diff --git a/beacon_node/beacon_chain/src/payload_envelope_verification/import.rs b/beacon_node/beacon_chain/src/payload_envelope_verification/import.rs index 5e90667a16..7f66f77ff8 100644 --- a/beacon_node/beacon_chain/src/payload_envelope_verification/import.rs +++ b/beacon_node/beacon_chain/src/payload_envelope_verification/import.rs @@ -222,6 +222,14 @@ impl BeaconChain { block_root: Hash256, payload_verification_status: PayloadVerificationStatus, ) -> Result { + // TODO(gloas): optimistic sync is not supported for Gloas. Proto-array only tracks + // `payload_received` as a bool, so an optimistically-imported payload would be treated as + // valid with no way to invalidate it if the EL later rejects it. Reject here (covering both + // the gossip and range-sync paths) until fork choice can track optimistic payload status. + if payload_verification_status.is_optimistic() { + return Err(EnvelopeError::OptimisticSyncNotSupported { block_root }); + } + // Everything in this initial section is on the hot path for processing the envelope. // Take an upgradable read lock on fork choice so we can check if this block has already // been imported. We don't want to repeat work importing a block that is already imported. diff --git a/beacon_node/beacon_chain/src/payload_envelope_verification/mod.rs b/beacon_node/beacon_chain/src/payload_envelope_verification/mod.rs index 41f003a2f8..870969c107 100644 --- a/beacon_node/beacon_chain/src/payload_envelope_verification/mod.rs +++ b/beacon_node/beacon_chain/src/payload_envelope_verification/mod.rs @@ -167,6 +167,13 @@ pub enum EnvelopeError { EnvelopeProcessingError(EnvelopeProcessingError), /// Error verifying the execution payload ExecutionPayloadError(ExecutionPayloadError), + /// Optimistic sync is not supported for Gloas payload envelopes. + /// + /// Proto-array only tracks `payload_received` as a bool, so it cannot represent an + /// optimistically-imported payload that the EL may later invalidate. Until fork choice can + /// track optimistic payload status, we reject optimistic envelopes rather than treat them as + /// valid. + OptimisticSyncNotSupported { block_root: Hash256 }, /// The envelope's beacon block was not present in fork choice at import time. /// /// Unlike [`EnvelopeError::BlockRootUnknown`] (raised during gossip verification, where the @@ -198,6 +205,7 @@ impl EnvelopeError { | EnvelopeError::PriorToFinalization { .. } | EnvelopeError::BeaconChainError(_) | EnvelopeError::BeaconStateError(_) + | EnvelopeError::OptimisticSyncNotSupported { .. } | EnvelopeError::BlockRootNotInForkChoice(_) | EnvelopeError::InternalError(_) => false, }