@lodestar/state-transition 1.43.0 → 1.44.0-dev.1d0e0b9081

package/src/lightClient/spec/utils.ts

@@ -0,0 +1,317 @@
+import {PublicKey} from "@chainsafe/blst";
+import {BitArray} from "@chainsafe/ssz";
+import {ChainForkConfig} from "@lodestar/config";
+import {
+  BLOCK_BODY_EXECUTION_PAYLOAD_DEPTH as EXECUTION_PAYLOAD_DEPTH,
+  BLOCK_BODY_EXECUTION_PAYLOAD_INDEX as EXECUTION_PAYLOAD_INDEX,
+  FINALIZED_ROOT_DEPTH,
+  FINALIZED_ROOT_DEPTH_ELECTRA,
+  ForkName,
+  ForkSeq,
+  NEXT_SYNC_COMMITTEE_DEPTH,
+  NEXT_SYNC_COMMITTEE_DEPTH_ELECTRA,
+  isForkPostElectra,
+} from "@lodestar/params";
+import {
+  BeaconBlockHeader,
+  LightClientFinalityUpdate,
+  LightClientHeader,
+  LightClientOptimisticUpdate,
+  LightClientUpdate,
+  Slot,
+  SyncCommittee,
+  isElectraLightClientUpdate,
+  ssz,
+} from "@lodestar/types";
+import {byteArrayEquals, verifyMerkleBranch} from "@lodestar/utils";
+import {computeEpochAtSlot, computeSyncPeriodAtSlot} from "../../util/epoch.js";
+import type {LightClientStore, SyncCommitteeFast} from "./store.js";
+
+export const GENESIS_SLOT = 0;
+export const ZERO_HASH = new Uint8Array(32);
+export const ZERO_PUBKEY = new Uint8Array(48);
+export const ZERO_SYNC_COMMITTEE = ssz.altair.SyncCommittee.defaultValue();
+export const ZERO_HEADER = ssz.phase0.BeaconBlockHeader.defaultValue();
+/** From https://notes.ethereum.org/@vbuterin/extended_light_client_protocol#Optimistic-head-determining-function */
+const SAFETY_THRESHOLD_FACTOR = 2;
+
+export function sumBits(bits: BitArray): number {
+  return bits.getTrueBitIndexes().length;
+}
+
+/**
+ * Util to guarantee that all bits have a corresponding pubkey.
+ */
+export function getParticipantPubkeys<T>(pubkeys: T[], bits: BitArray): T[] {
+  // BitArray.intersectValues() checks the length is correct.
+  return bits.intersectValues(pubkeys);
+}
+
+function deserializePubkeys(pubkeys: SyncCommittee["pubkeys"]): PublicKey[] {
+  return pubkeys.map((pk) => PublicKey.fromBytes(pk, true));
+}
+
+function serializePubkeys(pubkeys: PublicKey[]): SyncCommittee["pubkeys"] {
+  return pubkeys.map((pk) => pk.toBytes());
+}
+
+export function deserializeSyncCommittee(syncCommittee: SyncCommittee): SyncCommitteeFast {
+  return {
+    pubkeys: deserializePubkeys(syncCommittee.pubkeys),
+    aggregatePubkey: PublicKey.fromBytes(syncCommittee.aggregatePubkey, true),
+  };
+}
+
+export function serializeSyncCommittee(syncCommittee: SyncCommitteeFast): SyncCommittee {
+  return {
+    pubkeys: serializePubkeys(syncCommittee.pubkeys),
+    aggregatePubkey: syncCommittee.aggregatePubkey.toBytes(),
+  };
+}
+
+export function getSafetyThreshold(maxActiveParticipants: number): number {
+  return Math.floor(maxActiveParticipants / SAFETY_THRESHOLD_FACTOR);
+}
+
+export function getZeroSyncCommitteeBranch(fork: ForkName): Uint8Array[] {
+  const nextSyncCommitteeDepth = isForkPostElectra(fork)
+    ? NEXT_SYNC_COMMITTEE_DEPTH_ELECTRA
+    : NEXT_SYNC_COMMITTEE_DEPTH;
+
+  return Array.from({length: nextSyncCommitteeDepth}, () => ZERO_HASH);
+}
+
+export function getZeroFinalityBranch(fork: ForkName): Uint8Array[] {
+  const finalizedRootDepth = isForkPostElectra(fork) ? FINALIZED_ROOT_DEPTH_ELECTRA : FINALIZED_ROOT_DEPTH;
+
+  return Array.from({length: finalizedRootDepth}, () => ZERO_HASH);
+}
+
+export function isSyncCommitteeUpdate(update: LightClientUpdate): boolean {
+  return (
+    // Fast return for when constructing full LightClientUpdate from partial updates
+    update.nextSyncCommitteeBranch !==
+      getZeroSyncCommitteeBranch(isElectraLightClientUpdate(update) ? ForkName.electra : ForkName.altair) &&
+    update.nextSyncCommitteeBranch.some((branch) => !byteArrayEquals(branch, ZERO_HASH))
+  );
+}
+
+export function isFinalityUpdate(update: LightClientUpdate): boolean {
+  return (
+    // Fast return for when constructing full LightClientUpdate from partial updates
+    update.finalityBranch !==
+      getZeroFinalityBranch(isElectraLightClientUpdate(update) ? ForkName.electra : ForkName.altair) &&
+    update.finalityBranch.some((branch) => !byteArrayEquals(branch, ZERO_HASH))
+  );
+}
+
+export function isZeroedHeader(header: BeaconBlockHeader): boolean {
+  // Fast return for when constructing full LightClientUpdate from partial updates
+  return header === ZERO_HEADER || byteArrayEquals(header.bodyRoot, ZERO_HASH);
+}
+
+export function isZeroedSyncCommittee(syncCommittee: SyncCommittee): boolean {
+  // Fast return for when constructing full LightClientUpdate from partial updates
+  return syncCommittee === ZERO_SYNC_COMMITTEE || byteArrayEquals(syncCommittee.pubkeys[0], ZERO_PUBKEY);
+}
+
+export function isValidMerkleBranch(
+  leaf: Uint8Array,
+  branch: Uint8Array[],
+  depth: number,
+  index: number,
+  root: Uint8Array
+): boolean {
+  if (branch.length !== depth) {
+    return false;
+  }
+
+  return verifyMerkleBranch(leaf, branch, depth, index, root);
+}
+
+export function normalizeMerkleBranch(branch: Uint8Array[], depth: number): Uint8Array[] {
+  const numExtraDepth = depth - branch.length;
+
+  return [...Array.from({length: numExtraDepth}, () => ZERO_HASH), ...branch];
+}
+
+export function upgradeLightClientHeader(
+  config: ChainForkConfig,
+  targetFork: ForkName,
+  header: LightClientHeader
+): LightClientHeader {
+  const headerFork = config.getForkName(header.beacon.slot);
+  if (ForkSeq[headerFork] >= ForkSeq[targetFork]) {
+    throw Error(`Invalid upgrade request from headerFork=${headerFork} to targetFork=${targetFork}`);
+  }
+
+  // We are modifying the same header object, may be we could create a copy, but its
+  // not required as of now
+  const upgradedHeader = header;
+  const startUpgradeFromFork = Object.values(ForkName)[ForkSeq[headerFork] + 1];
+
+  switch (startUpgradeFromFork) {
+    // biome-ignore lint/suspicious/useDefaultSwitchClauseLast: We want default to evaluate at first to throw error early
+    default:
+      throw Error(
+        `Invalid startUpgradeFromFork=${startUpgradeFromFork} for headerFork=${headerFork} in upgradeLightClientHeader to targetFork=${targetFork}`
+      );
+
+    case ForkName.altair:
+    // biome-ignore lint/suspicious/noFallthroughSwitchClause: We need fall-through behavior here
+    case ForkName.bellatrix:
+      // Break if no further upgradation is required else fall through
+      if (ForkSeq[targetFork] <= ForkSeq.bellatrix) break;
+
+    // biome-ignore lint/suspicious/noFallthroughSwitchClause: We need fall-through behavior here
+    case ForkName.capella:
+      (upgradedHeader as LightClientHeader<ForkName.capella>).execution =
+        ssz.capella.LightClientHeader.fields.execution.defaultValue();
+      (upgradedHeader as LightClientHeader<ForkName.capella>).executionBranch =
+        ssz.capella.LightClientHeader.fields.executionBranch.defaultValue();
+
+      // Break if no further upgradation is required else fall through
+      if (ForkSeq[targetFork] <= ForkSeq.capella) break;
+
+    // biome-ignore lint/suspicious/noFallthroughSwitchClause: We need fall-through behavior here
+    case ForkName.deneb:
+      (upgradedHeader as LightClientHeader<ForkName.deneb>).execution.blobGasUsed =
+        ssz.deneb.LightClientHeader.fields.execution.fields.blobGasUsed.defaultValue();
+      (upgradedHeader as LightClientHeader<ForkName.deneb>).execution.excessBlobGas =
+        ssz.deneb.LightClientHeader.fields.execution.fields.excessBlobGas.defaultValue();
+
+      // Break if no further upgradation is required else fall through
+      if (ForkSeq[targetFork] <= ForkSeq.deneb) break;
+
+    // biome-ignore lint/suspicious/noFallthroughSwitchClause: We need fall-through behavior here
+    case ForkName.electra:
+      // No changes to LightClientHeader in Electra
+
+      // Break if no further upgrades is required else fall through
+      if (ForkSeq[targetFork] <= ForkSeq.electra) break;
+
+    // biome-ignore lint/suspicious/noFallthroughSwitchClause: We need fall-through behavior here
+    case ForkName.fulu:
+      // No changes to LightClientHeader in Fulu
+
+      // Break if no further upgrades is required else fall through
+      if (ForkSeq[targetFork] <= ForkSeq.fulu) break;
+
+    case ForkName.gloas:
+      // No changes to LightClientHeader in Gloas
+
+      // Break if no further upgrades is required else fall through
+      if (ForkSeq[targetFork] <= ForkSeq.gloas) break;
+  }
+  return upgradedHeader;
+}
+
+export function isValidLightClientHeader(config: ChainForkConfig, header: LightClientHeader): boolean {
+  const epoch = computeEpochAtSlot(header.beacon.slot);
+
+  if (epoch < config.CAPELLA_FORK_EPOCH) {
+    return (
+      ((header as LightClientHeader<ForkName.capella>).execution === undefined ||
+        ssz.capella.ExecutionPayloadHeader.equals(
+          (header as LightClientHeader<ForkName.capella>).execution,
+          ssz.capella.LightClientHeader.fields.execution.defaultValue()
+        )) &&
+      ((header as LightClientHeader<ForkName.capella>).executionBranch === undefined ||
+        ssz.capella.LightClientHeader.fields.executionBranch.equals(
+          ssz.capella.LightClientHeader.fields.executionBranch.defaultValue(),
+          (header as LightClientHeader<ForkName.capella>).executionBranch
+        ))
+    );
+  }
+
+  if (
+    epoch < config.DENEB_FORK_EPOCH &&
+    (((header as LightClientHeader<ForkName.deneb>).execution.blobGasUsed &&
+      (header as LightClientHeader<ForkName.deneb>).execution.blobGasUsed !== BigInt(0)) ||
+      ((header as LightClientHeader<ForkName.deneb>).execution.excessBlobGas &&
+        (header as LightClientHeader<ForkName.deneb>).execution.excessBlobGas !== BigInt(0)))
+  ) {
+    return false;
+  }
+
+  return isValidMerkleBranch(
+    config
+      .getPostBellatrixForkTypes(header.beacon.slot)
+      .ExecutionPayloadHeader.hashTreeRoot((header as LightClientHeader<ForkName.capella>).execution),
+    (header as LightClientHeader<ForkName.capella>).executionBranch,
+    EXECUTION_PAYLOAD_DEPTH,
+    EXECUTION_PAYLOAD_INDEX,
+    header.beacon.bodyRoot
+  );
+}
+
+export function upgradeLightClientUpdate(
+  config: ChainForkConfig,
+  targetFork: ForkName,
+  update: LightClientUpdate
+): LightClientUpdate {
+  update.attestedHeader = upgradeLightClientHeader(config, targetFork, update.attestedHeader);
+  update.finalizedHeader = upgradeLightClientHeader(config, targetFork, update.finalizedHeader);
+  update.nextSyncCommitteeBranch = normalizeMerkleBranch(
+    update.nextSyncCommitteeBranch,
+    isForkPostElectra(targetFork) ? NEXT_SYNC_COMMITTEE_DEPTH_ELECTRA : NEXT_SYNC_COMMITTEE_DEPTH
+  );
+  update.finalityBranch = normalizeMerkleBranch(
+    update.finalityBranch,
+    isForkPostElectra(targetFork) ? FINALIZED_ROOT_DEPTH_ELECTRA : FINALIZED_ROOT_DEPTH
+  );
+
+  return update;
+}
+
+export function upgradeLightClientFinalityUpdate(
+  config: ChainForkConfig,
+  targetFork: ForkName,
+  finalityUpdate: LightClientFinalityUpdate
+): LightClientFinalityUpdate {
+  finalityUpdate.attestedHeader = upgradeLightClientHeader(config, targetFork, finalityUpdate.attestedHeader);
+  finalityUpdate.finalizedHeader = upgradeLightClientHeader(config, targetFork, finalityUpdate.finalizedHeader);
+  finalityUpdate.finalityBranch = normalizeMerkleBranch(
+    finalityUpdate.finalityBranch,
+    isForkPostElectra(targetFork) ? FINALIZED_ROOT_DEPTH_ELECTRA : FINALIZED_ROOT_DEPTH
+  );
+
+  return finalityUpdate;
+}
+
+export function upgradeLightClientOptimisticUpdate(
+  config: ChainForkConfig,
+  targetFork: ForkName,
+  optimisticUpdate: LightClientOptimisticUpdate
+): LightClientOptimisticUpdate {
+  optimisticUpdate.attestedHeader = upgradeLightClientHeader(config, targetFork, optimisticUpdate.attestedHeader);
+
+  return optimisticUpdate;
+}
+
+/**
+ * Currently this upgradation is not required because all processing is done based on the
+ * summary that the store generates and maintains. In case store needs to be saved to disk,
+ * this could be required depending on the format the store is saved to the disk
+ */
+export function upgradeLightClientStore(
+  config: ChainForkConfig,
+  targetFork: ForkName,
+  store: LightClientStore,
+  signatureSlot: Slot
+): LightClientStore {
+  const updateSignaturePeriod = computeSyncPeriodAtSlot(signatureSlot);
+  const bestValidUpdate = store.bestValidUpdates.get(updateSignaturePeriod);
+
+  if (bestValidUpdate) {
+    store.bestValidUpdates.set(updateSignaturePeriod, {
+      update: upgradeLightClientUpdate(config, targetFork, bestValidUpdate.update),
+      summary: bestValidUpdate.summary,
+    });
+  }
+
+  store.finalizedHeader = upgradeLightClientHeader(config, targetFork, store.finalizedHeader);
+  store.optimisticHeader = upgradeLightClientHeader(config, targetFork, store.optimisticHeader);
+
+  return store;
+}

package/src/lightClient/spec/validateLightClientBootstrap.ts

@@ -0,0 +1,39 @@
+import {ChainForkConfig} from "@lodestar/config";
+import {isForkPostElectra} from "@lodestar/params";
+import {LightClientBootstrap, Root, ssz} from "@lodestar/types";
+import {byteArrayEquals, toHex} from "@lodestar/utils";
+import {isValidLightClientHeader, isValidMerkleBranch} from "./utils.js";
+
+const CURRENT_SYNC_COMMITTEE_INDEX = 22;
+const CURRENT_SYNC_COMMITTEE_DEPTH = 5;
+const CURRENT_SYNC_COMMITTEE_INDEX_ELECTRA = 22;
+const CURRENT_SYNC_COMMITTEE_DEPTH_ELECTRA = 6;
+
+export function validateLightClientBootstrap(
+  config: ChainForkConfig,
+  trustedBlockRoot: Root,
+  bootstrap: LightClientBootstrap
+): void {
+  const headerRoot = ssz.phase0.BeaconBlockHeader.hashTreeRoot(bootstrap.header.beacon);
+  const fork = config.getForkName(bootstrap.header.beacon.slot);
+
+  if (!isValidLightClientHeader(config, bootstrap.header)) {
+    throw Error("Bootstrap Header is not Valid Light Client Header");
+  }
+
+  if (!byteArrayEquals(headerRoot, trustedBlockRoot)) {
+    throw Error(`bootstrap header root ${toHex(headerRoot)} != trusted root ${toHex(trustedBlockRoot)}`);
+  }
+
+  if (
+    !isValidMerkleBranch(
+      ssz.altair.SyncCommittee.hashTreeRoot(bootstrap.currentSyncCommittee),
+      bootstrap.currentSyncCommitteeBranch,
+      isForkPostElectra(fork) ? CURRENT_SYNC_COMMITTEE_DEPTH_ELECTRA : CURRENT_SYNC_COMMITTEE_DEPTH,
+      isForkPostElectra(fork) ? CURRENT_SYNC_COMMITTEE_INDEX_ELECTRA : CURRENT_SYNC_COMMITTEE_INDEX,
+      bootstrap.header.beacon.stateRoot
+    )
+  ) {
+    throw Error("Invalid currentSyncCommittee merkle branch");
+  }
+}

package/src/lightClient/spec/validateLightClientUpdate.ts

@@ -0,0 +1,145 @@
+import {PublicKey, Signature, fastAggregateVerify} from "@chainsafe/blst";
+import {ChainForkConfig} from "@lodestar/config";
+import {
+  DOMAIN_SYNC_COMMITTEE,
+  FINALIZED_ROOT_DEPTH,
+  FINALIZED_ROOT_DEPTH_ELECTRA,
+  FINALIZED_ROOT_INDEX,
+  FINALIZED_ROOT_INDEX_ELECTRA,
+  GENESIS_SLOT,
+  MIN_SYNC_COMMITTEE_PARTICIPANTS,
+  NEXT_SYNC_COMMITTEE_DEPTH,
+  NEXT_SYNC_COMMITTEE_DEPTH_ELECTRA,
+  NEXT_SYNC_COMMITTEE_INDEX,
+  NEXT_SYNC_COMMITTEE_INDEX_ELECTRA,
+} from "@lodestar/params";
+import {LightClientUpdate, Root, isElectraLightClientUpdate, ssz} from "@lodestar/types";
+import type {ILightClientStore, SyncCommitteeFast} from "./store.js";
+import {
+  ZERO_HASH,
+  getParticipantPubkeys,
+  isFinalityUpdate,
+  isSyncCommitteeUpdate,
+  isValidLightClientHeader,
+  isValidMerkleBranch,
+  isZeroedHeader,
+  isZeroedSyncCommittee,
+  sumBits,
+} from "./utils.js";
+
+export function validateLightClientUpdate(
+  config: ChainForkConfig,
+  store: ILightClientStore,
+  update: LightClientUpdate,
+  syncCommittee: SyncCommitteeFast
+): void {
+  // Verify sync committee has sufficient participants
+  if (sumBits(update.syncAggregate.syncCommitteeBits) < MIN_SYNC_COMMITTEE_PARTICIPANTS) {
+    throw Error("Sync committee has not sufficient participants");
+  }
+
+  if (!isValidLightClientHeader(config, update.attestedHeader)) {
+    throw Error("Attested Header is not Valid Light Client Header");
+  }
+
+  // Sanity check that slots are in correct order
+  if (update.signatureSlot <= update.attestedHeader.beacon.slot) {
+    throw Error(
+      `signature slot ${update.signatureSlot} must be after attested header slot ${update.attestedHeader.beacon.slot}`
+    );
+  }
+  if (update.attestedHeader.beacon.slot < update.finalizedHeader.beacon.slot) {
+    throw Error(
+      `attested header slot ${update.signatureSlot} must be after finalized header slot ${update.finalizedHeader.beacon.slot}`
+    );
+  }
+
+  // Verify that the `finality_branch`, if present, confirms `finalized_header`
+  // to match the finalized checkpoint root saved in the state of `attested_header`.
+  // Note that the genesis finalized checkpoint root is represented as a zero hash.
+  if (!isFinalityUpdate(update)) {
+    if (!isZeroedHeader(update.finalizedHeader.beacon)) {
+      throw Error("finalizedHeader must be zero for non-finality update");
+    }
+  } else {
+    let finalizedRoot: Root;
+
+    if (update.finalizedHeader.beacon.slot === GENESIS_SLOT) {
+      if (!isZeroedHeader(update.finalizedHeader.beacon)) {
+        throw Error("finalizedHeader must be zero for not finality update");
+      }
+      finalizedRoot = ZERO_HASH;
+    } else {
+      if (!isValidLightClientHeader(config, update.finalizedHeader)) {
+        throw Error("Finalized Header is not valid Light Client Header");
+      }
+
+      finalizedRoot = ssz.phase0.BeaconBlockHeader.hashTreeRoot(update.finalizedHeader.beacon);
+    }
+
+    if (
+      !isValidMerkleBranch(
+        finalizedRoot,
+        update.finalityBranch,
+        isElectraLightClientUpdate(update) ? FINALIZED_ROOT_DEPTH_ELECTRA : FINALIZED_ROOT_DEPTH,
+        isElectraLightClientUpdate(update) ? FINALIZED_ROOT_INDEX_ELECTRA : FINALIZED_ROOT_INDEX,
+        update.attestedHeader.beacon.stateRoot
+      )
+    ) {
+      throw Error("Invalid finality header merkle branch");
+    }
+  }
+
+  // Verify that the `next_sync_committee`, if present, actually is the next sync committee saved in the
+  // state of the `attested_header`
+  if (!isSyncCommitteeUpdate(update)) {
+    if (!isZeroedSyncCommittee(update.nextSyncCommittee)) {
+      throw Error("nextSyncCommittee must be zero for non sync committee update");
+    }
+  } else {
+    if (
+      !isValidMerkleBranch(
+        ssz.altair.SyncCommittee.hashTreeRoot(update.nextSyncCommittee),
+        update.nextSyncCommitteeBranch,
+        isElectraLightClientUpdate(update) ? NEXT_SYNC_COMMITTEE_DEPTH_ELECTRA : NEXT_SYNC_COMMITTEE_DEPTH,
+        isElectraLightClientUpdate(update) ? NEXT_SYNC_COMMITTEE_INDEX_ELECTRA : NEXT_SYNC_COMMITTEE_INDEX,
+        update.attestedHeader.beacon.stateRoot
+      )
+    ) {
+      throw Error("Invalid next sync committee merkle branch");
+    }
+  }
+
+  // Verify sync committee aggregate signature
+
+  const participantPubkeys = getParticipantPubkeys(syncCommittee.pubkeys, update.syncAggregate.syncCommitteeBits);
+
+  const signingRoot = ssz.phase0.SigningData.hashTreeRoot({
+    objectRoot: ssz.phase0.BeaconBlockHeader.hashTreeRoot(update.attestedHeader.beacon),
+    domain: store.config.getDomain(update.signatureSlot - 1, DOMAIN_SYNC_COMMITTEE),
+  });
+
+  if (!isValidBlsAggregate(participantPubkeys, signingRoot, update.syncAggregate.syncCommitteeSignature)) {
+    throw Error("Invalid aggregate signature");
+  }
+}
+
+/**
+ * Same as BLS.verifyAggregate but with detailed error messages
+ */
+function isValidBlsAggregate(publicKeys: PublicKey[], message: Uint8Array, signature: Uint8Array): boolean {
+  let sig: Signature;
+  try {
+    sig = Signature.fromBytes(signature, true);
+  } catch (e) {
+    (e as Error).message = `Error deserializing signature: ${(e as Error).message}`;
+    throw e;
+  }
+
+  try {
+    return fastAggregateVerify(message, publicKeys, sig);
+  } catch (e) {
+    (e as Error).message = `Error verifying signature: ${(e as Error).message}`;
+    throw e;
+  }
+}

package/src/slot/upgradeStateToGloas.ts

@@ -1,12 +1,12 @@
 import {SLOTS_PER_HISTORICAL_ROOT} from "@lodestar/params";
 import {ssz} from "@lodestar/types";
-import {toHex} from "@lodestar/utils";
-import {isValidDepositSignature} from "../block/processDeposit.js";
+import {toPubkeyHex} from "@lodestar/utils";
 import {applyDepositForBuilder} from "../block/processDepositRequest.js";
 import {getCachedBeaconState} from "../cache/stateCache.js";
 import {CachedBeaconStateFulu, CachedBeaconStateGloas} from "../types.js";
 import {initializePtcWindow, isBuilderWithdrawalCredential} from "../util/gloas.js";
 import {isValidatorKnown} from "../util/index.js";
+import {PendingDepositsLookup} from "../util/pendingDepositsLookup.js";
 
 /**
  * Upgrade a state from Fulu to Gloas.
@@ -48,6 +48,7 @@ export function upgradeStateToGloas(stateFulu: CachedBeaconStateFulu): CachedBea
   stateGloasView.currentSyncCommittee = stateGloasCloned.currentSyncCommittee;
   stateGloasView.nextSyncCommittee = stateGloasCloned.nextSyncCommittee;
   stateGloasView.latestExecutionPayloadBid.blockHash = stateFulu.latestExecutionPayloadHeader.blockHash;
+  stateGloasView.latestExecutionPayloadBid.gasLimit = BigInt(stateFulu.latestExecutionPayloadHeader.gasLimit);
   stateGloasView.latestExecutionPayloadBid.executionRequestsRoot = ssz.electra.ExecutionRequests.hashTreeRoot(
     ssz.electra.ExecutionRequests.defaultValue()
   );
@@ -86,66 +87,63 @@ export function upgradeStateToGloas(stateFulu: CachedBeaconStateFulu): CachedBea
 
 /**
  * Applies any pending deposits for builders to onboard builders during the fork transition
- * Spec: https://github.com/ethereum/consensus-specs/blob/v1.7.0-alpha.2/specs/gloas/fork.md#new-onboard_builders_from_pending_deposits
+ * Spec: https://github.com/ethereum/consensus-specs/blob/v1.7.0-alpha.8/specs/gloas/fork.md#new-onboard_builders_from_pending_deposits
  */
 function onboardBuildersFromPendingDeposits(state: CachedBeaconStateGloas): void {
-  // Track pubkeys of new validators to keep their deposits pending
-  const validatorPubkeys = new Set<string>();
-
   // Track pubkeys of new builders added when applying deposits
   const builderPubkeys = new Set<string>();
 
-  const remainingPendingDeposits = ssz.electra.PendingDeposits.defaultViewDU();
+  const pendingDeposits = ssz.electra.PendingDeposits.defaultViewDU();
+  const pendingDepositsLookup = PendingDepositsLookup.buildEmpty();
+
   for (let i = 0; i < state.pendingDeposits.length; i++) {
     const deposit = state.pendingDeposits.getReadonly(i);
 
     const validatorIndex = state.epochCtx.getValidatorIndex(deposit.pubkey);
-    const pubkeyHex = toHex(deposit.pubkey);
+    const pubkeyHex = toPubkeyHex(deposit.pubkey);
 
-    // Deposits for existing validators stay in pending queue
-    if (isValidatorKnown(state, validatorIndex) || validatorPubkeys.has(pubkeyHex)) {
-      remainingPendingDeposits.push(deposit);
+    // Deposits for existing validators stay in the pending queue
+    if (isValidatorKnown(state, validatorIndex)) {
+      pendingDeposits.push(deposit);
+      pendingDepositsLookup.add(deposit, pubkeyHex);
       continue;
     }
 
-    // If the pubkey is associated with a builder that was created in a previous iteration
-    // or it is a builder deposit, try to apply the deposit to the new/existing builder
-    const isExistingBuilder = builderPubkeys.has(pubkeyHex);
-    const hasBuilderCredentials = isBuilderWithdrawalCredential(deposit.withdrawalCredentials);
-    if (isExistingBuilder || hasBuilderCredentials) {
-      const buildersLenBefore = state.builders.length;
-      applyDepositForBuilder(
-        state,
-        deposit.pubkey,
-        deposit.withdrawalCredentials,
-        deposit.amount,
-        deposit.signature,
-        deposit.slot
-      );
-      // Track newly added builders for subsequent iterations
-      if (!isExistingBuilder && state.builders.length > buildersLenBefore) {
-        builderPubkeys.add(pubkeyHex);
+    // `applyDepositForBuilder` can mutate the state and add a builder to the registry, so
+    // the set of builder pubkeys must be recomputed each iteration. `builderPubkeys` stands
+    // in for the spec's `[b.pubkey for b in state.builders]`: `state.builders` starts empty
+    // at the fork, so every builder is one added in a previous iteration of this loop.
+    if (!builderPubkeys.has(pubkeyHex)) {
+      // Deposits for non-builders stay in the pending queue. If there is a valid pending
+      // deposit for a new validator with this pubkey, keep this deposit in the pending
+      // queue to be applied to that validator later.
+      if (!isBuilderWithdrawalCredential(deposit.withdrawalCredentials)) {
+        pendingDeposits.push(deposit);
+        pendingDepositsLookup.add(deposit, pubkeyHex);
+        continue;
+      }
+      if (pendingDepositsLookup.hasPendingValidator(state.config, pubkeyHex)) {
+        pendingDeposits.push(deposit);
+        pendingDepositsLookup.add(deposit, pubkeyHex);
+        continue;
       }
-      continue;
     }
 
-    // If there is a pending deposit for a new validator that has a valid signature, track the
-    // pubkey so that subsequent builder deposits for the same pubkey stay in pending (applied to
-    // the validator later) rather than creating a builder. Deposits with invalid signatures are
-    // dropped here since they would fail in apply_pending_deposit anyway.
-    if (
-      isValidDepositSignature(
-        state.config,
-        deposit.pubkey,
-        deposit.withdrawalCredentials,
-        deposit.amount,
-        deposit.signature
-      )
-    ) {
-      validatorPubkeys.add(pubkeyHex);
-      remainingPendingDeposits.push(deposit);
+    const buildersLenBefore = state.builders.length;
+    // TODO GLOAS: handle 20k 1ETH deposits on time
+    // there is a note in the spec https://github.com/ethereum/consensus-specs/pull/5227
+    applyDepositForBuilder(
+      state,
+      deposit.pubkey,
+      deposit.withdrawalCredentials,
+      deposit.amount,
+      deposit.signature,
+      deposit.slot
+    );
+    if (state.builders.length > buildersLenBefore) {
+      builderPubkeys.add(pubkeyHex);
     }
   }
 
-  state.pendingDeposits = remainingPendingDeposits;
+  state.pendingDeposits = pendingDeposits;
 }

package/src/stateView/beaconStateView.ts

@@ -423,16 +423,27 @@ export class BeaconStateView implements IBeaconStateViewLatestFork {
     throw new Error(`PTC committees are not available for epoch=${epoch}`);
   }
   /**
-   * Return the index of the validator in the PTC committee for the given slot.
-   * return -1 if validator is not in the PTC committee for the given slot.
+   * Return all positions of the validator in the PTC committee for the given slot.
+   *
+   * `compute_ptc` samples by effective balance and may place the same validator at multiple
+   * positions, so a validator can have more than one index. Returns an empty array if the
+   * validator is not in the PTC for the given slot.
+   *
+   * Spec: gloas/fork-choice.md#new-on_payload_attestation_message
    */
-  getIndexInPayloadTimelinessCommittee(validatorIndex: ValidatorIndex, slot: Slot): number {
+  getIndicesInPayloadTimelinessCommittee(validatorIndex: ValidatorIndex, slot: Slot): number[] {
     if (this.config.getForkSeq(this.cachedState.slot) < ForkSeq.gloas) {
       throw new Error("PTC committees are not supported before Gloas");
     }
 
     const ptcCommittee = (this.cachedState as CachedBeaconStateGloas).epochCtx.getPayloadTimelinessCommittee(slot);
-    return ptcCommittee.indexOf(validatorIndex);
+    const indices: number[] = [];
+    for (let i = 0; i < ptcCommittee.length; i++) {
+      if (ptcCommittee[i] === validatorIndex) {
+        indices.push(i);
+      }
+    }
+    return indices;
   }
 
   // Shuffling and committees

package/src/stateView/interface.ts

@@ -253,7 +253,7 @@ export interface IBeaconStateViewGloas extends IBeaconStateViewFulu {
   getBuilder(index: BuilderIndex): gloas.Builder;
   canBuilderCoverBid(builderIndex: BuilderIndex, bidAmount: number): boolean;
   getEpochPTCs(epoch: Epoch): Uint32Array[];
-  getIndexInPayloadTimelinessCommittee(validatorIndex: ValidatorIndex, slot: Slot): number;
+  getIndicesInPayloadTimelinessCommittee(validatorIndex: ValidatorIndex, slot: Slot): number[];
   /**
    * Clone the state and apply parent execution payload effects.
    * Used during block production and prepareNextSlot so that withdrawals and