}
+
+func TestRace(t *testing.T) {
+	t.Parallel()
+
+	repeat := 10000
+	var wg sync.WaitGroup
+	wg.Add(repeat * 4)
+	v := New()
+
+	// Writer
+	go func() {
+		for i := 0; i < repeat; i++ {
+			v.Set()
+			wg.Done()
+		}
+	}()
+
+	// Reader
+	go func() {
+		for i := 0; i < repeat; i++ {
+			v.IsSet()
+			wg.Done()
+		}
+	}()
+
+	// Writer
+	go func() {
+		for i := 0; i < repeat; i++ {
+			v.UnSet()
+			wg.Done()
+		}
+	}()
+
+	// Reader And Writer
+	go func() {
+		for i := 0; i < repeat; i++ {
+			v.Toggle()
+			wg.Done()
+		}
+	}()
+
+	wg.Wait()
+}
+
+func ExampleAtomicBool() {
+	cond := New()             // default to false
+	cond.Set()                // Sets to true
+	cond.IsSet()              // Returns true
+	cond.UnSet()              // Sets to false
+	cond.IsNotSet()           // Returns true
+	cond.SetTo(true)          // Sets to whatever you want
+	cond.SetToIf(true, false) // Sets to `new` only if the Boolean matches the `old`, returns whether succeeded
+	cond.Toggle()             // Inverts the boolean then returns the value before inverting
+}
+
+// Benchmark Read
+
+func BenchmarkMutexRead(b *testing.B) {
+	var m sync.RWMutex
+	var v bool
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		m.RLock()
+		_ = v
+		m.RUnlock()
+	}
+}
+
+func BenchmarkAtomicValueRead(b *testing.B) {
+	var v atomic.Value
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		_ = v.Load() != nil
+	}
+}
+
+func BenchmarkAtomicBoolRead(b *testing.B) {
+	v := New()
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		_ = v.IsSet()
+	}
+}
+
+// Benchmark Write
+
+func BenchmarkMutexWrite(b *testing.B) {
+	var m sync.RWMutex
+	var v bool
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		m.RLock()
+		v = true
+		m.RUnlock()
+	}
+	b.StopTimer()
+	_ = v
+}
+
+func BenchmarkAtomicValueWrite(b *testing.B) {
+	var v atomic.Value
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		v.Store(true)
+	}
+}
+
+func BenchmarkAtomicBoolWrite(b *testing.B) {
+	v := New()
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		v.Set()
+	}
+}
+
+// Benchmark CAS
+
+func BenchmarkMutexCAS(b *testing.B) {
+	var m sync.RWMutex
+	var v bool
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		m.Lock()
+		if !v {
+			v = true
+		}
+		m.Unlock()
+	}
+}
+
+func BenchmarkAtomicBoolCAS(b *testing.B) {
+	v := New()
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		v.SetToIf(false, true)
+	}
+}
+
+// Benchmark toggle
+
+func BenchmarkMutexToggle(b *testing.B) {
+	var m sync.RWMutex
+	var v bool
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		m.Lock()
+		v = !v
+		m.Unlock()
+	}
+}
+
+func BenchmarkAtomicBoolToggle(b *testing.B) {
+	v := New()
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		v.Toggle()
+	}
+}

async/benchmark_test.go

@@ -0,0 +1,63 @@
+package async_test
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"sync"
+	"testing"
+
+	"github.com/prysmaticlabs/prysm/v4/async"
+	"github.com/prysmaticlabs/prysm/v4/testing/require"
+	log "github.com/sirupsen/logrus"
+)
+
+var input [][]byte
+
+const (
+	benchmarkElements    = 65536
+	benchmarkElementSize = 32
+	benchmarkHashRuns    = 128
+)
+
+func init() {
+	input = make([][]byte, benchmarkElements)
+	for i := 0; i < benchmarkElements; i++ {
+		input[i] = make([]byte, benchmarkElementSize)
+		_, err := rand.Read(input[i])
+		if err != nil {
+			log.WithError(err).Debug("Cannot read from rand")
+		}
+	}
+}
+
+// hash repeatedly hashes the data passed to it
+func hash(input [][]byte) [][]byte {
+	output := make([][]byte, len(input))
+	for i := range input {
+		copy(output, input)
+		for j := 0; j < benchmarkHashRuns; j++ {
+			hash := sha256.Sum256(output[i])
+			output[i] = hash[:]
+		}
+	}
+	return output
+}
+
+func BenchmarkHash(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		hash(input)
+	}
+}
+
+func BenchmarkHashMP(b *testing.B) {
+	output := make([][]byte, len(input))
+	for i := 0; i < b.N; i++ {
+		workerResults, err := async.Scatter(len(input), func(offset int, entries int, _ *sync.RWMutex) (interface{}, error) {
+			return hash(input[offset : offset+entries]), nil
+		})
+		require.NoError(b, err)
+		for _, result := range workerResults {
+			copy(output[result.Offset:], result.Extent.([][]byte))
+		}
+	}
+}

async/debounce.go

@@ -1,4 +1,4 @@
-package asyncutil
+package async
 
 import (
 	"context"

async/debounce_test.go

@@ -0,0 +1,117 @@
+package async_test
+
+import (
+	"context"
+	"sync"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/prysmaticlabs/prysm/v4/async"
+	"github.com/prysmaticlabs/prysm/v4/testing/assert"
+	"github.com/prysmaticlabs/prysm/v4/testing/require"
+	"github.com/prysmaticlabs/prysm/v4/testing/util"
+)
+
+func TestDebounce_NoEvents(t *testing.T) {
+	eventsChan := make(chan interface{}, 100)
+	ctx, cancel := context.WithCancel(context.Background())
+	interval := time.Second
+	timesHandled := int32(0)
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+	go func() {
+		time.AfterFunc(interval, func() {
+			cancel()
+		})
+	}()
+	go func() {
+		async.Debounce(ctx, interval, eventsChan, func(event interface{}) {
+			atomic.AddInt32(&timesHandled, 1)
+		})
+		wg.Done()
+	}()
+	if util.WaitTimeout(wg, interval*2) {
+		t.Fatalf("Test should have exited by now, timed out")
+	}
+	assert.Equal(t, int32(0), atomic.LoadInt32(&timesHandled), "Wrong number of handled calls")
+}
+
+func TestDebounce_CtxClosing(t *testing.T) {
+	eventsChan := make(chan interface{}, 100)
+	ctx, cancel := context.WithCancel(context.Background())
+	interval := time.Second
+	timesHandled := int32(0)
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+	go func() {
+		ticker := time.NewTicker(time.Millisecond * 100)
+		defer ticker.Stop()
+		for {
+			select {
+			case <-ctx.Done():
+				return
+			case <-ticker.C:
+				eventsChan <- struct{}{}
+			}
+		}
+	}()
+	go func() {
+		time.AfterFunc(interval, func() {
+			cancel()
+		})
+	}()
+	go func() {
+		async.Debounce(ctx, interval, eventsChan, func(event interface{}) {
+			atomic.AddInt32(&timesHandled, 1)
+		})
+		wg.Done()
+	}()
+	if util.WaitTimeout(wg, interval*2) {
+		t.Fatalf("Test should have exited by now, timed out")
+	}
+	assert.Equal(t, int32(0), atomic.LoadInt32(&timesHandled), "Wrong number of handled calls")
+}
+
+func TestDebounce_SingleHandlerInvocation(t *testing.T) {
+	eventsChan := make(chan interface{}, 100)
+	ctx, cancel := context.WithCancel(context.Background())
+	interval := time.Second
+	timesHandled := int32(0)
+	go async.Debounce(ctx, interval, eventsChan, func(event interface{}) {
+		atomic.AddInt32(&timesHandled, 1)
+	})
+	for i := 0; i < 100; i++ {
+		eventsChan <- struct{}{}
+	}
+	// We should expect 100 rapid fire changes to only have caused
+	// 1 handler to trigger after the debouncing period.
+	time.Sleep(interval * 2)
+	assert.Equal(t, int32(1), atomic.LoadInt32(&timesHandled), "Wrong number of handled calls")
+	cancel()
+}
+
+func TestDebounce_MultipleHandlerInvocation(t *testing.T) {
+	eventsChan := make(chan interface{}, 100)
+	ctx, cancel := context.WithCancel(context.Background())
+	interval := time.Second
+	timesHandled := int32(0)
+	go async.Debounce(ctx, interval, eventsChan, func(event interface{}) {
+		atomic.AddInt32(&timesHandled, 1)
+	})
+	for i := 0; i < 100; i++ {
+		eventsChan <- struct{}{}
+	}
+	require.Equal(t, int32(0), atomic.LoadInt32(&timesHandled), "Events must prevent from handler execution")
+
+	// By this time the first event should be triggered.
+	time.Sleep(2 * time.Second)
+	assert.Equal(t, int32(1), atomic.LoadInt32(&timesHandled), "Wrong number of handled calls")
+
+	// Second event.
+	eventsChan <- struct{}{}
+	time.Sleep(2 * time.Second)
+	assert.Equal(t, int32(2), atomic.LoadInt32(&timesHandled), "Wrong number of handled calls")
+
+	cancel()
+}

async/event/BUILD.bazel

@@ -0,0 +1,29 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "feed.go",
+        "subscription.go",
+    ],
+    importpath = "github.com/prysmaticlabs/prysm/v4/async/event",
+    visibility = ["//visibility:public"],
+    deps = ["//time/mclock:go_default_library"],
+)
+
+go_test(
+    name = "go_default_test",
+    size = "small",
+    srcs = [
+        "example_feed_test.go",
+        "example_scope_test.go",
+        "example_subscription_test.go",
+        "feed_test.go",
+        "subscription_test.go",
+    ],
+    embed = [":go_default_library"],
+    deps = [
+        "//testing/assert:go_default_library",
+        "//testing/require:go_default_library",
+    ],
+)

async/event/example_feed_test.go

@@ -19,7 +19,7 @@ package event_test
 import (
 	"fmt"
 
-	"github.com/prysmaticlabs/prysm/shared/event"
+	"github.com/prysmaticlabs/prysm/v4/async/event"
 )
 
 func ExampleFeed_acknowledgedEvents() {

async/event/example_scope_test.go

@@ -20,7 +20,7 @@ import (
 	"fmt"
 	"sync"
 
-	"github.com/prysmaticlabs/prysm/shared/event"
+	"github.com/prysmaticlabs/prysm/v4/async/event"
 )
 
 // This example demonstrates how SubscriptionScope can be used to control the lifetime of

async/event/example_subscription_test.go

@@ -19,7 +19,7 @@ package event_test
 import (
 	"fmt"
 
-	"github.com/prysmaticlabs/prysm/shared/event"
+	"github.com/prysmaticlabs/prysm/v4/async/event"
 )
 
 func ExampleNewSubscription() {

async/event/feed.go

@@ -98,6 +98,11 @@ func (f *Feed) typecheck(typ reflect.Type) bool {
 		f.etype = typ
 		return true
 	}
+	// In the event the feed's type is an actual interface, we
+	// perform an interface conformance check here.
+	if f.etype.Kind() == reflect.Interface && typ.Implements(f.etype) {
+		return true
+	}
 	return f.etype == typ
 }
 
@@ -139,6 +144,7 @@ func (f *Feed) Send(value interface{}) (nsent int) {
 
 	if !f.typecheck(rvalue.Type()) {
 		f.sendLock <- struct{}{}
+		f.mu.Unlock()
 		panic(feedTypeError{op: "Send", got: rvalue.Type(), want: f.etype})
 	}
 	f.mu.Unlock()
@@ -196,6 +202,7 @@ type feedSub struct {
 	err     chan error
 }
 
+// Unsubscribe remove feed subscription.
 func (sub *feedSub) Unsubscribe() {
 	sub.errOnce.Do(func() {
 		sub.feed.remove(sub)
@@ -203,6 +210,7 @@ func (sub *feedSub) Unsubscribe() {
 	})
 }
 
+// Err returns error channel.
 func (sub *feedSub) Err() <-chan error {
 	return sub.err
 }

async/event/feed_test.go

@@ -0,0 +1,509 @@
+// Copyright 2016 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+package event
+
+import (
+	"fmt"
+	"reflect"
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/prysmaticlabs/prysm/v4/testing/assert"
+)
+
+func TestFeedPanics(t *testing.T) {
+	{
+		var f Feed
+		f.Send(2)
+		want := feedTypeError{op: "Send", got: reflect.TypeOf(uint64(0)), want: reflect.TypeOf(0)}
+		assert.NoError(t, checkPanic(want, func() { f.Send(uint64(2)) }))
+		// Validate it doesn't deadlock.
+		assert.NoError(t, checkPanic(want, func() { f.Send(uint64(2)) }))
+	}
+	{
+		var f Feed
+		ch := make(chan int)
+		f.Subscribe(ch)
+		want := feedTypeError{op: "Send", got: reflect.TypeOf(uint64(0)), want: reflect.TypeOf(0)}
+		assert.NoError(t, checkPanic(want, func() { f.Send(uint64(2)) }))
+	}
+	{
+		var f Feed
+		f.Send(2)
+		want := feedTypeError{op: "Subscribe", got: reflect.TypeOf(make(chan uint64)), want: reflect.TypeOf(make(chan<- int))}
+		assert.NoError(t, checkPanic(want, func() { f.Subscribe(make(chan uint64)) }))
+	}
+	{
+		var f Feed
+		assert.NoError(t, checkPanic(errBadChannel, func() { f.Subscribe(make(<-chan int)) }))
+	}
+	{
+		var f Feed
+		assert.NoError(t, checkPanic(errBadChannel, func() { f.Subscribe(0) }))
+	}
+}
+
+func checkPanic(want error, fn func()) (err error) {
+	defer func() {
+		panicResult := recover()
+		if panicResult == nil {
+			err = fmt.Errorf("didn't panic")
+		} else if !reflect.DeepEqual(panicResult, want) {
+			err = fmt.Errorf("panicked with wrong error: got %q, want %q", panicResult, want)
+		}
+	}()
+	fn()
+	return nil
+}
+
+func TestFeed(t *testing.T) {
+	var feed Feed
+	var done, subscribed sync.WaitGroup
+	subscriber := func(i int) {
+		defer done.Done()
+
+		subchan := make(chan int)
+		sub := feed.Subscribe(subchan)
+		timeout := time.NewTimer(2 * time.Second)
+		subscribed.Done()
+
+		select {
+		case v := <-subchan:
+			if v != 1 {
+				t.Errorf("%d: received value %d, want 1", i, v)
+			}
+		case <-timeout.C:
+			t.Errorf("%d: receive timeout", i)
+		}
+
+		sub.Unsubscribe()
+		select {
+		case _, ok := <-sub.Err():
+			if ok {
+				t.Errorf("%d: error channel not closed after unsubscribe", i)
+			}
+		case <-timeout.C:
+			t.Errorf("%d: unsubscribe timeout", i)
+		}
+	}
+
+	const n = 1000
+	done.Add(n)
+	subscribed.Add(n)
+	for i := 0; i < n; i++ {
+		go subscriber(i)
+	}
+	subscribed.Wait()
+	if nsent := feed.Send(1); nsent != n {
+		t.Errorf("first send delivered %d times, want %d", nsent, n)
+	}
+	if nsent := feed.Send(2); nsent != 0 {
+		t.Errorf("second send delivered %d times, want 0", nsent)
+	}
+	done.Wait()
+}
+
+func TestFeedSubscribeSameChannel(t *testing.T) {
+	var (
+		feed Feed
+		done sync.WaitGroup
+		ch   = make(chan int)
+		sub1 = feed.Subscribe(ch)
+		sub2 = feed.Subscribe(ch)
+		_    = feed.Subscribe(ch)
+	)
+	expectSends := func(value, n int) {
+		if nsent := feed.Send(value); nsent != n {
+			t.Errorf("send delivered %d times, want %d", nsent, n)
+		}
+		done.Done()
+	}
+	expectRecv := func(wantValue, n int) {
+		for i := 0; i < n; i++ {
+			if v := <-ch; v != wantValue {
+				t.Errorf("received %d, want %d", v, wantValue)
+			}
+		}
+	}
+
+	done.Add(1)
+	go expectSends(1, 3)
+	expectRecv(1, 3)
+	done.Wait()
+
+	sub1.Unsubscribe()
+
+	done.Add(1)
+	go expectSends(2, 2)
+	expectRecv(2, 2)
+	done.Wait()
+
+	sub2.Unsubscribe()
+
+	done.Add(1)
+	go expectSends(3, 1)
+	expectRecv(3, 1)
+	done.Wait()
+}
+
+func TestFeedSubscribeBlockedPost(_ *testing.T) {
+	var (
+		feed   Feed
+		nsends = 2000
+		ch1    = make(chan int)
+		ch2    = make(chan int)
+		wg     sync.WaitGroup
+	)
+	defer wg.Wait()
+
+	feed.Subscribe(ch1)
+	wg.Add(nsends)
+	for i := 0; i < nsends; i++ {
+		go func() {
+			feed.Send(99)
+			wg.Done()
+		}()
+	}
+
+	sub2 := feed.Subscribe(ch2)
+	defer sub2.Unsubscribe()
+
+	// We're done when ch1 has received N times.
+	// The number of receives on ch2 depends on scheduling.
+	for i := 0; i < nsends; {
+		select {
+		case <-ch1:
+			i++
+		case <-ch2:
+		}
+	}
+}
+
+func TestFeedUnsubscribeBlockedPost(_ *testing.T) {
+	var (
+		feed   Feed
+		nsends = 200
+		chans  = make([]chan int, 2000)
+		subs   = make([]Subscription, len(chans))
+		bchan  = make(chan int)
+		bsub   = feed.Subscribe(bchan)
+		wg     sync.WaitGroup
+	)
+	for i := range chans {
+		chans[i] = make(chan int, nsends)
+	}
+
+	// Queue up some Sends. None of these can make progress while bchan isn't read.
+	wg.Add(nsends)
+	for i := 0; i < nsends; i++ {
+		go func() {
+			feed.Send(99)
+			wg.Done()
+		}()
+	}
+	// Subscribe the other channels.
+	for i, ch := range chans {
+		subs[i] = feed.Subscribe(ch)
+	}
+	// Unsubscribe them again.
+	for _, sub := range subs {
+		sub.Unsubscribe()
+	}
+	// Unblock the Sends.
+	bsub.Unsubscribe()
+	wg.Wait()
+}
+
+// Checks that unsubscribing a channel during Send works even if that
+// channel has already been sent on.
+func TestFeedUnsubscribeSentChan(_ *testing.T) {
+	var (
+		feed Feed
+		ch1  = make(chan int)
+		ch2  = make(chan int)
+		sub1 = feed.Subscribe(ch1)
+		sub2 = feed.Subscribe(ch2)
+		wg   sync.WaitGroup
+	)
+	defer sub2.Unsubscribe()
+
+	wg.Add(1)
+	go func() {
+		feed.Send(0)
+		wg.Done()
+	}()
+
+	// Wait for the value on ch1.
+	<-ch1
+	// Unsubscribe ch1, removing it from the send cases.
+	sub1.Unsubscribe()
+
+	// Receive ch2, finishing Send.
+	<-ch2
+	wg.Wait()
+
+	// Send again. This should send to ch2 only, so the wait group will unblock
+	// as soon as a value is received on ch2.
+	wg.Add(1)
+	go func() {
+		feed.Send(0)
+		wg.Done()
+	}()
+	<-ch2
+	wg.Wait()
+}
+
+func TestFeedUnsubscribeFromInbox(t *testing.T) {
+	var (
+		feed Feed
+		ch1  = make(chan int)
+		ch2  = make(chan int)
+		sub1 = feed.Subscribe(ch1)
+		sub2 = feed.Subscribe(ch1)
+		sub3 = feed.Subscribe(ch2)
+	)
+	assert.Equal(t, 3, len(feed.inbox))
+	assert.Equal(t, 1, len(feed.sendCases), "sendCases is non-empty after unsubscribe")
+
+	sub1.Unsubscribe()
+	sub2.Unsubscribe()
+	sub3.Unsubscribe()
+	assert.Equal(t, 0, len(feed.inbox), "Inbox is non-empty after unsubscribe")
+	assert.Equal(t, 1, len(feed.sendCases), "sendCases is non-empty after unsubscribe")
+}
+
+func BenchmarkFeedSend1000(b *testing.B) {
+	var (
+		done  sync.WaitGroup
+		feed  Feed
+		nsubs = 1000
+	)
+	subscriber := func(ch <-chan int) {
+		for i := 0; i < b.N; i++ {
+			<-ch
+		}
+		done.Done()
+	}
+	done.Add(nsubs)
+	for i := 0; i < nsubs; i++ {
+		ch := make(chan int, 200)
+		feed.Subscribe(ch)
+		go subscriber(ch)
+	}
+
+	// The actual benchmark.
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		if feed.Send(i) != nsubs {
+			panic("wrong number of sends")
+		}
+	}
+
+	b.StopTimer()
+	done.Wait()
+}
+
+func TestFeed_Send(t *testing.T) {
+	tests := []struct {
+		name        string
+		evFeed      *Feed
+		testSetup   func(fd *Feed, t *testing.T, o interface{})
+		obj         interface{}
+		expectPanic bool
+	}{
+		{
+			name:   "normal struct",
+			evFeed: new(Feed),
+			testSetup: func(fd *Feed, t *testing.T, o interface{}) {
+				testChan := make(chan testFeedWithPointer, 1)
+				fd.Subscribe(testChan)
+			},
+			obj: testFeedWithPointer{
+				a: new(uint64),
+				b: new(string),
+			},
+			expectPanic: false,
+		},
+		{
+			name:   "un-implemented interface",
+			evFeed: new(Feed),
+			testSetup: func(fd *Feed, t *testing.T, o interface{}) {
+				testChan := make(chan testFeedIface, 1)
+				fd.Subscribe(testChan)
+			},
+			obj: testFeedWithPointer{
+				a: new(uint64),
+				b: new(string),
+			},
+			expectPanic: true,
+		},
+		{
+			name:   "semi-implemented interface",
+			evFeed: new(Feed),
+			testSetup: func(fd *Feed, t *testing.T, o interface{}) {
+				testChan := make(chan testFeedIface, 1)
+				fd.Subscribe(testChan)
+			},
+			obj: testFeed2{
+				a: 0,
+				b: "",
+				c: []byte{'A'},
+			},
+			expectPanic: true,
+		},
+		{
+			name:   "fully-implemented interface",
+			evFeed: new(Feed),
+			testSetup: func(fd *Feed, t *testing.T, o interface{}) {
+				testChan := make(chan testFeedIface)
+				// Make it unbuffered to allow message to
+				// pass through
+				go func() {
+					a := <-testChan
+					if !reflect.DeepEqual(a, o) {
+						t.Errorf("Got = %v, want = %v", a, o)
+					}
+				}()
+				fd.Subscribe(testChan)
+			},
+			obj: testFeed{
+				a: 0,
+				b: "",
+			},
+			expectPanic: false,
+		},
+		{
+			name:   "fully-implemented interface with additional methods",
+			evFeed: new(Feed),
+			testSetup: func(fd *Feed, t *testing.T, o interface{}) {
+				testChan := make(chan testFeedIface)
+				// Make it unbuffered to allow message to
+				// pass through
+				go func() {
+					a := <-testChan
+					if !reflect.DeepEqual(a, o) {
+						t.Errorf("Got = %v, want = %v", a, o)
+					}
+				}()
+				fd.Subscribe(testChan)
+			},
+			obj: testFeed3{
+				a: 0,
+				b: "",
+				c: []byte{'A'},
+				d: []byte{'B'},
+			},
+			expectPanic: false,
+		},
+		{
+			name:   "concrete types implementing the same interface",
+			evFeed: new(Feed),
+			testSetup: func(fd *Feed, t *testing.T, o interface{}) {
+				testChan := make(chan testFeed, 1)
+				// Make it unbuffered to allow message to
+				// pass through
+				go func() {
+					a := <-testChan
+					if !reflect.DeepEqual(a, o) {
+						t.Errorf("Got = %v, want = %v", a, o)
+					}
+				}()
+				fd.Subscribe(testChan)
+			},
+			obj: testFeed3{
+				a: 0,
+				b: "",
+				c: []byte{'A'},
+				d: []byte{'B'},
+			},
+			expectPanic: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			defer func() {
+				if r := recover(); r != nil {
+					if !tt.expectPanic {
+						t.Errorf("panic triggered when unexpected: %v", r)
+					}
+				} else {
+					if tt.expectPanic {
+						t.Error("panic not triggered when expected")
+					}
+				}
+			}()
+			tt.testSetup(tt.evFeed, t, tt.obj)
+			if gotNsent := tt.evFeed.Send(tt.obj); gotNsent != 1 {
+				t.Errorf("Send() = %v, want %v", gotNsent, 1)
+			}
+		})
+	}
+}
+
+// The following objects below are a collection of different
+// struct types to test with.
+type testFeed struct {
+	a uint64
+	b string
+}
+
+func (testFeed) method1() {
+
+}
+
+func (testFeed) method2() {
+
+}
+
+type testFeedWithPointer struct {
+	a *uint64
+	b *string
+}
+
+type testFeed2 struct {
+	a uint64
+	b string
+	c []byte
+}
+
+func (testFeed2) method1() {
+
+}
+
+type testFeed3 struct {
+	a    uint64
+	b    string
+	c, d []byte
+}
+
+func (testFeed3) method1() {
+
+}
+
+func (testFeed3) method2() {
+
+}
+
+func (testFeed3) method3() {
+
+}
+
+type testFeedIface interface {
+	method1()
+	method2()
+}

async/event/subscription.go

@@ -21,7 +21,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/prysmaticlabs/prysm/shared/mclockutil"
+	"github.com/prysmaticlabs/prysm/v4/time/mclock"
 )
 
 // waitQuotient is divided against the max backoff time, in order to have N requests based on the full
@@ -74,6 +74,7 @@ type funcSub struct {
 	unsubscribed bool
 }
 
+// Unsubscribe unsubscribes from subscription.
 func (s *funcSub) Unsubscribe() {
 	s.mu.Lock()
 	if s.unsubscribed {
@@ -87,6 +88,7 @@ func (s *funcSub) Unsubscribe() {
 	<-s.err
 }
 
+// Err exposes error channel.
 func (s *funcSub) Err() <-chan error {
 	return s.err
 }
@@ -118,10 +120,11 @@ type resubscribeSub struct {
 	err                  chan error
 	unsub                chan struct{}
 	unsubOnce            sync.Once
-	lastTry              mclockutil.AbsTime
+	lastTry              mclock.AbsTime
 	waitTime, backoffMax time.Duration
 }
 
+// Unsubscribe unsubscribes from subscription.
 func (s *resubscribeSub) Unsubscribe() {
 	s.unsubOnce.Do(func() {
 		s.unsub <- struct{}{}
@@ -129,6 +132,7 @@ func (s *resubscribeSub) Unsubscribe() {
 	})
 }
 
+// Err exposes error channel.
 func (s *resubscribeSub) Err() <-chan error {
 	return s.err
 }
@@ -147,11 +151,11 @@ func (s *resubscribeSub) loop() {
 }
 
 func (s *resubscribeSub) subscribe() Subscription {
-	subscribed := make(chan error)
+	subscribed := make(chan error, 1)
 	var sub Subscription
 retry:
 	for {
-		s.lastTry = mclockutil.Now()
+		s.lastTry = mclock.Now()
 		ctx, cancel := context.WithCancel(context.TODO())
 		go func() {
 			rsub, err := s.fn(ctx)
@@ -190,7 +194,7 @@ func (s *resubscribeSub) waitForError(sub Subscription) bool {
 }
 
 func (s *resubscribeSub) backoffWait() bool {
-	if time.Duration(mclockutil.Now()-s.lastTry) > s.backoffMax {
+	if time.Duration(mclock.Now()-s.lastTry) > s.backoffMax {
 		s.waitTime = s.backoffMax / waitQuotient
 	} else {
 		s.waitTime *= 2
@@ -267,6 +271,7 @@ func (sc *SubscriptionScope) Count() int {
 	return len(sc.subs)
 }
 
+// Unsubscribe unsubscribes from subscription.
 func (s *scopeSub) Unsubscribe() {
 	s.s.Unsubscribe()
 	s.sc.mu.Lock()
@@ -274,6 +279,7 @@ func (s *scopeSub) Unsubscribe() {
 	delete(s.sc.subs, s)
 }
 
+// Err exposes error channel.
 func (s *scopeSub) Err() <-chan error {
 	return s.s.Err()
 }

async/event/subscription_test.go

@@ -19,10 +19,11 @@ package event
 import (
 	"context"
 	"errors"
+	"runtime"
 	"testing"
 	"time"
 
-	"github.com/prysmaticlabs/prysm/shared/testutil/require"
+	"github.com/prysmaticlabs/prysm/v4/testing/require"
 )
 
 var errInts = errors.New("error in subscribeInts")
@@ -108,3 +109,18 @@ func TestResubscribeAbort(t *testing.T) {
 	sub.Unsubscribe()
 	require.NoError(t, <-done)
 }
+
+func TestResubscribeNonBlocking(t *testing.T) {
+	done := make(chan struct{})
+	sub := Resubscribe(0, func(ctx context.Context) (Subscription, error) {
+		<-done
+		return nil, nil
+	})
+
+	resub, ok := sub.(*resubscribeSub)
+	require.Equal(t, true, ok)
+	currNum := runtime.NumGoroutine()
+	resub.unsub <- struct{}{}
+	done <- struct{}{}
+	require.Equal(t, currNum-1, runtime.NumGoroutine())
+}

async/every.go

@@ -1,5 +1,5 @@
-// Package runutil includes helpers for scheduling runnable, periodic functions.
-package runutil
+// Package async includes helpers for scheduling runnable, periodic functions and contains useful helpers for converting multi-processor computation.
+package async
 
 import (
 	"context"

async/every_test.go

@@ -0,0 +1,40 @@
+package async_test
+
+import (
+	"context"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/prysmaticlabs/prysm/v4/async"
+)
+
+func TestEveryRuns(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+
+	i := int32(0)
+	async.RunEvery(ctx, 100*time.Millisecond, func() {
+		atomic.AddInt32(&i, 1)
+	})
+
+	// Sleep for a bit and ensure the value has increased.
+	time.Sleep(200 * time.Millisecond)
+
+	if atomic.LoadInt32(&i) == 0 {
+		t.Error("Counter failed to increment with ticker")
+	}
+
+	cancel()
+
+	// Sleep for a bit to let the cancel take place.
+	time.Sleep(100 * time.Millisecond)
+
+	last := atomic.LoadInt32(&i)
+
+	// Sleep for a bit and ensure the value has not increased.
+	time.Sleep(200 * time.Millisecond)
+
+	if atomic.LoadInt32(&i) != last {
+		t.Error("Counter incremented after stop")
+	}
+}

async/multilock.go

@@ -0,0 +1,141 @@
+/*
+Copyright 2017 Albert Tedja
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package async
+
+import (
+	"runtime"
+	"sort"
+)
+
+var locks = struct {
+	lock chan byte
+	list map[string]chan byte
+}{
+	lock: make(chan byte, 1),
+	list: make(map[string]chan byte),
+}
+
+type Lock struct {
+	keys   []string
+	chans  []chan byte
+	lock   chan byte
+	unlock chan byte
+}
+
+func (lk *Lock) Lock() {
+	lk.lock <- 1
+
+	// get the channels and attempt to acquire them
+	lk.chans = make([]chan byte, 0, len(lk.keys))
+	for i := 0; i < len(lk.keys); {
+		ch := getChan(lk.keys[i])
+		_, ok := <-ch
+		if ok {
+			lk.chans = append(lk.chans, ch)
+			i++
+		}
+	}
+
+	lk.unlock <- 1
+}
+
+// Unlock unlocks this lock. Must be called after Lock.
+// Can only be invoked if there is a previous call to Lock.
+func (lk *Lock) Unlock() {
+	<-lk.unlock
+
+	if lk.chans != nil {
+		for _, ch := range lk.chans {
+			ch <- 1
+		}
+		lk.chans = nil
+	}
+	// Clean unused channels after the unlock.
+	Clean()
+	<-lk.lock
+}
+
+// Yield temporarily unlocks, gives up the cpu time to other goroutine, and attempts to lock again.
+func (lk *Lock) Yield() {
+	lk.Unlock()
+	runtime.Gosched()
+	lk.Lock()
+}
+
+// NewMultilock creates a new multilock for the specified keys
+func NewMultilock(locks ...string) *Lock {
+	if len(locks) == 0 {
+		return nil
+	}
+
+	locks = unique(locks)
+	sort.Strings(locks)
+	return &Lock{
+		keys:   locks,
+		lock:   make(chan byte, 1),
+		unlock: make(chan byte, 1),
+	}
+}
+
+// Clean cleans old unused locks. Returns removed keys.
+func Clean() []string {
+	locks.lock <- 1
+	defer func() { <-locks.lock }()
+
+	toDelete := make([]string, 0, len(locks.list))
+	for key, ch := range locks.list {
+		select {
+		case <-ch:
+			close(ch)
+			toDelete = append(toDelete, key)
+		default:
+		}
+	}
+
+	for _, del := range toDelete {
+		delete(locks.list, del)
+	}
+
+	return toDelete
+}
+
+// Create and get the channel for the specified key.
+func getChan(key string) chan byte {
+	locks.lock <- 1
+	defer func() { <-locks.lock }()
+
+	if locks.list[key] == nil {
+		locks.list[key] = make(chan byte, 1)
+		locks.list[key] <- 1
+	}
+	return locks.list[key]
+}
+
+// Return a new string with unique elements.
+func unique(arr []string) []string {
+	if arr == nil || len(arr) <= 1 {
+		return arr
+	}
+
+	found := map[string]bool{}
+	result := make([]string, 0, len(arr))
+	for _, v := range arr {
+		if !found[v] {
+			found[v] = true
+			result = append(result, v)
+		}
+	}
+	return result
+}

async/multilock_test.go

@@ -0,0 +1,343 @@
+/*
+Copyright 2017 Albert Tedja
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package async
+
+import (
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestUnique(t *testing.T) {
+	var arr []string
+	a := assert.New(t)
+
+	arr = []string{"a", "b", "c"}
+	a.Equal(arr, unique(arr))
+
+	arr = []string{"a", "a", "a"}
+	a.Equal([]string{"a"}, unique(arr))
+
+	arr = []string{"a", "a", "b"}
+	a.Equal([]string{"a", "b"}, unique(arr))
+
+	arr = []string{"a", "b", "a"}
+	a.Equal([]string{"a", "b"}, unique(arr))
+
+	arr = []string{"a", "b", "c", "b", "d"}
+	a.Equal([]string{"a", "b", "c", "d"}, unique(arr))
+}
+
+func TestGetChan(t *testing.T) {
+	ch1 := getChan("a")
+	ch2 := getChan("aa")
+	ch3 := getChan("a")
+
+	a := assert.New(t)
+	a.NotEqual(ch1, ch2)
+	a.Equal(ch1, ch3)
+}
+
+func TestLockUnlock(_ *testing.T) {
+	var wg sync.WaitGroup
+
+	wg.Add(5)
+
+	go func() {
+		lock := NewMultilock("dog", "cat", "owl")
+		lock.Lock()
+		defer lock.Unlock()
+
+		<-time.After(100 * time.Millisecond)
+		wg.Done()
+	}()
+
+	go func() {
+		lock := NewMultilock("cat", "dog", "bird")
+		lock.Lock()
+		defer lock.Unlock()
+
+		<-time.After(100 * time.Millisecond)
+		wg.Done()
+	}()
+
+	go func() {
+		lock := NewMultilock("cat", "bird", "owl")
+		lock.Lock()
+		defer lock.Unlock()
+
+		<-time.After(100 * time.Millisecond)
+		wg.Done()
+	}()
+
+	go func() {
+		lock := NewMultilock("bird", "owl", "snake")
+		lock.Lock()
+		defer lock.Unlock()
+
+		<-time.After(100 * time.Millisecond)
+		wg.Done()
+	}()
+
+	go func() {
+		lock := NewMultilock("owl", "snake")
+		lock.Lock()
+		defer lock.Unlock()
+
+		<-time.After(1 * time.Second)
+		wg.Done()
+	}()
+
+	wg.Wait()
+}
+
+func TestLockUnlock_CleansUnused(t *testing.T) {
+	var wg sync.WaitGroup
+	wg.Add(1)
+	go func() {
+		lock := NewMultilock("dog", "cat", "owl")
+		lock.Lock()
+		assert.Equal(t, 3, len(locks.list))
+		lock.Unlock()
+
+		wg.Done()
+	}()
+	wg.Wait()
+	// We expect that unlocking completely cleared the locks list
+	// given all 3 lock keys were unused at time of unlock.
+	assert.Equal(t, 0, len(locks.list))
+}
+
+func TestLockUnlock_DoesNotCleanIfHeldElsewhere(t *testing.T) {
+	var wg sync.WaitGroup
+	wg.Add(2)
+	go func() {
+		lock := NewMultilock("cat")
+		lock.Lock()
+		// We take 200 milliseconds to release the lock on "cat"
+		<-time.After(200 * time.Millisecond)
+		lock.Unlock()
+		// Assert that at the end of this goroutine, all locks are cleared.
+		assert.Equal(t, 0, len(locks.list))
+		wg.Done()
+	}()
+	go func() {
+		lock := NewMultilock("dog", "cat", "owl")
+		lock.Lock()
+		// We release the locks after 100 milliseconds, and check that "cat" is not
+		// cleared as a lock for it is still held by the previous goroutine.
+		<-time.After(100 * time.Millisecond)
+		lock.Unlock()
+		assert.Equal(t, 1, len(locks.list))
+		_, ok := locks.list["cat"]
+		assert.Equal(t, true, ok)
+		wg.Done()
+	}()
+	wg.Wait()
+	// We expect that at the end of this test, all locks are cleared.
+	assert.Equal(t, 0, len(locks.list))
+}
+
+func TestYield(t *testing.T) {
+	var wg sync.WaitGroup
+
+	wg.Add(2)
+	var resources = map[string]int{}
+
+	go func() {
+		lock := NewMultilock("A", "C")
+		lock.Lock()
+		defer lock.Unlock()
+
+		for resources["ac"] == 0 {
+			lock.Yield()
+		}
+		resources["dc"] = 10
+
+		wg.Done()
+	}()
+
+	go func() {
+		lock := NewMultilock("D", "C")
+		lock.Lock()
+		defer lock.Unlock()
+
+		resources["ac"] = 5
+		for resources["dc"] == 0 {
+			lock.Yield()
+		}
+
+		wg.Done()
+	}()
+
+	wg.Wait()
+
+	assert.Equal(t, 5, resources["ac"])
+	assert.Equal(t, 10, resources["dc"])
+}
+
+func TestClean(t *testing.T) {
+	var wg sync.WaitGroup
+
+	wg.Add(3)
+
+	// some goroutine that holds multiple locks
+	go1done := make(chan bool, 1)
+	go func() {
+	Loop:
+		for {
+			select {
+			case <-go1done:
+				break Loop
+			default:
+				lock := NewMultilock("A", "B", "C", "E", "Z")
+				lock.Lock()
+				<-time.After(30 * time.Millisecond)
+				lock.Unlock()
+			}
+		}
+		wg.Done()
+	}()
+
+	// another goroutine
+	go2done := make(chan bool, 1)
+	go func() {
+	Loop:
+		for {
+			select {
+			case <-go2done:
+				break Loop
+			default:
+				lock := NewMultilock("B", "C", "K", "L", "Z")
+				lock.Lock()
+				<-time.After(200 * time.Millisecond)
+				lock.Unlock()
+			}
+		}
+		wg.Done()
+	}()
+
+	// this one cleans up the locks every 100 ms
+	done := make(chan bool, 1)
+	go func() {
+		c := time.Tick(100 * time.Millisecond)
+	Loop:
+		for {
+			select {
+			case <-done:
+				break Loop
+			case <-c:
+				Clean()
+			}
+		}
+		wg.Done()
+	}()
+
+	<-time.After(2 * time.Second)
+	go1done <- true
+	go2done <- true
+	<-time.After(1 * time.Second)
+	done <- true
+	wg.Wait()
+	assert.Equal(t, []string{}, Clean())
+}
+
+func TestBankAccountProblem(t *testing.T) {
+	var wg sync.WaitGroup
+	wg.Add(3)
+
+	joe := 50.0
+	susan := 100.0
+
+	// withdraw $80 from joe, only if balance is sufficient
+	go func() {
+		lock := NewMultilock("joe")
+		lock.Lock()
+		defer lock.Unlock()
+
+		for joe < 80.0 {
+			lock.Yield()
+		}
+		joe -= 80.0
+
+		wg.Done()
+	}()
+
+	// transfer $200 from susan to joe, only if balance is sufficient
+	go func() {
+		lock := NewMultilock("joe", "susan")
+		lock.Lock()
+		defer lock.Unlock()
+
+		for susan < 200.0 {
+			lock.Yield()
+		}
+
+		susan -= 200.0
+		joe += 200.0
+
+		wg.Done()
+	}()
+
+	// susan deposit $300 to cover balance
+	go func() {
+		lock := NewMultilock("susan")
+		lock.Lock()
+		defer lock.Unlock()
+
+		susan += 300.0
+
+		wg.Done()
+	}()
+
+	wg.Wait()
+	assert.Equal(t, 170.0, joe)
+	assert.Equal(t, 200.0, susan)
+}
+
+func TestSyncCondCompatibility(t *testing.T) {
+	var wg sync.WaitGroup
+	wg.Add(2)
+	cond := sync.NewCond(NewMultilock("A", "C"))
+	var testValues = [3]string{"foo", "bar", "fizz!"}
+	sharedRsc := testValues[0]
+
+	go func() {
+		cond.L.Lock()
+		for sharedRsc == testValues[0] {
+			cond.Wait()
+		}
+		sharedRsc = testValues[2]
+		cond.Broadcast()
+		cond.L.Unlock()
+		wg.Done()
+	}()
+
+	go func() {
+		cond.L.Lock()
+		sharedRsc = testValues[1]
+		cond.Broadcast()
+		for sharedRsc == testValues[1] {
+			cond.Wait()
+		}
+		cond.L.Unlock()
+		wg.Done()
+	}()
+
+	wg.Wait()
+	assert.Equal(t, testValues[2], sharedRsc)
+}