diff --git a/beacon_node/beacon_chain/src/beacon_chain.rs b/beacon_node/beacon_chain/src/beacon_chain.rs
index 3ce7002095..aa2aebddda 100644
--- a/beacon_node/beacon_chain/src/beacon_chain.rs
+++ b/beacon_node/beacon_chain/src/beacon_chain.rs
@@ -3403,18 +3403,14 @@ impl<T: BeaconChainTypes> BeaconChain<T> {
             )
             .map_err(BlockProductionError::OpPoolError)?;
 
-        let paranoid = false;
-        let ultra_paranoid = true;
-
-        if paranoid {
-            let verify_sigs = if ultra_paranoid {
-                VerifySignatures::True
-            } else {
-                VerifySignatures::False
-            };
+        if self.config.paranoid_block_proposal {
             attestations.retain(|att| {
-                let res =
-                    verify_attestation_for_block_inclusion(&state, att, verify_sigs, &self.spec);
+                let res = verify_attestation_for_block_inclusion(
+                    &state,
+                    att,
+                    VerifySignatures::True,
+                    &self.spec,
+                );
                 if let Err(e) = res {
                     error!(
                         self.log,
@@ -3422,8 +3418,7 @@ impl<T: BeaconChainTypes> BeaconChain<T> {
                         "err" => ?e,
                         "block_slot" => state.slot(),
                     );
-                    panic!("Attempted to include an invalid attestation");
-                    // false
+                    false
                 } else {
                     true
                 }
diff --git a/beacon_node/beacon_chain/src/chain_config.rs b/beacon_node/beacon_chain/src/chain_config.rs
index aa7ff02af1..ba3a0b628c 100644
--- a/beacon_node/beacon_chain/src/chain_config.rs
+++ b/beacon_node/beacon_chain/src/chain_config.rs
@@ -35,6 +35,8 @@ pub struct ChainConfig {
     /// Whether any chain health checks should be considered when deciding whether to use the builder API.
     pub builder_fallback_disable_checks: bool,
     pub count_unrealized: bool,
+    /// Whether to apply paranoid checks to blocks proposed by this beacon node.
+    pub paranoid_block_proposal: bool,
 }
 
 impl Default for ChainConfig {
@@ -52,6 +54,7 @@ impl Default for ChainConfig {
             builder_fallback_epochs_since_finalization: 3,
             builder_fallback_disable_checks: false,
             count_unrealized: true,
+            paranoid_block_proposal: false,
         }
     }
 }
diff --git a/beacon_node/beacon_chain/src/schema_change/migration_schema_v12.rs b/beacon_node/beacon_chain/src/schema_change/migration_schema_v12.rs
index c3cdec2f6e..ab37b457ca 100644
--- a/beacon_node/beacon_chain/src/schema_change/migration_schema_v12.rs
+++ b/beacon_node/beacon_chain/src/schema_change/migration_schema_v12.rs
@@ -23,7 +23,6 @@ pub fn upgrade_to_v12<T: BeaconChainTypes>(
         "count" => v5.attestations_v5.len(),
     );
 
-    // FIXME(sproul): work out whether it's worth trying to carry across the attestations
     let v12 = PersistedOperationPool::V12(PersistedOperationPoolV12 {
         attestations: vec![],
         sync_contributions: v5.sync_contributions,
diff --git a/beacon_node/src/cli.rs b/beacon_node/src/cli.rs
index edf79ad34f..56a4e5f24f 100644
--- a/beacon_node/src/cli.rs
+++ b/beacon_node/src/cli.rs
@@ -714,6 +714,16 @@ pub fn cli_app<'a, 'b>() -> App<'a, 'b> {
                 .default_value("250")
                 .takes_value(true)
         )
+        .arg(
+            Arg::with_name("paranoid-block-proposal")
+                .long("paranoid-block-proposal")
+                .help("Paranoid enough to be reading the source? Nice. This flag reverts some \
+                       block proposal optimisations and forces the node to check every attestation \
+                       it includes super thoroughly. This may be useful in an emergency, but not \
+                       otherwise.")
+                .hidden(true)
+                .takes_value(false)
+        )
         .arg(
             Arg::with_name("builder-fallback-skips")
                 .long("builder-fallback-skips")
diff --git a/beacon_node/src/config.rs b/beacon_node/src/config.rs
index 35d566d76e..a01ed590e6 100644
--- a/beacon_node/src/config.rs
+++ b/beacon_node/src/config.rs
@@ -640,6 +640,8 @@ pub fn get_config<E: EthSpec>(
     client_config.chain.count_unrealized =
         clap_utils::parse_required(cli_args, "count-unrealized")?;
 
+    client_config.chain.paranoid_block_proposal = cli_args.is_present("paranoid-block-proposal");
+
     /*
      * Builder fallback configs.
      */
diff --git a/lighthouse/tests/beacon_node.rs b/lighthouse/tests/beacon_node.rs
index 9d952e5cc5..ff49c1b7a0 100644
--- a/lighthouse/tests/beacon_node.rs
+++ b/lighthouse/tests/beacon_node.rs
@@ -132,6 +132,21 @@ fn fork_choice_before_proposal_timeout_zero() {
         .with_config(|config| assert_eq!(config.chain.fork_choice_before_proposal_timeout_ms, 0));
 }
 
+#[test]
+fn paranoid_block_proposal_default() {
+    CommandLineTest::new()
+        .run_with_zero_port()
+        .with_config(|config| assert!(!config.chain.paranoid_block_proposal));
+}
+
+#[test]
+fn paranoid_block_proposal_on() {
+    CommandLineTest::new()
+        .flag("paranoid-block-proposal", None)
+        .run_with_zero_port()
+        .with_config(|config| assert!(config.chain.paranoid_block_proposal));
+}
+
 #[test]
 fn count_unrealized_default() {
     CommandLineTest::new()