beacon/engine: check for empty requests (#31010 )

According to https://github.com/ethereum/execution-apis/blob/main/src/engine/prague.md#engine_newpayloadv4: > Elements of the list MUST be ordered by request_type in ascending order. Elements with empty request_data MUST be excluded from the list. --------- Co-authored-by: lightclient <14004106+lightclient@users.noreply.github.com>
eth/gasprice: ensure cache purging goroutine terminates with subscription (#31025 )
2025-01-15 11:45:20 -07:00 · 2025-01-14 16:26:24 +01:00 · 2025-01-14 06:42:18 -07:00 · 2025-01-14 14:16:15 +01:00 · 2025-01-14 11:49:30 +01:00 · 2025-01-13 19:35:49 +01:00
877 changed files with 59780 additions and 31573 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -1,22 +1,36 @@
 # Lines starting with '#' are comments.
 # Each line is a file pattern followed by one or more owners.

-accounts/usbwallet              @karalabe
-accounts/scwallet               @gballet
-accounts/abi                    @gballet @MariusVanDerWijden
-cmd/clef                        @holiman
-consensus                       @karalabe
-core/                           @karalabe @holiman @rjl493456442
-eth/                            @karalabe @holiman @rjl493456442
-eth/catalyst/                   @gballet
+accounts/usbwallet/             @gballet
+accounts/scwallet/              @gballet
+accounts/abi/                   @gballet @MariusVanDerWijden
+beacon/engine/                  @MariusVanDerWijden @lightclient @fjl
+beacon/light/                   @zsfelfoldi
+beacon/merkle/                  @zsfelfoldi 
+beacon/types/                   @zsfelfoldi @fjl
+beacon/params/                  @zsfelfoldi @fjl
+cmd/clef/                       @holiman
+cmd/evm/                        @holiman @MariusVanDerWijden @lightclient
+core/state/                     @rjl493456442 @holiman
+crypto/                         @gballet @jwasinger @holiman @fjl
+core/                           @holiman @rjl493456442
+eth/                            @holiman @rjl493456442
+eth/catalyst/                   @MariusVanDerWijden @lightclient @fjl @jwasinger
 eth/tracers/                    @s1na
+ethclient/                      @fjl
+ethdb/                          @rjl493456442
+event/                          @fjl
+trie/                           @rjl493456442
+triedb/                         @rjl493456442
+core/tracing/                   @s1na
 graphql/                        @s1na
-les/                            @zsfelfoldi @rjl493456442
-light/                          @zsfelfoldi @rjl493456442
+internal/ethapi/                @fjl @s1na @lightclient
+internal/era/                   @lightclient
+metrics/                        @holiman
+miner/                          @MariusVanDerWijden @holiman @fjl @rjl493456442
 node/                           @fjl
 p2p/                            @fjl @zsfelfoldi
+rlp/                            @fjl
+params/                         @fjl @holiman @karalabe @gballet @rjl493456442 @zsfelfoldi
 rpc/                            @fjl @holiman
-p2p/simulations                 @fjl
-p2p/protocols                   @fjl
-p2p/testing                     @fjl
 signer/                         @holiman
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@ -11,11 +11,12 @@ jobs:
  build:
    runs-on: self-hosted
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
      - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
        with:
-          go-version: 1.21.4
+          go-version: 1.23.0
+          cache: false
      - name: Run tests
        run: go test -short ./...
        env:
--- a/.gitignore
+++ b/.gitignore
@ -4,16 +4,11 @@
 # or operating system, you probably want to add a global ignore instead:
 #   git config --global core.excludesfile ~/.gitignore_global

-/tmp
 */**/*un~
 */**/*.test
 *un~
 .DS_Store
 */**/.DS_Store
-.ethtest
-*/**/*tx_database*
-*/**/*dapps*
-build/_vendor/pkg

 #*
 .#*
@ -28,25 +23,23 @@ build/_vendor/pkg
 /build/bin/
 /geth*.zip

+# used by the build/ci.go archive + upload tool
+/geth*.tar.gz
+/geth*.tar.gz.sig
+/geth*.tar.gz.asc
+/geth*.zip.sig
+/geth*.zip.asc
+
+
 # travis
 profile.tmp
 profile.cov

 # IdeaIDE
 .idea
+*.iml

 # VS Code
 .vscode

-# dashboard
-/dashboard/assets/flow-typed
-/dashboard/assets/node_modules
-/dashboard/assets/stats.json
-/dashboard/assets/bundle.js
-/dashboard/assets/bundle.js.map
-/dashboard/assets/package-lock.json
-
-**/yarn-error.log
-logs/
-
 tests/spec-tests/
--- a/.golangci.yml
+++ b/.golangci.yml
@ -3,11 +3,6 @@
 run:
  timeout: 20m
  tests: true
-  # default is true. Enables skipping of directories:
-  #   vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
-  skip-dirs-use-default: true
-  skip-files:
-    - core/genesis_alloc.go

 linters:
  disable-all: true
@ -23,9 +18,16 @@ linters:
    - staticcheck
    - bidichk
    - durationcheck
-    - exportloopref
+    - copyloopvar
    - whitespace
-
+    - revive # only certain checks enabled
+    - durationcheck
+    - gocheckcompilerdirectives
+    - reassign
+    - mirror
+    - tenv
+    ### linters we tried and will not be using:
+    ###
    # - structcheck # lots of false positives
    # - errcheck #lot of false positives
    # - contextcheck
@ -38,21 +40,38 @@ linters:
 linters-settings:
  gofmt:
    simplify: true
+  revive:
+    enable-all-rules: false
+    # here we enable specific useful rules
+    # see https://golangci-lint.run/usage/linters/#revive for supported rules
+    rules:
+      - name: receiver-naming
+        severity: warning
+        disabled: false
+        exclude: [""]

 issues:
+  # default is true. Enables skipping of directories:
+  #   vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
+  exclude-dirs-use-default: true
+  exclude-files:
+    - core/genesis_alloc.go
  exclude-rules:
    - path: crypto/bn256/cloudflare/optate.go
      linters:
        - deadcode
        - staticcheck
+    - path: crypto/bn256/
+      linters:
+        - revive
+    - path: cmd/utils/flags.go
+      text: "SA1019: cfg.TxLookupLimit is deprecated: use 'TransactionHistory' instead."
+    - path: cmd/utils/flags.go
+      text: "SA1019: ethconfig.Defaults.TxLookupLimit is deprecated: use 'TransactionHistory' instead."
    - path: internal/build/pgp.go
      text: 'SA1019: "golang.org/x/crypto/openpgp" is deprecated: this package is unmaintained except for security fixes.'
    - path: core/vm/contracts.go
      text: 'SA1019: "golang.org/x/crypto/ripemd160" is deprecated: RIPEMD-160 is a legacy hash and should not be used for new applications.'
-    - path: accounts/usbwallet/trezor.go
-      text: 'SA1019: "github.com/golang/protobuf/proto" is deprecated: Use the "google.golang.org/protobuf/proto" package instead.'
-    - path: accounts/usbwallet/trezor/
-      text: 'SA1019: "github.com/golang/protobuf/proto" is deprecated: Use the "google.golang.org/protobuf/proto" package instead.'
  exclude:
    - 'SA1019: event.TypeMux is deprecated: use Feed'
    - 'SA1019: strings.Title is deprecated'
--- a/.travis.yml
+++ b/.travis.yml
@ -9,14 +9,13 @@ jobs:
        - azure-osx

  include:
-    # These builders create the Docker sub-images for multi-arch push and each
-    # will attempt to push the multi-arch image if they are the last builder
+    # This builder create and push the Docker images for all architectures
    - stage: build
      if: type = push
      os: linux
      arch: amd64
-      dist: bionic
-      go: 1.22.x
+      dist: focal
+      go: 1.23.x
      env:
        - docker
      services:
@ -26,44 +25,27 @@ jobs:
      before_install:
        - export DOCKER_CLI_EXPERIMENTAL=enabled
      script:
-        - go run build/ci.go docker -image -manifest amd64,arm64 -upload ethereum/client-go
-
-    - stage: build
-      if: type = push
-      os: linux
-      arch: arm64
-      dist: bionic
-      go: 1.22.x
-      env:
-        - docker
-      services:
-        - docker
-      git:
-        submodules: false # avoid cloning ethereum/tests
-      before_install:
-        - export DOCKER_CLI_EXPERIMENTAL=enabled
-      script:
-        - go run build/ci.go docker -image -manifest amd64,arm64 -upload ethereum/client-go
+        - go run build/ci.go dockerx -platform "linux/amd64,linux/arm64,linux/riscv64" -upload ethereum/client-go

    # This builder does the Linux Azure uploads
    - stage: build
      if: type = push
      os: linux
-      dist: bionic
+      dist: focal
      sudo: required
-      go: 1.22.x
+      go: 1.23.x
      env:
        - azure-linux
      git:
        submodules: false # avoid cloning ethereum/tests
-      addons:
-        apt:
-          packages:
-            - gcc-multilib
      script:
-        # Build for the primary platforms that Trusty can manage
+        # build amd64
        - go run build/ci.go install -dlgo
        - go run build/ci.go archive -type tar -signer LINUX_SIGNING_KEY -signify SIGNIFY_KEY -upload gethstore/builds
+
+        # build 386
+        - sudo -E apt-get -yq --no-install-suggests --no-install-recommends install gcc-multilib
+        - git status --porcelain
        - go run build/ci.go install -dlgo -arch 386
        - go run build/ci.go archive -arch 386 -type tar -signer LINUX_SIGNING_KEY -signify SIGNIFY_KEY -upload gethstore/builds

@ -85,12 +67,13 @@ jobs:
      if: type = push
      os: osx
      osx_image: xcode14.2
-      go: 1.22.x
+      go: 1.23.1 # See https://github.com/ethereum/go-ethereum/pull/30478
      env:
        - azure-osx
      git:
        submodules: false # avoid cloning ethereum/tests
      script:
+        - ln -sf /Users/travis/gopath/bin/go1.23.1 /usr/local/bin/go # Work around travis go-setup bug
        - go run build/ci.go install -dlgo
        - go run build/ci.go archive -type tar -signer OSX_SIGNING_KEY -signify SIGNIFY_KEY -upload gethstore/builds
        - go run build/ci.go install -dlgo -arch arm64
@ -98,48 +81,34 @@ jobs:

    # These builders run the tests
    - stage: build
+      if: type = push
      os: linux
      arch: amd64
-      dist: bionic
+      dist: focal
+      go: 1.23.x
+      script:
+        - travis_wait 45 go run build/ci.go test $TEST_PACKAGES
+
+    - stage: build
+      if: type = push
+      os: linux
+      dist: focal
      go: 1.22.x
      script:
-        - travis_wait 30 go run build/ci.go test $TEST_PACKAGES
-
-    - stage: build
-      if: type = pull_request
-      os: linux
-      arch: arm64
-      dist: bionic
-      go: 1.21.x
-      script:
-        - travis_wait 30 go run build/ci.go test $TEST_PACKAGES
-
-    - stage: build
-      os: linux
-      dist: bionic
-      go: 1.21.x
-      script:
-        - travis_wait 30 go run build/ci.go test $TEST_PACKAGES
+        - travis_wait 45 go run build/ci.go test $TEST_PACKAGES

    # This builder does the Ubuntu PPA nightly uploads
    - stage: build
      if: type = cron || (type = push && tag ~= /^v[0-9]/)
      os: linux
-      dist: bionic
-      go: 1.22.x
+      dist: focal
+      go: 1.23.x
      env:
        - ubuntu-ppa
      git:
        submodules: false # avoid cloning ethereum/tests
-      addons:
-        apt:
-          packages:
-            - devscripts
-            - debhelper
-            - dput
-            - fakeroot
-            - python-bzrlib
-            - python-paramiko
+      before_install:
+        - sudo -E apt-get -yq --no-install-suggests --no-install-recommends install devscripts debhelper dput fakeroot
      script:
        - echo '|1|7SiYPr9xl3uctzovOTj4gMwAC1M=|t6ReES75Bo/PxlOPJ6/GsGbTrM0= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0aKz5UTUndYgIGG7dQBV+HaeuEZJ2xPHo2DS2iSKvUL4xNMSAY4UguNW+pX56nAQmZKIZZ8MaEvSj6zMEDiq6HFfn5JcTlM80UwlnyKe8B8p7Nk06PPQLrnmQt5fh0HmEcZx+JU9TZsfCHPnX7MNz4ELfZE6cFsclClrKim3BHUIGq//t93DllB+h4O9LHjEUsQ1Sr63irDLSutkLJD6RXchjROXkNirlcNVHH/jwLWR5RcYilNX7S5bIkK8NlWPjsn/8Ua5O7I9/YoE97PpO6i73DTGLh5H9JN/SITwCKBkgSDWUt61uPK3Y11Gty7o2lWsBjhBUm2Y38CBsoGmBw==' >> ~/.ssh/known_hosts
        - go run build/ci.go debsrc -upload ethereum/ethereum -sftp-user geth-ci -signer "Go Ethereum Linux Builder <geth-ci@ethereum.org>"
@ -148,8 +117,8 @@ jobs:
    - stage: build
      if: type = cron
      os: linux
-      dist: bionic
-      go: 1.22.x
+      dist: focal
+      go: 1.23.x
      env:
        - azure-purge
      git:
@ -161,8 +130,9 @@ jobs:
    - stage: build
      if: type = cron
      os: linux
-      dist: bionic
-      go: 1.22.x
+      dist: focal
+      go: 1.23.x
+      env:
+        - racetests
      script:
-        - travis_wait 30 go run build/ci.go test  -race $TEST_PACKAGES
-
+        - travis_wait 60 go run build/ci.go test -race $TEST_PACKAGES
--- a/2
+++ b/2
@ -4,7 +4,7 @@ ARG VERSION=""
 ARG BUILDNUM=""

 # Build Geth in a stock Go builder container
-FROM golang:1.22-alpine as builder
+FROM golang:1.23-alpine AS builder

 RUN apk add --no-cache gcc musl-dev linux-headers git

--- a/Dockerfile.alltools
+++ b/Dockerfile.alltools
@ -4,7 +4,7 @@ ARG VERSION=""
 ARG BUILDNUM=""

 # Build Geth in a stock Go builder container
-FROM golang:1.22-alpine as builder
+FROM golang:1.23-alpine AS builder

 RUN apk add --no-cache gcc musl-dev linux-headers git

@ -14,6 +14,13 @@ COPY go.sum /go-ethereum/
 RUN cd /go-ethereum && go mod download

 ADD . /go-ethereum
+
+# This is not strictly necessary, but it matches the "Dockerfile" steps, thus
+# makes it so that under certain circumstances, the docker layer can be cached,
+# and the builder can jump to the next (build all) command, with the go cache fully loaded.
+#
+RUN cd /go-ethereum && go run build/ci.go install -static ./cmd/geth
+
 RUN cd /go-ethereum && go run build/ci.go install -static

 # Pull all binaries into a second stage deploy alpine container
--- a/26
+++ b/26
@ -2,31 +2,35 @@
 # with Go source code. If you know what GOPATH is then you probably
 # don't need to bother with make.

-.PHONY: geth all test lint clean devtools help
+.PHONY: geth all test lint fmt clean devtools help

 GOBIN = ./build/bin
 GO ?= latest
 GORUN = go run

-#? geth: Build geth
+#? geth: Build geth.
 geth:
 	$(GORUN) build/ci.go install ./cmd/geth
 	@echo "Done building."
 	@echo "Run \"$(GOBIN)/geth\" to launch geth."

-#? all: Build all packages and executables
+#? all: Build all packages and executables.
 all:
 	$(GORUN) build/ci.go install

-#? test: Run the tests
+#? test: Run the tests.
 test: all
 	$(GORUN) build/ci.go test

-#? lint: Run certain pre-selected linters
+#? lint: Run certain pre-selected linters.
 lint: ## Run linters.
 	$(GORUN) build/ci.go lint

-#? clean: Clean go cache, built executables, and the auto generated folder
+#? fmt: Ensure consistent code formatting.
+fmt:
+	gofmt -s -w $(shell find . -name "*.go")
+
+#? clean: Clean go cache, built executables, and the auto generated folder.
 clean:
 	go clean -cache
 	rm -fr build/_workspace/pkg/ $(GOBIN)/*
@ -34,16 +38,20 @@ clean:
 # The devtools target installs tools required for 'go generate'.
 # You need to put $GOBIN (or $GOPATH/bin) in your PATH to use 'go generate'.

-#? devtools: Install recommended developer tools
+#? devtools: Install recommended developer tools.
 devtools:
 	env GOBIN= go install golang.org/x/tools/cmd/stringer@latest
 	env GOBIN= go install github.com/fjl/gencodec@latest
-	env GOBIN= go install github.com/golang/protobuf/protoc-gen-go@latest
+	env GOBIN= go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
 	env GOBIN= go install ./cmd/abigen
 	@type "solc" 2> /dev/null || echo 'Please install solc'
 	@type "protoc" 2> /dev/null || echo 'Please install protoc'

 #? help: Get more info on make commands.
 help: Makefile
-	@echo " Choose a command run in go-ethereum:"
+	@echo ''
+	@echo 'Usage:'
+	@echo '  make [target]'
+	@echo ''
+	@echo 'Targets:'
 	@sed -n 's/^#?//p' $< | column -t -s ':' |  sort | sed -e 's/^/ /'
--- a/README.md
+++ b/README.md
@ -16,7 +16,7 @@ archives are published at https://geth.ethereum.org/downloads/.

 For prerequisites and detailed build instructions please read the [Installation Instructions](https://geth.ethereum.org/docs/getting-started/installing-geth).

-Building `geth` requires both a Go (version 1.21 or later) and a C compiler. You can install
+Building `geth` requires both a Go (version 1.22 or later) and a C compiler. You can install
 them using your favourite package manager. Once the dependencies are installed, run

 ```shell
@ -40,7 +40,6 @@ directory.
 |   `clef`   | Stand-alone signing tool, which can be used as a backend signer for `geth`.                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
 |  `devp2p`  | Utilities to interact with nodes on the networking layer, without running a full blockchain.                                                                                                                                                                                                                                                                                                                                                                                                                                       |
 |  `abigen`  | Source code generator to convert Ethereum contract definitions into easy-to-use, compile-time type-safe Go packages. It operates on plain [Ethereum contract ABIs](https://docs.soliditylang.org/en/develop/abi-spec.html) with expanded functionality if the contract bytecode is also available. However, it also accepts Solidity source files, making development much more streamlined. Please see our [Native DApps](https://geth.ethereum.org/docs/developers/dapp-developer/native-bindings) page for details.                                  |
-| `bootnode` | Stripped down version of our Ethereum client implementation that only takes part in the network node discovery protocol, but does not run any of the higher level application protocols. It can be used as a lightweight bootstrap node to aid in finding peers in private networks.                                                                                                                                                                                                                                               |
 |   `evm`    | Developer utility version of the EVM (Ethereum Virtual Machine) that is capable of running bytecode snippets within a configurable environment and execution mode. Its purpose is to allow isolated, fine-grained debugging of EVM opcodes (e.g. `evm --code 60ff60ff --debug run`).                                                                                                                                                                                                                                               |
 | `rlpdump`  | Developer utility tool to convert binary RLP ([Recursive Length Prefix](https://ethereum.org/en/developers/docs/data-structures-and-encoding/rlp)) dumps (data encoding used by the Ethereum protocol both network as well as consensus wise) to user-friendlier hierarchical representation (e.g. `rlpdump --hex CE0183FFFFFFC4C304050583616263`).                                                                                                                                                                                |

@ -55,14 +54,14 @@ on how you can run your own `geth` instance.

 Minimum:

-* CPU with 2+ cores
-* 4GB RAM
+* CPU with 4+ cores
+* 8GB RAM
 * 1TB free storage space to sync the Mainnet
 * 8 MBit/sec download Internet service

 Recommended:

-* Fast CPU with 4+ cores
+* Fast CPU with 8+ cores
 * 16GB+ RAM
 * High-performance SSD with at least 1TB of free space
 * 25+ MBit/sec download Internet service
@ -89,7 +88,7 @@ This command will:
   This tool is optional and if you leave it out you can always attach it to an already running
   `geth` instance with `geth attach`.

-### A Full node on the Görli test network
+### A Full node on the Holesky test network

 Transitioning towards developers, if you'd like to play around with creating Ethereum
 contracts, you almost certainly would like to do that without any real money involved until
@ -98,23 +97,23 @@ network, you want to join the **test** network with your node, which is fully eq
 the main network, but with play-Ether only.

 ```shell
-$ geth --goerli console
+$ geth --holesky console
 ```

 The `console` subcommand has the same meaning as above and is equally
 useful on the testnet too.

-Specifying the `--goerli` flag, however, will reconfigure your `geth` instance a bit:
+Specifying the `--holesky` flag, however, will reconfigure your `geth` instance a bit:

- * Instead of connecting to the main Ethereum network, the client will connect to the Görli
+ * Instead of connecting to the main Ethereum network, the client will connect to the Holesky 
   test network, which uses different P2P bootnodes, different network IDs and genesis
   states.
 * Instead of using the default data directory (`~/.ethereum` on Linux for example), `geth`
-   will nest itself one level deeper into a `goerli` subfolder (`~/.ethereum/goerli` on
+   will nest itself one level deeper into a `holesky` subfolder (`~/.ethereum/holesky` on
   Linux). Note, on OSX and Linux this also means that attaching to a running testnet node
   requires the use of a custom endpoint since `geth attach` will try to attach to a
   production node endpoint by default, e.g.,
-   `geth attach <datadir>/goerli/geth.ipc`. Windows users are not affected by
+   `geth attach <datadir>/holesky/geth.ipc`. Windows users are not affected by
   this.

 *Note: Although some internal protective measures prevent transactions from
@ -139,8 +138,6 @@ export your existing configuration:
 $ geth --your-favourite-flags dumpconfig
 ```

-*Note: This works only with `geth` v1.6.0 and above.*
-
 #### Docker quick start

 One of the quickest ways to get Ethereum up and running on your machine is by using
@ -188,7 +185,6 @@ HTTP based JSON-RPC API options:
  * `--ws.api` API's offered over the WS-RPC interface (default: `eth,net,web3`)
  * `--ws.origins` Origins from which to accept WebSocket requests
  * `--ipcdisable` Disable the IPC-RPC server
-  * `--ipcapi` API's offered over the IPC-RPC interface (default: `admin,debug,eth,miner,net,personal,txpool,web3`)
  * `--ipcpath` Filename for IPC socket/pipe within the datadir (explicit paths escape it)

 You'll need to use your own programming environments' capabilities (libraries, tools, etc) to
@ -207,113 +203,14 @@ APIs!**
 Maintaining your own private network is more involved as a lot of configurations taken for
 granted in the official networks need to be manually set up.

-#### Defining the private genesis state
+Unfortunately since [the Merge](https://ethereum.org/en/roadmap/merge/) it is no longer possible
+to easily set up a network of geth nodes without also setting up a corresponding beacon chain.

-First, you'll need to create the genesis state of your networks, which all nodes need to be
-aware of and agree upon. This consists of a small JSON file (e.g. call it `genesis.json`):
+There are three different solutions depending on your use case:

-```json
-{
-  "config": {
-    "chainId": <arbitrary positive integer>,
-    "homesteadBlock": 0,
-    "eip150Block": 0,
-    "eip155Block": 0,
-    "eip158Block": 0,
-    "byzantiumBlock": 0,
-    "constantinopleBlock": 0,
-    "petersburgBlock": 0,
-    "istanbulBlock": 0,
-    "berlinBlock": 0,
-    "londonBlock": 0
-  },
-  "alloc": {},
-  "coinbase": "0x0000000000000000000000000000000000000000",
-  "difficulty": "0x20000",
-  "extraData": "",
-  "gasLimit": "0x2fefd8",
-  "nonce": "0x0000000000000042",
-  "mixhash": "0x0000000000000000000000000000000000000000000000000000000000000000",
-  "parentHash": "0x0000000000000000000000000000000000000000000000000000000000000000",
-  "timestamp": "0x00"
-}
-```
-
-The above fields should be fine for most purposes, although we'd recommend changing
-the `nonce` to some random value so you prevent unknown remote nodes from being able
-to connect to you. If you'd like to pre-fund some accounts for easier testing, create
-the accounts and populate the `alloc` field with their addresses.
-
-```json
-"alloc": {
-  "0x0000000000000000000000000000000000000001": {
-    "balance": "111111111"
-  },
-  "0x0000000000000000000000000000000000000002": {
-    "balance": "222222222"
-  }
-}
-```
-
-With the genesis state defined in the above JSON file, you'll need to initialize **every**
-`geth` node with it prior to starting it up to ensure all blockchain parameters are correctly
-set:
-
-```shell
-$ geth init path/to/genesis.json
-```
-
-#### Creating the rendezvous point
-
-With all nodes that you want to run initialized to the desired genesis state, you'll need to
-start a bootstrap node that others can use to find each other in your network and/or over
-the internet. The clean way is to configure and run a dedicated bootnode:
-
-```shell
-$ bootnode --genkey=boot.key
-$ bootnode --nodekey=boot.key
-```
-
-With the bootnode online, it will display an [`enode` URL](https://ethereum.org/en/developers/docs/networking-layer/network-addresses/#enode)
-that other nodes can use to connect to it and exchange peer information. Make sure to
-replace the displayed IP address information (most probably `[::]`) with your externally
-accessible IP to get the actual `enode` URL.
-
-*Note: You could also use a full-fledged `geth` node as a bootnode, but it's the less
-recommended way.*
-
-#### Starting up your member nodes
-
-With the bootnode operational and externally reachable (you can try
-`telnet <ip> <port>` to ensure it's indeed reachable), start every subsequent `geth`
-node pointed to the bootnode for peer discovery via the `--bootnodes` flag. It will
-probably also be desirable to keep the data directory of your private network separated, so
-do also specify a custom `--datadir` flag.
-
-```shell
-$ geth --datadir=path/to/custom/data/folder --bootnodes=<bootnode-enode-url-from-above>
-```
-
-*Note: Since your network will be completely cut off from the main and test networks, you'll
-also need to configure a miner to process transactions and create new blocks for you.*
-
-#### Running a private miner
-
-
-In a private network setting a single CPU miner instance is more than enough for
-practical purposes as it can produce a stable stream of blocks at the correct intervals
-without needing heavy resources (consider running on a single thread, no need for multiple
-ones either). To start a `geth` instance for mining, run it with all your usual flags, extended
-by:
-
-```shell
-$ geth <usual-flags> --mine --miner.threads=1 --miner.etherbase=0x0000000000000000000000000000000000000000
-```
-
-Which will start mining blocks and transactions on a single CPU thread, crediting all
-proceedings to the account specified by `--miner.etherbase`. You can further tune the mining
-by changing the default gas limit blocks converge to (`--miner.targetgaslimit`) and the price
-transactions are accepted at (`--miner.gasprice`).
+  * If you are looking for a simple way to test smart contracts from go in your CI, you can use the [Simulated Backend](https://geth.ethereum.org/docs/developers/dapp-developer/native-bindings#blockchain-simulator).
+  * If you want a convenient single node environment for testing, you can use our [Dev Mode](https://geth.ethereum.org/docs/developers/dapp-developer/dev-mode).
+  * If you are looking for a multiple node test network, you can set one up quite easily with [Kurtosis](https://geth.ethereum.org/docs/fundamentals/kurtosis).

 ## Contribution

--- a/SECURITY.md
+++ b/SECURITY.md
@ -29,147 +29,69 @@ Fingerprint: `AE96 ED96 9E47 9B00 84F3 E17F E88D 3334 FA5F 6A0A`

 ```
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: SKS 1.1.6
-Comment: Hostname: pgp.mit.edu

-mQINBFgl3tgBEAC8A1tUBkD9YV+eLrOmtgy+/JS/H9RoZvkg3K1WZ8IYfj6iIRaYneAk3Bp1
-82GUPVz/zhKr2g0tMXIScDR3EnaDsY+Qg+JqQl8NOG+Cikr1nnkG2on9L8c8yiqry1ZTCmYM
-qCa2acTFqnyuXJ482aZNtB4QG2BpzfhW4k8YThpegk/EoRUim+y7buJDtoNf7YILlhDQXN8q
-lHB02DWOVUihph9tUIFsPK6BvTr9SIr/eG6j6k0bfUo9pexOn7LS4SojoJmsm/5dp6AoKlac
-48cZU5zwR9AYcq/nvkrfmf2WkObg/xRdEvKZzn05jRopmAIwmoC3CiLmqCHPmT5a29vEob/y
-PFE335k+ujjZCPOu7OwjzDk7M0zMSfnNfDq8bXh16nn+ueBxJ0NzgD1oC6c2PhM+XRQCXCho
-yI8vbfp4dGvCvYqvQAE1bWjqnumZ/7vUPgZN6gDfiAzG2mUxC2SeFBhacgzDvtQls+uuvm+F
-nQOUgg2Hh8x2zgoZ7kqV29wjaUPFREuew7e+Th5BxielnzOfVycVXeSuvvIn6cd3g/s8mX1c
-2kLSXJR7+KdWDrIrR5Az0kwAqFZt6B6QTlDrPswu3mxsm5TzMbny0PsbL/HBM+GZEZCjMXxB
-8bqV2eSaktjnSlUNX1VXxyOxXA+ZG2jwpr51egi57riVRXokrQARAQABtDRFdGhlcmV1bSBG
-b3VuZGF0aW9uIEJ1ZyBCb3VudHkgPGJvdW50eUBldGhlcmV1bS5vcmc+iQIcBBEBCAAGBQJa
-FCY6AAoJEHoMA3Q0/nfveH8P+gJBPo9BXZL8isUfbUWjwLi81Yi70hZqIJUnz64SWTqBzg5b
-mCZ69Ji5637THsxQetS2ARabz0DybQ779FhD/IWnqV9T3KuBM/9RzJtuhLzKCyMrAINPMo28
-rKWdunHHarpuR4m3tL2zWJkle5QVYb+vkZXJJE98PJw+N4IYeKKeCs2ubeqZu636GA0sMzzB
-Jn3m/dRRA2va+/zzbr6F6b51ynzbMxWKTsJnstjC8gs8EeI+Zcd6otSyelLtCUkk3h5sTvpV
-Wv67BNSU0BYsMkxyFi9PUyy07Wixgeas89K5jG1oOtDva/FkpRHrTE/WA5OXDRcLrHJM+SwD
-CwqcLQqJd09NxwUW1iKeBmPptTiOGu1Gv2o7aEyoaWrHRBO7JuYrQrj6q2B3H1Je0zjAd2qt
-09ni2bLwLn4LA+VDpprNTO+eZDprv09s2oFSU6NwziHybovu0y7X4pADGkK2evOM7c86PohX
-QRQ1M1T16xLj6wP8/Ykwl6v/LUk7iDPXP3GPILnh4YOkwBR3DsCOPn8098xy7FxEELmupRzt
-Cj9oC7YAoweeShgUjBPzb+nGY1m6OcFfbUPBgFyMMfwF6joHbiVIO+39+Ut2g2ysZa7KF+yp
-XqVDqyEkYXsOLb25OC7brt8IJEPgBPwcHK5GNag6RfLxnQV+iVZ9KNH1yQgSiQI+BBMBAgAo
-AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCWglh+gUJBaNgWAAKCRDojTM0+l9qCgQ2
-D/4udJpV4zGIZW1yNaVvtd3vfKsTLi7GIRJLUBqVb2Yx/uhnN8jTl/tAhCVosCQ1pzvi9kMl
-s8qO1vu2kw5EWFFkwK96roI8pTql3VIjwhRVQrCkR7oAk/eUd1U/nt2q6J4UTYeVgqbq4dsI
-ZZTRyPJMD667YpuAIcaah+w9j/E5xksYQdMeprnDrQkkBCb4FIMqfDzBPKvEa8DcQr949K85
-kxhr6LDq9i5l4Egxt2JdH8DaR4GLca6+oHy0MyPs/bZOsfmZUObfM2oZgPpqYM96JanhzO1j
-dpnItyBii2pc+kNx5nMOf4eikE/MBv+WUJ0TttWzApGGmFUzDhtuEvRH9NBjtJ/pMrYspIGu
-O/QNY5KKOKQTvVIlwGcm8dTsSkqtBDSUwZyWbfKfKOI1/RhM9dC3gj5/BOY57DYYV4rdTK01
-ZtYjuhdfs2bhuP1uF/cgnSSZlv8azvf7Egh7tHPnYxvLjfq1bJAhCIX0hNg0a81/ndPAEFky
-fSko+JPKvdSvsUcSi2QQ4U2HX//jNBjXRfG4F0utgbJnhXzEckz6gqt7wSDZH2oddVuO8Ssc
-T7sK+CdXthSKnRyuI+sGUpG+6glpKWIfYkWFKNZWuQ+YUatY3QEDHXTIioycSmV8p4d/g/0S
-V6TegidLxY8bXMkbqz+3n6FArRffv5MH7qt3cYkCPgQTAQIAKAUCWCXhOwIbAwUJAeEzgAYL
-CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ6I0zNPpfagrN/w/+Igp3vtYdNunikw3yHnYf
-Jkm0MmaMDUM9mtsaXVN6xb9n25N3Xa3GWCpmdsbYZ8334tI/oQ4/NHq/bEI5WFH5F1aFkMkm
-5AJVLuUkipCtmCZ5NkbRPJA9l0uNUUE6uuFXBhf4ddu7jb0jMetRF/kifJHVCCo5fISUNhLp
-7bwcWq9qgDQNZNYMOo4s9WX5Tl+5x4gTZdd2/cAYt49h/wnkw+huM+Jm0GojpLqIQ1jZiffm
-otf5rF4L+JhIIdW0W4IIh1v9BhHVllXw+z9oj0PALstT5h8/DuKoIiirFJ4DejU85GR1KKAS
-DeO19G/lSpWj1rSgFv2N2gAOxq0X+BbQTua2jdcY6JpHR4H1JJ2wzfHsHPgDQcgY1rGlmjVF
-aqU73WV4/hzXc/HshK/k4Zd8uD4zypv6rFsZ3UemK0aL2zXLVpV8SPWQ61nS03x675SmDlYr
-A80ENfdqvsn00JQuBVIv4Tv0Ub7NfDraDGJCst8rObjBT/0vnBWTBCebb2EsnS2iStIFkWdz
-/WXs4L4Yzre1iJwqRjiuqahZR5jHsjAUf2a0O29HVHE7zlFtCFmLPClml2lGQfQOpm5klGZF
-rmvus+qZ9rt35UgWHPZezykkwtWrFOwspwuCWaPDto6tgbRJZ4ftitpdYYM3dKW9IGJXBwrt
-BQrMsu+lp0vDF+yJAlUEEwEIAD8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEErpbt
-lp5HmwCE8+F/6I0zNPpfagoFAmEAEJwFCQycmLgACgkQ6I0zNPpfagpWoBAAhOcbMAUw6Zt0
-GYzT3sR5/c0iatezPzXEXJf9ebzR8M5uPElXcxcnMx1dvXZmGPXPJKCPa99WCu1NZYy8F+Wj
-GTOY9tfIkvSxhys1p/giPAmvid6uQmD+bz7ivktnyzCkDWfMA+l8lsCSEqVlaq6y5T+a6SWB
-6TzC2S0MPb/RrC/7DpwyrNYWumvyVJh09adm1Mw/UGgst/sZ8eMaRYEd3X0yyT1CBpX4zp2E
-qQj9IEOTizvzv1x2jkHe5ZUeU3+nTBNlhSA+WFHUi0pfBdo2qog3Mv2EC1P2qMKoSdD5tPbA
-zql1yKoHHnXOMsqdftGwbiv2sYXWvrYvmaCd3Ys/viOyt3HOy9uV2ZEtBd9Yqo9x/NZj8QMA
-nY5k8jjrIXbUC89MqrJsQ6xxWQIg5ikMT7DvY0Ln89ev4oJyVvwIQAwCm4jUzFNm9bZLYDOP
-5lGJCV7tF5NYVU7NxNM8vescKc40mVNK/pygS5mxhK9QYOUjZsIv8gddrl1TkqrFMuxFnTyN
-WvzE29wFu/n4N1DkF+ZBqS70SlRvB+Hjz5LrDgEzF1Wf1eA/wq1dZbvMjjDVIc2VGlYp8Cp2
-8ob23c1seTtYXTNYgSR5go4EpH+xi+bIWv01bQQ9xGwBbT5sm4WUeWOcmX4QewzLZ3T/wK9+
-N4Ye/hmU9O34FwWJOY58EIe0OUV0aGVyZXVtIEZvdW5kYXRpb24gU2VjdXJpdHkgVGVhbSA8
-c2VjdXJpdHlAZXRoZXJldW0ub3JnPokCHAQRAQgABgUCWhQmOgAKCRB6DAN0NP5372LSEACT
-wZk1TASWZj5QF7rmkIM1GEyBxLE+PundNcMgM9Ktj1315ED8SmiukNI4knVS1MY99OIgXhQl
-D1foF2GKdTomrwwC4012zTNyUYCY60LnPZ6Z511HG+rZgZtZrbkz0IiUpwAlhGQND77lBqem
-J3K+CFX2XpDA/ojui/kqrY4cwMT5P8xPJkwgpRgw/jgdcZyJTsXdHblV9IGU4H1Vd1SgcfAf
-Db3YxDUlBtzlp0NkZqxen8irLIXUQvsfuIfRUbUSkWoK/n3U/gOCajAe8ZNF07iX4OWjH4Sw
-NDA841WhFWcGE+d8+pfMVfPASU3UPKH72uw86b2VgR46Av6voyMFd1pj+yCA+YAhJuOpV4yL
-QaGg2Z0kVOjuNWK/kBzp1F58DWGh4YBatbhE/UyQOqAAtR7lNf0M3QF9AdrHTxX8oZeqVW3V
-Fmi2mk0NwCIUv8SSrZr1dTchp04OtyXe5gZBXSfzncCSRQIUDC8OgNWaOzAaUmK299v4bvye
-uSCxOysxC7Q1hZtjzFPKdljS81mRlYeUL4fHlJU9R57bg8mriSXLmn7eKrSEDm/EG5T8nRx7
-TgX2MqJs8sWFxD2+bboVEu75yuFmZ//nmCBApAit9Hr2/sCshGIEpa9MQ6xJCYUxyqeJH+Cc
-Aja0UfXhnK2uvPClpJLIl4RE3gm4OXeE1IkCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYC
-AwECHgECF4AFAloJYfoFCQWjYFgACgkQ6I0zNPpfagr4MQ//cfp3GSbSG8dkqgctW67Fy7cQ
-diiTmx3cwxY+tlI3yrNmdjtrIQMzGdqtY6LNz7aN87F8mXNf+DyVHX9+wd1Y8U+E+hVCTzKC
-sefUfxTz6unD9TTcGqaoelgIPMn4IiKz1RZE6eKpfDWe6q78W1Y6x1bE0qGNSjqT/QSxpezF
-E/OAm/t8RRxVxDtqz8LfH2zLea5zaC+ADj8EqgY9vX9TQa4DyVV8MgOyECCCadJQCD5O5hIA
-B2gVDWwrAUw+KBwskXZ7Iq4reJTKLEmt5z9zgtJ/fABwaCFt66ojwg0/RjbO9cNA3ZwHLGwU
-C6hkb6bRzIoZoMfYxVS84opiqf/Teq+t/XkBYCxbSXTJDA5MKjcVuw3N6YKWbkGP/EfQThe7
-BfAKFwwIw5YmsWjHK8IQj6R6hBxzTz9rz8y1Lu8EAAFfA7OJKaboI2qbOlauH98OuOUmVtr1
-TczHO+pTcgWVN0ytq2/pX5KBf4vbmULNbg3HFRq+gHx8CW+jyXGkcqjbgU/5FwtDxeqRTdGJ
-SyBGNBEU6pBNolyynyaKaaJjJ/biY27pvjymL5rlz95BH3Dn16Z4RRmqwlT6eq/wFYginujg
-CCE1icqOSE+Vjl7V8tV8AcgANkXKdbBE+Q8wlKsGI/kS1w4XFAYcaNHFT8qNeS8TSFXFhvU8
-HylYxO79t56JAj4EEwECACgFAlgl3tgCGwMFCQHhM4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
-AheAAAoJEOiNMzT6X2oKmUMP/0hnaL6bVyepAq2LIdvIUbHfagt/Oo/KVfZs4bkM+xJOitJR
-0kwZV9PTihXFdzhL/YNWc2+LtEBtKItqkJZKmWC0E6OPXGVuU6hfFPebuzVccYJfm0Q3Ej19
-VJI9Uomf59Bpak8HYyEED7WVQjoYn7XVPsonwus/9+LDX+c5vutbrUdbjga3KjHbewD93X4O
-wVVoXyHEmU2Plyg8qvzFbNDylCWO7N2McO6SN6+7DitGZGr2+jO+P2R4RT1cnl2V3IRVcWZ0
-OTspPSnRGVr2fFiHN/+v8G/wHPLQcJZFvYPfUGNdcYbTmhWdiY0bEYXFiNrgzCCsyad7eKUR
-WN9QmxqmyqLDjUEDJCAh19ES6Vg3tqGwXk+uNUCoF30ga0TxQt6UXZJDEQFAGeASQ/RqE/q1
-EAuLv8IGM8o7IqKO2pWfLuqsY6dTbKBwDzz9YOJt7EOGuPPQbHxaYStTushZmJnm7hi8lhVG
-jT7qsEJdE95Il+I/mHWnXsCevaXjZugBiyV9yvOq4Hwwe2s1zKfrnQ4u0cadvGAh2eIqum7M
-Y3o6nD47aJ3YmEPX/WnhI56bACa2GmWvUwjI4c0/er3esSPYnuHnM9L8Am4qQwMVSmyU80tC
-MI7A9e13Mvv+RRkYFLJ7PVPdNpbW5jqX1doklFpKf6/XM+B+ngYneU+zgCUBiQJVBBMBCAA/
-AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBK6W7ZaeR5sAhPPhf+iNMzT6X2oKBQJh
-ABCQBQkMnJi4AAoJEOiNMzT6X2oKAv0P+gJ3twBp5efNWyVLcIg4h4cOo9uD0NPvz8/fm2gX
-FoOJL3MeigtPuSVfE9kuTaTuRbArzuFtdvH6G/kcRQvOlO4zyiIRHCk1gDHoIvvtn6RbRhVm
-/Xo4uGIsFHst7n4A7BjicwEK5Op6Ih5Hoq19xz83YSBgBVk2fYEJIRyJiKFbyPjH0eSYe8v+
-Ra5/F85ugLx1P6mMVkW+WPzULns89riW7BGTnZmXFHZp8nO2pkUlcI7F3KRG7l4kmlC50ox6
-DiG/6AJCVulbAClky9C68TmJ/R1RazQxU/9IqVywsydq66tbJQbm5Z7GEti0C5jjbSRJL2oT
-1xC7Rilr85PMREkPL3vegJdgj5PKlffZ/MocD/0EohiQ7wFpejFD4iTljeh0exRUwCRb6655
-9ib34JSQgU8Hl4JJu+mEgd9v0ZHD0/1mMD6fnAR84zca+O3cdASbnQmzTOKcGzLIrkE8TEnU
-+2UZ8Ol7SAAqmBgzY1gKOilUho6dkyCAwNL+QDpvrITDPLEFPsjyB/M2KudZSVEn+Rletju1
-qkMW31qFMNlsbwzMZw+0USeGcs31Cs0B2/WQsro99CExlhS9auUFkmoVjJmYVTIYOM0zuPa4
-OyGspqPhRu5hEsmMDPDWD7Aad5k4GTqogQNnuKyRliZjXXrDZqFD5nfsJSL8Ky/sJGEMuQIN
-BFgl3tgBEACbgq6HTN5gEBi0lkD/MafInmNi+59U5gRGYqk46WlfRjhHudXjDpgD0lolGb4h
-YontkMaKRlCg2Rvgjvk3Zve0PKWjKw7gr8YBa9fMFY8BhAXI32OdyI9rFhxEZFfWAfwKVmT1
-9BdeAQRFvcfd+8w8f1XVc+zddULMJFBTr+xKDlIRWwTkdLPQeWbjo0eHl/g4tuLiLrTxVbnj
-26bf+2+1DbM/w5VavzPrkviHqvKe/QP/gay4QDViWvFgLb90idfAHIdsPgflp0VDS5rVHFL6
-D73rSRdIRo3I8c8mYoNjSR4XDuvgOkAKW9LR3pvouFHHjp6Fr0GesRbrbb2EG66iPsR99MQ7
-FqIL9VMHPm2mtR+XvbnKkH2rYyEqaMbSdk29jGapkAWle4sIhSKk749A4tGkHl08KZ2N9o6G
-rfUehP/V2eJLaph2DioFL1HxRryrKy80QQKLMJRekxigq8greW8xB4zuf9Mkuou+RHNmo8Pe
-bHjFstLigiD6/zP2e+4tUmrT0/JTGOShoGMl8Rt0VRxdPImKun+4LOXbfOxArOSkY6i35+gs
-gkkSy1gTJE0BY3S9auT6+YrglY/TWPQ9IJxWVOKlT+3WIp5wJu2bBKQ420VLqDYzkoWytel/
-bM1ACUtipMiIVeUs2uFiRjpzA1Wy0QHKPTdSuGlJPRrfcQARAQABiQIlBBgBAgAPAhsMBQJa
-CWIIBQkFo2BYAAoJEOiNMzT6X2oKgSwQAKKs7BGF8TyZeIEO2EUK7R2bdQDCdSGZY06tqLFg
-3IHMGxDMb/7FVoa2AEsFgv6xpoebxBB5zkhUk7lslgxvKiSLYjxfNjTBltfiFJ+eQnf+OTs8
-KeR51lLa66rvIH2qUzkNDCCTF45H4wIDpV05AXhBjKYkrDCrtey1rQyFp5fxI+0IQ1UKKXvz
-ZK4GdxhxDbOUSd38MYy93nqcmclGSGK/gF8XiyuVjeifDCM6+T1NQTX0K9lneidcqtBDvlgg
-JTLJtQPO33o5EHzXSiud+dKth1uUhZOFEaYRZoye1YE3yB0TNOOE8fXlvu8iuIAMBSDL9ep6
-sEIaXYwoD60I2gHdWD0lkP0DOjGQpi4ouXM3Edsd5MTi0MDRNTij431kn8T/D0LCgmoUmYYM
-BgbwFhXr67axPZlKjrqR0z3F/Elv0ZPPcVg1tNznsALYQ9Ovl6b5M3cJ5GapbbvNWC7yEE1q
-Scl9HiMxjt/H6aPastH63/7wcN0TslW+zRBy05VNJvpWGStQXcngsSUeJtI1Gd992YNjUJq4
-/Lih6Z1TlwcFVap+cTcDptoUvXYGg/9mRNNPZwErSfIJ0Ibnx9wPVuRN6NiCLOt2mtKp2F1p
-M6AOQPpZ85vEh6I8i6OaO0w/Z0UHBwvpY6jDUliaROsWUQsqz78Z34CVj4cy6vPW2EF4iQIl
-BBgBAgAPBQJYJd7YAhsMBQkB4TOAAAoJEOiNMzT6X2oKTjgP/1ojCVyGyvHMLUgnX0zwrR5Q
-1M5RKFz6kHwKjODVLR3Isp8I935oTQt3DY7yFDI4t0GqbYRQMtxcNEb7maianhK2trCXfhPs
-6/L04igjDf5iTcmzamXN6xnh5xkz06hZJJCMuu4MvKxC9MQHCVKAwjswl/9H9JqIBXAY3E2l
-LpX5P+5jDZuPxS86p3+k4Rrdp9KTGXjiuEleM3zGlz5BLWydqovOck7C2aKh27ETFpDYY0z3
-yQ5AsPJyk1rAr0wrH6+ywmwWlzuQewavnrLnJ2M8iMFXpIhyHeEIU/f7o8f+dQk72rZ9CGzd
-cqig2za/BS3zawZWgbv2vB2elNsIllYLdir45jxBOxx2yvJvEuu4glz78y4oJTCTAYAbMlle
-5gVdPkVcGyvvVS9tinnSaiIzuvWrYHKWll1uYPm2Q1CDs06P5I7bUGAXpgQLUh/XQguy/0sX
-GWqW3FS5JzP+XgcR/7UASvwBdHylubKbeqEpB7G1s+m+8C67qOrc7EQv3Jmy1YDOkhEyNig1
-rmjplLuir3tC1X+D7dHpn7NJe7nMwFx2b2MpMkLA9jPPAGPp/ekcu5sxCe+E0J/4UF++K+CR
-XIxgtzU2UJfp8p9x+ygbx5qHinR0tVRdIzv3ZnGsXrfxnWfSOaB582cU3VRN9INzHHax8ETa
-QVDnGO5uQa+FiQI8BBgBCAAmAhsMFiEErpbtlp5HmwCE8+F/6I0zNPpfagoFAmEAELYFCQyc
-mN4ACgkQ6I0zNPpfagoqAQ/+MnDjBx8JWMd/XjeFoYKx/Oo0ntkInV+ME61JTBls4PdVk+TB
-8PWZdPQHw9SnTvRmykFeznXIRzuxkowjrZYXdPXBxY2b1WyD5V3Ati1TM9vqpaR4osyPs2xy
-I4dzDssh9YvUsIRL99O04/65lGiYeBNuACq+yK/7nD/ErzBkDYJHhMCdadbVWUACxvVIDvro
-yQeVLKMsHqMCd8BTGD7VDs79NXskPnN77pAFnkzS4Z2b8SNzrlgTc5pUiuZHIXPIpEYmsYzh
-ucTU6uI3dN1PbSFHK5tG2pHb4ZrPxY3L20Dgc2Tfu5/SDApZzwvvKTqjdO891MEJ++H+ssOz
-i4O1UeWKs9owWttan9+PI47ozBSKOTxmMqLSQ0f56Np9FJsV0ilGxRKfjhzJ4KniOMUBA7mP
-+m+TmXfVtthJred4sHlJMTJNpt+sCcT6wLMmyc3keIEAu33gsJj3LTpkEA2q+V+ZiP6Q8HRB
-402ITklABSArrPSE/fQU9L8hZ5qmy0Z96z0iyILgVMLuRCCfQOMWhwl8yQWIIaf1yPI07xur
-epy6lH7HmxjjOR7eo0DaSxQGQpThAtFGwkWkFh8yki8j3E42kkrxvEyyYZDXn2YcI3bpqhJx
-PtwCMZUJ3kc/skOrs6bOI19iBNaEoNX5Dllm7UHjOgWNDQkcCuOCxucKano=
-=arte
-----END PGP PUBLIC KEY BLOCK------
+mQINBFgl3tgBEAC8A1tUBkD9YV+eLrOmtgy+/JS/H9RoZvkg3K1WZ8IYfj6iIRaY
+neAk3Bp182GUPVz/zhKr2g0tMXIScDR3EnaDsY+Qg+JqQl8NOG+Cikr1nnkG2on9
+L8c8yiqry1ZTCmYMqCa2acTFqnyuXJ482aZNtB4QG2BpzfhW4k8YThpegk/EoRUi
+m+y7buJDtoNf7YILlhDQXN8qlHB02DWOVUihph9tUIFsPK6BvTr9SIr/eG6j6k0b
+fUo9pexOn7LS4SojoJmsm/5dp6AoKlac48cZU5zwR9AYcq/nvkrfmf2WkObg/xRd
+EvKZzn05jRopmAIwmoC3CiLmqCHPmT5a29vEob/yPFE335k+ujjZCPOu7OwjzDk7
+M0zMSfnNfDq8bXh16nn+ueBxJ0NzgD1oC6c2PhM+XRQCXChoyI8vbfp4dGvCvYqv
+QAE1bWjqnumZ/7vUPgZN6gDfiAzG2mUxC2SeFBhacgzDvtQls+uuvm+FnQOUgg2H
+h8x2zgoZ7kqV29wjaUPFREuew7e+Th5BxielnzOfVycVXeSuvvIn6cd3g/s8mX1c
+2kLSXJR7+KdWDrIrR5Az0kwAqFZt6B6QTlDrPswu3mxsm5TzMbny0PsbL/HBM+GZ
+EZCjMXxB8bqV2eSaktjnSlUNX1VXxyOxXA+ZG2jwpr51egi57riVRXokrQARAQAB
+tDRFdGhlcmV1bSBGb3VuZGF0aW9uIEJ1ZyBCb3VudHkgPGJvdW50eUBldGhlcmV1
+bS5vcmc+iQJVBBMBCAA/AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBK6W
+7ZaeR5sAhPPhf+iNMzT6X2oKBQJl2LD9BQkRdTklAAoJEOiNMzT6X2oKYYYQALkV
+wJjWYoVoMuw9D1ybQo4Sqyp6D/XYHXSpqZDO9RlADQisYBfuO7EW75evgZ+54Ajc
+8gZ2BUkFcSR9z2t0TEkUyjmPDZsaElTTP2Boa2GG5pyziEM6t1cMMY1sP1aotx9H
+DYwCeMmDv0wTMi6v0C6+/in2hBxbGALRbQKWKd/5ss4OEPe37hG9zAJcBYZg2tes
+O7ceg7LHZpNC1zvMUrBY6os74FJ437f8bankqvVE83/dvTcCDhMsei9LiWS2uo26
+qiyqeR9lZEj8W5F6UgkQH+UOhamJ9UB3N/h//ipKrwtiv0+jQm9oNG7aIAi3UJgD
+CvSod87H0l7/U8RWzyam/r8eh4KFM75hIVtqEy5jFV2z7x2SibXQi7WRfAysjFLp
+/li8ff6kLDR9IMATuMSF7Ol0O9JMRfSPjRZRtVOwYVIBla3BhfMrjvMMcZMAy/qS
+DWx2iFYDMGsswv7hp3lsFOaa1ju95ClZZk3q/z7u5gH7LFAxR0jPaW48ay3CFylW
+sDpQpO1DWb9uXBdhOU+MN18uSjqzocga3Wz2C8jhWRvxyFf3SNIybm3zk6W6IIoy
+6KmwSRZ30oxizy6zMYw1qJE89zjjumzlZAm0R/Q4Ui+WJhlSyrYbqzqdxYuLgdEL
+lgKfbv9/t8tNXGGSuCe5L7quOv9k7l2+QmLlg+SJtDlFdGhlcmV1bSBGb3VuZGF0
+aW9uIFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QGV0aGVyZXVtLm9yZz6JAlUEEwEI
+AD8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEErpbtlp5HmwCE8+F/6I0z
+NPpfagoFAmXYsP4FCRF1OSUACgkQ6I0zNPpfagoUGA/+LVzXUJrsfi8+ADMF1hru
+wFDcY1r+vM4Ovbk1NhCc/DnV5VG40j5FiQpE81BNiH59sYeZkQm9jFbwevK7Zpuq
+RZaG2WGiwU/11xrt5/Qjq7T+vEtd94546kFcBnP8uexZqP4dTi4LHa2on8aRbwzN
+7RjCpCQhy1TUuk47dyOR1y3ZHrpTwkHpuhwgffaWtxgSyCMYz7fsd5Ukh3eE+Ani
+90CIUieve2U3o+WPxBD9PRaIPg6LmBhfGxGvC/6tqY9W3Z9xEOVDxC4wdYppQzsg
+Pg7bNnVmlFWHsEk8FuMfY8nTqY3/ojhJxikWKz2V3Y2AbsLEXCvrEg6b4FvmsS97
+8ifEBbFXU8hvMSpMLtO7vLamWyOHq41IXWH6HLNLhDfDzTfpAJ8iYDKGj72YsMzF
+0fIjPa6mniMB2RmREAM0Jas3M/6DUw1EzwK1iQofIBoCRPIkR5mxmzjcRB6tVdQa
+on20/9YTKKBUQAdK0OWW8j1euuULDgNdkN2LBXdQLy/JcQiggU8kOCKL/Lmj5HWP
+FNT9rYfnjmCuux3UfJGfhPryujEA0CdIfq1Qf4ldOVzpWYjsMn+yQxAQTorAzF3z
+iYddP2cw/Nvookay8xywKJnDsaRaWqdQ8Ceox3qSB4LCjQRNR5c3HfvGm3EBdEyI
+zEEpjZ6GHa05DCajqKjtjlm5Ag0EWCXe2AEQAJuCrodM3mAQGLSWQP8xp8ieY2L7
+n1TmBEZiqTjpaV9GOEe51eMOmAPSWiUZviFiie2QxopGUKDZG+CO+Tdm97Q8paMr
+DuCvxgFr18wVjwGEBcjfY53Ij2sWHERkV9YB/ApWZPX0F14BBEW9x937zDx/VdVz
+7N11QswkUFOv7EoOUhFbBOR0s9B5ZuOjR4eX+Di24uIutPFVuePbpt/7b7UNsz/D
+lVq/M+uS+Ieq8p79A/+BrLhANWJa8WAtv3SJ18Ach2w+B+WnRUNLmtUcUvoPvetJ
+F0hGjcjxzyZig2NJHhcO6+A6QApb0tHem+i4UceOnoWvQZ6xFuttvYQbrqI+xH30
+xDsWogv1Uwc+baa1H5e9ucqQfatjISpoxtJ2Tb2MZqmQBaV7iwiFIqTvj0Di0aQe
+XTwpnY32joat9R6E/9XZ4ktqmHYOKgUvUfFGvKsrLzRBAoswlF6TGKCryCt5bzEH
+jO5/0yS6i75Ec2ajw95seMWy0uKCIPr/M/Z77i1SatPT8lMY5KGgYyXxG3RVHF08
+iYq6f7gs5dt87ECs5KRjqLfn6CyCSRLLWBMkTQFjdL1q5Pr5iuCVj9NY9D0gnFZU
+4qVP7dYinnAm7ZsEpDjbRUuoNjOShbK16X9szUAJS2KkyIhV5Sza4WJGOnMDVbLR
+Aco9N1K4aUk9Gt9xABEBAAGJAjwEGAEIACYCGwwWIQSulu2WnkebAITz4X/ojTM0
+l9qCgUCZdiwoAUJEXU4yAAKCRDojTM0+l9qCj2PD/9pbIPRMZtvKIIE+OhOAl/s
+qfZJXByAM40ELpUhDHqwbOplIEyvXtWfQ5c+kWlG/LPJ2CgLkHyFQDn6tuat82rH
+/5VoZyxp16CBAwEgYdycOr9hMGSVKNIJDfV9Bu6VtZnn6fa/swBzGE7eVpXsIoNr
+jeqsogBtzLecG1oHMXRMq7oUqu9c6VNoCx2uxRUOeWW8YuP7h9j6mxIuKKbcpmQ5
+RSLNEhJZJsMMFLf8RAQPXmshG1ZixY2ZliNe/TTm6eEfFCw0KcQxoX9LmurLWE9w
+dIKgn1/nQ04GFnmtcq3hVxY/m9BvzY1jmZXNd4TdpfrPXhi0W/GDn53ERFPJmw5L
+F8ogxzD/ekxzyd9nCCgtzkamtBKDJk35x/MoVWMLjD5k6P+yW7YY4xMQliSJHKss
+leLnaPpgDBi4KPtLxPswgFqObcy4TNse07rFO4AyHf11FBwMTEfuODCOMnQTpi3z
+Zx6KxvS3BEY36abjvwrqsmt8dJ/+/QXT0e82fo2kJ65sXIszez3e0VUZ8KrMp+wd
+X0GWYWAfqXws6HrQFYfIpEE0Vz9gXDxEOTFZ2FoVIvIHyRfyDrAIz3wZLmnLGk1h
+l3CDjHF0Wigv0CacIQ1V1aYp3NhIVwAvShQ+qS5nFgik6UZnjjWibobOm3yQDzll
+6F7hEeTW+gnXEI2gPjfb5w==
+=b5eA
+-----END PGP PUBLIC KEY BLOCK-----
 ```
--- a/accounts/abi/abi.go
+++ b/accounts/abi/abi.go
@ -84,7 +84,7 @@ func (abi ABI) Pack(name string, args ...interface{}) ([]byte, error) {

 func (abi ABI) getArguments(name string, data []byte) (Arguments, error) {
 	// since there can't be naming collisions with contracts and events,
-	// we need to decide whether we're calling a method or an event
+	// we need to decide whether we're calling a method, event or an error
 	var args Arguments
 	if method, ok := abi.Methods[name]; ok {
 		if len(data)%32 != 0 {
@ -95,8 +95,11 @@ func (abi ABI) getArguments(name string, data []byte) (Arguments, error) {
 	if event, ok := abi.Events[name]; ok {
 		args = event.Inputs
 	}
+	if err, ok := abi.Errors[name]; ok {
+		args = err.Inputs
+	}
 	if args == nil {
-		return nil, fmt.Errorf("abi: could not locate named method or event: %s", name)
+		return nil, fmt.Errorf("abi: could not locate named method, event or error: %s", name)
 	}
 	return args, nil
 }
--- a/accounts/abi/abi_test.go
+++ b/accounts/abi/abi_test.go
@ -29,6 +29,7 @@ import (
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/common/math"
 	"github.com/ethereum/go-ethereum/crypto"
+	"github.com/ethereum/go-ethereum/internal/testrand"
 )

 const jsondata = `
@ -317,6 +318,38 @@ func TestCustomErrors(t *testing.T) {
 	check("MyError", "MyError(uint256)")
 }

+func TestCustomErrorUnpackIntoInterface(t *testing.T) {
+	t.Parallel()
+	errorName := "MyError"
+	json := fmt.Sprintf(`[{"inputs":[{"internalType":"address","name":"sender","type":"address"},{"internalType":"uint256","name":"balance","type":"uint256"}],"name":"%s","type":"error"}]`, errorName)
+	abi, err := JSON(strings.NewReader(json))
+	if err != nil {
+		t.Fatal(err)
+	}
+	type MyError struct {
+		Sender  common.Address
+		Balance *big.Int
+	}
+
+	sender := testrand.Address()
+	balance := new(big.Int).SetBytes(testrand.Bytes(8))
+	encoded, err := abi.Errors[errorName].Inputs.Pack(sender, balance)
+	if err != nil {
+		t.Fatal(err)
+	}
+	result := MyError{}
+	err = abi.UnpackIntoInterface(&result, errorName, encoded)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if result.Sender != sender {
+		t.Errorf("expected %x got %x", sender, result.Sender)
+	}
+	if result.Balance.Cmp(balance) != 0 {
+		t.Errorf("expected %v got %v", balance, result.Balance)
+	}
+}
+
 func TestMultiPack(t *testing.T) {
 	t.Parallel()
 	abi, err := JSON(strings.NewReader(jsondata))
@ -1199,7 +1232,6 @@ func TestUnpackRevert(t *testing.T) {
 		{"4e487b7100000000000000000000000000000000000000000000000000000000000000ff", "unknown panic code: 0xff", nil},
 	}
 	for index, c := range cases {
-		index, c := index, c
 		t.Run(fmt.Sprintf("case %d", index), func(t *testing.T) {
 			t.Parallel()
 			got, err := UnpackRevert(common.Hex2Bytes(c.input))
@ -1218,3 +1250,10 @@ func TestUnpackRevert(t *testing.T) {
 		})
 	}
 }
+
+func TestInternalContractType(t *testing.T) {
+	jsonData := `[{"inputs":[{"components":[{"internalType":"uint256","name":"dailyLimit","type":"uint256"},{"internalType":"uint256","name":"txLimit","type":"uint256"},{"internalType":"uint256","name":"accountDailyLimit","type":"uint256"},{"internalType":"uint256","name":"minAmount","type":"uint256"},{"internalType":"bool","name":"onlyWhitelisted","type":"bool"}],"internalType":"struct IMessagePassingBridge.BridgeLimits","name":"bridgeLimits","type":"tuple"},{"components":[{"internalType":"uint256","name":"lastTransferReset","type":"uint256"},{"internalType":"uint256","name":"bridged24Hours","type":"uint256"}],"internalType":"struct IMessagePassingBridge.AccountLimit","name":"accountDailyLimit","type":"tuple"},{"components":[{"internalType":"uint256","name":"lastTransferReset","type":"uint256"},{"internalType":"uint256","name":"bridged24Hours","type":"uint256"}],"internalType":"struct IMessagePassingBridge.BridgeDailyLimit","name":"bridgeDailyLimit","type":"tuple"},{"internalType":"contract INameService","name":"nameService","type":"INameService"},{"internalType":"bool","name":"isClosed","type":"bool"},{"internalType":"address","name":"from","type":"address"},{"internalType":"uint256","name":"amount","type":"uint256"}],"name":"canBridge","outputs":[{"internalType":"bool","name":"isWithinLimit","type":"bool"},{"internalType":"string","name":"error","type":"string"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"uint256","name":"amount","type":"uint256"},{"internalType":"uint8","name":"decimals","type":"uint8"}],"name":"normalizeFrom18ToTokenDecimals","outputs":[{"internalType":"uint256","name":"normalized","type":"uint256"}],"stateMutability":"pure","type":"function"},{"inputs":[{"internalType":"uint256","name":"amount","type":"uint256"},{"internalType":"uint8","name":"decimals","type":"uint8"}],"name":"normalizeFromTokenTo18Decimals","outputs":[{"internalType":"uint256","name":"normalized","type":"uint256"}],"stateMutability":"pure","type":"function"}]`
+	if _, err := JSON(strings.NewReader(jsonData)); err != nil {
+		t.Fatal(err)
+	}
+}
--- a/accounts/abi/bind/base.go
+++ b/accounts/abi/bind/base.go
@ -59,11 +59,12 @@ type TransactOpts struct {
 	Nonce  *big.Int       // Nonce to use for the transaction execution (nil = use pending state)
 	Signer SignerFn       // Method to use for signing the transaction (mandatory)

-	Value     *big.Int // Funds to transfer along the transaction (nil = 0 = no funds)
-	GasPrice  *big.Int // Gas price to use for the transaction execution (nil = gas price oracle)
-	GasFeeCap *big.Int // Gas fee cap to use for the 1559 transaction execution (nil = gas price oracle)
-	GasTipCap *big.Int // Gas priority fee cap to use for the 1559 transaction execution (nil = gas price oracle)
-	GasLimit  uint64   // Gas limit to set for the transaction execution (0 = estimate)
+	Value      *big.Int         // Funds to transfer along the transaction (nil = 0 = no funds)
+	GasPrice   *big.Int         // Gas price to use for the transaction execution (nil = gas price oracle)
+	GasFeeCap  *big.Int         // Gas fee cap to use for the 1559 transaction execution (nil = gas price oracle)
+	GasTipCap  *big.Int         // Gas priority fee cap to use for the 1559 transaction execution (nil = gas price oracle)
+	GasLimit   uint64           // Gas limit to set for the transaction execution (0 = estimate)
+	AccessList types.AccessList // Access list to set for the transaction execution (nil = no access list)

 	Context context.Context // Network context to support cancellation and timeouts (nil = no timeout)

@ -300,20 +301,21 @@ func (c *BoundContract) createDynamicTx(opts *TransactOpts, contract *common.Add
 		return nil, err
 	}
 	baseTx := &types.DynamicFeeTx{
-		To:        contract,
-		Nonce:     nonce,
-		GasFeeCap: gasFeeCap,
-		GasTipCap: gasTipCap,
-		Gas:       gasLimit,
-		Value:     value,
-		Data:      input,
+		To:         contract,
+		Nonce:      nonce,
+		GasFeeCap:  gasFeeCap,
+		GasTipCap:  gasTipCap,
+		Gas:        gasLimit,
+		Value:      value,
+		Data:       input,
+		AccessList: opts.AccessList,
 	}
 	return types.NewTx(baseTx), nil
 }

 func (c *BoundContract) createLegacyTx(opts *TransactOpts, contract *common.Address, input []byte) (*types.Transaction, error) {
-	if opts.GasFeeCap != nil || opts.GasTipCap != nil {
-		return nil, errors.New("maxFeePerGas or maxPriorityFeePerGas specified but london is not active yet")
+	if opts.GasFeeCap != nil || opts.GasTipCap != nil || opts.AccessList != nil {
+		return nil, errors.New("maxFeePerGas or maxPriorityFeePerGas or accessList specified but london is not active yet")
 	}
 	// Normalize value
 	value := opts.Value
--- a/accounts/abi/bind/bind.go
+++ b/accounts/abi/bind/bind.go
@ -252,7 +252,7 @@ func Bind(types []string, abis []string, bytecodes []string, fsigs []map[string]
 		}
 		// Parse library references.
 		for pattern, name := range libs {
-			matched, err := regexp.Match("__\\$"+pattern+"\\$__", []byte(contracts[types[i]].InputBin))
+			matched, err := regexp.MatchString("__\\$"+pattern+"\\$__", contracts[types[i]].InputBin)
 			if err != nil {
 				log.Error("Could not search for pattern", "pattern", pattern, "contract", contracts[types[i]], "err", err)
 			}
--- a/accounts/abi/bind/source.go.tpl
+++ b/accounts/abi/bind/source.go.tpl
@ -0,0 +1,487 @@
+// Code generated - DO NOT EDIT.
+// This file is a generated binding and any manual changes will be lost.
+
+package {{.Package}}
+
+import (
+	"math/big"
+	"strings"
+	"errors"
+
+	ethereum "github.com/ethereum/go-ethereum"
+	"github.com/ethereum/go-ethereum/accounts/abi"
+	"github.com/ethereum/go-ethereum/accounts/abi/bind"
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/ethereum/go-ethereum/event"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var (
+	_ = errors.New
+	_ = big.NewInt
+	_ = strings.NewReader
+	_ = ethereum.NotFound
+	_ = bind.Bind
+	_ = common.Big1
+	_ = types.BloomLookup
+	_ = event.NewSubscription
+	_ = abi.ConvertType
+)
+
+{{$structs := .Structs}}
+{{range $structs}}
+	// {{.Name}} is an auto generated low-level Go binding around an user-defined struct.
+	type {{.Name}} struct {
+	{{range $field := .Fields}}
+	{{$field.Name}} {{$field.Type}}{{end}}
+	}
+{{end}}
+
+{{range $contract := .Contracts}}
+	// {{.Type}}MetaData contains all meta data concerning the {{.Type}} contract.
+	var {{.Type}}MetaData = &bind.MetaData{
+		ABI: "{{.InputABI}}",
+		{{if $contract.FuncSigs -}}
+		Sigs: map[string]string{
+			{{range $strsig, $binsig := .FuncSigs}}"{{$binsig}}": "{{$strsig}}",
+			{{end}}
+		},
+		{{end -}}
+		{{if .InputBin -}}
+		Bin: "0x{{.InputBin}}",
+		{{end}}
+	}
+	// {{.Type}}ABI is the input ABI used to generate the binding from.
+	// Deprecated: Use {{.Type}}MetaData.ABI instead.
+	var {{.Type}}ABI = {{.Type}}MetaData.ABI
+
+	{{if $contract.FuncSigs}}
+		// Deprecated: Use {{.Type}}MetaData.Sigs instead.
+		// {{.Type}}FuncSigs maps the 4-byte function signature to its string representation.
+		var {{.Type}}FuncSigs = {{.Type}}MetaData.Sigs
+	{{end}}
+
+	{{if .InputBin}}
+		// {{.Type}}Bin is the compiled bytecode used for deploying new contracts.
+		// Deprecated: Use {{.Type}}MetaData.Bin instead.
+		var {{.Type}}Bin = {{.Type}}MetaData.Bin
+
+		// Deploy{{.Type}} deploys a new Ethereum contract, binding an instance of {{.Type}} to it.
+		func Deploy{{.Type}}(auth *bind.TransactOpts, backend bind.ContractBackend {{range .Constructor.Inputs}}, {{.Name}} {{bindtype .Type $structs}}{{end}}) (common.Address, *types.Transaction, *{{.Type}}, error) {
+		  parsed, err := {{.Type}}MetaData.GetAbi()
+		  if err != nil {
+		    return common.Address{}, nil, nil, err
+		  }
+		  if parsed == nil {
+			return common.Address{}, nil, nil, errors.New("GetABI returned nil")
+		  }
+		  {{range $pattern, $name := .Libraries}}
+			{{decapitalise $name}}Addr, _, _, _ := Deploy{{capitalise $name}}(auth, backend)
+			{{$contract.Type}}Bin = strings.ReplaceAll({{$contract.Type}}Bin, "__${{$pattern}}$__", {{decapitalise $name}}Addr.String()[2:])
+		  {{end}}
+		  address, tx, contract, err := bind.DeployContract(auth, *parsed, common.FromHex({{.Type}}Bin), backend {{range .Constructor.Inputs}}, {{.Name}}{{end}})
+		  if err != nil {
+		    return common.Address{}, nil, nil, err
+		  }
+		  return address, tx, &{{.Type}}{ {{.Type}}Caller: {{.Type}}Caller{contract: contract}, {{.Type}}Transactor: {{.Type}}Transactor{contract: contract}, {{.Type}}Filterer: {{.Type}}Filterer{contract: contract} }, nil
+		}
+	{{end}}
+
+	// {{.Type}} is an auto generated Go binding around an Ethereum contract.
+	type {{.Type}} struct {
+	  {{.Type}}Caller     // Read-only binding to the contract
+	  {{.Type}}Transactor // Write-only binding to the contract
+	  {{.Type}}Filterer   // Log filterer for contract events
+	}
+
+	// {{.Type}}Caller is an auto generated read-only Go binding around an Ethereum contract.
+	type {{.Type}}Caller struct {
+	  contract *bind.BoundContract // Generic contract wrapper for the low level calls
+	}
+
+	// {{.Type}}Transactor is an auto generated write-only Go binding around an Ethereum contract.
+	type {{.Type}}Transactor struct {
+	  contract *bind.BoundContract // Generic contract wrapper for the low level calls
+	}
+
+	// {{.Type}}Filterer is an auto generated log filtering Go binding around an Ethereum contract events.
+	type {{.Type}}Filterer struct {
+	  contract *bind.BoundContract // Generic contract wrapper for the low level calls
+	}
+
+	// {{.Type}}Session is an auto generated Go binding around an Ethereum contract,
+	// with pre-set call and transact options.
+	type {{.Type}}Session struct {
+	  Contract     *{{.Type}}        // Generic contract binding to set the session for
+	  CallOpts     bind.CallOpts     // Call options to use throughout this session
+	  TransactOpts bind.TransactOpts // Transaction auth options to use throughout this session
+	}
+
+	// {{.Type}}CallerSession is an auto generated read-only Go binding around an Ethereum contract,
+	// with pre-set call options.
+	type {{.Type}}CallerSession struct {
+	  Contract *{{.Type}}Caller // Generic contract caller binding to set the session for
+	  CallOpts bind.CallOpts    // Call options to use throughout this session
+	}
+
+	// {{.Type}}TransactorSession is an auto generated write-only Go binding around an Ethereum contract,
+	// with pre-set transact options.
+	type {{.Type}}TransactorSession struct {
+	  Contract     *{{.Type}}Transactor // Generic contract transactor binding to set the session for
+	  TransactOpts bind.TransactOpts    // Transaction auth options to use throughout this session
+	}
+
+	// {{.Type}}Raw is an auto generated low-level Go binding around an Ethereum contract.
+	type {{.Type}}Raw struct {
+	  Contract *{{.Type}} // Generic contract binding to access the raw methods on
+	}
+
+	// {{.Type}}CallerRaw is an auto generated low-level read-only Go binding around an Ethereum contract.
+	type {{.Type}}CallerRaw struct {
+		Contract *{{.Type}}Caller // Generic read-only contract binding to access the raw methods on
+	}
+
+	// {{.Type}}TransactorRaw is an auto generated low-level write-only Go binding around an Ethereum contract.
+	type {{.Type}}TransactorRaw struct {
+		Contract *{{.Type}}Transactor // Generic write-only contract binding to access the raw methods on
+	}
+
+	// New{{.Type}} creates a new instance of {{.Type}}, bound to a specific deployed contract.
+	func New{{.Type}}(address common.Address, backend bind.ContractBackend) (*{{.Type}}, error) {
+	  contract, err := bind{{.Type}}(address, backend, backend, backend)
+	  if err != nil {
+	    return nil, err
+	  }
+	  return &{{.Type}}{ {{.Type}}Caller: {{.Type}}Caller{contract: contract}, {{.Type}}Transactor: {{.Type}}Transactor{contract: contract}, {{.Type}}Filterer: {{.Type}}Filterer{contract: contract} }, nil
+	}
+
+	// New{{.Type}}Caller creates a new read-only instance of {{.Type}}, bound to a specific deployed contract.
+	func New{{.Type}}Caller(address common.Address, caller bind.ContractCaller) (*{{.Type}}Caller, error) {
+	  contract, err := bind{{.Type}}(address, caller, nil, nil)
+	  if err != nil {
+	    return nil, err
+	  }
+	  return &{{.Type}}Caller{contract: contract}, nil
+	}
+
+	// New{{.Type}}Transactor creates a new write-only instance of {{.Type}}, bound to a specific deployed contract.
+	func New{{.Type}}Transactor(address common.Address, transactor bind.ContractTransactor) (*{{.Type}}Transactor, error) {
+	  contract, err := bind{{.Type}}(address, nil, transactor, nil)
+	  if err != nil {
+	    return nil, err
+	  }
+	  return &{{.Type}}Transactor{contract: contract}, nil
+	}
+
+	// New{{.Type}}Filterer creates a new log filterer instance of {{.Type}}, bound to a specific deployed contract.
+ 	func New{{.Type}}Filterer(address common.Address, filterer bind.ContractFilterer) (*{{.Type}}Filterer, error) {
+ 	  contract, err := bind{{.Type}}(address, nil, nil, filterer)
+ 	  if err != nil {
+ 	    return nil, err
+ 	  }
+ 	  return &{{.Type}}Filterer{contract: contract}, nil
+ 	}
+
+	// bind{{.Type}} binds a generic wrapper to an already deployed contract.
+	func bind{{.Type}}(address common.Address, caller bind.ContractCaller, transactor bind.ContractTransactor, filterer bind.ContractFilterer) (*bind.BoundContract, error) {
+	  parsed, err := {{.Type}}MetaData.GetAbi()
+	  if err != nil {
+	    return nil, err
+	  }
+	  return bind.NewBoundContract(address, *parsed, caller, transactor, filterer), nil
+	}
+
+	// Call invokes the (constant) contract method with params as input values and
+	// sets the output to result. The result type might be a single field for simple
+	// returns, a slice of interfaces for anonymous returns and a struct for named
+	// returns.
+	func (_{{$contract.Type}} *{{$contract.Type}}Raw) Call(opts *bind.CallOpts, result *[]interface{}, method string, params ...interface{}) error {
+		return _{{$contract.Type}}.Contract.{{$contract.Type}}Caller.contract.Call(opts, result, method, params...)
+	}
+
+	// Transfer initiates a plain transaction to move funds to the contract, calling
+	// its default method if one is available.
+	func (_{{$contract.Type}} *{{$contract.Type}}Raw) Transfer(opts *bind.TransactOpts) (*types.Transaction, error) {
+		return _{{$contract.Type}}.Contract.{{$contract.Type}}Transactor.contract.Transfer(opts)
+	}
+
+	// Transact invokes the (paid) contract method with params as input values.
+	func (_{{$contract.Type}} *{{$contract.Type}}Raw) Transact(opts *bind.TransactOpts, method string, params ...interface{}) (*types.Transaction, error) {
+		return _{{$contract.Type}}.Contract.{{$contract.Type}}Transactor.contract.Transact(opts, method, params...)
+	}
+
+	// Call invokes the (constant) contract method with params as input values and
+	// sets the output to result. The result type might be a single field for simple
+	// returns, a slice of interfaces for anonymous returns and a struct for named
+	// returns.
+	func (_{{$contract.Type}} *{{$contract.Type}}CallerRaw) Call(opts *bind.CallOpts, result *[]interface{}, method string, params ...interface{}) error {
+		return _{{$contract.Type}}.Contract.contract.Call(opts, result, method, params...)
+	}
+
+	// Transfer initiates a plain transaction to move funds to the contract, calling
+	// its default method if one is available.
+	func (_{{$contract.Type}} *{{$contract.Type}}TransactorRaw) Transfer(opts *bind.TransactOpts) (*types.Transaction, error) {
+		return _{{$contract.Type}}.Contract.contract.Transfer(opts)
+	}
+
+	// Transact invokes the (paid) contract method with params as input values.
+	func (_{{$contract.Type}} *{{$contract.Type}}TransactorRaw) Transact(opts *bind.TransactOpts, method string, params ...interface{}) (*types.Transaction, error) {
+		return _{{$contract.Type}}.Contract.contract.Transact(opts, method, params...)
+	}
+
+	{{range .Calls}}
+		// {{.Normalized.Name}} is a free data retrieval call binding the contract method 0x{{printf "%x" .Original.ID}}.
+		//
+		// Solidity: {{.Original.String}}
+		func (_{{$contract.Type}} *{{$contract.Type}}Caller) {{.Normalized.Name}}(opts *bind.CallOpts {{range .Normalized.Inputs}}, {{.Name}} {{bindtype .Type $structs}} {{end}}) ({{if .Structured}}struct{ {{range .Normalized.Outputs}}{{.Name}} {{bindtype .Type $structs}};{{end}} },{{else}}{{range .Normalized.Outputs}}{{bindtype .Type $structs}},{{end}}{{end}} error) {
+			var out []interface{}
+			err := _{{$contract.Type}}.contract.Call(opts, &out, "{{.Original.Name}}" {{range .Normalized.Inputs}}, {{.Name}}{{end}})
+			{{if .Structured}}
+			outstruct := new(struct{ {{range .Normalized.Outputs}} {{.Name}} {{bindtype .Type $structs}}; {{end}} })
+			if err != nil {
+				return *outstruct, err
+			}
+			{{range $i, $t := .Normalized.Outputs}}
+			outstruct.{{.Name}} = *abi.ConvertType(out[{{$i}}], new({{bindtype .Type $structs}})).(*{{bindtype .Type $structs}}){{end}}
+
+			return *outstruct, err
+			{{else}}
+			if err != nil {
+				return {{range $i, $_ := .Normalized.Outputs}}*new({{bindtype .Type $structs}}), {{end}} err
+			}
+			{{range $i, $t := .Normalized.Outputs}}
+			out{{$i}} := *abi.ConvertType(out[{{$i}}], new({{bindtype .Type $structs}})).(*{{bindtype .Type $structs}}){{end}}
+
+			return {{range $i, $t := .Normalized.Outputs}}out{{$i}}, {{end}} err
+			{{end}}
+		}
+
+		// {{.Normalized.Name}} is a free data retrieval call binding the contract method 0x{{printf "%x" .Original.ID}}.
+		//
+		// Solidity: {{.Original.String}}
+		func (_{{$contract.Type}} *{{$contract.Type}}Session) {{.Normalized.Name}}({{range $i, $_ := .Normalized.Inputs}}{{if ne $i 0}},{{end}} {{.Name}} {{bindtype .Type $structs}} {{end}}) ({{if .Structured}}struct{ {{range .Normalized.Outputs}}{{.Name}} {{bindtype .Type $structs}};{{end}} }, {{else}} {{range .Normalized.Outputs}}{{bindtype .Type $structs}},{{end}} {{end}} error) {
+		  return _{{$contract.Type}}.Contract.{{.Normalized.Name}}(&_{{$contract.Type}}.CallOpts {{range .Normalized.Inputs}}, {{.Name}}{{end}})
+		}
+
+		// {{.Normalized.Name}} is a free data retrieval call binding the contract method 0x{{printf "%x" .Original.ID}}.
+		//
+		// Solidity: {{.Original.String}}
+		func (_{{$contract.Type}} *{{$contract.Type}}CallerSession) {{.Normalized.Name}}({{range $i, $_ := .Normalized.Inputs}}{{if ne $i 0}},{{end}} {{.Name}} {{bindtype .Type $structs}} {{end}}) ({{if .Structured}}struct{ {{range .Normalized.Outputs}}{{.Name}} {{bindtype .Type $structs}};{{end}} }, {{else}} {{range .Normalized.Outputs}}{{bindtype .Type $structs}},{{end}} {{end}} error) {
+		  return _{{$contract.Type}}.Contract.{{.Normalized.Name}}(&_{{$contract.Type}}.CallOpts {{range .Normalized.Inputs}}, {{.Name}}{{end}})
+		}
+	{{end}}
+
+	{{range .Transacts}}
+		// {{.Normalized.Name}} is a paid mutator transaction binding the contract method 0x{{printf "%x" .Original.ID}}.
+		//
+		// Solidity: {{.Original.String}}
+		func (_{{$contract.Type}} *{{$contract.Type}}Transactor) {{.Normalized.Name}}(opts *bind.TransactOpts {{range .Normalized.Inputs}}, {{.Name}} {{bindtype .Type $structs}} {{end}}) (*types.Transaction, error) {
+			return _{{$contract.Type}}.contract.Transact(opts, "{{.Original.Name}}" {{range .Normalized.Inputs}}, {{.Name}}{{end}})
+		}
+
+		// {{.Normalized.Name}} is a paid mutator transaction binding the contract method 0x{{printf "%x" .Original.ID}}.
+		//
+		// Solidity: {{.Original.String}}
+		func (_{{$contract.Type}} *{{$contract.Type}}Session) {{.Normalized.Name}}({{range $i, $_ := .Normalized.Inputs}}{{if ne $i 0}},{{end}} {{.Name}} {{bindtype .Type $structs}} {{end}}) (*types.Transaction, error) {
+		  return _{{$contract.Type}}.Contract.{{.Normalized.Name}}(&_{{$contract.Type}}.TransactOpts {{range $i, $_ := .Normalized.Inputs}}, {{.Name}}{{end}})
+		}
+
+		// {{.Normalized.Name}} is a paid mutator transaction binding the contract method 0x{{printf "%x" .Original.ID}}.
+		//
+		// Solidity: {{.Original.String}}
+		func (_{{$contract.Type}} *{{$contract.Type}}TransactorSession) {{.Normalized.Name}}({{range $i, $_ := .Normalized.Inputs}}{{if ne $i 0}},{{end}} {{.Name}} {{bindtype .Type $structs}} {{end}}) (*types.Transaction, error) {
+		  return _{{$contract.Type}}.Contract.{{.Normalized.Name}}(&_{{$contract.Type}}.TransactOpts {{range $i, $_ := .Normalized.Inputs}}, {{.Name}}{{end}})
+		}
+	{{end}}
+
+	{{if .Fallback}}
+		// Fallback is a paid mutator transaction binding the contract fallback function.
+		//
+		// Solidity: {{.Fallback.Original.String}}
+		func (_{{$contract.Type}} *{{$contract.Type}}Transactor) Fallback(opts *bind.TransactOpts, calldata []byte) (*types.Transaction, error) {
+			return _{{$contract.Type}}.contract.RawTransact(opts, calldata)
+		}
+
+		// Fallback is a paid mutator transaction binding the contract fallback function.
+		//
+		// Solidity: {{.Fallback.Original.String}}
+		func (_{{$contract.Type}} *{{$contract.Type}}Session) Fallback(calldata []byte) (*types.Transaction, error) {
+		  return _{{$contract.Type}}.Contract.Fallback(&_{{$contract.Type}}.TransactOpts, calldata)
+		}
+
+		// Fallback is a paid mutator transaction binding the contract fallback function.
+		//
+		// Solidity: {{.Fallback.Original.String}}
+		func (_{{$contract.Type}} *{{$contract.Type}}TransactorSession) Fallback(calldata []byte) (*types.Transaction, error) {
+		  return _{{$contract.Type}}.Contract.Fallback(&_{{$contract.Type}}.TransactOpts, calldata)
+		}
+	{{end}}
+
+	{{if .Receive}}
+		// Receive is a paid mutator transaction binding the contract receive function.
+		//
+		// Solidity: {{.Receive.Original.String}}
+		func (_{{$contract.Type}} *{{$contract.Type}}Transactor) Receive(opts *bind.TransactOpts) (*types.Transaction, error) {
+			return _{{$contract.Type}}.contract.RawTransact(opts, nil) // calldata is disallowed for receive function
+		}
+
+		// Receive is a paid mutator transaction binding the contract receive function.
+		//
+		// Solidity: {{.Receive.Original.String}}
+		func (_{{$contract.Type}} *{{$contract.Type}}Session) Receive() (*types.Transaction, error) {
+		  return _{{$contract.Type}}.Contract.Receive(&_{{$contract.Type}}.TransactOpts)
+		}
+
+		// Receive is a paid mutator transaction binding the contract receive function.
+		//
+		// Solidity: {{.Receive.Original.String}}
+		func (_{{$contract.Type}} *{{$contract.Type}}TransactorSession) Receive() (*types.Transaction, error) {
+		  return _{{$contract.Type}}.Contract.Receive(&_{{$contract.Type}}.TransactOpts)
+		}
+	{{end}}
+
+	{{range .Events}}
+		// {{$contract.Type}}{{.Normalized.Name}}Iterator is returned from Filter{{.Normalized.Name}} and is used to iterate over the raw logs and unpacked data for {{.Normalized.Name}} events raised by the {{$contract.Type}} contract.
+		type {{$contract.Type}}{{.Normalized.Name}}Iterator struct {
+			Event *{{$contract.Type}}{{.Normalized.Name}} // Event containing the contract specifics and raw log
+
+			contract *bind.BoundContract // Generic contract to use for unpacking event data
+			event    string              // Event name to use for unpacking event data
+
+			logs chan types.Log        // Log channel receiving the found contract events
+			sub  ethereum.Subscription // Subscription for errors, completion and termination
+			done bool                  // Whether the subscription completed delivering logs
+			fail error                 // Occurred error to stop iteration
+		}
+		// Next advances the iterator to the subsequent event, returning whether there
+		// are any more events found. In case of a retrieval or parsing error, false is
+		// returned and Error() can be queried for the exact failure.
+		func (it *{{$contract.Type}}{{.Normalized.Name}}Iterator) Next() bool {
+			// If the iterator failed, stop iterating
+			if (it.fail != nil) {
+				return false
+			}
+			// If the iterator completed, deliver directly whatever's available
+			if (it.done) {
+				select {
+				case log := <-it.logs:
+					it.Event = new({{$contract.Type}}{{.Normalized.Name}})
+					if err := it.contract.UnpackLog(it.Event, it.event, log); err != nil {
+						it.fail = err
+						return false
+					}
+					it.Event.Raw = log
+					return true
+
+				default:
+					return false
+				}
+			}
+			// Iterator still in progress, wait for either a data or an error event
+			select {
+			case log := <-it.logs:
+				it.Event = new({{$contract.Type}}{{.Normalized.Name}})
+				if err := it.contract.UnpackLog(it.Event, it.event, log); err != nil {
+					it.fail = err
+					return false
+				}
+				it.Event.Raw = log
+				return true
+
+			case err := <-it.sub.Err():
+				it.done = true
+				it.fail = err
+				return it.Next()
+			}
+		}
+		// Error returns any retrieval or parsing error occurred during filtering.
+		func (it *{{$contract.Type}}{{.Normalized.Name}}Iterator) Error() error {
+			return it.fail
+		}
+		// Close terminates the iteration process, releasing any pending underlying
+		// resources.
+		func (it *{{$contract.Type}}{{.Normalized.Name}}Iterator) Close() error {
+			it.sub.Unsubscribe()
+			return nil
+		}
+
+		// {{$contract.Type}}{{.Normalized.Name}} represents a {{.Normalized.Name}} event raised by the {{$contract.Type}} contract.
+		type {{$contract.Type}}{{.Normalized.Name}} struct { {{range .Normalized.Inputs}}
+			{{capitalise .Name}} {{if .Indexed}}{{bindtopictype .Type $structs}}{{else}}{{bindtype .Type $structs}}{{end}}; {{end}}
+			Raw types.Log // Blockchain specific contextual infos
+		}
+
+		// Filter{{.Normalized.Name}} is a free log retrieval operation binding the contract event 0x{{printf "%x" .Original.ID}}.
+		//
+		// Solidity: {{.Original.String}}
+ 		func (_{{$contract.Type}} *{{$contract.Type}}Filterer) Filter{{.Normalized.Name}}(opts *bind.FilterOpts{{range .Normalized.Inputs}}{{if .Indexed}}, {{.Name}} []{{bindtype .Type $structs}}{{end}}{{end}}) (*{{$contract.Type}}{{.Normalized.Name}}Iterator, error) {
+			{{range .Normalized.Inputs}}
+			{{if .Indexed}}var {{.Name}}Rule []interface{}
+			for _, {{.Name}}Item := range {{.Name}} {
+				{{.Name}}Rule = append({{.Name}}Rule, {{.Name}}Item)
+			}{{end}}{{end}}
+
+			logs, sub, err := _{{$contract.Type}}.contract.FilterLogs(opts, "{{.Original.Name}}"{{range .Normalized.Inputs}}{{if .Indexed}}, {{.Name}}Rule{{end}}{{end}})
+			if err != nil {
+				return nil, err
+			}
+			return &{{$contract.Type}}{{.Normalized.Name}}Iterator{contract: _{{$contract.Type}}.contract, event: "{{.Original.Name}}", logs: logs, sub: sub}, nil
+ 		}
+
+		// Watch{{.Normalized.Name}} is a free log subscription operation binding the contract event 0x{{printf "%x" .Original.ID}}.
+		//
+		// Solidity: {{.Original.String}}
+		func (_{{$contract.Type}} *{{$contract.Type}}Filterer) Watch{{.Normalized.Name}}(opts *bind.WatchOpts, sink chan<- *{{$contract.Type}}{{.Normalized.Name}}{{range .Normalized.Inputs}}{{if .Indexed}}, {{.Name}} []{{bindtype .Type $structs}}{{end}}{{end}}) (event.Subscription, error) {
+			{{range .Normalized.Inputs}}
+			{{if .Indexed}}var {{.Name}}Rule []interface{}
+			for _, {{.Name}}Item := range {{.Name}} {
+				{{.Name}}Rule = append({{.Name}}Rule, {{.Name}}Item)
+			}{{end}}{{end}}
+
+			logs, sub, err := _{{$contract.Type}}.contract.WatchLogs(opts, "{{.Original.Name}}"{{range .Normalized.Inputs}}{{if .Indexed}}, {{.Name}}Rule{{end}}{{end}})
+			if err != nil {
+				return nil, err
+			}
+			return event.NewSubscription(func(quit <-chan struct{}) error {
+				defer sub.Unsubscribe()
+				for {
+					select {
+					case log := <-logs:
+						// New log arrived, parse the event and forward to the user
+						event := new({{$contract.Type}}{{.Normalized.Name}})
+						if err := _{{$contract.Type}}.contract.UnpackLog(event, "{{.Original.Name}}", log); err != nil {
+							return err
+						}
+						event.Raw = log
+
+						select {
+						case sink <- event:
+						case err := <-sub.Err():
+							return err
+						case <-quit:
+							return nil
+						}
+					case err := <-sub.Err():
+						return err
+					case <-quit:
+						return nil
+					}
+				}
+			}), nil
+		}
+
+		// Parse{{.Normalized.Name}} is a log parse operation binding the contract event 0x{{printf "%x" .Original.ID}}.
+		//
+		// Solidity: {{.Original.String}}
+		func (_{{$contract.Type}} *{{$contract.Type}}Filterer) Parse{{.Normalized.Name}}(log types.Log) (*{{$contract.Type}}{{.Normalized.Name}}, error) {
+			event := new({{$contract.Type}}{{.Normalized.Name}})
+			if err := _{{$contract.Type}}.contract.UnpackLog(event, "{{.Original.Name}}", log); err != nil {
+				return nil, err
+			}
+			event.Raw = log
+			return event, nil
+		}
+
+ 	{{end}}
+{{end}}
--- a/accounts/abi/bind/template.go
+++ b/accounts/abi/bind/template.go
@ -16,7 +16,11 @@

 package bind

-import "github.com/ethereum/go-ethereum/accounts/abi"
+import (
+	_ "embed"
+
+	"github.com/ethereum/go-ethereum/accounts/abi"
+)

 // tmplData is the data structure required to fill the binding template.
 type tmplData struct {
@ -80,492 +84,6 @@ var tmplSource = map[Lang]string{

 // tmplSourceGo is the Go source template that the generated Go contract binding
 // is based on.
-const tmplSourceGo = `
-// Code generated - DO NOT EDIT.
-// This file is a generated binding and any manual changes will be lost.
-
-package {{.Package}}
-
-import (
-	"math/big"
-	"strings"
-	"errors"
-
-	ethereum "github.com/ethereum/go-ethereum"
-	"github.com/ethereum/go-ethereum/accounts/abi"
-	"github.com/ethereum/go-ethereum/accounts/abi/bind"
-	"github.com/ethereum/go-ethereum/common"
-	"github.com/ethereum/go-ethereum/core/types"
-	"github.com/ethereum/go-ethereum/event"
-)
-
-// Reference imports to suppress errors if they are not otherwise used.
-var (
-	_ = errors.New
-	_ = big.NewInt
-	_ = strings.NewReader
-	_ = ethereum.NotFound
-	_ = bind.Bind
-	_ = common.Big1
-	_ = types.BloomLookup
-	_ = event.NewSubscription
-	_ = abi.ConvertType
-)
-
-{{$structs := .Structs}}
-{{range $structs}}
-	// {{.Name}} is an auto generated low-level Go binding around an user-defined struct.
-	type {{.Name}} struct {
-	{{range $field := .Fields}}
-	{{$field.Name}} {{$field.Type}}{{end}}
-	}
-{{end}}
-
-{{range $contract := .Contracts}}
-	// {{.Type}}MetaData contains all meta data concerning the {{.Type}} contract.
-	var {{.Type}}MetaData = &bind.MetaData{
-		ABI: "{{.InputABI}}",
-		{{if $contract.FuncSigs -}}
-		Sigs: map[string]string{
-			{{range $strsig, $binsig := .FuncSigs}}"{{$binsig}}": "{{$strsig}}",
-			{{end}}
-		},
-		{{end -}}
-		{{if .InputBin -}}
-		Bin: "0x{{.InputBin}}",
-		{{end}}
-	}
-	// {{.Type}}ABI is the input ABI used to generate the binding from.
-	// Deprecated: Use {{.Type}}MetaData.ABI instead.
-	var {{.Type}}ABI = {{.Type}}MetaData.ABI
-
-	{{if $contract.FuncSigs}}
-		// Deprecated: Use {{.Type}}MetaData.Sigs instead.
-		// {{.Type}}FuncSigs maps the 4-byte function signature to its string representation.
-		var {{.Type}}FuncSigs = {{.Type}}MetaData.Sigs
-	{{end}}
-
-	{{if .InputBin}}
-		// {{.Type}}Bin is the compiled bytecode used for deploying new contracts.
-		// Deprecated: Use {{.Type}}MetaData.Bin instead.
-		var {{.Type}}Bin = {{.Type}}MetaData.Bin
-
-		// Deploy{{.Type}} deploys a new Ethereum contract, binding an instance of {{.Type}} to it.
-		func Deploy{{.Type}}(auth *bind.TransactOpts, backend bind.ContractBackend {{range .Constructor.Inputs}}, {{.Name}} {{bindtype .Type $structs}}{{end}}) (common.Address, *types.Transaction, *{{.Type}}, error) {
-		  parsed, err := {{.Type}}MetaData.GetAbi()
-		  if err != nil {
-		    return common.Address{}, nil, nil, err
-		  }
-		  if parsed == nil {
-			return common.Address{}, nil, nil, errors.New("GetABI returned nil")
-		  }
-		  {{range $pattern, $name := .Libraries}}
-			{{decapitalise $name}}Addr, _, _, _ := Deploy{{capitalise $name}}(auth, backend)
-			{{$contract.Type}}Bin = strings.ReplaceAll({{$contract.Type}}Bin, "__${{$pattern}}$__", {{decapitalise $name}}Addr.String()[2:])
-		  {{end}}
-		  address, tx, contract, err := bind.DeployContract(auth, *parsed, common.FromHex({{.Type}}Bin), backend {{range .Constructor.Inputs}}, {{.Name}}{{end}})
-		  if err != nil {
-		    return common.Address{}, nil, nil, err
-		  }
-		  return address, tx, &{{.Type}}{ {{.Type}}Caller: {{.Type}}Caller{contract: contract}, {{.Type}}Transactor: {{.Type}}Transactor{contract: contract}, {{.Type}}Filterer: {{.Type}}Filterer{contract: contract} }, nil
-		}
-	{{end}}
-
-	// {{.Type}} is an auto generated Go binding around an Ethereum contract.
-	type {{.Type}} struct {
-	  {{.Type}}Caller     // Read-only binding to the contract
-	  {{.Type}}Transactor // Write-only binding to the contract
-	  {{.Type}}Filterer   // Log filterer for contract events
-	}
-
-	// {{.Type}}Caller is an auto generated read-only Go binding around an Ethereum contract.
-	type {{.Type}}Caller struct {
-	  contract *bind.BoundContract // Generic contract wrapper for the low level calls
-	}
-
-	// {{.Type}}Transactor is an auto generated write-only Go binding around an Ethereum contract.
-	type {{.Type}}Transactor struct {
-	  contract *bind.BoundContract // Generic contract wrapper for the low level calls
-	}
-
-	// {{.Type}}Filterer is an auto generated log filtering Go binding around an Ethereum contract events.
-	type {{.Type}}Filterer struct {
-	  contract *bind.BoundContract // Generic contract wrapper for the low level calls
-	}
-
-	// {{.Type}}Session is an auto generated Go binding around an Ethereum contract,
-	// with pre-set call and transact options.
-	type {{.Type}}Session struct {
-	  Contract     *{{.Type}}        // Generic contract binding to set the session for
-	  CallOpts     bind.CallOpts     // Call options to use throughout this session
-	  TransactOpts bind.TransactOpts // Transaction auth options to use throughout this session
-	}
-
-	// {{.Type}}CallerSession is an auto generated read-only Go binding around an Ethereum contract,
-	// with pre-set call options.
-	type {{.Type}}CallerSession struct {
-	  Contract *{{.Type}}Caller // Generic contract caller binding to set the session for
-	  CallOpts bind.CallOpts    // Call options to use throughout this session
-	}
-
-	// {{.Type}}TransactorSession is an auto generated write-only Go binding around an Ethereum contract,
-	// with pre-set transact options.
-	type {{.Type}}TransactorSession struct {
-	  Contract     *{{.Type}}Transactor // Generic contract transactor binding to set the session for
-	  TransactOpts bind.TransactOpts    // Transaction auth options to use throughout this session
-	}
-
-	// {{.Type}}Raw is an auto generated low-level Go binding around an Ethereum contract.
-	type {{.Type}}Raw struct {
-	  Contract *{{.Type}} // Generic contract binding to access the raw methods on
-	}
-
-	// {{.Type}}CallerRaw is an auto generated low-level read-only Go binding around an Ethereum contract.
-	type {{.Type}}CallerRaw struct {
-		Contract *{{.Type}}Caller // Generic read-only contract binding to access the raw methods on
-	}
-
-	// {{.Type}}TransactorRaw is an auto generated low-level write-only Go binding around an Ethereum contract.
-	type {{.Type}}TransactorRaw struct {
-		Contract *{{.Type}}Transactor // Generic write-only contract binding to access the raw methods on
-	}
-
-	// New{{.Type}} creates a new instance of {{.Type}}, bound to a specific deployed contract.
-	func New{{.Type}}(address common.Address, backend bind.ContractBackend) (*{{.Type}}, error) {
-	  contract, err := bind{{.Type}}(address, backend, backend, backend)
-	  if err != nil {
-	    return nil, err
-	  }
-	  return &{{.Type}}{ {{.Type}}Caller: {{.Type}}Caller{contract: contract}, {{.Type}}Transactor: {{.Type}}Transactor{contract: contract}, {{.Type}}Filterer: {{.Type}}Filterer{contract: contract} }, nil
-	}
-
-	// New{{.Type}}Caller creates a new read-only instance of {{.Type}}, bound to a specific deployed contract.
-	func New{{.Type}}Caller(address common.Address, caller bind.ContractCaller) (*{{.Type}}Caller, error) {
-	  contract, err := bind{{.Type}}(address, caller, nil, nil)
-	  if err != nil {
-	    return nil, err
-	  }
-	  return &{{.Type}}Caller{contract: contract}, nil
-	}
-
-	// New{{.Type}}Transactor creates a new write-only instance of {{.Type}}, bound to a specific deployed contract.
-	func New{{.Type}}Transactor(address common.Address, transactor bind.ContractTransactor) (*{{.Type}}Transactor, error) {
-	  contract, err := bind{{.Type}}(address, nil, transactor, nil)
-	  if err != nil {
-	    return nil, err
-	  }
-	  return &{{.Type}}Transactor{contract: contract}, nil
-	}
-
-	// New{{.Type}}Filterer creates a new log filterer instance of {{.Type}}, bound to a specific deployed contract.
- 	func New{{.Type}}Filterer(address common.Address, filterer bind.ContractFilterer) (*{{.Type}}Filterer, error) {
- 	  contract, err := bind{{.Type}}(address, nil, nil, filterer)
- 	  if err != nil {
- 	    return nil, err
- 	  }
- 	  return &{{.Type}}Filterer{contract: contract}, nil
- 	}
-
-	// bind{{.Type}} binds a generic wrapper to an already deployed contract.
-	func bind{{.Type}}(address common.Address, caller bind.ContractCaller, transactor bind.ContractTransactor, filterer bind.ContractFilterer) (*bind.BoundContract, error) {
-	  parsed, err := {{.Type}}MetaData.GetAbi()
-	  if err != nil {
-	    return nil, err
-	  }
-	  return bind.NewBoundContract(address, *parsed, caller, transactor, filterer), nil
-	}
-
-	// Call invokes the (constant) contract method with params as input values and
-	// sets the output to result. The result type might be a single field for simple
-	// returns, a slice of interfaces for anonymous returns and a struct for named
-	// returns.
-	func (_{{$contract.Type}} *{{$contract.Type}}Raw) Call(opts *bind.CallOpts, result *[]interface{}, method string, params ...interface{}) error {
-		return _{{$contract.Type}}.Contract.{{$contract.Type}}Caller.contract.Call(opts, result, method, params...)
-	}
-
-	// Transfer initiates a plain transaction to move funds to the contract, calling
-	// its default method if one is available.
-	func (_{{$contract.Type}} *{{$contract.Type}}Raw) Transfer(opts *bind.TransactOpts) (*types.Transaction, error) {
-		return _{{$contract.Type}}.Contract.{{$contract.Type}}Transactor.contract.Transfer(opts)
-	}
-
-	// Transact invokes the (paid) contract method with params as input values.
-	func (_{{$contract.Type}} *{{$contract.Type}}Raw) Transact(opts *bind.TransactOpts, method string, params ...interface{}) (*types.Transaction, error) {
-		return _{{$contract.Type}}.Contract.{{$contract.Type}}Transactor.contract.Transact(opts, method, params...)
-	}
-
-	// Call invokes the (constant) contract method with params as input values and
-	// sets the output to result. The result type might be a single field for simple
-	// returns, a slice of interfaces for anonymous returns and a struct for named
-	// returns.
-	func (_{{$contract.Type}} *{{$contract.Type}}CallerRaw) Call(opts *bind.CallOpts, result *[]interface{}, method string, params ...interface{}) error {
-		return _{{$contract.Type}}.Contract.contract.Call(opts, result, method, params...)
-	}
-
-	// Transfer initiates a plain transaction to move funds to the contract, calling
-	// its default method if one is available.
-	func (_{{$contract.Type}} *{{$contract.Type}}TransactorRaw) Transfer(opts *bind.TransactOpts) (*types.Transaction, error) {
-		return _{{$contract.Type}}.Contract.contract.Transfer(opts)
-	}
-
-	// Transact invokes the (paid) contract method with params as input values.
-	func (_{{$contract.Type}} *{{$contract.Type}}TransactorRaw) Transact(opts *bind.TransactOpts, method string, params ...interface{}) (*types.Transaction, error) {
-		return _{{$contract.Type}}.Contract.contract.Transact(opts, method, params...)
-	}
-
-	{{range .Calls}}
-		// {{.Normalized.Name}} is a free data retrieval call binding the contract method 0x{{printf "%x" .Original.ID}}.
-		//
-		// Solidity: {{.Original.String}}
-		func (_{{$contract.Type}} *{{$contract.Type}}Caller) {{.Normalized.Name}}(opts *bind.CallOpts {{range .Normalized.Inputs}}, {{.Name}} {{bindtype .Type $structs}} {{end}}) ({{if .Structured}}struct{ {{range .Normalized.Outputs}}{{.Name}} {{bindtype .Type $structs}};{{end}} },{{else}}{{range .Normalized.Outputs}}{{bindtype .Type $structs}},{{end}}{{end}} error) {
-			var out []interface{}
-			err := _{{$contract.Type}}.contract.Call(opts, &out, "{{.Original.Name}}" {{range .Normalized.Inputs}}, {{.Name}}{{end}})
-			{{if .Structured}}
-			outstruct := new(struct{ {{range .Normalized.Outputs}} {{.Name}} {{bindtype .Type $structs}}; {{end}} })
-			if err != nil {
-				return *outstruct, err
-			}
-			{{range $i, $t := .Normalized.Outputs}}
-			outstruct.{{.Name}} = *abi.ConvertType(out[{{$i}}], new({{bindtype .Type $structs}})).(*{{bindtype .Type $structs}}){{end}}
-
-			return *outstruct, err
-			{{else}}
-			if err != nil {
-				return {{range $i, $_ := .Normalized.Outputs}}*new({{bindtype .Type $structs}}), {{end}} err
-			}
-			{{range $i, $t := .Normalized.Outputs}}
-			out{{$i}} := *abi.ConvertType(out[{{$i}}], new({{bindtype .Type $structs}})).(*{{bindtype .Type $structs}}){{end}}
-
-			return {{range $i, $t := .Normalized.Outputs}}out{{$i}}, {{end}} err
-			{{end}}
-		}
-
-		// {{.Normalized.Name}} is a free data retrieval call binding the contract method 0x{{printf "%x" .Original.ID}}.
-		//
-		// Solidity: {{.Original.String}}
-		func (_{{$contract.Type}} *{{$contract.Type}}Session) {{.Normalized.Name}}({{range $i, $_ := .Normalized.Inputs}}{{if ne $i 0}},{{end}} {{.Name}} {{bindtype .Type $structs}} {{end}}) ({{if .Structured}}struct{ {{range .Normalized.Outputs}}{{.Name}} {{bindtype .Type $structs}};{{end}} }, {{else}} {{range .Normalized.Outputs}}{{bindtype .Type $structs}},{{end}} {{end}} error) {
-		  return _{{$contract.Type}}.Contract.{{.Normalized.Name}}(&_{{$contract.Type}}.CallOpts {{range .Normalized.Inputs}}, {{.Name}}{{end}})
-		}
-
-		// {{.Normalized.Name}} is a free data retrieval call binding the contract method 0x{{printf "%x" .Original.ID}}.
-		//
-		// Solidity: {{.Original.String}}
-		func (_{{$contract.Type}} *{{$contract.Type}}CallerSession) {{.Normalized.Name}}({{range $i, $_ := .Normalized.Inputs}}{{if ne $i 0}},{{end}} {{.Name}} {{bindtype .Type $structs}} {{end}}) ({{if .Structured}}struct{ {{range .Normalized.Outputs}}{{.Name}} {{bindtype .Type $structs}};{{end}} }, {{else}} {{range .Normalized.Outputs}}{{bindtype .Type $structs}},{{end}} {{end}} error) {
-		  return _{{$contract.Type}}.Contract.{{.Normalized.Name}}(&_{{$contract.Type}}.CallOpts {{range .Normalized.Inputs}}, {{.Name}}{{end}})
-		}
-	{{end}}
-
-	{{range .Transacts}}
-		// {{.Normalized.Name}} is a paid mutator transaction binding the contract method 0x{{printf "%x" .Original.ID}}.
-		//
-		// Solidity: {{.Original.String}}
-		func (_{{$contract.Type}} *{{$contract.Type}}Transactor) {{.Normalized.Name}}(opts *bind.TransactOpts {{range .Normalized.Inputs}}, {{.Name}} {{bindtype .Type $structs}} {{end}}) (*types.Transaction, error) {
-			return _{{$contract.Type}}.contract.Transact(opts, "{{.Original.Name}}" {{range .Normalized.Inputs}}, {{.Name}}{{end}})
-		}
-
-		// {{.Normalized.Name}} is a paid mutator transaction binding the contract method 0x{{printf "%x" .Original.ID}}.
-		//
-		// Solidity: {{.Original.String}}
-		func (_{{$contract.Type}} *{{$contract.Type}}Session) {{.Normalized.Name}}({{range $i, $_ := .Normalized.Inputs}}{{if ne $i 0}},{{end}} {{.Name}} {{bindtype .Type $structs}} {{end}}) (*types.Transaction, error) {
-		  return _{{$contract.Type}}.Contract.{{.Normalized.Name}}(&_{{$contract.Type}}.TransactOpts {{range $i, $_ := .Normalized.Inputs}}, {{.Name}}{{end}})
-		}
-
-		// {{.Normalized.Name}} is a paid mutator transaction binding the contract method 0x{{printf "%x" .Original.ID}}.
-		//
-		// Solidity: {{.Original.String}}
-		func (_{{$contract.Type}} *{{$contract.Type}}TransactorSession) {{.Normalized.Name}}({{range $i, $_ := .Normalized.Inputs}}{{if ne $i 0}},{{end}} {{.Name}} {{bindtype .Type $structs}} {{end}}) (*types.Transaction, error) {
-		  return _{{$contract.Type}}.Contract.{{.Normalized.Name}}(&_{{$contract.Type}}.TransactOpts {{range $i, $_ := .Normalized.Inputs}}, {{.Name}}{{end}})
-		}
-	{{end}}
-
-	{{if .Fallback}}
-		// Fallback is a paid mutator transaction binding the contract fallback function.
-		//
-		// Solidity: {{.Fallback.Original.String}}
-		func (_{{$contract.Type}} *{{$contract.Type}}Transactor) Fallback(opts *bind.TransactOpts, calldata []byte) (*types.Transaction, error) {
-			return _{{$contract.Type}}.contract.RawTransact(opts, calldata)
-		}
-
-		// Fallback is a paid mutator transaction binding the contract fallback function.
-		//
-		// Solidity: {{.Fallback.Original.String}}
-		func (_{{$contract.Type}} *{{$contract.Type}}Session) Fallback(calldata []byte) (*types.Transaction, error) {
-		  return _{{$contract.Type}}.Contract.Fallback(&_{{$contract.Type}}.TransactOpts, calldata)
-		}
-
-		// Fallback is a paid mutator transaction binding the contract fallback function.
-		//
-		// Solidity: {{.Fallback.Original.String}}
-		func (_{{$contract.Type}} *{{$contract.Type}}TransactorSession) Fallback(calldata []byte) (*types.Transaction, error) {
-		  return _{{$contract.Type}}.Contract.Fallback(&_{{$contract.Type}}.TransactOpts, calldata)
-		}
-	{{end}}
-
-	{{if .Receive}}
-		// Receive is a paid mutator transaction binding the contract receive function.
-		//
-		// Solidity: {{.Receive.Original.String}}
-		func (_{{$contract.Type}} *{{$contract.Type}}Transactor) Receive(opts *bind.TransactOpts) (*types.Transaction, error) {
-			return _{{$contract.Type}}.contract.RawTransact(opts, nil) // calldata is disallowed for receive function
-		}
-
-		// Receive is a paid mutator transaction binding the contract receive function.
-		//
-		// Solidity: {{.Receive.Original.String}}
-		func (_{{$contract.Type}} *{{$contract.Type}}Session) Receive() (*types.Transaction, error) {
-		  return _{{$contract.Type}}.Contract.Receive(&_{{$contract.Type}}.TransactOpts)
-		}
-
-		// Receive is a paid mutator transaction binding the contract receive function.
-		//
-		// Solidity: {{.Receive.Original.String}}
-		func (_{{$contract.Type}} *{{$contract.Type}}TransactorSession) Receive() (*types.Transaction, error) {
-		  return _{{$contract.Type}}.Contract.Receive(&_{{$contract.Type}}.TransactOpts)
-		}
-	{{end}}
-
-	{{range .Events}}
-		// {{$contract.Type}}{{.Normalized.Name}}Iterator is returned from Filter{{.Normalized.Name}} and is used to iterate over the raw logs and unpacked data for {{.Normalized.Name}} events raised by the {{$contract.Type}} contract.
-		type {{$contract.Type}}{{.Normalized.Name}}Iterator struct {
-			Event *{{$contract.Type}}{{.Normalized.Name}} // Event containing the contract specifics and raw log
-
-			contract *bind.BoundContract // Generic contract to use for unpacking event data
-			event    string              // Event name to use for unpacking event data
-
-			logs chan types.Log        // Log channel receiving the found contract events
-			sub  ethereum.Subscription // Subscription for errors, completion and termination
-			done bool                  // Whether the subscription completed delivering logs
-			fail error                 // Occurred error to stop iteration
-		}
-		// Next advances the iterator to the subsequent event, returning whether there
-		// are any more events found. In case of a retrieval or parsing error, false is
-		// returned and Error() can be queried for the exact failure.
-		func (it *{{$contract.Type}}{{.Normalized.Name}}Iterator) Next() bool {
-			// If the iterator failed, stop iterating
-			if (it.fail != nil) {
-				return false
-			}
-			// If the iterator completed, deliver directly whatever's available
-			if (it.done) {
-				select {
-				case log := <-it.logs:
-					it.Event = new({{$contract.Type}}{{.Normalized.Name}})
-					if err := it.contract.UnpackLog(it.Event, it.event, log); err != nil {
-						it.fail = err
-						return false
-					}
-					it.Event.Raw = log
-					return true
-
-				default:
-					return false
-				}
-			}
-			// Iterator still in progress, wait for either a data or an error event
-			select {
-			case log := <-it.logs:
-				it.Event = new({{$contract.Type}}{{.Normalized.Name}})
-				if err := it.contract.UnpackLog(it.Event, it.event, log); err != nil {
-					it.fail = err
-					return false
-				}
-				it.Event.Raw = log
-				return true
-
-			case err := <-it.sub.Err():
-				it.done = true
-				it.fail = err
-				return it.Next()
-			}
-		}
-		// Error returns any retrieval or parsing error occurred during filtering.
-		func (it *{{$contract.Type}}{{.Normalized.Name}}Iterator) Error() error {
-			return it.fail
-		}
-		// Close terminates the iteration process, releasing any pending underlying
-		// resources.
-		func (it *{{$contract.Type}}{{.Normalized.Name}}Iterator) Close() error {
-			it.sub.Unsubscribe()
-			return nil
-		}
-
-		// {{$contract.Type}}{{.Normalized.Name}} represents a {{.Normalized.Name}} event raised by the {{$contract.Type}} contract.
-		type {{$contract.Type}}{{.Normalized.Name}} struct { {{range .Normalized.Inputs}}
-			{{capitalise .Name}} {{if .Indexed}}{{bindtopictype .Type $structs}}{{else}}{{bindtype .Type $structs}}{{end}}; {{end}}
-			Raw types.Log // Blockchain specific contextual infos
-		}
-
-		// Filter{{.Normalized.Name}} is a free log retrieval operation binding the contract event 0x{{printf "%x" .Original.ID}}.
-		//
-		// Solidity: {{.Original.String}}
- 		func (_{{$contract.Type}} *{{$contract.Type}}Filterer) Filter{{.Normalized.Name}}(opts *bind.FilterOpts{{range .Normalized.Inputs}}{{if .Indexed}}, {{.Name}} []{{bindtype .Type $structs}}{{end}}{{end}}) (*{{$contract.Type}}{{.Normalized.Name}}Iterator, error) {
-			{{range .Normalized.Inputs}}
-			{{if .Indexed}}var {{.Name}}Rule []interface{}
-			for _, {{.Name}}Item := range {{.Name}} {
-				{{.Name}}Rule = append({{.Name}}Rule, {{.Name}}Item)
-			}{{end}}{{end}}
-
-			logs, sub, err := _{{$contract.Type}}.contract.FilterLogs(opts, "{{.Original.Name}}"{{range .Normalized.Inputs}}{{if .Indexed}}, {{.Name}}Rule{{end}}{{end}})
-			if err != nil {
-				return nil, err
-			}
-			return &{{$contract.Type}}{{.Normalized.Name}}Iterator{contract: _{{$contract.Type}}.contract, event: "{{.Original.Name}}", logs: logs, sub: sub}, nil
- 		}
-
-		// Watch{{.Normalized.Name}} is a free log subscription operation binding the contract event 0x{{printf "%x" .Original.ID}}.
-		//
-		// Solidity: {{.Original.String}}
-		func (_{{$contract.Type}} *{{$contract.Type}}Filterer) Watch{{.Normalized.Name}}(opts *bind.WatchOpts, sink chan<- *{{$contract.Type}}{{.Normalized.Name}}{{range .Normalized.Inputs}}{{if .Indexed}}, {{.Name}} []{{bindtype .Type $structs}}{{end}}{{end}}) (event.Subscription, error) {
-			{{range .Normalized.Inputs}}
-			{{if .Indexed}}var {{.Name}}Rule []interface{}
-			for _, {{.Name}}Item := range {{.Name}} {
-				{{.Name}}Rule = append({{.Name}}Rule, {{.Name}}Item)
-			}{{end}}{{end}}
-
-			logs, sub, err := _{{$contract.Type}}.contract.WatchLogs(opts, "{{.Original.Name}}"{{range .Normalized.Inputs}}{{if .Indexed}}, {{.Name}}Rule{{end}}{{end}})
-			if err != nil {
-				return nil, err
-			}
-			return event.NewSubscription(func(quit <-chan struct{}) error {
-				defer sub.Unsubscribe()
-				for {
-					select {
-					case log := <-logs:
-						// New log arrived, parse the event and forward to the user
-						event := new({{$contract.Type}}{{.Normalized.Name}})
-						if err := _{{$contract.Type}}.contract.UnpackLog(event, "{{.Original.Name}}", log); err != nil {
-							return err
-						}
-						event.Raw = log
-
-						select {
-						case sink <- event:
-						case err := <-sub.Err():
-							return err
-						case <-quit:
-							return nil
-						}
-					case err := <-sub.Err():
-						return err
-					case <-quit:
-						return nil
-					}
-				}
-			}), nil
-		}
-
-		// Parse{{.Normalized.Name}} is a log parse operation binding the contract event 0x{{printf "%x" .Original.ID}}.
-		//
-		// Solidity: {{.Original.String}}
-		func (_{{$contract.Type}} *{{$contract.Type}}Filterer) Parse{{.Normalized.Name}}(log types.Log) (*{{$contract.Type}}{{.Normalized.Name}}, error) {
-			event := new({{$contract.Type}}{{.Normalized.Name}})
-			if err := _{{$contract.Type}}.contract.UnpackLog(event, "{{.Original.Name}}", log); err != nil {
-				return nil, err
-			}
-			event.Raw = log
-			return event, nil
-		}
-
- 	{{end}}
-{{end}}
-`
+//
+//go:embed source.go.tpl
+var tmplSourceGo string
--- a/accounts/abi/bind/util.go
+++ b/accounts/abi/bind/util.go
@ -30,12 +30,18 @@ import (
 // WaitMined waits for tx to be mined on the blockchain.
 // It stops waiting when the context is canceled.
 func WaitMined(ctx context.Context, b DeployBackend, tx *types.Transaction) (*types.Receipt, error) {
+	return WaitMinedHash(ctx, b, tx.Hash())
+}
+
+// WaitMinedHash waits for a transaction with the provided hash to be mined on the blockchain.
+// It stops waiting when the context is canceled.
+func WaitMinedHash(ctx context.Context, b DeployBackend, hash common.Hash) (*types.Receipt, error) {
 	queryTicker := time.NewTicker(time.Second)
 	defer queryTicker.Stop()

-	logger := log.New("hash", tx.Hash())
+	logger := log.New("hash", hash)
 	for {
-		receipt, err := b.TransactionReceipt(ctx, tx.Hash())
+		receipt, err := b.TransactionReceipt(ctx, hash)
 		if err == nil {
 			return receipt, nil
 		}
@ -61,7 +67,13 @@ func WaitDeployed(ctx context.Context, b DeployBackend, tx *types.Transaction) (
 	if tx.To() != nil {
 		return common.Address{}, errors.New("tx is not contract creation")
 	}
-	receipt, err := WaitMined(ctx, b, tx)
+	return WaitDeployedHash(ctx, b, tx.Hash())
+}
+
+// WaitDeployedHash waits for a contract deployment transaction with the provided hash and returns the on-chain
+// contract address when it is mined. It stops waiting when ctx is canceled.
+func WaitDeployedHash(ctx context.Context, b DeployBackend, hash common.Hash) (common.Address, error) {
+	receipt, err := WaitMinedHash(ctx, b, hash)
 	if err != nil {
 		return common.Address{}, err
 	}
--- a/accounts/abi/bind/util_test.go
+++ b/accounts/abi/bind/util_test.go
@ -82,7 +82,9 @@ func TestWaitDeployed(t *testing.T) {
 		}()

 		// Send and mine the transaction.
-		backend.Client().SendTransaction(ctx, tx)
+		if err := backend.Client().SendTransaction(ctx, tx); err != nil {
+			t.Errorf("test %q: failed to send transaction: %v", name, err)
+		}
 		backend.Commit()

 		select {
@ -116,7 +118,9 @@ func TestWaitDeployedCornerCases(t *testing.T) {
 	tx, _ = types.SignTx(tx, types.LatestSigner(params.AllDevChainProtocolChanges), testKey)
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	backend.Client().SendTransaction(ctx, tx)
+	if err := backend.Client().SendTransaction(ctx, tx); err != nil {
+		t.Errorf("failed to send transaction: %q", err)
+	}
 	backend.Commit()
 	notContractCreation := errors.New("tx is not contract creation")
 	if _, err := bind.WaitDeployed(ctx, backend.Client(), tx); err.Error() != notContractCreation.Error() {
@ -134,6 +138,8 @@ func TestWaitDeployedCornerCases(t *testing.T) {
 		}
 	}()

-	backend.Client().SendTransaction(ctx, tx)
+	if err := backend.Client().SendTransaction(ctx, tx); err != nil {
+		t.Errorf("failed to send transaction: %q", err)
+	}
 	cancel()
 }
--- a/accounts/abi/event_test.go
+++ b/accounts/abi/event_test.go
@ -331,7 +331,6 @@ func TestEventTupleUnpack(t *testing.T) {

 	for _, tc := range testCases {
 		assert := assert.New(t)
-		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
 			err := unpackTestEventData(tc.dest, tc.data, tc.jsonLog, assert)
 			if tc.error == "" {
--- a/accounts/abi/pack_test.go
+++ b/accounts/abi/pack_test.go
@ -34,7 +34,6 @@ import (
 func TestPack(t *testing.T) {
 	t.Parallel()
 	for i, test := range packUnpackTests {
-		i, test := i, test
 		t.Run(strconv.Itoa(i), func(t *testing.T) {
 			t.Parallel()
 			encb, err := hex.DecodeString(test.packed)
--- a/accounts/abi/reflect_test.go
+++ b/accounts/abi/reflect_test.go
@ -172,7 +172,6 @@ var reflectTests = []reflectTest{
 func TestReflectNameToStruct(t *testing.T) {
 	t.Parallel()
 	for _, test := range reflectTests {
-		test := test
 		t.Run(test.name, func(t *testing.T) {
 			t.Parallel()
 			m, err := mapArgNamesToStructFields(test.args, reflect.ValueOf(test.struc))
--- a/accounts/abi/topics.go
+++ b/accounts/abi/topics.go
@ -42,7 +42,7 @@ func MakeTopics(query ...[]interface{}) ([][]common.Hash, error) {
 			case common.Address:
 				copy(topic[common.HashLength-common.AddressLength:], rule[:])
 			case *big.Int:
-				copy(topic[:], math.U256Bytes(rule))
+				copy(topic[:], math.U256Bytes(new(big.Int).Set(rule)))
 			case bool:
 				if rule {
 					topic[common.HashLength-1] = 1
--- a/accounts/abi/topics_test.go
+++ b/accounts/abi/topics_test.go
@ -137,7 +137,6 @@ func TestMakeTopics(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			got, err := MakeTopics(tt.args.query...)
@ -150,6 +149,23 @@ func TestMakeTopics(t *testing.T) {
 			}
 		})
 	}
+
+	t.Run("does not mutate big.Int", func(t *testing.T) {
+		t.Parallel()
+		want := [][]common.Hash{{common.HexToHash("ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff")}}
+
+		in := big.NewInt(-1)
+		got, err := MakeTopics([]interface{}{in})
+		if err != nil {
+			t.Fatalf("makeTopics() error = %v", err)
+		}
+		if !reflect.DeepEqual(got, want) {
+			t.Fatalf("makeTopics() = %v, want %v", got, want)
+		}
+		if orig := big.NewInt(-1); in.Cmp(orig) != 0 {
+			t.Fatalf("makeTopics() mutated an input parameter from %v to %v", orig, in)
+		}
+	})
 }

 type args struct {
@ -373,7 +389,6 @@ func TestParseTopics(t *testing.T) {
 	tests := setupTopicsTests()

 	for _, tt := range tests {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			createObj := tt.args.createObj()
@ -393,7 +408,6 @@ func TestParseTopicsIntoMap(t *testing.T) {
 	tests := setupTopicsTests()

 	for _, tt := range tests {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			outMap := make(map[string]interface{})
--- a/accounts/abi/type.go
+++ b/accounts/abi/type.go
@ -64,6 +64,9 @@ type Type struct {
 var (
 	// typeRegex parses the abi sub types
 	typeRegex = regexp.MustCompile("([a-zA-Z]+)(([0-9]+)(x([0-9]+))?)?")
+
+	// sliceSizeRegex grab the slice size
+	sliceSizeRegex = regexp.MustCompile("[0-9]+")
 )

 // NewType creates a new reflection type of abi type given in t.
@ -91,8 +94,7 @@ func NewType(t string, internalType string, components []ArgumentMarshaling) (ty
 		// grab the last cell and create a type from there
 		sliced := t[i:]
 		// grab the slice size with regexp
-		re := regexp.MustCompile("[0-9]+")
-		intz := re.FindAllString(sliced, -1)
+		intz := sliceSizeRegex.FindAllString(sliced, -1)

 		if len(intz) == 0 {
 			// is a slice
@ -217,7 +219,12 @@ func NewType(t string, internalType string, components []ArgumentMarshaling) (ty
 		typ.T = FunctionTy
 		typ.Size = 24
 	default:
-		return Type{}, fmt.Errorf("unsupported arg type: %s", t)
+		if strings.HasPrefix(internalType, "contract ") {
+			typ.Size = 20
+			typ.T = AddressTy
+		} else {
+			return Type{}, fmt.Errorf("unsupported arg type: %s", t)
+		}
 	}

 	return
--- a/accounts/abi/unpack_test.go
+++ b/accounts/abi/unpack_test.go
@ -389,7 +389,6 @@ func TestMethodMultiReturn(t *testing.T) {
 		"Can not unpack into a slice with wrong types",
 	}}
 	for _, tc := range testCases {
-		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
 			require := require.New(t)
 			err := abi.UnpackIntoInterface(tc.dest, "multi", data)
@ -947,7 +946,7 @@ func TestOOMMaliciousInput(t *testing.T) {
 		}
 		encb, err := hex.DecodeString(test.enc)
 		if err != nil {
-			t.Fatalf("invalid hex: %s" + test.enc)
+			t.Fatalf("invalid hex: %s", test.enc)
 		}
 		_, err = abi.Methods["method"].Outputs.UnpackValues(encb)
 		if err == nil {
--- a/accounts/accounts.go
+++ b/accounts/accounts.go
@ -214,7 +214,9 @@ const (
 	// of starting any background processes such as automatic key derivation.
 	WalletOpened

-	// WalletDropped
+	// WalletDropped is fired when a wallet is removed or disconnected, either via USB
+	// or due to a filesystem event in the keystore. This event indicates that the wallet
+	// is no longer available for operations.
 	WalletDropped
 )

--- a/accounts/external/backend.go
+++ b/accounts/external/backend.go
@ -215,7 +215,7 @@ func (api *ExternalSigner) SignTx(account accounts.Account, tx *types.Transactio
 	switch tx.Type() {
 	case types.LegacyTxType, types.AccessListTxType:
 		args.GasPrice = (*hexutil.Big)(tx.GasPrice())
-	case types.DynamicFeeTxType, types.BlobTxType:
+	case types.DynamicFeeTxType, types.BlobTxType, types.SetCodeTxType:
 		args.MaxFeePerGas = (*hexutil.Big)(tx.GasFeeCap())
 		args.MaxPriorityFeePerGas = (*hexutil.Big)(tx.GasTipCap())
 	default:
--- a/accounts/keystore/account_cache.go
+++ b/accounts/keystore/account_cache.go
@ -44,8 +44,7 @@ func byURL(a, b accounts.Account) int {
 	return a.URL.Cmp(b.URL)
 }

-// AmbiguousAddrError is returned when attempting to unlock
-// an address for which more than one file exists.
+// AmbiguousAddrError is returned when an address matches multiple files.
 type AmbiguousAddrError struct {
 	Addr    common.Address
 	Matches []accounts.Account
--- a/accounts/keystore/account_cache_test.go
+++ b/accounts/keystore/account_cache_test.go
@ -114,7 +114,7 @@ func TestWatchNewFile(t *testing.T) {
 func TestWatchNoDir(t *testing.T) {
 	t.Parallel()
 	// Create ks but not the directory that it watches.
-	dir := filepath.Join(os.TempDir(), fmt.Sprintf("eth-keystore-watchnodir-test-%d-%d", os.Getpid(), rand.Int()))
+	dir := filepath.Join(t.TempDir(), fmt.Sprintf("eth-keystore-watchnodir-test-%d-%d", os.Getpid(), rand.Int()))
 	ks := NewKeyStore(dir, LightScryptN, LightScryptP)
 	list := ks.Accounts()
 	if len(list) > 0 {
@ -126,7 +126,6 @@ func TestWatchNoDir(t *testing.T) {
 	}
 	// Create the directory and copy a key file into it.
 	os.MkdirAll(dir, 0700)
-	defer os.RemoveAll(dir)
 	file := filepath.Join(dir, "aaa")
 	if err := cp.CopyFile(file, cachetestAccounts[0].URL.Path); err != nil {
 		t.Fatal(err)
@ -325,7 +324,8 @@ func TestUpdatedKeyfileContents(t *testing.T) {
 	t.Parallel()

 	// Create a temporary keystore to test with
-	dir := filepath.Join(os.TempDir(), fmt.Sprintf("eth-keystore-updatedkeyfilecontents-test-%d-%d", os.Getpid(), rand.Int()))
+	dir := t.TempDir()
+
 	ks := NewKeyStore(dir, LightScryptN, LightScryptP)

 	list := ks.Accounts()
@ -335,9 +335,7 @@ func TestUpdatedKeyfileContents(t *testing.T) {
 	if !waitWatcherStart(ks) {
 		t.Fatal("keystore watcher didn't start in time")
 	}
-	// Create the directory and copy a key file into it.
-	os.MkdirAll(dir, 0700)
-	defer os.RemoveAll(dir)
+	// Copy a key file into it
 	file := filepath.Join(dir, "aaa")

 	// Place one of our testfiles in there
--- a/accounts/keystore/keystore.go
+++ b/accounts/keystore/keystore.go
@ -312,11 +312,10 @@ func (ks *KeyStore) Unlock(a accounts.Account, passphrase string) error {
 // Lock removes the private key with the given address from memory.
 func (ks *KeyStore) Lock(addr common.Address) error {
 	ks.mu.Lock()
-	if unl, found := ks.unlocked[addr]; found {
-		ks.mu.Unlock()
+	unl, found := ks.unlocked[addr]
+	ks.mu.Unlock()
+	if found {
 		ks.expire(addr, unl, time.Duration(0)*time.Nanosecond)
-	} else {
-		ks.mu.Unlock()
 	}
 	return nil
 }
--- a/accounts/keystore/testdata/dupes/1
+++ b/accounts/keystore/testdata/dupes/1
@ -1 +0,0 @@
-{"address":"f466859ead1932d743d622cb74fc058882e8648a","crypto":{"cipher":"aes-128-ctr","ciphertext":"cb664472deacb41a2e995fa7f96fe29ce744471deb8d146a0e43c7898c9ddd4d","cipherparams":{"iv":"dfd9ee70812add5f4b8f89d0811c9158"},"kdf":"scrypt","kdfparams":{"dklen":32,"n":8,"p":16,"r":8,"salt":"0d6769bf016d45c479213990d6a08d938469c4adad8a02ce507b4a4e7b7739f1"},"mac":"bac9af994b15a45dd39669fc66f9aa8a3b9dd8c22cb16e4d8d7ea089d0f1a1a9"},"id":"472e8b3d-afb6-45b5-8111-72c89895099a","version":3}
--- a/accounts/keystore/testdata/dupes/2
+++ b/accounts/keystore/testdata/dupes/2
@ -1 +0,0 @@
-{"address":"f466859ead1932d743d622cb74fc058882e8648a","crypto":{"cipher":"aes-128-ctr","ciphertext":"cb664472deacb41a2e995fa7f96fe29ce744471deb8d146a0e43c7898c9ddd4d","cipherparams":{"iv":"dfd9ee70812add5f4b8f89d0811c9158"},"kdf":"scrypt","kdfparams":{"dklen":32,"n":8,"p":16,"r":8,"salt":"0d6769bf016d45c479213990d6a08d938469c4adad8a02ce507b4a4e7b7739f1"},"mac":"bac9af994b15a45dd39669fc66f9aa8a3b9dd8c22cb16e4d8d7ea089d0f1a1a9"},"id":"472e8b3d-afb6-45b5-8111-72c89895099a","version":3}
--- a/accounts/keystore/testdata/dupes/foo
+++ b/accounts/keystore/testdata/dupes/foo
@ -1 +0,0 @@
-{"address":"7ef5a6135f1fd6a02593eedc869c6d41d934aef8","crypto":{"cipher":"aes-128-ctr","ciphertext":"1d0839166e7a15b9c1333fc865d69858b22df26815ccf601b28219b6192974e1","cipherparams":{"iv":"8df6caa7ff1b00c4e871f002cb7921ed"},"kdf":"scrypt","kdfparams":{"dklen":32,"n":8,"p":16,"r":8,"salt":"e5e6ef3f4ea695f496b643ebd3f75c0aa58ef4070e90c80c5d3fb0241bf1595c"},"mac":"6d16dfde774845e4585357f24bce530528bc69f4f84e1e22880d34fa45c273e5"},"id":"950077c7-71e3-4c44-a4a1-143919141ed4","version":3}
--- a/accounts/manager.go
+++ b/accounts/manager.go
@ -29,12 +29,9 @@ import (
 // the manager will buffer in its channel.
 const managerSubBufferSize = 50

-// Config contains the settings of the global account manager.
-//
-// TODO(rjl493456442, karalabe, holiman): Get rid of this when account management
-// is removed in favor of Clef.
+// Config is a legacy struct which is not used
 type Config struct {
-	InsecureUnlockAllowed bool // Whether account unlocking in insecure environment is allowed
+	InsecureUnlockAllowed bool // Unused legacy-parameter
 }

 // newBackendEvent lets the manager know it should
@ -47,7 +44,6 @@ type newBackendEvent struct {
 // Manager is an overarching account manager that can communicate with various
 // backends for signing transactions.
 type Manager struct {
-	config      *Config                    // Global account manager configurations
 	backends    map[reflect.Type][]Backend // Index of backends currently registered
 	updaters    []event.Subscription       // Wallet update subscriptions for all backends
 	updates     chan WalletEvent           // Subscription sink for backend wallet changes
@ -78,7 +74,6 @@ func NewManager(config *Config, backends ...Backend) *Manager {
 	}
 	// Assemble the account manager and return
 	am := &Manager{
-		config:      config,
 		backends:    make(map[reflect.Type][]Backend),
 		updaters:    subs,
 		updates:     updates,
@ -106,11 +101,6 @@ func (am *Manager) Close() error {
 	return <-errc
 }

-// Config returns the configuration of account manager.
-func (am *Manager) Config() *Config {
-	return am.config
-}
-
 // AddBackend starts the tracking of an additional backend for wallet updates.
 // cmd/geth assumes once this func returns the backends have been already integrated.
 func (am *Manager) AddBackend(backend Backend) {
--- a/accounts/scwallet/hub.go
+++ b/accounts/scwallet/hub.go
@ -95,6 +95,7 @@ func (hub *Hub) readPairings() error {
 		}
 		return err
 	}
+	defer pairingFile.Close()

 	pairingData, err := io.ReadAll(pairingFile)
 	if err != nil {
--- a/accounts/scwallet/wallet.go
+++ b/accounts/scwallet/wallet.go
@ -73,6 +73,14 @@ var (
 	DerivationSignatureHash = sha256.Sum256(common.Hash{}.Bytes())
 )

+var (
+	// PinRegexp is the regular expression used to validate PIN codes.
+	pinRegexp = regexp.MustCompile(`^[0-9]{6,}$`)
+
+	// PukRegexp is the regular expression used to validate PUK codes.
+	pukRegexp = regexp.MustCompile(`^[0-9]{12,}$`)
+)
+
 // List of APDU command-related constants
 const (
 	claISO7816  = 0
@ -380,7 +388,7 @@ func (w *Wallet) Open(passphrase string) error {
 	case passphrase == "":
 		return ErrPINUnblockNeeded
 	case status.PinRetryCount > 0:
-		if !regexp.MustCompile(`^[0-9]{6,}$`).MatchString(passphrase) {
+		if !pinRegexp.MatchString(passphrase) {
 			w.log.Error("PIN needs to be at least 6 digits")
 			return ErrPINNeeded
 		}
@ -388,7 +396,7 @@ func (w *Wallet) Open(passphrase string) error {
 			return err
 		}
 	default:
-		if !regexp.MustCompile(`^[0-9]{12,}$`).MatchString(passphrase) {
+		if !pukRegexp.MatchString(passphrase) {
 			w.log.Error("PUK needs to be at least 12 digits")
 			return ErrPINUnblockNeeded
 		}
--- a/accounts/usbwallet/ledger.go
+++ b/accounts/usbwallet/ledger.go
@ -338,8 +338,22 @@ func (w *ledgerDriver) ledgerSign(derivationPath []uint32, tx *types.Transaction
 			return common.Address{}, nil, err
 		}
 	} else {
-		if txrlp, err = rlp.EncodeToBytes([]interface{}{tx.Nonce(), tx.GasPrice(), tx.Gas(), tx.To(), tx.Value(), tx.Data(), chainID, big.NewInt(0), big.NewInt(0)}); err != nil {
-			return common.Address{}, nil, err
+		if tx.Type() == types.DynamicFeeTxType {
+			if txrlp, err = rlp.EncodeToBytes([]interface{}{chainID, tx.Nonce(), tx.GasTipCap(), tx.GasFeeCap(), tx.Gas(), tx.To(), tx.Value(), tx.Data(), tx.AccessList()}); err != nil {
+				return common.Address{}, nil, err
+			}
+			// append type to transaction
+			txrlp = append([]byte{tx.Type()}, txrlp...)
+		} else if tx.Type() == types.AccessListTxType {
+			if txrlp, err = rlp.EncodeToBytes([]interface{}{chainID, tx.Nonce(), tx.GasPrice(), tx.Gas(), tx.To(), tx.Value(), tx.Data(), tx.AccessList()}); err != nil {
+				return common.Address{}, nil, err
+			}
+			// append type to transaction
+			txrlp = append([]byte{tx.Type()}, txrlp...)
+		} else if tx.Type() == types.LegacyTxType {
+			if txrlp, err = rlp.EncodeToBytes([]interface{}{tx.Nonce(), tx.GasPrice(), tx.Gas(), tx.To(), tx.Value(), tx.Data(), chainID, big.NewInt(0), big.NewInt(0)}); err != nil {
+				return common.Address{}, nil, err
+			}
 		}
 	}
 	payload := append(path, txrlp...)
@ -353,7 +367,9 @@ func (w *ledgerDriver) ledgerSign(derivationPath []uint32, tx *types.Transaction
 	// Chunk size selection to mitigate an underlying RLP deserialization issue on the ledger app.
 	// https://github.com/LedgerHQ/app-ethereum/issues/409
 	chunk := 255
-	for ; len(payload)%chunk <= ledgerEip155Size; chunk-- {
+	if tx.Type() == types.LegacyTxType {
+		for ; len(payload)%chunk <= ledgerEip155Size; chunk-- {
+		}
 	}

 	for len(payload) > 0 {
@ -381,8 +397,11 @@ func (w *ledgerDriver) ledgerSign(derivationPath []uint32, tx *types.Transaction
 	if chainID == nil {
 		signer = new(types.HomesteadSigner)
 	} else {
-		signer = types.NewEIP155Signer(chainID)
-		signature[64] -= byte(chainID.Uint64()*2 + 35)
+		signer = types.LatestSignerForChainID(chainID)
+		// For non-legacy transactions, V is 0 or 1, no need to subtract here.
+		if tx.Type() == types.LegacyTxType {
+			signature[64] -= byte(chainID.Uint64()*2 + 35)
+		}
 	}
 	signed, err := tx.WithSignature(signer, signature)
 	if err != nil {
--- a/accounts/usbwallet/trezor.go
+++ b/accounts/usbwallet/trezor.go
@ -33,7 +33,7 @@ import (
 	"github.com/ethereum/go-ethereum/common/hexutil"
 	"github.com/ethereum/go-ethereum/core/types"
 	"github.com/ethereum/go-ethereum/log"
-	"github.com/golang/protobuf/proto"
+	"google.golang.org/protobuf/proto"
 )

 // ErrTrezorPINNeeded is returned if opening the trezor requires a PIN code. In
--- a/accounts/usbwallet/trezor/messages-common.pb.go
+++ b/accounts/usbwallet/trezor/messages-common.pb.go
--- a/accounts/usbwallet/trezor/messages-common.proto
+++ b/accounts/usbwallet/trezor/messages-common.proto
@ -5,6 +5,8 @@
 syntax = "proto2";
 package hw.trezor.messages.common;

+option go_package  = "github.com/ethereum/go-ethereum/accounts/usbwallet/trezor";
+
 /**
 * Response: Success of the previous request
 * @end
--- a/accounts/usbwallet/trezor/messages-ethereum.pb.go
+++ b/accounts/usbwallet/trezor/messages-ethereum.pb.go
--- a/accounts/usbwallet/trezor/messages-ethereum.proto
+++ b/accounts/usbwallet/trezor/messages-ethereum.proto
@ -5,6 +5,8 @@
 syntax = "proto2";
 package hw.trezor.messages.ethereum;

+option go_package  = "github.com/ethereum/go-ethereum/accounts/usbwallet/trezor";
+
 // Sugar for easier handling in Java
 option java_package = "com.satoshilabs.trezor.lib.protobuf";
 option java_outer_classname = "TrezorMessageEthereum";
--- a/accounts/usbwallet/trezor/messages-management.pb.go
+++ b/accounts/usbwallet/trezor/messages-management.pb.go
--- a/accounts/usbwallet/trezor/messages-management.proto
+++ b/accounts/usbwallet/trezor/messages-management.proto
@ -5,6 +5,8 @@
 syntax = "proto2";
 package hw.trezor.messages.management;

+option go_package  = "github.com/ethereum/go-ethereum/accounts/usbwallet/trezor";
+
 // Sugar for easier handling in Java
 option java_package = "com.satoshilabs.trezor.lib.protobuf";
 option java_outer_classname = "TrezorMessageManagement";
--- a/accounts/usbwallet/trezor/messages.pb.go
+++ b/accounts/usbwallet/trezor/messages.pb.go
--- a/accounts/usbwallet/trezor/messages.proto
+++ b/accounts/usbwallet/trezor/messages.proto
@ -9,10 +9,13 @@ package hw.trezor.messages;
 * Messages for TREZOR communication
 */

+option go_package  = "github.com/ethereum/go-ethereum/accounts/usbwallet/trezor";
+
 // Sugar for easier handling in Java
 option java_package = "com.satoshilabs.trezor.lib.protobuf";
 option java_outer_classname = "TrezorMessage";

+
 import "google/protobuf/descriptor.proto";

 /**
--- a/accounts/usbwallet/trezor/trezor.go
+++ b/accounts/usbwallet/trezor/trezor.go
@ -39,10 +39,10 @@
 //   - Download the latest protoc https://github.com/protocolbuffers/protobuf/releases
 //   - Build with the usual `./configure && make` and ensure it's on your $PATH
 //   - Delete all the .proto and .pb.go files, pull in fresh ones from Trezor
-//   - Grab the latest Go plugin `go get -u github.com/golang/protobuf/protoc-gen-go`
-//   - Vendor in the latest Go plugin `govendor fetch github.com/golang/protobuf/...`
+//   - Grab the latest Go plugin `go get -u google.golang.org/protobuf/cmd/protoc-gen-go`
+//   - Vendor in the latest Go plugin `govendor fetch google.golang.org/protobuf/...`

-//go:generate protoc -I/usr/local/include:. --go_out=import_path=trezor:. messages.proto messages-common.proto messages-management.proto messages-ethereum.proto
+//go:generate protoc -I/usr/local/include:. --go_out=paths=source_relative:. messages.proto messages-common.proto messages-management.proto messages-ethereum.proto

 // Package trezor contains the wire protocol.
 package trezor
@ -50,7 +50,7 @@ package trezor
 import (
 	"reflect"

-	"github.com/golang/protobuf/proto"
+	"google.golang.org/protobuf/proto"
 )

 // Type returns the protocol buffer type number of a specific message. If the
--- a/appveyor.yml
+++ b/appveyor.yml
@ -24,6 +24,9 @@ for:
        - image: Ubuntu
    build_script:
      - go run build/ci.go lint
+      - go run build/ci.go check_tidy
+      - go run build/ci.go check_generate
+      - go run build/ci.go check_baddeps
      - go run build/ci.go install -dlgo
    test_script:
      - go run build/ci.go test -dlgo -short
--- a/beacon/blsync/block_sync_test.go
+++ b/beacon/blsync/block_sync_test.go
@ -70,7 +70,10 @@ func TestBlockSync(t *testing.T) {
 		t.Helper()
 		var expNumber, headNumber uint64
 		if expHead != nil {
-			p, _ := expHead.ExecutionPayload()
+			p, err := expHead.ExecutionPayload()
+			if err != nil {
+				t.Fatalf("expHead.ExecutionPayload() failed: %v", err)
+			}
 			expNumber = p.NumberU64()
 		}
 		select {
--- a/beacon/blsync/client.go
+++ b/beacon/blsync/client.go
@ -17,25 +17,22 @@
 package blsync

 import (
-	"strings"
-
 	"github.com/ethereum/go-ethereum/beacon/light"
 	"github.com/ethereum/go-ethereum/beacon/light/api"
 	"github.com/ethereum/go-ethereum/beacon/light/request"
 	"github.com/ethereum/go-ethereum/beacon/light/sync"
+	"github.com/ethereum/go-ethereum/beacon/params"
 	"github.com/ethereum/go-ethereum/beacon/types"
-	"github.com/ethereum/go-ethereum/cmd/utils"
 	"github.com/ethereum/go-ethereum/common/mclock"
 	"github.com/ethereum/go-ethereum/ethdb/memorydb"
 	"github.com/ethereum/go-ethereum/event"
 	"github.com/ethereum/go-ethereum/rpc"
-	"github.com/urfave/cli/v2"
 )

 type Client struct {
 	urls         []string
 	customHeader map[string]string
-	chainConfig  *lightClientConfig
+	config       *params.ClientConfig
 	scheduler    *request.Scheduler
 	blockSync    *beaconBlockSync
 	engineRPC    *rpc.Client
@ -44,34 +41,18 @@ type Client struct {
 	engineClient *engineClient
 }

-func NewClient(ctx *cli.Context) *Client {
-	if !ctx.IsSet(utils.BeaconApiFlag.Name) {
-		utils.Fatalf("Beacon node light client API URL not specified")
-	}
-	var (
-		chainConfig  = makeChainConfig(ctx)
-		customHeader = make(map[string]string)
-	)
-	for _, s := range ctx.StringSlice(utils.BeaconApiHeaderFlag.Name) {
-		kv := strings.Split(s, ":")
-		if len(kv) != 2 {
-			utils.Fatalf("Invalid custom API header entry: %s", s)
-		}
-		customHeader[strings.TrimSpace(kv[0])] = strings.TrimSpace(kv[1])
-	}
-
+func NewClient(config params.ClientConfig) *Client {
 	// create data structures
 	var (
 		db             = memorydb.New()
-		threshold      = ctx.Int(utils.BeaconThresholdFlag.Name)
-		committeeChain = light.NewCommitteeChain(db, chainConfig.ChainConfig, threshold, !ctx.Bool(utils.BeaconNoFilterFlag.Name))
-		headTracker    = light.NewHeadTracker(committeeChain, threshold)
+		committeeChain = light.NewCommitteeChain(db, &config.ChainConfig, config.Threshold, !config.NoFilter)
+		headTracker    = light.NewHeadTracker(committeeChain, config.Threshold)
 	)
 	headSync := sync.NewHeadSync(headTracker, committeeChain)

 	// set up scheduler and sync modules
 	scheduler := request.NewScheduler()
-	checkpointInit := sync.NewCheckpointInit(committeeChain, chainConfig.Checkpoint)
+	checkpointInit := sync.NewCheckpointInit(committeeChain, config.Checkpoint)
 	forwardSync := sync.NewForwardUpdateSync(committeeChain)
 	beaconBlockSync := newBeaconBlockSync(headTracker)
 	scheduler.RegisterTarget(headTracker)
@ -83,9 +64,9 @@ func NewClient(ctx *cli.Context) *Client {

 	return &Client{
 		scheduler:    scheduler,
-		urls:         ctx.StringSlice(utils.BeaconApiFlag.Name),
-		customHeader: customHeader,
-		chainConfig:  &chainConfig,
+		urls:         config.Apis,
+		customHeader: config.CustomHeader,
+		config:       &config,
 		blockSync:    beaconBlockSync,
 	}
 }
@ -97,7 +78,7 @@ func (c *Client) SetEngineRPC(engine *rpc.Client) {
 func (c *Client) Start() error {
 	headCh := make(chan types.ChainHeadEvent, 16)
 	c.chainHeadSub = c.blockSync.SubscribeChainHead(headCh)
-	c.engineClient = startEngineClient(c.chainConfig, c.engineRPC, headCh)
+	c.engineClient = startEngineClient(c.config, c.engineRPC, headCh)

 	c.scheduler.Start()
 	for _, url := range c.urls {
--- a/beacon/blsync/config.go
+++ b/beacon/blsync/config.go
@ -1,129 +0,0 @@
-// Copyright 2022 The go-ethereum Authors
-// This file is part of the go-ethereum library.
-//
-// The go-ethereum library is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Lesser General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// The go-ethereum library is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU Lesser General Public License for more details.
-//
-// You should have received a copy of the GNU Lesser General Public License
-// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
-
-package blsync
-
-import (
-	"github.com/ethereum/go-ethereum/beacon/types"
-	"github.com/ethereum/go-ethereum/cmd/utils"
-	"github.com/ethereum/go-ethereum/common"
-	"github.com/ethereum/go-ethereum/common/hexutil"
-	"github.com/urfave/cli/v2"
-)
-
-// lightClientConfig contains beacon light client configuration
-type lightClientConfig struct {
-	*types.ChainConfig
-	Checkpoint common.Hash
-}
-
-var (
-	MainnetConfig = lightClientConfig{
-		ChainConfig: (&types.ChainConfig{
-			GenesisValidatorsRoot: common.HexToHash("0x4b363db94e286120d76eb905340fdd4e54bfe9f06bf33ff6cf5ad27f511bfe95"),
-			GenesisTime:           1606824023,
-		}).
-			AddFork("GENESIS", 0, []byte{0, 0, 0, 0}).
-			AddFork("ALTAIR", 74240, []byte{1, 0, 0, 0}).
-			AddFork("BELLATRIX", 144896, []byte{2, 0, 0, 0}).
-			AddFork("CAPELLA", 194048, []byte{3, 0, 0, 0}).
-			AddFork("DENEB", 269568, []byte{4, 0, 0, 0}),
-		Checkpoint: common.HexToHash("0x388be41594ec7d6a6894f18c73f3469f07e2c19a803de4755d335817ed8e2e5a"),
-	}
-
-	SepoliaConfig = lightClientConfig{
-		ChainConfig: (&types.ChainConfig{
-			GenesisValidatorsRoot: common.HexToHash("0xd8ea171f3c94aea21ebc42a1ed61052acf3f9209c00e4efbaaddac09ed9b8078"),
-			GenesisTime:           1655733600,
-		}).
-			AddFork("GENESIS", 0, []byte{144, 0, 0, 105}).
-			AddFork("ALTAIR", 50, []byte{144, 0, 0, 112}).
-			AddFork("BELLATRIX", 100, []byte{144, 0, 0, 113}).
-			AddFork("CAPELLA", 56832, []byte{144, 0, 0, 114}).
-			AddFork("DENEB", 132608, []byte{144, 0, 0, 115}),
-		Checkpoint: common.HexToHash("0x1005a6d9175e96bfbce4d35b80f468e9bff0b674e1e861d16e09e10005a58e81"),
-	}
-
-	GoerliConfig = lightClientConfig{
-		ChainConfig: (&types.ChainConfig{
-			GenesisValidatorsRoot: common.HexToHash("0x043db0d9a83813551ee2f33450d23797757d430911a9320530ad8a0eabc43efb"),
-			GenesisTime:           1614588812,
-		}).
-			AddFork("GENESIS", 0, []byte{0, 0, 16, 32}).
-			AddFork("ALTAIR", 36660, []byte{1, 0, 16, 32}).
-			AddFork("BELLATRIX", 112260, []byte{2, 0, 16, 32}).
-			AddFork("CAPELLA", 162304, []byte{3, 0, 16, 32}).
-			AddFork("DENEB", 231680, []byte{4, 0, 16, 32}),
-		Checkpoint: common.HexToHash("0x53a0f4f0a378e2c4ae0a9ee97407eb69d0d737d8d8cd0a5fb1093f42f7b81c49"),
-	}
-)
-
-func makeChainConfig(ctx *cli.Context) lightClientConfig {
-	var config lightClientConfig
-	customConfig := ctx.IsSet(utils.BeaconConfigFlag.Name)
-	utils.CheckExclusive(ctx, utils.MainnetFlag, utils.GoerliFlag, utils.SepoliaFlag, utils.BeaconConfigFlag)
-	switch {
-	case ctx.Bool(utils.MainnetFlag.Name):
-		config = MainnetConfig
-	case ctx.Bool(utils.SepoliaFlag.Name):
-		config = SepoliaConfig
-	case ctx.Bool(utils.GoerliFlag.Name):
-		config = GoerliConfig
-	default:
-		if !customConfig {
-			config = MainnetConfig
-		}
-	}
-	// Genesis root and time should always be specified together with custom chain config
-	if customConfig {
-		if !ctx.IsSet(utils.BeaconGenesisRootFlag.Name) {
-			utils.Fatalf("Custom beacon chain config is specified but genesis root is missing")
-		}
-		if !ctx.IsSet(utils.BeaconGenesisTimeFlag.Name) {
-			utils.Fatalf("Custom beacon chain config is specified but genesis time is missing")
-		}
-		if !ctx.IsSet(utils.BeaconCheckpointFlag.Name) {
-			utils.Fatalf("Custom beacon chain config is specified but checkpoint is missing")
-		}
-		config.ChainConfig = &types.ChainConfig{
-			GenesisTime: ctx.Uint64(utils.BeaconGenesisTimeFlag.Name),
-		}
-		if c, err := hexutil.Decode(ctx.String(utils.BeaconGenesisRootFlag.Name)); err == nil && len(c) <= 32 {
-			copy(config.GenesisValidatorsRoot[:len(c)], c)
-		} else {
-			utils.Fatalf("Invalid hex string", "beacon.genesis.gvroot", ctx.String(utils.BeaconGenesisRootFlag.Name), "error", err)
-		}
-		if err := config.ChainConfig.LoadForks(ctx.String(utils.BeaconConfigFlag.Name)); err != nil {
-			utils.Fatalf("Could not load beacon chain config file", "file name", ctx.String(utils.BeaconConfigFlag.Name), "error", err)
-		}
-	} else {
-		if ctx.IsSet(utils.BeaconGenesisRootFlag.Name) {
-			utils.Fatalf("Genesis root is specified but custom beacon chain config is missing")
-		}
-		if ctx.IsSet(utils.BeaconGenesisTimeFlag.Name) {
-			utils.Fatalf("Genesis time is specified but custom beacon chain config is missing")
-		}
-	}
-	// Checkpoint is required with custom chain config and is optional with pre-defined config
-	if ctx.IsSet(utils.BeaconCheckpointFlag.Name) {
-		if c, err := hexutil.Decode(ctx.String(utils.BeaconCheckpointFlag.Name)); err == nil && len(c) <= 32 {
-			copy(config.Checkpoint[:len(c)], c)
-		} else {
-			utils.Fatalf("Invalid hex string", "beacon.checkpoint", ctx.String(utils.BeaconCheckpointFlag.Name), "error", err)
-		}
-	}
-	return config
-}
--- a/beacon/blsync/engineclient.go
+++ b/beacon/blsync/engineclient.go
@ -23,6 +23,7 @@ import (
 	"time"

 	"github.com/ethereum/go-ethereum/beacon/engine"
+	"github.com/ethereum/go-ethereum/beacon/params"
 	"github.com/ethereum/go-ethereum/beacon/types"
 	"github.com/ethereum/go-ethereum/common"
 	ctypes "github.com/ethereum/go-ethereum/core/types"
@ -31,14 +32,14 @@ import (
 )

 type engineClient struct {
-	config     *lightClientConfig
+	config     *params.ClientConfig
 	rpc        *rpc.Client
 	rootCtx    context.Context
 	cancelRoot context.CancelFunc
 	wg         sync.WaitGroup
 }

-func startEngineClient(config *lightClientConfig, rpc *rpc.Client, headCh <-chan types.ChainHeadEvent) *engineClient {
+func startEngineClient(config *params.ClientConfig, rpc *rpc.Client, headCh <-chan types.ChainHeadEvent) *engineClient {
 	ctx, cancel := context.WithCancel(context.Background())
 	ec := &engineClient{
 		config:     config,
@ -92,7 +93,7 @@ func (ec *engineClient) updateLoop(headCh <-chan types.ChainHeadEvent) {
 }

 func (ec *engineClient) callNewPayload(fork string, event types.ChainHeadEvent) (string, error) {
-	execData := engine.BlockToExecutableData(event.Block, nil, nil).ExecutionPayload
+	execData := engine.BlockToExecutableData(event.Block, nil, nil, nil).ExecutionPayload

 	var (
 		method string
--- a/beacon/engine/gen_ed.go
+++ b/beacon/engine/gen_ed.go
@ -17,23 +17,24 @@ var _ = (*executableDataMarshaling)(nil)
 // MarshalJSON marshals as JSON.
 func (e ExecutableData) MarshalJSON() ([]byte, error) {
 	type ExecutableData struct {
-		ParentHash    common.Hash         `json:"parentHash"    gencodec:"required"`
-		FeeRecipient  common.Address      `json:"feeRecipient"  gencodec:"required"`
-		StateRoot     common.Hash         `json:"stateRoot"     gencodec:"required"`
-		ReceiptsRoot  common.Hash         `json:"receiptsRoot"  gencodec:"required"`
-		LogsBloom     hexutil.Bytes       `json:"logsBloom"     gencodec:"required"`
-		Random        common.Hash         `json:"prevRandao"    gencodec:"required"`
-		Number        hexutil.Uint64      `json:"blockNumber"   gencodec:"required"`
-		GasLimit      hexutil.Uint64      `json:"gasLimit"      gencodec:"required"`
-		GasUsed       hexutil.Uint64      `json:"gasUsed"       gencodec:"required"`
-		Timestamp     hexutil.Uint64      `json:"timestamp"     gencodec:"required"`
-		ExtraData     hexutil.Bytes       `json:"extraData"     gencodec:"required"`
-		BaseFeePerGas *hexutil.Big        `json:"baseFeePerGas" gencodec:"required"`
-		BlockHash     common.Hash         `json:"blockHash"     gencodec:"required"`
-		Transactions  []hexutil.Bytes     `json:"transactions"  gencodec:"required"`
-		Withdrawals   []*types.Withdrawal `json:"withdrawals"`
-		BlobGasUsed   *hexutil.Uint64     `json:"blobGasUsed"`
-		ExcessBlobGas *hexutil.Uint64     `json:"excessBlobGas"`
+		ParentHash       common.Hash             `json:"parentHash"    gencodec:"required"`
+		FeeRecipient     common.Address          `json:"feeRecipient"  gencodec:"required"`
+		StateRoot        common.Hash             `json:"stateRoot"     gencodec:"required"`
+		ReceiptsRoot     common.Hash             `json:"receiptsRoot"  gencodec:"required"`
+		LogsBloom        hexutil.Bytes           `json:"logsBloom"     gencodec:"required"`
+		Random           common.Hash             `json:"prevRandao"    gencodec:"required"`
+		Number           hexutil.Uint64          `json:"blockNumber"   gencodec:"required"`
+		GasLimit         hexutil.Uint64          `json:"gasLimit"      gencodec:"required"`
+		GasUsed          hexutil.Uint64          `json:"gasUsed"       gencodec:"required"`
+		Timestamp        hexutil.Uint64          `json:"timestamp"     gencodec:"required"`
+		ExtraData        hexutil.Bytes           `json:"extraData"     gencodec:"required"`
+		BaseFeePerGas    *hexutil.Big            `json:"baseFeePerGas" gencodec:"required"`
+		BlockHash        common.Hash             `json:"blockHash"     gencodec:"required"`
+		Transactions     []hexutil.Bytes         `json:"transactions"  gencodec:"required"`
+		Withdrawals      []*types.Withdrawal     `json:"withdrawals"`
+		BlobGasUsed      *hexutil.Uint64         `json:"blobGasUsed"`
+		ExcessBlobGas    *hexutil.Uint64         `json:"excessBlobGas"`
+		ExecutionWitness *types.ExecutionWitness `json:"executionWitness,omitempty"`
 	}
 	var enc ExecutableData
 	enc.ParentHash = e.ParentHash
@ -58,29 +59,31 @@ func (e ExecutableData) MarshalJSON() ([]byte, error) {
 	enc.Withdrawals = e.Withdrawals
 	enc.BlobGasUsed = (*hexutil.Uint64)(e.BlobGasUsed)
 	enc.ExcessBlobGas = (*hexutil.Uint64)(e.ExcessBlobGas)
+	enc.ExecutionWitness = e.ExecutionWitness
 	return json.Marshal(&enc)
 }

 // UnmarshalJSON unmarshals from JSON.
 func (e *ExecutableData) UnmarshalJSON(input []byte) error {
 	type ExecutableData struct {
-		ParentHash    *common.Hash        `json:"parentHash"    gencodec:"required"`
-		FeeRecipient  *common.Address     `json:"feeRecipient"  gencodec:"required"`
-		StateRoot     *common.Hash        `json:"stateRoot"     gencodec:"required"`
-		ReceiptsRoot  *common.Hash        `json:"receiptsRoot"  gencodec:"required"`
-		LogsBloom     *hexutil.Bytes      `json:"logsBloom"     gencodec:"required"`
-		Random        *common.Hash        `json:"prevRandao"    gencodec:"required"`
-		Number        *hexutil.Uint64     `json:"blockNumber"   gencodec:"required"`
-		GasLimit      *hexutil.Uint64     `json:"gasLimit"      gencodec:"required"`
-		GasUsed       *hexutil.Uint64     `json:"gasUsed"       gencodec:"required"`
-		Timestamp     *hexutil.Uint64     `json:"timestamp"     gencodec:"required"`
-		ExtraData     *hexutil.Bytes      `json:"extraData"     gencodec:"required"`
-		BaseFeePerGas *hexutil.Big        `json:"baseFeePerGas" gencodec:"required"`
-		BlockHash     *common.Hash        `json:"blockHash"     gencodec:"required"`
-		Transactions  []hexutil.Bytes     `json:"transactions"  gencodec:"required"`
-		Withdrawals   []*types.Withdrawal `json:"withdrawals"`
-		BlobGasUsed   *hexutil.Uint64     `json:"blobGasUsed"`
-		ExcessBlobGas *hexutil.Uint64     `json:"excessBlobGas"`
+		ParentHash       *common.Hash            `json:"parentHash"    gencodec:"required"`
+		FeeRecipient     *common.Address         `json:"feeRecipient"  gencodec:"required"`
+		StateRoot        *common.Hash            `json:"stateRoot"     gencodec:"required"`
+		ReceiptsRoot     *common.Hash            `json:"receiptsRoot"  gencodec:"required"`
+		LogsBloom        *hexutil.Bytes          `json:"logsBloom"     gencodec:"required"`
+		Random           *common.Hash            `json:"prevRandao"    gencodec:"required"`
+		Number           *hexutil.Uint64         `json:"blockNumber"   gencodec:"required"`
+		GasLimit         *hexutil.Uint64         `json:"gasLimit"      gencodec:"required"`
+		GasUsed          *hexutil.Uint64         `json:"gasUsed"       gencodec:"required"`
+		Timestamp        *hexutil.Uint64         `json:"timestamp"     gencodec:"required"`
+		ExtraData        *hexutil.Bytes          `json:"extraData"     gencodec:"required"`
+		BaseFeePerGas    *hexutil.Big            `json:"baseFeePerGas" gencodec:"required"`
+		BlockHash        *common.Hash            `json:"blockHash"     gencodec:"required"`
+		Transactions     []hexutil.Bytes         `json:"transactions"  gencodec:"required"`
+		Withdrawals      []*types.Withdrawal     `json:"withdrawals"`
+		BlobGasUsed      *hexutil.Uint64         `json:"blobGasUsed"`
+		ExcessBlobGas    *hexutil.Uint64         `json:"excessBlobGas"`
+		ExecutionWitness *types.ExecutionWitness `json:"executionWitness,omitempty"`
 	}
 	var dec ExecutableData
 	if err := json.Unmarshal(input, &dec); err != nil {
@ -154,5 +157,8 @@ func (e *ExecutableData) UnmarshalJSON(input []byte) error {
 	if dec.ExcessBlobGas != nil {
 		e.ExcessBlobGas = (*uint64)(dec.ExcessBlobGas)
 	}
+	if dec.ExecutionWitness != nil {
+		e.ExecutionWitness = dec.ExecutionWitness
+	}
 	return nil
 }
--- a/beacon/engine/gen_epe.go
+++ b/beacon/engine/gen_epe.go
@ -18,13 +18,22 @@ func (e ExecutionPayloadEnvelope) MarshalJSON() ([]byte, error) {
 		ExecutionPayload *ExecutableData `json:"executionPayload"  gencodec:"required"`
 		BlockValue       *hexutil.Big    `json:"blockValue"  gencodec:"required"`
 		BlobsBundle      *BlobsBundleV1  `json:"blobsBundle"`
+		Requests         []hexutil.Bytes `json:"executionRequests"`
 		Override         bool            `json:"shouldOverrideBuilder"`
+		Witness          *hexutil.Bytes  `json:"witness,omitempty"`
 	}
 	var enc ExecutionPayloadEnvelope
 	enc.ExecutionPayload = e.ExecutionPayload
 	enc.BlockValue = (*hexutil.Big)(e.BlockValue)
 	enc.BlobsBundle = e.BlobsBundle
+	if e.Requests != nil {
+		enc.Requests = make([]hexutil.Bytes, len(e.Requests))
+		for k, v := range e.Requests {
+			enc.Requests[k] = v
+		}
+	}
 	enc.Override = e.Override
+	enc.Witness = e.Witness
 	return json.Marshal(&enc)
 }

@ -34,7 +43,9 @@ func (e *ExecutionPayloadEnvelope) UnmarshalJSON(input []byte) error {
 		ExecutionPayload *ExecutableData `json:"executionPayload"  gencodec:"required"`
 		BlockValue       *hexutil.Big    `json:"blockValue"  gencodec:"required"`
 		BlobsBundle      *BlobsBundleV1  `json:"blobsBundle"`
+		Requests         []hexutil.Bytes `json:"executionRequests"`
 		Override         *bool           `json:"shouldOverrideBuilder"`
+		Witness          *hexutil.Bytes  `json:"witness,omitempty"`
 	}
 	var dec ExecutionPayloadEnvelope
 	if err := json.Unmarshal(input, &dec); err != nil {
@ -51,8 +62,17 @@ func (e *ExecutionPayloadEnvelope) UnmarshalJSON(input []byte) error {
 	if dec.BlobsBundle != nil {
 		e.BlobsBundle = dec.BlobsBundle
 	}
+	if dec.Requests != nil {
+		e.Requests = make([][]byte, len(dec.Requests))
+		for k, v := range dec.Requests {
+			e.Requests[k] = v
+		}
+	}
 	if dec.Override != nil {
 		e.Override = *dec.Override
 	}
+	if dec.Witness != nil {
+		e.Witness = dec.Witness
+	}
 	return nil
 }
--- a/beacon/engine/types.go
+++ b/beacon/engine/types.go
@ -24,6 +24,7 @@ import (
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/common/hexutil"
 	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/ethereum/go-ethereum/params"
 	"github.com/ethereum/go-ethereum/trie"
 )

@ -58,23 +59,24 @@ type payloadAttributesMarshaling struct {

 // ExecutableData is the data necessary to execute an EL payload.
 type ExecutableData struct {
-	ParentHash    common.Hash         `json:"parentHash"    gencodec:"required"`
-	FeeRecipient  common.Address      `json:"feeRecipient"  gencodec:"required"`
-	StateRoot     common.Hash         `json:"stateRoot"     gencodec:"required"`
-	ReceiptsRoot  common.Hash         `json:"receiptsRoot"  gencodec:"required"`
-	LogsBloom     []byte              `json:"logsBloom"     gencodec:"required"`
-	Random        common.Hash         `json:"prevRandao"    gencodec:"required"`
-	Number        uint64              `json:"blockNumber"   gencodec:"required"`
-	GasLimit      uint64              `json:"gasLimit"      gencodec:"required"`
-	GasUsed       uint64              `json:"gasUsed"       gencodec:"required"`
-	Timestamp     uint64              `json:"timestamp"     gencodec:"required"`
-	ExtraData     []byte              `json:"extraData"     gencodec:"required"`
-	BaseFeePerGas *big.Int            `json:"baseFeePerGas" gencodec:"required"`
-	BlockHash     common.Hash         `json:"blockHash"     gencodec:"required"`
-	Transactions  [][]byte            `json:"transactions"  gencodec:"required"`
-	Withdrawals   []*types.Withdrawal `json:"withdrawals"`
-	BlobGasUsed   *uint64             `json:"blobGasUsed"`
-	ExcessBlobGas *uint64             `json:"excessBlobGas"`
+	ParentHash       common.Hash             `json:"parentHash"    gencodec:"required"`
+	FeeRecipient     common.Address          `json:"feeRecipient"  gencodec:"required"`
+	StateRoot        common.Hash             `json:"stateRoot"     gencodec:"required"`
+	ReceiptsRoot     common.Hash             `json:"receiptsRoot"  gencodec:"required"`
+	LogsBloom        []byte                  `json:"logsBloom"     gencodec:"required"`
+	Random           common.Hash             `json:"prevRandao"    gencodec:"required"`
+	Number           uint64                  `json:"blockNumber"   gencodec:"required"`
+	GasLimit         uint64                  `json:"gasLimit"      gencodec:"required"`
+	GasUsed          uint64                  `json:"gasUsed"       gencodec:"required"`
+	Timestamp        uint64                  `json:"timestamp"     gencodec:"required"`
+	ExtraData        []byte                  `json:"extraData"     gencodec:"required"`
+	BaseFeePerGas    *big.Int                `json:"baseFeePerGas" gencodec:"required"`
+	BlockHash        common.Hash             `json:"blockHash"     gencodec:"required"`
+	Transactions     [][]byte                `json:"transactions"  gencodec:"required"`
+	Withdrawals      []*types.Withdrawal     `json:"withdrawals"`
+	BlobGasUsed      *uint64                 `json:"blobGasUsed"`
+	ExcessBlobGas    *uint64                 `json:"excessBlobGas"`
+	ExecutionWitness *types.ExecutionWitness `json:"executionWitness,omitempty"`
 }

 // JSON type overrides for executableData.
@ -91,13 +93,23 @@ type executableDataMarshaling struct {
 	ExcessBlobGas *hexutil.Uint64
 }

+// StatelessPayloadStatusV1 is the result of a stateless payload execution.
+type StatelessPayloadStatusV1 struct {
+	Status          string      `json:"status"`
+	StateRoot       common.Hash `json:"stateRoot"`
+	ReceiptsRoot    common.Hash `json:"receiptsRoot"`
+	ValidationError *string     `json:"validationError"`
+}
+
 //go:generate go run github.com/fjl/gencodec -type ExecutionPayloadEnvelope -field-override executionPayloadEnvelopeMarshaling -out gen_epe.go

 type ExecutionPayloadEnvelope struct {
 	ExecutionPayload *ExecutableData `json:"executionPayload"  gencodec:"required"`
 	BlockValue       *big.Int        `json:"blockValue"  gencodec:"required"`
 	BlobsBundle      *BlobsBundleV1  `json:"blobsBundle"`
+	Requests         [][]byte        `json:"executionRequests"`
 	Override         bool            `json:"shouldOverrideBuilder"`
+	Witness          *hexutil.Bytes  `json:"witness,omitempty"`
 }

 type BlobsBundleV1 struct {
@ -106,15 +118,22 @@ type BlobsBundleV1 struct {
 	Blobs       []hexutil.Bytes `json:"blobs"`
 }

+type BlobAndProofV1 struct {
+	Blob  hexutil.Bytes `json:"blob"`
+	Proof hexutil.Bytes `json:"proof"`
+}
+
 // JSON type overrides for ExecutionPayloadEnvelope.
 type executionPayloadEnvelopeMarshaling struct {
 	BlockValue *hexutil.Big
+	Requests   []hexutil.Bytes
 }

 type PayloadStatusV1 struct {
-	Status          string       `json:"status"`
-	LatestValidHash *common.Hash `json:"latestValidHash"`
-	ValidationError *string      `json:"validationError"`
+	Status          string         `json:"status"`
+	Witness         *hexutil.Bytes `json:"witness"`
+	LatestValidHash *common.Hash   `json:"latestValidHash"`
+	ValidationError *string        `json:"validationError"`
 }

 type TransitionConfigurationV1 struct {
@ -193,23 +212,37 @@ func decodeTransactions(enc [][]byte) ([]*types.Transaction, error) {
 //
 // and that the blockhash of the constructed block matches the parameters. Nil
 // Withdrawals value will propagate through the returned block. Empty
-// Withdrawals value must be passed via non-nil, length 0 value in params.
-func ExecutableDataToBlock(params ExecutableData, versionedHashes []common.Hash, beaconRoot *common.Hash) (*types.Block, error) {
-	txs, err := decodeTransactions(params.Transactions)
+// Withdrawals value must be passed via non-nil, length 0 value in data.
+func ExecutableDataToBlock(data ExecutableData, versionedHashes []common.Hash, beaconRoot *common.Hash, requests [][]byte) (*types.Block, error) {
+	block, err := ExecutableDataToBlockNoHash(data, versionedHashes, beaconRoot, requests)
 	if err != nil {
 		return nil, err
 	}
-	if len(params.ExtraData) > 32 {
-		return nil, fmt.Errorf("invalid extradata length: %v", len(params.ExtraData))
+	if block.Hash() != data.BlockHash {
+		return nil, fmt.Errorf("blockhash mismatch, want %x, got %x", data.BlockHash, block.Hash())
 	}
-	if len(params.LogsBloom) != 256 {
-		return nil, fmt.Errorf("invalid logsBloom length: %v", len(params.LogsBloom))
+	return block, nil
+}
+
+// ExecutableDataToBlockNoHash is analogous to ExecutableDataToBlock, but is used
+// for stateless execution, so it skips checking if the executable data hashes to
+// the requested hash (stateless has to *compute* the root hash, it's not given).
+func ExecutableDataToBlockNoHash(data ExecutableData, versionedHashes []common.Hash, beaconRoot *common.Hash, requests [][]byte) (*types.Block, error) {
+	txs, err := decodeTransactions(data.Transactions)
+	if err != nil {
+		return nil, err
+	}
+	if len(data.ExtraData) > int(params.MaximumExtraDataSize) {
+		return nil, fmt.Errorf("invalid extradata length: %v", len(data.ExtraData))
+	}
+	if len(data.LogsBloom) != 256 {
+		return nil, fmt.Errorf("invalid logsBloom length: %v", len(data.LogsBloom))
 	}
 	// Check that baseFeePerGas is not negative or too big
-	if params.BaseFeePerGas != nil && (params.BaseFeePerGas.Sign() == -1 || params.BaseFeePerGas.BitLen() > 256) {
-		return nil, fmt.Errorf("invalid baseFeePerGas: %v", params.BaseFeePerGas)
+	if data.BaseFeePerGas != nil && (data.BaseFeePerGas.Sign() == -1 || data.BaseFeePerGas.BitLen() > 256) {
+		return nil, fmt.Errorf("invalid baseFeePerGas: %v", data.BaseFeePerGas)
 	}
-	var blobHashes []common.Hash
+	var blobHashes = make([]common.Hash, 0, len(txs))
 	for _, tx := range txs {
 		blobHashes = append(blobHashes, tx.BlobHashes()...)
 	}
@ -225,60 +258,70 @@ func ExecutableDataToBlock(params ExecutableData, versionedHashes []common.Hash,
 	// ExecutableData before withdrawals are enabled by marshaling
 	// Withdrawals as the json null value.
 	var withdrawalsRoot *common.Hash
-	if params.Withdrawals != nil {
-		h := types.DeriveSha(types.Withdrawals(params.Withdrawals), trie.NewStackTrie(nil))
+	if data.Withdrawals != nil {
+		h := types.DeriveSha(types.Withdrawals(data.Withdrawals), trie.NewStackTrie(nil))
 		withdrawalsRoot = &h
 	}
+
+	var requestsHash *common.Hash
+	if requests != nil {
+		h := types.CalcRequestsHash(requests)
+		requestsHash = &h
+	}
+
 	header := &types.Header{
-		ParentHash:       params.ParentHash,
+		ParentHash:       data.ParentHash,
 		UncleHash:        types.EmptyUncleHash,
-		Coinbase:         params.FeeRecipient,
-		Root:             params.StateRoot,
+		Coinbase:         data.FeeRecipient,
+		Root:             data.StateRoot,
 		TxHash:           types.DeriveSha(types.Transactions(txs), trie.NewStackTrie(nil)),
-		ReceiptHash:      params.ReceiptsRoot,
-		Bloom:            types.BytesToBloom(params.LogsBloom),
+		ReceiptHash:      data.ReceiptsRoot,
+		Bloom:            types.BytesToBloom(data.LogsBloom),
 		Difficulty:       common.Big0,
-		Number:           new(big.Int).SetUint64(params.Number),
-		GasLimit:         params.GasLimit,
-		GasUsed:          params.GasUsed,
-		Time:             params.Timestamp,
-		BaseFee:          params.BaseFeePerGas,
-		Extra:            params.ExtraData,
-		MixDigest:        params.Random,
+		Number:           new(big.Int).SetUint64(data.Number),
+		GasLimit:         data.GasLimit,
+		GasUsed:          data.GasUsed,
+		Time:             data.Timestamp,
+		BaseFee:          data.BaseFeePerGas,
+		Extra:            data.ExtraData,
+		MixDigest:        data.Random,
 		WithdrawalsHash:  withdrawalsRoot,
-		ExcessBlobGas:    params.ExcessBlobGas,
-		BlobGasUsed:      params.BlobGasUsed,
+		ExcessBlobGas:    data.ExcessBlobGas,
+		BlobGasUsed:      data.BlobGasUsed,
 		ParentBeaconRoot: beaconRoot,
+		RequestsHash:     requestsHash,
 	}
-	block := types.NewBlockWithHeader(header).WithBody(txs, nil /* uncles */).WithWithdrawals(params.Withdrawals)
-	if block.Hash() != params.BlockHash {
-		return nil, fmt.Errorf("blockhash mismatch, want %x, got %x", params.BlockHash, block.Hash())
-	}
-	return block, nil
+	return types.NewBlockWithHeader(header).
+			WithBody(types.Body{Transactions: txs, Uncles: nil, Withdrawals: data.Withdrawals}).
+			WithWitness(data.ExecutionWitness),
+		nil
 }

 // BlockToExecutableData constructs the ExecutableData structure by filling the
 // fields from the given block. It assumes the given block is post-merge block.
-func BlockToExecutableData(block *types.Block, fees *big.Int, sidecars []*types.BlobTxSidecar) *ExecutionPayloadEnvelope {
+func BlockToExecutableData(block *types.Block, fees *big.Int, sidecars []*types.BlobTxSidecar, requests [][]byte) *ExecutionPayloadEnvelope {
 	data := &ExecutableData{
-		BlockHash:     block.Hash(),
-		ParentHash:    block.ParentHash(),
-		FeeRecipient:  block.Coinbase(),
-		StateRoot:     block.Root(),
-		Number:        block.NumberU64(),
-		GasLimit:      block.GasLimit(),
-		GasUsed:       block.GasUsed(),
-		BaseFeePerGas: block.BaseFee(),
-		Timestamp:     block.Time(),
-		ReceiptsRoot:  block.ReceiptHash(),
-		LogsBloom:     block.Bloom().Bytes(),
-		Transactions:  encodeTransactions(block.Transactions()),
-		Random:        block.MixDigest(),
-		ExtraData:     block.Extra(),
-		Withdrawals:   block.Withdrawals(),
-		BlobGasUsed:   block.BlobGasUsed(),
-		ExcessBlobGas: block.ExcessBlobGas(),
+		BlockHash:        block.Hash(),
+		ParentHash:       block.ParentHash(),
+		FeeRecipient:     block.Coinbase(),
+		StateRoot:        block.Root(),
+		Number:           block.NumberU64(),
+		GasLimit:         block.GasLimit(),
+		GasUsed:          block.GasUsed(),
+		BaseFeePerGas:    block.BaseFee(),
+		Timestamp:        block.Time(),
+		ReceiptsRoot:     block.ReceiptHash(),
+		LogsBloom:        block.Bloom().Bytes(),
+		Transactions:     encodeTransactions(block.Transactions()),
+		Random:           block.MixDigest(),
+		ExtraData:        block.Extra(),
+		Withdrawals:      block.Withdrawals(),
+		BlobGasUsed:      block.BlobGasUsed(),
+		ExcessBlobGas:    block.ExcessBlobGas(),
+		ExecutionWitness: block.ExecutionWitness(),
 	}
+
+	// Add blobs.
 	bundle := BlobsBundleV1{
 		Commitments: make([]hexutil.Bytes, 0),
 		Blobs:       make([]hexutil.Bytes, 0),
@ -291,11 +334,18 @@ func BlockToExecutableData(block *types.Block, fees *big.Int, sidecars []*types.
 			bundle.Proofs = append(bundle.Proofs, hexutil.Bytes(sidecar.Proofs[j][:]))
 		}
 	}
-	return &ExecutionPayloadEnvelope{ExecutionPayload: data, BlockValue: fees, BlobsBundle: &bundle, Override: false}
+
+	return &ExecutionPayloadEnvelope{
+		ExecutionPayload: data,
+		BlockValue:       fees,
+		BlobsBundle:      &bundle,
+		Requests:         requests,
+		Override:         false,
+	}
 }

-// ExecutionPayloadBodyV1 is used in the response to GetPayloadBodiesByHashV1 and GetPayloadBodiesByRangeV1
-type ExecutionPayloadBodyV1 struct {
+// ExecutionPayloadBody is used in the response to GetPayloadBodiesByHash and GetPayloadBodiesByRange
+type ExecutionPayloadBody struct {
 	TransactionData []hexutil.Bytes     `json:"transactions"`
 	Withdrawals     []*types.Withdrawal `json:"withdrawals"`
 }
--- a/beacon/light/api/light_api.go
+++ b/beacon/light/api/light_api.go
@ -23,6 +23,8 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
+	"strconv"
 	"sync"
 	"time"

@ -120,8 +122,12 @@ func NewBeaconLightApi(url string, customHeaders map[string]string) *BeaconLight
 	}
 }

-func (api *BeaconLightApi) httpGet(path string) ([]byte, error) {
-	req, err := http.NewRequest("GET", api.url+path, nil)
+func (api *BeaconLightApi) httpGet(path string, params url.Values) ([]byte, error) {
+	uri, err := api.buildURL(path, params)
+	if err != nil {
+		return nil, err
+	}
+	req, err := http.NewRequest("GET", uri, nil)
 	if err != nil {
 		return nil, err
 	}
@ -145,17 +151,16 @@ func (api *BeaconLightApi) httpGet(path string) ([]byte, error) {
 	}
 }

-func (api *BeaconLightApi) httpGetf(format string, params ...any) ([]byte, error) {
-	return api.httpGet(fmt.Sprintf(format, params...))
-}
-
 // GetBestUpdatesAndCommittees fetches and validates LightClientUpdate for given
 // period and full serialized committee for the next period (committee root hash
 // equals update.NextSyncCommitteeRoot).
 // Note that the results are validated but the update signature should be verified
 // by the caller as its validity depends on the update chain.
 func (api *BeaconLightApi) GetBestUpdatesAndCommittees(firstPeriod, count uint64) ([]*types.LightClientUpdate, []*types.SerializedSyncCommittee, error) {
-	resp, err := api.httpGetf("/eth/v1/beacon/light_client/updates?start_period=%d&count=%d", firstPeriod, count)
+	resp, err := api.httpGet("/eth/v1/beacon/light_client/updates", map[string][]string{
+		"start_period": {strconv.FormatUint(firstPeriod, 10)},
+		"count":        {strconv.FormatUint(count, 10)},
+	})
 	if err != nil {
 		return nil, nil, err
 	}
@ -192,7 +197,7 @@ func (api *BeaconLightApi) GetBestUpdatesAndCommittees(firstPeriod, count uint64
 // See data structure definition here:
 // https://github.com/ethereum/consensus-specs/blob/dev/specs/altair/light-client/sync-protocol.md#lightclientoptimisticupdate
 func (api *BeaconLightApi) GetOptimisticUpdate() (types.OptimisticUpdate, error) {
-	resp, err := api.httpGet("/eth/v1/beacon/light_client/optimistic_update")
+	resp, err := api.httpGet("/eth/v1/beacon/light_client/optimistic_update", nil)
 	if err != nil {
 		return types.OptimisticUpdate{}, err
 	}
@ -245,7 +250,7 @@ func decodeOptimisticUpdate(enc []byte) (types.OptimisticUpdate, error) {
 // See data structure definition here:
 // https://github.com/ethereum/consensus-specs/blob/dev/specs/altair/light-client/sync-protocol.md#lightclientfinalityupdate
 func (api *BeaconLightApi) GetFinalityUpdate() (types.FinalityUpdate, error) {
-	resp, err := api.httpGet("/eth/v1/beacon/light_client/finality_update")
+	resp, err := api.httpGet("/eth/v1/beacon/light_client/finality_update", nil)
 	if err != nil {
 		return types.FinalityUpdate{}, err
 	}
@ -311,7 +316,7 @@ func (api *BeaconLightApi) GetHeader(blockRoot common.Hash) (types.Header, bool,
 	} else {
 		blockId = blockRoot.Hex()
 	}
-	resp, err := api.httpGetf("/eth/v1/beacon/headers/%s", blockId)
+	resp, err := api.httpGet(fmt.Sprintf("/eth/v1/beacon/headers/%s", blockId), nil)
 	if err != nil {
 		return types.Header{}, false, false, err
 	}
@ -342,7 +347,7 @@ func (api *BeaconLightApi) GetHeader(blockRoot common.Hash) (types.Header, bool,

 // GetCheckpointData fetches and validates bootstrap data belonging to the given checkpoint.
 func (api *BeaconLightApi) GetCheckpointData(checkpointHash common.Hash) (*types.BootstrapData, error) {
-	resp, err := api.httpGetf("/eth/v1/beacon/light_client/bootstrap/0x%x", checkpointHash[:])
+	resp, err := api.httpGet(fmt.Sprintf("/eth/v1/beacon/light_client/bootstrap/0x%x", checkpointHash[:]), nil)
 	if err != nil {
 		return nil, err
 	}
@ -384,7 +389,7 @@ func (api *BeaconLightApi) GetCheckpointData(checkpointHash common.Hash) (*types
 }

 func (api *BeaconLightApi) GetBeaconBlock(blockRoot common.Hash) (*types.BeaconBlock, error) {
-	resp, err := api.httpGetf("/eth/v2/beacon/blocks/0x%x", blockRoot)
+	resp, err := api.httpGet(fmt.Sprintf("/eth/v2/beacon/blocks/0x%x", blockRoot), nil)
 	if err != nil {
 		return nil, err
 	}
@ -494,9 +499,6 @@ func (api *BeaconLightApi) StartHeadListener(listener HeadEventListener) func()

 		for {
 			select {
-			case <-ctx.Done():
-				stream.Close()
-
 			case event, ok := <-stream.Events:
 				if !ok {
 					log.Trace("Event stream closed")
@ -548,9 +550,13 @@ func (api *BeaconLightApi) StartHeadListener(listener HeadEventListener) func()
 // established. It can only return nil when the context is canceled.
 func (api *BeaconLightApi) startEventStream(ctx context.Context, listener *HeadEventListener) *eventsource.Stream {
 	for retry := true; retry; retry = ctxSleep(ctx, 5*time.Second) {
-		path := "/eth/v1/events?topics=head&topics=light_client_finality_update&topics=light_client_optimistic_update"
 		log.Trace("Sending event subscription request")
-		req, err := http.NewRequestWithContext(ctx, "GET", api.url+path, nil)
+		uri, err := api.buildURL("/eth/v1/events", map[string][]string{"topics": {"head", "light_client_finality_update", "light_client_optimistic_update"}})
+		if err != nil {
+			listener.OnError(fmt.Errorf("error creating event subscription URL: %v", err))
+			continue
+		}
+		req, err := http.NewRequestWithContext(ctx, "GET", uri, nil)
 		if err != nil {
 			listener.OnError(fmt.Errorf("error creating event subscription request: %v", err))
 			continue
@ -579,3 +585,15 @@ func ctxSleep(ctx context.Context, timeout time.Duration) (ok bool) {
 		return false
 	}
 }
+
+func (api *BeaconLightApi) buildURL(path string, params url.Values) (string, error) {
+	uri, err := url.Parse(api.url)
+	if err != nil {
+		return "", err
+	}
+	uri = uri.JoinPath(path)
+	if params != nil {
+		uri.RawQuery = params.Encode()
+	}
+	return uri.String(), nil
+}
--- a/beacon/light/committee_chain.go
+++ b/beacon/light/committee_chain.go
@ -76,34 +76,32 @@ type CommitteeChain struct {
 	unixNano    func() int64         // system clock (simulated clock in tests)
 	sigVerifier committeeSigVerifier // BLS sig verifier (dummy verifier in tests)

-	config             *types.ChainConfig
-	signerThreshold    int
+	config             *params.ChainConfig
 	minimumUpdateScore types.UpdateScore
 	enforceTime        bool // enforceTime specifies whether the age of a signed header should be checked
 }

 // NewCommitteeChain creates a new CommitteeChain.
-func NewCommitteeChain(db ethdb.KeyValueStore, config *types.ChainConfig, signerThreshold int, enforceTime bool) *CommitteeChain {
+func NewCommitteeChain(db ethdb.KeyValueStore, config *params.ChainConfig, signerThreshold int, enforceTime bool) *CommitteeChain {
 	return newCommitteeChain(db, config, signerThreshold, enforceTime, blsVerifier{}, &mclock.System{}, func() int64 { return time.Now().UnixNano() })
 }

 // NewTestCommitteeChain creates a new CommitteeChain for testing.
-func NewTestCommitteeChain(db ethdb.KeyValueStore, config *types.ChainConfig, signerThreshold int, enforceTime bool, clock *mclock.Simulated) *CommitteeChain {
+func NewTestCommitteeChain(db ethdb.KeyValueStore, config *params.ChainConfig, signerThreshold int, enforceTime bool, clock *mclock.Simulated) *CommitteeChain {
 	return newCommitteeChain(db, config, signerThreshold, enforceTime, dummyVerifier{}, clock, func() int64 { return int64(clock.Now()) })
 }

 // newCommitteeChain creates a new CommitteeChain with the option of replacing the
 // clock source and signature verification for testing purposes.
-func newCommitteeChain(db ethdb.KeyValueStore, config *types.ChainConfig, signerThreshold int, enforceTime bool, sigVerifier committeeSigVerifier, clock mclock.Clock, unixNano func() int64) *CommitteeChain {
+func newCommitteeChain(db ethdb.KeyValueStore, config *params.ChainConfig, signerThreshold int, enforceTime bool, sigVerifier committeeSigVerifier, clock mclock.Clock, unixNano func() int64) *CommitteeChain {
 	s := &CommitteeChain{
-		committeeCache:  lru.NewCache[uint64, syncCommittee](10),
-		db:              db,
-		sigVerifier:     sigVerifier,
-		clock:           clock,
-		unixNano:        unixNano,
-		config:          config,
-		signerThreshold: signerThreshold,
-		enforceTime:     enforceTime,
+		committeeCache: lru.NewCache[uint64, syncCommittee](10),
+		db:             db,
+		sigVerifier:    sigVerifier,
+		clock:          clock,
+		unixNano:       unixNano,
+		config:         config,
+		enforceTime:    enforceTime,
 		minimumUpdateScore: types.UpdateScore{
 			SignerCount:    uint32(signerThreshold),
 			SubPeriodIndex: params.SyncPeriodLength / 16,
@ -507,7 +505,7 @@ func (s *CommitteeChain) verifySignedHeader(head types.SignedHeader) (bool, time
 	if committee == nil {
 		return false, age, nil
 	}
-	if signingRoot, err := s.config.Forks.SigningRoot(head.Header); err == nil {
+	if signingRoot, err := s.config.Forks.SigningRoot(head.Header.Epoch(), head.Header.Hash()); err == nil {
 		return s.sigVerifier.verifySignature(committee, signingRoot, &head.Signature), age, nil
 	}
 	return false, age, nil
--- a/beacon/light/committee_chain_test.go
+++ b/beacon/light/committee_chain_test.go
@ -31,15 +31,15 @@ var (
 	testGenesis  = newTestGenesis()
 	testGenesis2 = newTestGenesis()

-	tfBase = newTestForks(testGenesis, types.Forks{
-		&types.Fork{Epoch: 0, Version: []byte{0}},
+	tfBase = newTestForks(testGenesis, params.Forks{
+		&params.Fork{Epoch: 0, Version: []byte{0}},
 	})
-	tfAlternative = newTestForks(testGenesis, types.Forks{
-		&types.Fork{Epoch: 0, Version: []byte{0}},
-		&types.Fork{Epoch: 0x700, Version: []byte{1}},
+	tfAlternative = newTestForks(testGenesis, params.Forks{
+		&params.Fork{Epoch: 0, Version: []byte{0}},
+		&params.Fork{Epoch: 0x700, Version: []byte{1}},
 	})
-	tfAnotherGenesis = newTestForks(testGenesis2, types.Forks{
-		&types.Fork{Epoch: 0, Version: []byte{0}},
+	tfAnotherGenesis = newTestForks(testGenesis2, params.Forks{
+		&params.Fork{Epoch: 0, Version: []byte{0}},
 	})

 	tcBase                      = newTestCommitteeChain(nil, tfBase, true, 0, 10, 400, false)
@ -226,13 +226,13 @@ type committeeChainTest struct {
 	t               *testing.T
 	db              *memorydb.Database
 	clock           *mclock.Simulated
-	config          types.ChainConfig
+	config          params.ChainConfig
 	signerThreshold int
 	enforceTime     bool
 	chain           *CommitteeChain
 }

-func newCommitteeChainTest(t *testing.T, config types.ChainConfig, signerThreshold int, enforceTime bool) *committeeChainTest {
+func newCommitteeChainTest(t *testing.T, config params.ChainConfig, signerThreshold int, enforceTime bool) *committeeChainTest {
 	c := &committeeChainTest{
 		t:               t,
 		db:              memorydb.New(),
@ -298,20 +298,20 @@ func (c *committeeChainTest) verifyRange(tc *testCommitteeChain, begin, end uint
 	c.verifySignedHeader(tc, float64(end)+1.5, false)
 }

-func newTestGenesis() types.ChainConfig {
-	var config types.ChainConfig
+func newTestGenesis() params.ChainConfig {
+	var config params.ChainConfig
 	rand.Read(config.GenesisValidatorsRoot[:])
 	return config
 }

-func newTestForks(config types.ChainConfig, forks types.Forks) types.ChainConfig {
+func newTestForks(config params.ChainConfig, forks params.Forks) params.ChainConfig {
 	for _, fork := range forks {
 		config.AddFork(fork.Name, fork.Epoch, fork.Version)
 	}
 	return config
 }

-func newTestCommitteeChain(parent *testCommitteeChain, config types.ChainConfig, newCommittees bool, begin, end int, signerCount int, finalizedHeader bool) *testCommitteeChain {
+func newTestCommitteeChain(parent *testCommitteeChain, config params.ChainConfig, newCommittees bool, begin, end int, signerCount int, finalizedHeader bool) *testCommitteeChain {
 	tc := &testCommitteeChain{
 		config: config,
 	}
@ -337,7 +337,7 @@ type testPeriod struct {

 type testCommitteeChain struct {
 	periods []testPeriod
-	config  types.ChainConfig
+	config  params.ChainConfig
 }

 func (tc *testCommitteeChain) fillCommittees(begin, end int) {
--- a/beacon/light/head_tracker.go
+++ b/beacon/light/head_tracker.go
@ -69,12 +69,13 @@ func (h *HeadTracker) ValidatedFinality() (types.FinalityUpdate, bool) {
 // slot or same slot and more signers) then ValidatedOptimistic is updated.
 // The boolean return flag signals if ValidatedOptimistic has been changed.
 func (h *HeadTracker) ValidateOptimistic(update types.OptimisticUpdate) (bool, error) {
-	h.lock.Lock()
-	defer h.lock.Unlock()
-
 	if err := update.Validate(); err != nil {
 		return false, err
 	}
+
+	h.lock.Lock()
+	defer h.lock.Unlock()
+
 	replace, err := h.validate(update.SignedHeader(), h.optimisticUpdate.SignedHeader())
 	if replace {
 		h.optimisticUpdate, h.hasOptimisticUpdate = update, true
@ -88,12 +89,13 @@ func (h *HeadTracker) ValidateOptimistic(update types.OptimisticUpdate) (bool, e
 // slot or same slot and more signers) then ValidatedFinality is updated.
 // The boolean return flag signals if ValidatedFinality has been changed.
 func (h *HeadTracker) ValidateFinality(update types.FinalityUpdate) (bool, error) {
-	h.lock.Lock()
-	defer h.lock.Unlock()
-
 	if err := update.Validate(); err != nil {
 		return false, err
 	}
+
+	h.lock.Lock()
+	defer h.lock.Unlock()
+
 	replace, err := h.validate(update.SignedHeader(), h.finalityUpdate.SignedHeader())
 	if replace {
 		h.finalityUpdate, h.hasFinalityUpdate = update, true
--- a/beacon/light/request/server.go
+++ b/beacon/light/request/server.go
@ -186,10 +186,14 @@ func (s *serverWithTimeout) eventCallback(event Event) {
 			// call will just do nothing
 			timer.Stop()
 			delete(s.timeouts, id)
-			s.childEventCb(event)
+			if s.childEventCb != nil {
+				s.childEventCb(event)
+			}
 		}
 	default:
-		s.childEventCb(event)
+		if s.childEventCb != nil {
+			s.childEventCb(event)
+		}
 	}
 }

@ -211,25 +215,27 @@ func (s *serverWithTimeout) startTimeout(reqData RequestResponse) {
 			delete(s.timeouts, id)
 			childEventCb := s.childEventCb
 			s.lock.Unlock()
-			childEventCb(Event{Type: EvFail, Data: reqData})
+			if childEventCb != nil {
+				childEventCb(Event{Type: EvFail, Data: reqData})
+			}
 		})
 		childEventCb := s.childEventCb
 		s.lock.Unlock()
-		childEventCb(Event{Type: EvTimeout, Data: reqData})
+		if childEventCb != nil {
+			childEventCb(Event{Type: EvTimeout, Data: reqData})
+		}
 	})
 }

 // unsubscribe stops all goroutines associated with the server.
 func (s *serverWithTimeout) unsubscribe() {
 	s.lock.Lock()
-	defer s.lock.Unlock()
-
 	for _, timer := range s.timeouts {
 		if timer != nil {
 			timer.Stop()
 		}
 	}
-	s.childEventCb = nil
+	s.lock.Unlock()
 	s.parent.Unsubscribe()
 }

@ -328,10 +334,10 @@ func (s *serverWithLimits) eventCallback(event Event) {
 	}
 	childEventCb := s.childEventCb
 	s.lock.Unlock()
-	if passEvent {
+	if passEvent && childEventCb != nil {
 		childEventCb(event)
 	}
-	if sendCanRequestAgain {
+	if sendCanRequestAgain && childEventCb != nil {
 		childEventCb(Event{Type: EvCanRequestAgain})
 	}
 }
@ -347,13 +353,12 @@ func (s *serverWithLimits) sendRequest(request Request) (reqId ID) {
 // unsubscribe stops all goroutines associated with the server.
 func (s *serverWithLimits) unsubscribe() {
 	s.lock.Lock()
-	defer s.lock.Unlock()
-
 	if s.delayTimer != nil {
 		s.delayTimer.Stop()
 		s.delayTimer = nil
 	}
 	s.childEventCb = nil
+	s.lock.Unlock()
 	s.serverWithTimeout.unsubscribe()
 }

@ -383,7 +388,7 @@ func (s *serverWithLimits) canRequestNow() bool {
 	}
 	childEventCb := s.childEventCb
 	s.lock.Unlock()
-	if sendCanRequestAgain {
+	if sendCanRequestAgain && childEventCb != nil {
 		childEventCb(Event{Type: EvCanRequestAgain})
 	}
 	return canRequest
@ -415,7 +420,7 @@ func (s *serverWithLimits) delay(delay time.Duration) {
 		}
 		childEventCb := s.childEventCb
 		s.lock.Unlock()
-		if sendCanRequestAgain {
+		if sendCanRequestAgain && childEventCb != nil {
 			childEventCb(Event{Type: EvCanRequestAgain})
 		}
 	})
--- a/beacon/light/request/server_test.go
+++ b/beacon/light/request/server_test.go
@ -51,6 +51,7 @@ func TestServerEvents(t *testing.T) {
 	expEvent(EvFail)
 	rs.eventCb(Event{Type: EvResponse, Data: RequestResponse{ID: 1, Request: testRequest, Response: testResponse}})
 	expEvent(nil)
+	srv.unsubscribe()
 }

 func TestServerParallel(t *testing.T) {
@ -129,9 +130,7 @@ func TestServerEventRateLimit(t *testing.T) {
 	srv := NewServer(rs, clock)
 	var eventCount int
 	srv.subscribe(func(event Event) {
-		if !event.IsRequestEvent() {
-			eventCount++
-		}
+		eventCount++
 	})
 	expEvents := func(send, expAllowed int) {
 		eventCount = 0
@ -147,6 +146,30 @@ func TestServerEventRateLimit(t *testing.T) {
 	expEvents(5, 1)
 	clock.Run(maxServerEventRate * maxServerEventBuffer * 2)
 	expEvents(maxServerEventBuffer+5, maxServerEventBuffer)
+	srv.unsubscribe()
+}
+
+func TestServerUnsubscribe(t *testing.T) {
+	rs := &testRequestServer{}
+	clock := &mclock.Simulated{}
+	srv := NewServer(rs, clock)
+	var eventCount int
+	srv.subscribe(func(event Event) {
+		eventCount++
+	})
+	eventCb := rs.eventCb
+	eventCb(Event{Type: testEventType})
+	if eventCount != 1 {
+		t.Errorf("Server event callback not called before unsubscribe")
+	}
+	srv.unsubscribe()
+	if rs.eventCb != nil {
+		t.Errorf("Server event callback not removed after unsubscribe")
+	}
+	eventCb(Event{Type: testEventType})
+	if eventCount != 1 {
+		t.Errorf("Server event callback called after unsubscribe")
+	}
 }

 type testRequestServer struct {
@ -156,4 +179,4 @@ type testRequestServer struct {
 func (rs *testRequestServer) Name() string                  { return "" }
 func (rs *testRequestServer) Subscribe(eventCb func(Event)) { rs.eventCb = eventCb }
 func (rs *testRequestServer) SendRequest(ID, Request)       {}
-func (rs *testRequestServer) Unsubscribe()                  {}
+func (rs *testRequestServer) Unsubscribe()                  { rs.eventCb = nil }
--- a/beacon/light/sync/head_sync_test.go
+++ b/beacon/light/sync/head_sync_test.go
@ -91,7 +91,7 @@ func TestValidatedHead(t *testing.T) {
 	ts.ServerEvent(EvNewOptimisticUpdate, testServer3, testOptUpdate4)
 	// finality should be requested from both servers
 	ts.Run(4, testServer1, ReqFinality{}, testServer3, ReqFinality{})
-	// future period annonced heads should be queued
+	// future period announced heads should be queued
 	ht.ExpValidated(t, 4, nil)

 	chain.SetNextSyncPeriod(2)
--- a/beacon/light/sync/test_helpers.go
+++ b/beacon/light/sync/test_helpers.go
@ -173,24 +173,24 @@ type TestCommitteeChain struct {
 	init     bool
 }

-func (t *TestCommitteeChain) CheckpointInit(bootstrap types.BootstrapData) error {
-	t.fsp, t.nsp, t.init = bootstrap.Header.SyncPeriod(), bootstrap.Header.SyncPeriod()+2, true
+func (tc *TestCommitteeChain) CheckpointInit(bootstrap types.BootstrapData) error {
+	tc.fsp, tc.nsp, tc.init = bootstrap.Header.SyncPeriod(), bootstrap.Header.SyncPeriod()+2, true
 	return nil
 }

-func (t *TestCommitteeChain) InsertUpdate(update *types.LightClientUpdate, nextCommittee *types.SerializedSyncCommittee) error {
+func (tc *TestCommitteeChain) InsertUpdate(update *types.LightClientUpdate, nextCommittee *types.SerializedSyncCommittee) error {
 	period := update.AttestedHeader.Header.SyncPeriod()
-	if period < t.fsp || period > t.nsp || !t.init {
+	if period < tc.fsp || period > tc.nsp || !tc.init {
 		return light.ErrInvalidPeriod
 	}
-	if period == t.nsp {
-		t.nsp++
+	if period == tc.nsp {
+		tc.nsp++
 	}
 	return nil
 }

-func (t *TestCommitteeChain) NextSyncPeriod() (uint64, bool) {
-	return t.nsp, t.init
+func (tc *TestCommitteeChain) NextSyncPeriod() (uint64, bool) {
+	return tc.nsp, tc.init
 }

 func (tc *TestCommitteeChain) ExpInit(t *testing.T, ExpInit bool) {
@ -199,8 +199,8 @@ func (tc *TestCommitteeChain) ExpInit(t *testing.T, ExpInit bool) {
 	}
 }

-func (t *TestCommitteeChain) SetNextSyncPeriod(nsp uint64) {
-	t.init, t.nsp = true, nsp
+func (tc *TestCommitteeChain) SetNextSyncPeriod(nsp uint64) {
+	tc.init, tc.nsp = true, nsp
 }

 func (tc *TestCommitteeChain) ExpNextSyncPeriod(t *testing.T, expNsp uint64) {
--- a/beacon/light/sync/update_sync_test.go
+++ b/beacon/light/sync/update_sync_test.go
@ -201,6 +201,34 @@ func TestUpdateSyncDifferentHeads(t *testing.T) {
 	chain.ExpNextSyncPeriod(t, 17)
 }

+func TestRangeLock(t *testing.T) {
+	r := make(rangeLock)
+
+	// Lock from 0 to 99.
+	r.lock(0, 100, 1)
+	for i := 0; i < 100; i++ {
+		if v, ok := r[uint64(i)]; v <= 0 || !ok {
+			t.Fatalf("integer space: %d not locked", i)
+		}
+	}
+
+	// Unlock from 0 to 99.
+	r.lock(0, 100, -1)
+	for i := 0; i < 100; i++ {
+		if v, ok := r[uint64(i)]; v > 0 || ok {
+			t.Fatalf("integer space: %d is locked", i)
+		}
+	}
+
+	// Lock from 0 to 99 then unlock from 10 to 59.
+	r.lock(0, 100, 1)
+	r.lock(10, 50, -1)
+	first, count := r.firstUnlocked(0, 100)
+	if first != 10 || count != 50 {
+		t.Fatalf("unexpected first: %d or count: %d", first, count)
+	}
+}
+
 func testRespUpdate(request requestWithID) request.Response {
 	var resp RespUpdates
 	if request.request == nil {
--- a/beacon/light/test_helpers.go
+++ b/beacon/light/test_helpers.go
@ -33,7 +33,7 @@ func GenerateTestCommittee() *types.SerializedSyncCommittee {
 	return s
 }

-func GenerateTestUpdate(config *types.ChainConfig, period uint64, committee, nextCommittee *types.SerializedSyncCommittee, signerCount int, finalizedHeader bool) *types.LightClientUpdate {
+func GenerateTestUpdate(config *params.ChainConfig, period uint64, committee, nextCommittee *types.SerializedSyncCommittee, signerCount int, finalizedHeader bool) *types.LightClientUpdate {
 	update := new(types.LightClientUpdate)
 	update.NextSyncCommitteeRoot = nextCommittee.Root()
 	var attestedHeader types.Header
@ -48,9 +48,9 @@ func GenerateTestUpdate(config *types.ChainConfig, period uint64, committee, nex
 	return update
 }

-func GenerateTestSignedHeader(header types.Header, config *types.ChainConfig, committee *types.SerializedSyncCommittee, signatureSlot uint64, signerCount int) types.SignedHeader {
+func GenerateTestSignedHeader(header types.Header, config *params.ChainConfig, committee *types.SerializedSyncCommittee, signatureSlot uint64, signerCount int) types.SignedHeader {
 	bitmask := makeBitmask(signerCount)
-	signingRoot, _ := config.Forks.SigningRoot(header)
+	signingRoot, _ := config.Forks.SigningRoot(header.Epoch(), header.Hash())
 	c, _ := dummyVerifier{}.deserializeSyncCommittee(committee)
 	return types.SignedHeader{
 		Header: header,
--- a/beacon/params/config.go
+++ b/beacon/params/config.go
@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Lesser General Public License
 // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

-package types
+package params

 import (
 	"crypto/sha256"
@ -39,81 +39,13 @@ const syncCommitteeDomain = 7

 var knownForks = []string{"GENESIS", "ALTAIR", "BELLATRIX", "CAPELLA", "DENEB"}

-// Fork describes a single beacon chain fork and also stores the calculated
-// signature domain used after this fork.
-type Fork struct {
-	// Name of the fork in the chain config (config.yaml) file
-	Name string
-
-	// Epoch when given fork version is activated
-	Epoch uint64
-
-	// Fork version, see https://github.com/ethereum/consensus-specs/blob/dev/specs/phase0/beacon-chain.md#custom-types
-	Version []byte
-
-	// index in list of known forks or MaxInt if unknown
-	knownIndex int
-
-	// calculated by computeDomain, based on fork version and genesis validators root
-	domain merkle.Value
-}
-
-// computeDomain returns the signature domain based on the given fork version
-// and genesis validator set root.
-func (f *Fork) computeDomain(genesisValidatorsRoot common.Hash) {
-	var (
-		hasher        = sha256.New()
-		forkVersion32 merkle.Value
-		forkDataRoot  merkle.Value
-	)
-	copy(forkVersion32[:], f.Version)
-	hasher.Write(forkVersion32[:])
-	hasher.Write(genesisValidatorsRoot[:])
-	hasher.Sum(forkDataRoot[:0])
-
-	f.domain[0] = syncCommitteeDomain
-	copy(f.domain[4:], forkDataRoot[:28])
-}
-
-// Forks is the list of all beacon chain forks in the chain configuration.
-type Forks []*Fork
-
-// domain returns the signature domain for the given epoch (assumes that domains
-// have already been calculated).
-func (f Forks) domain(epoch uint64) (merkle.Value, error) {
-	for i := len(f) - 1; i >= 0; i-- {
-		if epoch >= f[i].Epoch {
-			return f[i].domain, nil
-		}
-	}
-	return merkle.Value{}, fmt.Errorf("unknown fork for epoch %d", epoch)
-}
-
-// SigningRoot calculates the signing root of the given header.
-func (f Forks) SigningRoot(header Header) (common.Hash, error) {
-	domain, err := f.domain(header.Epoch())
-	if err != nil {
-		return common.Hash{}, err
-	}
-	var (
-		signingRoot common.Hash
-		headerHash  = header.Hash()
-		hasher      = sha256.New()
-	)
-	hasher.Write(headerHash[:])
-	hasher.Write(domain[:])
-	hasher.Sum(signingRoot[:0])
-
-	return signingRoot, nil
-}
-
-func (f Forks) Len() int      { return len(f) }
-func (f Forks) Swap(i, j int) { f[i], f[j] = f[j], f[i] }
-func (f Forks) Less(i, j int) bool {
-	if f[i].Epoch != f[j].Epoch {
-		return f[i].Epoch < f[j].Epoch
-	}
-	return f[i].knownIndex < f[j].knownIndex
+// ClientConfig contains beacon light client configuration.
+type ClientConfig struct {
+	ChainConfig
+	Apis         []string
+	CustomHeader map[string]string
+	Threshold    int
+	NoFilter     bool
 }

 // ChainConfig contains the beacon chain configuration.
@ -121,6 +53,7 @@ type ChainConfig struct {
 	GenesisTime           uint64      // Unix timestamp of slot 0
 	GenesisValidatorsRoot common.Hash // Root hash of the genesis validator set, used for signature domain calculation
 	Forks                 Forks
+	Checkpoint            common.Hash
 }

 // ForkAtEpoch returns the latest active fork at the given epoch.
@ -202,3 +135,79 @@ func (c *ChainConfig) LoadForks(path string) error {
 	}
 	return nil
 }
+
+// Fork describes a single beacon chain fork and also stores the calculated
+// signature domain used after this fork.
+type Fork struct {
+	// Name of the fork in the chain config (config.yaml) file
+	Name string
+
+	// Epoch when given fork version is activated
+	Epoch uint64
+
+	// Fork version, see https://github.com/ethereum/consensus-specs/blob/dev/specs/phase0/beacon-chain.md#custom-types
+	Version []byte
+
+	// index in list of known forks or MaxInt if unknown
+	knownIndex int
+
+	// calculated by computeDomain, based on fork version and genesis validators root
+	domain merkle.Value
+}
+
+// computeDomain returns the signature domain based on the given fork version
+// and genesis validator set root.
+func (f *Fork) computeDomain(genesisValidatorsRoot common.Hash) {
+	var (
+		hasher        = sha256.New()
+		forkVersion32 merkle.Value
+		forkDataRoot  merkle.Value
+	)
+	copy(forkVersion32[:], f.Version)
+	hasher.Write(forkVersion32[:])
+	hasher.Write(genesisValidatorsRoot[:])
+	hasher.Sum(forkDataRoot[:0])
+
+	f.domain[0] = syncCommitteeDomain
+	copy(f.domain[4:], forkDataRoot[:28])
+}
+
+// Forks is the list of all beacon chain forks in the chain configuration.
+type Forks []*Fork
+
+// domain returns the signature domain for the given epoch (assumes that domains
+// have already been calculated).
+func (f Forks) domain(epoch uint64) (merkle.Value, error) {
+	for i := len(f) - 1; i >= 0; i-- {
+		if epoch >= f[i].Epoch {
+			return f[i].domain, nil
+		}
+	}
+	return merkle.Value{}, fmt.Errorf("unknown fork for epoch %d", epoch)
+}
+
+// SigningRoot calculates the signing root of the given header.
+func (f Forks) SigningRoot(epoch uint64, root common.Hash) (common.Hash, error) {
+	domain, err := f.domain(epoch)
+	if err != nil {
+		return common.Hash{}, err
+	}
+	var (
+		signingRoot common.Hash
+		hasher      = sha256.New()
+	)
+	hasher.Write(root[:])
+	hasher.Write(domain[:])
+	hasher.Sum(signingRoot[:0])
+
+	return signingRoot, nil
+}
+
+func (f Forks) Len() int      { return len(f) }
+func (f Forks) Swap(i, j int) { f[i], f[j] = f[j], f[i] }
+func (f Forks) Less(i, j int) bool {
+	if f[i].Epoch != f[j].Epoch {
+		return f[i].Epoch < f[j].Epoch
+	}
+	return f[i].knownIndex < f[j].knownIndex
+}
--- a/beacon/params/networks.go
+++ b/beacon/params/networks.go
@ -0,0 +1,56 @@
+// Copyright 2016 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+package params
+
+import (
+	"github.com/ethereum/go-ethereum/common"
+)
+
+var (
+	MainnetLightConfig = (&ChainConfig{
+		GenesisValidatorsRoot: common.HexToHash("0x4b363db94e286120d76eb905340fdd4e54bfe9f06bf33ff6cf5ad27f511bfe95"),
+		GenesisTime:           1606824023,
+		Checkpoint:            common.HexToHash("0x6509b691f4de4f7b083f2784938fd52f0e131675432b3fd85ea549af9aebd3d0"),
+	}).
+		AddFork("GENESIS", 0, []byte{0, 0, 0, 0}).
+		AddFork("ALTAIR", 74240, []byte{1, 0, 0, 0}).
+		AddFork("BELLATRIX", 144896, []byte{2, 0, 0, 0}).
+		AddFork("CAPELLA", 194048, []byte{3, 0, 0, 0}).
+		AddFork("DENEB", 269568, []byte{4, 0, 0, 0})
+
+	SepoliaLightConfig = (&ChainConfig{
+		GenesisValidatorsRoot: common.HexToHash("0xd8ea171f3c94aea21ebc42a1ed61052acf3f9209c00e4efbaaddac09ed9b8078"),
+		GenesisTime:           1655733600,
+		Checkpoint:            common.HexToHash("0x456e85f5608afab3465a0580bff8572255f6d97af0c5f939e3f7536b5edb2d3f"),
+	}).
+		AddFork("GENESIS", 0, []byte{144, 0, 0, 105}).
+		AddFork("ALTAIR", 50, []byte{144, 0, 0, 112}).
+		AddFork("BELLATRIX", 100, []byte{144, 0, 0, 113}).
+		AddFork("CAPELLA", 56832, []byte{144, 0, 0, 114}).
+		AddFork("DENEB", 132608, []byte{144, 0, 0, 115})
+
+	HoleskyLightConfig = (&ChainConfig{
+		GenesisValidatorsRoot: common.HexToHash("0x9143aa7c615a7f7115e2b6aac319c03529df8242ae705fba9df39b79c59fa8b1"),
+		GenesisTime:           1695902400,
+		Checkpoint:            common.HexToHash("0x6456a1317f54d4b4f2cb5bc9d153b5af0988fe767ef0609f0236cf29030bcff7"),
+	}).
+		AddFork("GENESIS", 0, []byte{1, 1, 112, 0}).
+		AddFork("ALTAIR", 0, []byte{2, 1, 112, 0}).
+		AddFork("BELLATRIX", 0, []byte{3, 1, 112, 0}).
+		AddFork("CAPELLA", 256, []byte{4, 1, 112, 0}).
+		AddFork("DENEB", 29696, []byte{5, 1, 112, 0})
+)
--- a/beacon/types/beacon_block.go
+++ b/beacon/types/beacon_block.go
@ -48,7 +48,7 @@ func BlockFromJSON(forkName string, data []byte) (*BeaconBlock, error) {
 	case "capella":
 		obj = new(capella.BeaconBlock)
 	default:
-		return nil, fmt.Errorf("unsupported fork: " + forkName)
+		return nil, fmt.Errorf("unsupported fork: %s", forkName)
 	}
 	if err := json.Unmarshal(data, obj); err != nil {
 		return nil, err
--- a/beacon/types/exec_header.go
+++ b/beacon/types/exec_header.go
@ -46,7 +46,7 @@ func ExecutionHeaderFromJSON(forkName string, data []byte) (*ExecutionHeader, er
 	case "deneb":
 		obj = new(deneb.ExecutionPayloadHeader)
 	default:
-		return nil, fmt.Errorf("unsupported fork: " + forkName)
+		return nil, fmt.Errorf("unsupported fork: %s", forkName)
 	}
 	if err := json.Unmarshal(data, obj); err != nil {
 		return nil, err
--- a/beacon/types/exec_payload.go
+++ b/beacon/types/exec_payload.go
@ -63,11 +63,9 @@ func convertPayload[T payloadType](payload T, parentRoot *zrntcommon.Root) (*typ
 		panic("unsupported block type")
 	}

-	block := types.NewBlockWithHeader(&header)
-	block = block.WithBody(transactions, nil)
-	block = block.WithWithdrawals(withdrawals)
+	block := types.NewBlockWithHeader(&header).WithBody(types.Body{Transactions: transactions, Withdrawals: withdrawals})
 	if hash := block.Hash(); hash != expectedHash {
-		return nil, fmt.Errorf("Sanity check failed, payload hash does not match (expected %x, got %x)", expectedHash, hash)
+		return nil, fmt.Errorf("sanity check failed, payload hash does not match (expected %x, got %x)", expectedHash, hash)
 	}
 	return block, nil
 }
--- a/build/checksums.txt
+++ b/build/checksums.txt
@ -5,61 +5,123 @@
 # https://github.com/ethereum/execution-spec-tests/releases/download/v2.1.0/
 ca89c76851b0900bfcc3cbb9a26cbece1f3d7c64a3bed38723e914713290df6c  fixtures_develop.tar.gz

-# version:golang 1.22.2
+# version:golang 1.23.4
 # https://go.dev/dl/
-374ea82b289ec738e968267cac59c7d5ff180f9492250254784b2044e90df5a9  go1.22.2.src.tar.gz
-33e7f63077b1c5bce4f1ecadd4d990cf229667c40bfb00686990c950911b7ab7  go1.22.2.darwin-amd64.tar.gz
-660298be38648723e783ba0398e90431de1cb288c637880cdb124f39bd977f0d  go1.22.2.darwin-arm64.tar.gz
-efc7162b0cad2f918ac566a923d4701feb29dc9c0ab625157d49b1cbcbba39da  go1.22.2.freebsd-386.tar.gz
-d753428296e6709527e291fd204700a587ffef2c0a472b21aebea11618245929  go1.22.2.freebsd-amd64.tar.gz
-586d9eb7fe0489ab297ad80dd06414997df487c5cf536c490ffeaa8d8f1807a7  go1.22.2.linux-386.tar.gz
-5901c52b7a78002aeff14a21f93e0f064f74ce1360fce51c6ee68cd471216a17  go1.22.2.linux-amd64.tar.gz
-36e720b2d564980c162a48c7e97da2e407dfcc4239e1e58d98082dfa2486a0c1  go1.22.2.linux-arm64.tar.gz
-9243dfafde06e1efe24d59df6701818e6786b4adfdf1191098050d6d023c5369  go1.22.2.linux-armv6l.tar.gz
-251a8886c5113be6490bdbb955ddee98763b49c9b1bf4c8364c02d3b482dab00  go1.22.2.linux-ppc64le.tar.gz
-2b39019481c28c560d65e9811a478ae10e3ef765e0f59af362031d386a71bfef  go1.22.2.linux-s390x.tar.gz
-651753c06df037020ef4d162c5b273452e9ba976ed17ae39e66ef7ee89d8147e  go1.22.2.windows-386.zip
-8e581cf330f49d3266e936521a2d8263679ef7e2fc2cbbceb85659122d883596  go1.22.2.windows-amd64.zip
-ddfca5beb9a0c62254266c3090c2555d899bf3e7aa26243e7de3621108f06875  go1.22.2.windows-arm64.zip
+ad345ac421e90814293a9699cca19dd5238251c3f687980bbcae28495b263531  go1.23.4.src.tar.gz
+459a09504f7ebf2cbcee6ac282c8f34f97651217b1feae64557dcdd392b9bb62  go1.23.4.aix-ppc64.tar.gz
+0f4e569b2d38cb75cb2efcaf56beb42778ab5e46d89318fef39060fe36d7b9b7  go1.23.4.darwin-amd64.pkg
+6700067389a53a1607d30aa8d6e01d198230397029faa0b109e89bc871ab5a0e  go1.23.4.darwin-amd64.tar.gz
+19c054eaf40c5fac65b027f7443c01382e493d3c8c42cf8b2504832ebddce037  go1.23.4.darwin-arm64.pkg
+87d2bb0ad4fe24d2a0685a55df321e0efe4296419a9b3de03369dbe60b8acd3a  go1.23.4.darwin-arm64.tar.gz
+5e73dc89b44626677ec9d9aa4257d6d2ef1245502bc36a99385284910d0ade0a  go1.23.4.dragonfly-amd64.tar.gz
+8df26b1e71234756c1f0e82cfffba3f427c5a91a251844ada2c7694a6986c546  go1.23.4.freebsd-386.tar.gz
+7de078d94d2af50ee9506ef7df85e4d12d4018b23e0b2cbcbc61d686f549b41a  go1.23.4.freebsd-amd64.tar.gz
+3f23e0a01cfe24e4160124cd7ab02bdd188264652074abdbce401c93f41e58a4  go1.23.4.freebsd-arm.tar.gz
+986a20e7c94431f03b44b3c415abc698c7b4edc2ae8431f7ecae1c2429d4cfa2  go1.23.4.freebsd-arm64.tar.gz
+25e39f005f977778ce963fc43089510fe7514f3cfc0358eab584de4ce9f181fb  go1.23.4.freebsd-riscv64.tar.gz
+7e1d52f93da68c3bab39e3d83f89944d7d151208e54fdc30b0eda2a3812661d7  go1.23.4.illumos-amd64.tar.gz
+4a4a0e7587ef8c8a326439b957027f2791795e2d29d4ae3885b4091a48f843bc  go1.23.4.linux-386.tar.gz
+6924efde5de86fe277676e929dc9917d466efa02fb934197bc2eba35d5680971  go1.23.4.linux-amd64.tar.gz
+16e5017863a7f6071363782b1b8042eb12c6ca4f4cd71528b2123f0a1275b13e  go1.23.4.linux-arm64.tar.gz
+1f1dda0dc7ce0b2295f57258ec5ef0803fd31b9ed0aa20e2e9222334e5755de1  go1.23.4.linux-armv6l.tar.gz
+4f469179a335a1a7bb9f991ad0c567f3d3eeb9b412ecd192206ab5c3e1a52b5a  go1.23.4.linux-loong64.tar.gz
+86b68185bcc43ea07190e95137c3442f062acc7ae10c3f1cf900fbe23e07df24  go1.23.4.linux-mips.tar.gz
+3a19245eec76533b3d01c90f3a40a38d63684028f0fd54d442dc9a9d03197891  go1.23.4.linux-mips64.tar.gz
+b53a06fc8455f6a875329e8d2e24d39db298122c9cce6e948117022191f6c613  go1.23.4.linux-mips64le.tar.gz
+66120a8105b8ba6559f4e6a13b1e39b433fb8032df9d1744e4486876fa1723ce  go1.23.4.linux-mipsle.tar.gz
+33be2bfb27f2821a65e9f6aba744c85ea7c5e233e16bac27bb3ec253bcd4e970  go1.23.4.linux-ppc64.tar.gz
+65a303ef51e48ff77e004a6a5b4db6ce59495cd59c6af51b54bf4f786c01a1b9  go1.23.4.linux-ppc64le.tar.gz
+7c40e9e0d722cef14ede765159ba297f4c6e3093bb106f10fbccf8564780049a  go1.23.4.linux-riscv64.tar.gz
+74aab82bf4eca7c26c830a5b0e2a31d193a4d5ba47045526b92473cc7188d7d7  go1.23.4.linux-s390x.tar.gz
+dba009d8bf9928cb5a1e31fcbe0eb41335cce4fe63755d95cef6b5987df4ed5a  go1.23.4.netbsd-386.tar.gz
+54b081cc36355aa5ecb6db9544cf7e77366a7b08ce96cb98a45d043e393660c7  go1.23.4.netbsd-amd64.tar.gz
+f05fec348c7c9f07e1ad4e436db4122e98de99ebcfbf6ac6176869785f334a02  go1.23.4.netbsd-arm.tar.gz
+317878da2bface5a57a8eaf5c1fe2b40b1c82d8172a10453ad3eea36f6946bdb  go1.23.4.netbsd-arm64.tar.gz
+0d84350dfd72c505c6ad474e51676b04e95ffb748c614bd5bf8510026873059b  go1.23.4.openbsd-386.tar.gz
+cc62f5a14ea3d573d8edbce1833f70a8f99ca048a9db0fcc9e738fd48e950505  go1.23.4.openbsd-amd64.tar.gz
+326aba6cf5bb9348fa3e41217abd2c84eac92608684e2fe8c5474fdab23a0db9  go1.23.4.openbsd-arm.tar.gz
+51ea2a2588bf3da8e1476f3e2bd4d6724d74126e99f9c6ea9af4ebe389e64de6  go1.23.4.openbsd-arm64.tar.gz
+44c5c82ab23e40225b2ba1e7d19150a5973ea58e93b4931e426e6e6f0d108872  go1.23.4.openbsd-ppc64.tar.gz
+5fa31fc13d1e3c123a5e96ba38683fa2c947baed23ac9c7c341afcfe007c8993  go1.23.4.openbsd-riscv64.tar.gz
+e5952fc93eeaa0094ef09a0e72a9f06f0621ce841a39f9637fb5b9062e77d67a  go1.23.4.plan9-386.tar.gz
+fb2a9ee3ae5a77e734862e257a9395b43e707ac45e060dfa84c5a40688e73170  go1.23.4.plan9-amd64.tar.gz
+e1b95563b19fdebd6ea0d20c07641e69580976fa754e586c831ad7a3ae987140  go1.23.4.plan9-arm.tar.gz
+088c282509fc9e1a8f29fc0dd16fe486854d05b8ceba08d077d17d11d6979a41  go1.23.4.solaris-amd64.tar.gz
+e5865c1bfc3fee5d003819b2e2c800f598fe9994931bac63f573e8d05a10d91f  go1.23.4.windows-386.msi
+e544e0e356147ba998e267002bd0f2c4bf3370d495467a55baf2c63595a2026d  go1.23.4.windows-386.zip
+5f8cc5991eb8f4f96b6c611d839453cd11c9a2c3f23672a4188342c97ee159fa  go1.23.4.windows-amd64.msi
+16c59ac9196b63afb872ce9b47f945b9821a3e1542ec125f16f6085a1c0f3c39  go1.23.4.windows-amd64.zip
+fc77c0531406d092c5356167e45c05a22d16bea84e3fa555e0f03af085c11763  go1.23.4.windows-arm.msi
+1012cfd8ca7241c2beecb5c345dd61f01897c6f6baca80ea1bfed357035c868a  go1.23.4.windows-arm.zip
+8347c1aa4e1e67954d12830f88dbe44bd7ac0ec134bb472783dbfb5a3a8865d0  go1.23.4.windows-arm64.msi
+db69cae5006753c785345c3215ad941f8b6224e2f81fec471c42d6857bee0e6f  go1.23.4.windows-arm64.zip

-# version:golangci 1.55.2
+# version:golangci 1.63.4
 # https://github.com/golangci/golangci-lint/releases/
-# https://github.com/golangci/golangci-lint/releases/download/v1.55.2/
-632e96e6d5294fbbe7b2c410a49c8fa01c60712a0af85a567de85bcc1623ea21  golangci-lint-1.55.2-darwin-amd64.tar.gz
-234463f059249f82045824afdcdd5db5682d0593052f58f6a3039a0a1c3899f6  golangci-lint-1.55.2-darwin-arm64.tar.gz
-2bdd105e2d4e003a9058c33a22bb191a1e0f30fa0790acca0d8fbffac1d6247c  golangci-lint-1.55.2-freebsd-386.tar.gz
-e75056e8b082386676ce23eba455cf893931a792c0d87e1e3743c0aec33c7fb5  golangci-lint-1.55.2-freebsd-amd64.tar.gz
-5789b933facaf6136bd23f1d50add67b79bbcf8dfdfc9069a37f729395940a66  golangci-lint-1.55.2-freebsd-armv6.tar.gz
-7f21ab1008d05f32c954f99470fc86a83a059e530fe2add1d0b7d8ed4d8992a7  golangci-lint-1.55.2-freebsd-armv7.tar.gz
-33ab06139b9219a28251f10821da94423db30285cc2af97494cbb2a281927de9  golangci-lint-1.55.2-illumos-amd64.tar.gz
-57ce6f8ce3ad6ee45d7cc3d9a047545a851c2547637834a3fcb086c7b40b1e6b  golangci-lint-1.55.2-linux-386.tar.gz
-ca21c961a33be3bc15e4292dc40c98c8dcc5463a7b6768a3afc123761630c09c  golangci-lint-1.55.2-linux-amd64.tar.gz
-8eb0cee9b1dbf0eaa49871798c7f8a5b35f2960c52d776a5f31eb7d886b92746  golangci-lint-1.55.2-linux-arm64.tar.gz
-3195f3e0f37d353fd5bd415cabcd4e263f5c29d3d0ffb176c26ff3d2c75eb3bb  golangci-lint-1.55.2-linux-armv6.tar.gz
-c823ee36eb1a719e171de1f2f5ca3068033dce8d9817232fd10ed71fd6650406  golangci-lint-1.55.2-linux-armv7.tar.gz
-758a5d2a356dc494bd13ed4c0d4bf5a54a4dc91267ea5ecdd87b86c7ca0624e7  golangci-lint-1.55.2-linux-loong64.tar.gz
-2c7b9abdce7cae802a67d583cd7c6dca520bff6d0e17c8535a918e2f2b437aa0  golangci-lint-1.55.2-linux-mips64.tar.gz
-024e0a15b85352cc27271285526e16a4ab66d3e67afbbe446c9808c06cb8dbed  golangci-lint-1.55.2-linux-mips64le.tar.gz
-6b00f89ba5506c1de1efdd9fa17c54093013a294fefd8b9b31534db626a672ee  golangci-lint-1.55.2-linux-ppc64le.tar.gz
-0faa0d047d9bf7b703ed3ea65b6117043c93504f9ca1de25ae929d3901c73d4a  golangci-lint-1.55.2-linux-riscv64.tar.gz
-30dec9b22e7d5bb4e9d5ccea96da20f71cd7db3c8cf30b8ddc7cb9174c4d742a  golangci-lint-1.55.2-linux-s390x.tar.gz
-5a0ede48f79ad707902fdb29be8cd2abd8302dc122b65ebae3fdfc86751c7698  golangci-lint-1.55.2-netbsd-386.tar.gz
-95af20a2e617126dd5b08122ece7819101070e1582a961067ce8c41172f901ad  golangci-lint-1.55.2-netbsd-amd64.tar.gz
-94fb7dacb7527847cc95d7120904e19a2a0a81a0d50d61766c9e0251da72ab9d  golangci-lint-1.55.2-netbsd-armv6.tar.gz
-ca906bce5fee9619400e4a321c56476fe4a4efb6ac4fc989d340eb5563348873  golangci-lint-1.55.2-netbsd-armv7.tar.gz
-45b442f69fc8915c4500201c0247b7f3f69544dbc9165403a61f9095f2c57355  golangci-lint-1.55.2-windows-386.zip
-f57d434d231d43417dfa631587522f8c1991220b43c8ffadb9c7bd279508bf81  golangci-lint-1.55.2-windows-amd64.zip
-fd7dc8f4c6829ee6fafb252a4d81d2155cd35da7833665cbb25d53ce7cecd990  golangci-lint-1.55.2-windows-arm64.zip
-1892c3c24f9e7ef44b02f6750c703864b6dc350129f3ec39510300007b2376f1  golangci-lint-1.55.2-windows-armv6.zip
-a5e68ae73d38748b5269fad36ac7575e3c162a5dc63ef58abdea03cc5da4522a  golangci-lint-1.55.2-windows-armv7.zip
+# https://github.com/golangci/golangci-lint/releases/download/v1.63.4/
+878d017cc360e4fb19510d39852c8189852e3c48e7ce0337577df73507c97d68  golangci-lint-1.63.4-darwin-amd64.tar.gz
+a2b630c2ac8466393f0ccbbede4462387b6c190697a70bc2298c6d2123f21bbf  golangci-lint-1.63.4-darwin-arm64.tar.gz
+8938b74aa92888e561a1c5a4c175110b92f84e7d24733703e6d9ebc39e9cd5f8  golangci-lint-1.63.4-freebsd-386.tar.gz
+054903339d620df2e760b978920100986e3b03bcb058f669d520a71dac9c34ed  golangci-lint-1.63.4-freebsd-amd64.tar.gz
+a19d499f961a02608348e8b626537a88edfaab6e1b6534f1eff742b5d6d750e4  golangci-lint-1.63.4-freebsd-armv6.tar.gz
+00d616f0fb275b780ce4d26604bdd7fdbfe6bc9c63acd5a0b31498e1f7511108  golangci-lint-1.63.4-freebsd-armv7.tar.gz
+d453688e0eabded3c1a97ff5a2777bb0df5a18851efdaaaf6b472e3e5713c33e  golangci-lint-1.63.4-illumos-amd64.tar.gz
+6b1bec847fc9f347d53712d05606a49d55d0e3b5c1bacadfed2393f3503de0e9  golangci-lint-1.63.4-linux-386.tar.gz
+01abb14a4df47b5ca585eff3c34b105023cba92ec34ff17212dbb83855581690  golangci-lint-1.63.4-linux-amd64.tar.gz
+51f0c79d19a92353e0465fb30a4901a0644a975d34e6f399ad2eebc0160bbb24  golangci-lint-1.63.4-linux-arm64.tar.gz
+8d0a43f41e8424fbae10f7aa2dc29999f98112817c6dba63d7dc76832940a673  golangci-lint-1.63.4-linux-armv6.tar.gz
+1045a047b31e9302c9160c7b0f199f4ac1bd02a1b221a2d9521bd3507f0cf671  golangci-lint-1.63.4-linux-armv7.tar.gz
+933fe10ab50ce3bb0806e15a4ae69fe20f0549abf91dea0161236000ca706e67  golangci-lint-1.63.4-linux-loong64.tar.gz
+45798630cbad5642862766051199fa862ef3c33d569cab12f01cac4f68e2ddd5  golangci-lint-1.63.4-linux-mips64.tar.gz
+86ae25335ddb24975d2c915c1af0c7fad70dce99d0b4614fa4bee392de714aa2  golangci-lint-1.63.4-linux-mips64le.tar.gz
+33dabd11aaba4b602938da98bcf49aabab55019557e0115cdc3dbcc3009768fa  golangci-lint-1.63.4-linux-ppc64le.tar.gz
+4e7a81230a663bcdf30bba5689ce96040abc76994dbc2003dce32c8dca8c06f3  golangci-lint-1.63.4-linux-riscv64.tar.gz
+21370b49c7c47f4d9b8f982c952f940b01e65710174c3b4dad7b6452d58f92ec  golangci-lint-1.63.4-linux-s390x.tar.gz
+255866a6464c7e11bb7edd8e6e6ad54f11e1f01b82ba9ca229698ac788cd9724  golangci-lint-1.63.4-netbsd-386.tar.gz
+2798c040ac658bda97224f204795199c81ac97bb207b21c02b664aaed380d5d2  golangci-lint-1.63.4-netbsd-amd64.tar.gz
+b910eecffd0064103837e7e1abe870deb8ade22331e6dffe319f430d49399c8e  golangci-lint-1.63.4-netbsd-arm64.tar.gz
+df2693ef37147b457c3e2089614537dd2ae2e18e53641e756a5b404f4c72d3fa  golangci-lint-1.63.4-netbsd-armv6.tar.gz
+a28a533366974bd7834c4516cd6075bff3419a508d1ed7aa63ae8182768b352e  golangci-lint-1.63.4-netbsd-armv7.tar.gz
+368932775fb5c620b324dabf018155f3365f5e33c5af5b26e9321db373f96eea  golangci-lint-1.63.4-windows-386.zip
+184d13c2b8f5441576bec2a0d8ba7b2d45445595cf796b879a73bcc98c39f8c1  golangci-lint-1.63.4-windows-amd64.zip
+4fabf175d5b05ef0858ded49527948eebac50e9093814979fd84555a75fb80a6  golangci-lint-1.63.4-windows-arm64.zip
+e92be3f3ff30d4a849fb4b9a4c8d56837dee45269cb405a3ecad52fa034c781b  golangci-lint-1.63.4-windows-armv6.zip
+c71d348653b8f7fbb109bb10c1a481722bc6b0b2b6e731b897f99ac869f7653e  golangci-lint-1.63.4-windows-armv7.zip

 # This is the builder on PPA that will build Go itself (inception-y), don't modify!
 #
 # This version is fine to be old and full of security holes, we just use it
-# to build the latest Go. Don't change it. If it ever becomes insufficient,
-# we need to switch over to a recursive builder to jump across supported
-# versions.
+# to build the latest Go. Don't change it.
 #
-# version:ppa-builder 1.19.6
+# version:ppa-builder-1 1.19.6
 # https://go.dev/dl/
 d7f0013f82e6d7f862cc6cb5c8cdb48eef5f2e239b35baa97e2f1a7466043767  go1.19.6.src.tar.gz
+
+# version:ppa-builder-2 1.21.9
+# https://go.dev/dl/
+58f0c5ced45a0012bce2ff7a9df03e128abcc8818ebabe5027bb92bafe20e421  go1.21.9.src.tar.gz
+
+# version:protoc 27.1
+# https://github.com/protocolbuffers/protobuf/releases/
+# https://github.com/protocolbuffers/protobuf/releases/download/v27.1/
+8809c2ec85368c6b6e9af161b6771a153aa92670a24adbe46dd34fa02a04df2f  protoc-27.1-linux-aarch_64.zip
+5d21979a6d27475e810b76b88863d1e784fa01ffb15e511a3ec5bd1924d89426  protoc-27.1-linux-ppcle_64.zip
+84d8852750ed186dc4a057a1a86bcac409be5362d6af04770f42367fee6b7bc1  protoc-27.1-linux-s390_64.zip
+2f028796ff5741691650e0eea290e61ff2f1c0d87f8d31fe45ef47fd967cef0c  protoc-27.1-linux-x86_32.zip
+8970e3d8bbd67d53768fe8c2e3971bdd71e51cfe2001ca06dacad17258a7dae3  protoc-27.1-linux-x86_64.zip
+03b7af1bf469e7285dc51976ee5fa99412704dbd1c017105114852a37b165c12  protoc-27.1-osx-aarch_64.zip
+f14d3973cf13283d07c520ed6f4c12405ad41b9efd18089a1c74897037d742b5  protoc-27.1-osx-universal_binary.zip
+8520d944f3a3890fa296a3b3b0d4bb18337337e2526bbbf1b507eeea3c2a1ec4  protoc-27.1-osx-x86_64.zip
+6263718ff96547b8392a079f6fdf02a4156f2e8d13cd51649a0d03fb7afa2de8  protoc-27.1-win32.zip
+da531c51ccd1290d8d34821f0ce4e219c7fbaa6f9825f5a3fb092a9d03fe6206  protoc-27.1-win64.zip
+
+# version:protoc-gen-go 1.34.2
+# https://github.com/protocolbuffers/protobuf-go/releases/
+# https://github.com/protocolbuffers/protobuf-go/releases/download/v1.34.2/
+9b48d8f90add02e8e94e14962fed74e7ce2b2d6bda4dd42f1f4fbccf0f766f1a  protoc-gen-go.v1.34.2.darwin.amd64.tar.gz
+17aca7f948dbb624049030cf841e35895cf34183ba006e721247fdeb95ff2780  protoc-gen-go.v1.34.2.darwin.arm64.tar.gz
+a191849433fd489f1d44f37788d762658f3f5fb225f3a85d4ce6ba32666703ed  protoc-gen-go.v1.34.2.linux.386.tar.gz
+b87bc134dee55576a842141bf0ed27761c635d746780fce5dee038c6dd16554f  protoc-gen-go.v1.34.2.linux.amd64.tar.gz
+63d400167e75ab9f6690688f6fdc6a9455aa20bc1faa71e32149dbd322f7f198  protoc-gen-go.v1.34.2.linux.arm64.tar.gz
+56e7675816db6e62be4f833a51544d5716b8420c462515579e05ca8444ab06ed  protoc-gen-go.v1.34.2.windows.386.zip
+abafd39612177dd4e9a65207cadd5374a9352d8611e8e040f8462fcfa3010daf  protoc-gen-go.v1.34.2.windows.amd64.zip
--- a/build/ci.go
+++ b/build/ci.go
@ -24,9 +24,14 @@ Usage: go run build/ci.go <command> <command flags/arguments>

 Available commands are:

-	install    [ -arch architecture ] [ -cc compiler ] [ packages... ]                          -- builds packages and executables
-	test       [ -coverage ] [ packages... ]                                                    -- runs the tests
-	lint                                                                                        -- runs certain pre-selected linters
+	lint           -- runs certain pre-selected linters
+	check_tidy     -- verifies that everything is 'go mod tidy'-ed
+	check_generate -- verifies that everything is 'go generate'-ed
+	check_baddeps  -- verifies that certain dependencies are avoided
+
+	install    [ -arch architecture ] [ -cc compiler ] [ packages... ] -- builds packages and executables
+	test       [ -coverage ] [ packages... ]                           -- runs the tests
+
 	archive    [ -arch architecture ] [ -type zip|tar ] [ -signer key-envvar ] [ -signify key-envvar ] [ -upload dest ] -- archives build artifacts
 	importkeys                                                                                  -- imports signing keys from env
 	debsrc     [ -signer key-id ] [ -upload dest ]                                              -- creates a debian source package
@ -48,15 +53,14 @@ import (
 	"path"
 	"path/filepath"
 	"runtime"
-	"strconv"
+	"slices"
 	"strings"
 	"time"

 	"github.com/cespare/cp"
-	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/crypto/signify"
 	"github.com/ethereum/go-ethereum/internal/build"
-	"github.com/ethereum/go-ethereum/params"
+	"github.com/ethereum/go-ethereum/internal/version"
 )

 var (
@ -70,7 +74,6 @@ var (
 	allToolsArchiveFiles = []string{
 		"COPYING",
 		executablePath("abigen"),
-		executablePath("bootnode"),
 		executablePath("evm"),
 		executablePath("geth"),
 		executablePath("rlpdump"),
@ -83,10 +86,6 @@ var (
 			BinaryName:  "abigen",
 			Description: "Source code generator to convert Ethereum contract definitions into easy to use, compile-time type-safe Go packages.",
 		},
-		{
-			BinaryName:  "bootnode",
-			Description: "Ethereum bootnode.",
-		},
 		{
 			BinaryName:  "evm",
 			Description: "Developer utility version of the EVM (Ethereum Virtual Machine) that is capable of running bytecode snippets within a configurable environment and execution mode.",
@ -108,7 +107,7 @@ var (
 	// A debian package is created for all executables listed here.
 	debEthereum = debPackage{
 		Name:        "ethereum",
-		Version:     params.Version,
+		Version:     version.Semantic,
 		Executables: debExecutables,
 	}

@ -117,23 +116,14 @@ var (
 		debEthereum,
 	}

-	// Distros for which packages are created.
-	// Note: vivid is unsupported because there is no golang-1.6 package for it.
-	// Note: the following Ubuntu releases have been officially deprecated on Launchpad:
-	//   wily, yakkety, zesty, artful, cosmic, disco, eoan, groovy, hirsuite, impish,
-	//   kinetic, lunar
-	debDistroGoBoots = map[string]string{
-		"trusty": "golang-1.11", // 14.04, EOL: 04/2024
-		"xenial": "golang-go",   // 16.04, EOL: 04/2026
-		"bionic": "golang-go",   // 18.04, EOL: 04/2028
-		"focal":  "golang-go",   // 20.04, EOL: 04/2030
-		"jammy":  "golang-go",   // 22.04, EOL: 04/2032
-		"mantic": "golang-go",   // 23.10, EOL: 07/2024
-	}
-
-	debGoBootPaths = map[string]string{
-		"golang-1.11": "/usr/lib/go-1.11",
-		"golang-go":   "/usr/lib/go",
+	// Distros for which packages are created
+	debDistros = []string{
+		"xenial",   // 16.04, EOL: 04/2026
+		"bionic",   // 18.04, EOL: 04/2028
+		"focal",    // 20.04, EOL: 04/2030
+		"jammy",    // 22.04, EOL: 04/2032
+		"noble",    // 24.04, EOL: 04/2034
+		"oracular", // 24.10, EOL: 07/2025
 	}

 	// This is where the tests should be unpacked.
@ -152,7 +142,7 @@ func executablePath(name string) string {
 func main() {
 	log.SetFlags(log.Lshortfile)

-	if !common.FileExist(filepath.Join("build", "ci.go")) {
+	if !build.FileExist(filepath.Join("build", "ci.go")) {
 		log.Fatal("this script must be run from the root of the repository")
 	}
 	if len(os.Args) < 2 {
@ -165,10 +155,16 @@ func main() {
 		doTest(os.Args[2:])
 	case "lint":
 		doLint(os.Args[2:])
+	case "check_tidy":
+		doCheckTidy()
+	case "check_generate":
+		doCheckGenerate()
+	case "check_baddeps":
+		doCheckBadDeps()
 	case "archive":
 		doArchive(os.Args[2:])
-	case "docker":
-		doDocker(os.Args[2:])
+	case "dockerx":
+		doDockerBuildx(os.Args[2:])
 	case "debsrc":
 		doDebianSource(os.Args[2:])
 	case "nsis":
@ -211,12 +207,6 @@ func doInstall(cmdline []string) {
 	// Configure the build.
 	gobuild := tc.Go("build", buildFlags(env, *staticlink, buildTags)...)

-	// arm64 CI builders are memory-constrained and can't handle concurrent builds,
-	// better disable it. This check isn't the best, it should probably
-	// check for something in env instead.
-	if env.CI && runtime.GOARCH == "arm64" {
-		gobuild.Args = append(gobuild.Args, "-p", "1")
-	}
 	// We use -trimpath to avoid leaking local paths into the built executables.
 	gobuild.Args = append(gobuild.Args, "-trimpath")

@ -232,8 +222,7 @@ func doInstall(cmdline []string) {

 	// Do the build!
 	for _, pkg := range packages {
-		args := make([]string, len(gobuild.Args))
-		copy(args, gobuild.Args)
+		args := slices.Clone(gobuild.Args)
 		args = append(args, "-o", executablePath(path.Base(pkg)))
 		args = append(args, pkg)
 		build.MustRun(&exec.Cmd{Path: gobuild.Path, Args: args, Env: gobuild.Env})
@ -243,6 +232,10 @@ func doInstall(cmdline []string) {
 // buildFlags returns the go tool flags for building.
 func buildFlags(env build.Environment, staticLinking bool, buildTags []string) (flags []string) {
 	var ld []string
+	// See https://github.com/golang/go/issues/33772#issuecomment-528176001
+	// We need to set --buildid to the linker here, and also pass --build-id to the
+	// cgo-linker further down.
+	ld = append(ld, "--buildid=none")
 	if env.Commit != "" {
 		ld = append(ld, "-X", "github.com/ethereum/go-ethereum/internal/version.gitCommit="+env.Commit)
 		ld = append(ld, "-X", "github.com/ethereum/go-ethereum/internal/version.gitDate="+env.Date)
@ -255,7 +248,11 @@ func buildFlags(env build.Environment, staticLinking bool, buildTags []string) (
 	if runtime.GOOS == "linux" {
 		// Enforce the stacksize to 8M, which is the case on most platforms apart from
 		// alpine Linux.
-		extld := []string{"-Wl,-z,stack-size=0x800000"}
+		// See https://sourceware.org/binutils/docs-2.23.1/ld/Options.html#Options
+		// regarding the options --build-id=none and --strip-all. It is needed for
+		// reproducible builds; removing references to temporary files in C-land, and
+		// making build-id reproducibly absent.
+		extld := []string{"-Wl,-z,stack-size=0x800000,--build-id=none,--strip-all"}
 		if staticLinking {
 			extld = append(extld, "-static")
 			// Under static linking, use of certain glibc features must be
@ -302,7 +299,7 @@ func doTest(cmdline []string) {
 	gotest := tc.Go("test")

 	// CI needs a bit more time for the statetests (default 10m).
-	gotest.Args = append(gotest.Args, "-timeout=20m")
+	gotest.Args = append(gotest.Args, "-timeout=30m")

 	// Enable CKZG backend in CI.
 	gotest.Args = append(gotest.Args, "-tags=ckzg")
@ -353,6 +350,95 @@ func downloadSpecTestFixtures(csdb *build.ChecksumDB, cachedir string) string {
 	return filepath.Join(cachedir, base)
 }

+// doCheckTidy assets that the Go modules files are tidied already.
+func doCheckTidy() {
+	targets := []string{"go.mod", "go.sum"}
+
+	hashes, err := build.HashFiles(targets)
+	if err != nil {
+		log.Fatalf("failed to hash go.mod/go.sum: %v", err)
+	}
+	build.MustRun(new(build.GoToolchain).Go("mod", "tidy"))
+
+	tidied, err := build.HashFiles(targets)
+	if err != nil {
+		log.Fatalf("failed to rehash go.mod/go.sum: %v", err)
+	}
+	if updates := build.DiffHashes(hashes, tidied); len(updates) > 0 {
+		log.Fatalf("files changed on running 'go mod tidy': %v", updates)
+	}
+	fmt.Println("No untidy module files detected.")
+}
+
+// doCheckGenerate ensures that re-generating generated files does not cause
+// any mutations in the source file tree.
+func doCheckGenerate() {
+	var (
+		cachedir = flag.String("cachedir", "./build/cache", "directory for caching binaries.")
+	)
+	// Compute the origin hashes of all the files
+	var hashes map[string][32]byte
+
+	var err error
+	hashes, err = build.HashFolder(".", []string{"tests/testdata", "build/cache"})
+	if err != nil {
+		log.Fatal("Error computing hashes", "err", err)
+	}
+	// Run any go generate steps we might be missing
+	var (
+		protocPath      = downloadProtoc(*cachedir)
+		protocGenGoPath = downloadProtocGenGo(*cachedir)
+	)
+	c := new(build.GoToolchain).Go("generate", "./...")
+	pathList := []string{filepath.Join(protocPath, "bin"), protocGenGoPath, os.Getenv("PATH")}
+	c.Env = append(c.Env, "PATH="+strings.Join(pathList, string(os.PathListSeparator)))
+	build.MustRun(c)
+
+	// Check if generate file hashes have changed
+	generated, err := build.HashFolder(".", []string{"tests/testdata", "build/cache"})
+	if err != nil {
+		log.Fatalf("Error re-computing hashes: %v", err)
+	}
+	updates := build.DiffHashes(hashes, generated)
+	for _, file := range updates {
+		log.Printf("File changed: %s", file)
+	}
+	if len(updates) != 0 {
+		log.Fatal("One or more generated files were updated by running 'go generate ./...'")
+	}
+	fmt.Println("No stale files detected.")
+}
+
+// doCheckBadDeps verifies whether certain unintended dependencies between some
+// packages leak into the codebase due to a refactor. This is not an exhaustive
+// list, rather something we build up over time at sensitive places.
+func doCheckBadDeps() {
+	baddeps := [][2]string{
+		// Rawdb tends to be a dumping ground for db utils, sometimes leaking the db itself
+		{"github.com/ethereum/go-ethereum/core/rawdb", "github.com/ethereum/go-ethereum/ethdb/leveldb"},
+		{"github.com/ethereum/go-ethereum/core/rawdb", "github.com/ethereum/go-ethereum/ethdb/pebbledb"},
+	}
+	tc := new(build.GoToolchain)
+
+	var failed bool
+	for _, rule := range baddeps {
+		out, err := tc.Go("list", "-deps", rule[0]).CombinedOutput()
+		if err != nil {
+			log.Fatalf("Failed to list '%s' dependencies: %v", rule[0], err)
+		}
+		for _, line := range strings.Split(string(out), "\n") {
+			if strings.TrimSpace(line) == rule[1] {
+				log.Printf("Found bad dependency '%s' -> '%s'", rule[0], rule[1])
+				failed = true
+			}
+		}
+	}
+	if failed {
+		log.Fatalf("Bad dependencies detected.")
+	}
+	fmt.Println("No bad dependencies detected.")
+}
+
 // doLint runs golangci-lint on requested packages.
 func doLint(cmdline []string) {
 	var (
@ -398,6 +484,96 @@ func downloadLinter(cachedir string) string {
 	return filepath.Join(cachedir, base, "golangci-lint")
 }

+// protocArchiveBaseName returns the name of the protoc archive file for
+// the current system, stripped of version and file suffix.
+func protocArchiveBaseName() (string, error) {
+	switch runtime.GOOS + "-" + runtime.GOARCH {
+	case "windows-amd64":
+		return "win64", nil
+	case "windows-386":
+		return "win32", nil
+	case "linux-arm64":
+		return "linux-aarch_64", nil
+	case "linux-386":
+		return "linux-x86_32", nil
+	case "linux-amd64":
+		return "linux-x86_64", nil
+	case "darwin-arm64":
+		return "osx-aarch_64", nil
+	case "darwin-amd64":
+		return "osx-x86_64", nil
+	default:
+		return "", fmt.Errorf("no prebuilt release of protoc available for this system (os: %s, arch: %s)", runtime.GOOS, runtime.GOARCH)
+	}
+}
+
+// downloadProtocGenGo downloads protoc-gen-go, which is used by protoc
+// in the generate command.  It returns the full path of the directory
+// containing the 'protoc-gen-go' executable.
+func downloadProtocGenGo(cachedir string) string {
+	csdb := build.MustLoadChecksums("build/checksums.txt")
+	version, err := build.Version(csdb, "protoc-gen-go")
+	if err != nil {
+		log.Fatal(err)
+	}
+	baseName := fmt.Sprintf("protoc-gen-go.v%s.%s.%s", version, runtime.GOOS, runtime.GOARCH)
+	archiveName := baseName
+	if runtime.GOOS == "windows" {
+		archiveName += ".zip"
+	} else {
+		archiveName += ".tar.gz"
+	}
+
+	url := fmt.Sprintf("https://github.com/protocolbuffers/protobuf-go/releases/download/v%s/%s", version, archiveName)
+
+	archivePath := path.Join(cachedir, archiveName)
+	if err := csdb.DownloadFile(url, archivePath); err != nil {
+		log.Fatal(err)
+	}
+	extractDest := filepath.Join(cachedir, baseName)
+	if err := build.ExtractArchive(archivePath, extractDest); err != nil {
+		log.Fatal(err)
+	}
+	extractDest, err = filepath.Abs(extractDest)
+	if err != nil {
+		log.Fatal("error resolving absolute path for protoc", "err", err)
+	}
+	return extractDest
+}
+
+// downloadProtoc downloads the prebuilt protoc binary used to lint generated
+// files as a CI step.  It returns the full path to the directory containing
+// the protoc executable.
+func downloadProtoc(cachedir string) string {
+	csdb := build.MustLoadChecksums("build/checksums.txt")
+	version, err := build.Version(csdb, "protoc")
+	if err != nil {
+		log.Fatal(err)
+	}
+	baseName, err := protocArchiveBaseName()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fileName := fmt.Sprintf("protoc-%s-%s", version, baseName)
+	archiveFileName := fileName + ".zip"
+	url := fmt.Sprintf("https://github.com/protocolbuffers/protobuf/releases/download/v%s/%s", version, archiveFileName)
+	archivePath := filepath.Join(cachedir, archiveFileName)
+
+	if err := csdb.DownloadFile(url, archivePath); err != nil {
+		log.Fatal(err)
+	}
+	extractDest := filepath.Join(cachedir, fileName)
+	if err := build.ExtractArchive(archivePath, extractDest); err != nil {
+		log.Fatal(err)
+	}
+	extractDest, err = filepath.Abs(extractDest)
+	if err != nil {
+		log.Fatal("error resolving absolute path for protoc", "err", err)
+	}
+	return extractDest
+}
+
 // Release Packaging
 func doArchive(cmdline []string) {
 	var (
@ -420,7 +596,7 @@ func doArchive(cmdline []string) {

 	var (
 		env      = build.Env()
-		basegeth = archiveBasename(*arch, params.ArchiveVersion(env.Commit))
+		basegeth = archiveBasename(*arch, version.Archive(env.Commit))
 		geth     = "geth-" + basegeth + ext
 		alltools = "geth-alltools-" + basegeth + ext
 	)
@ -505,10 +681,9 @@ func maybeSkipArchive(env build.Environment) {
 }

 // Builds the docker images and optionally uploads them to Docker Hub.
-func doDocker(cmdline []string) {
+func doDockerBuildx(cmdline []string) {
 	var (
-		image    = flag.Bool("image", false, `Whether to build and push an arch specific docker image`)
-		manifest = flag.String("manifest", "", `Push a multi-arch docker image for the specified architectures (usually "amd64,arm64")`)
+		platform = flag.String("platform", "", `Push a multi-arch docker image for the specified architectures (usually "linux/amd64,linux/arm64")`)
 		upload   = flag.String("upload", "", `Where to upload the docker image (usually "ethereum/client-go")`)
 	)
 	flag.CommandLine.Parse(cmdline)
@ -541,131 +716,28 @@ func doDocker(cmdline []string) {
 	case env.Branch == "master":
 		tags = []string{"latest"}
 	case strings.HasPrefix(env.Tag, "v1."):
-		tags = []string{"stable", fmt.Sprintf("release-1.%d", params.VersionMinor), "v" + params.Version}
+		tags = []string{"stable", fmt.Sprintf("release-%v", version.Family), "v" + version.Semantic}
 	}
-	// If architecture specific image builds are requested, build and push them
-	if *image {
-		build.MustRunCommand("docker", "build", "--build-arg", "COMMIT="+env.Commit, "--build-arg", "VERSION="+params.VersionWithMeta, "--build-arg", "BUILDNUM="+env.Buildnum, "--tag", fmt.Sprintf("%s:TAG", *upload), ".")
-		build.MustRunCommand("docker", "build", "--build-arg", "COMMIT="+env.Commit, "--build-arg", "VERSION="+params.VersionWithMeta, "--build-arg", "BUILDNUM="+env.Buildnum, "--tag", fmt.Sprintf("%s:alltools-TAG", *upload), "-f", "Dockerfile.alltools", ".")
+	// Need to create a mult-arch builder
+	build.MustRunCommand("docker", "buildx", "create", "--use", "--name", "multi-arch-builder", "--platform", *platform)

-		// Tag and upload the images to Docker Hub
-		for _, tag := range tags {
-			gethImage := fmt.Sprintf("%s:%s-%s", *upload, tag, runtime.GOARCH)
-			toolImage := fmt.Sprintf("%s:alltools-%s-%s", *upload, tag, runtime.GOARCH)
-
-			// If the image already exists (non version tag), check the build
-			// number to prevent overwriting a newer commit if concurrent builds
-			// are running. This is still a tiny bit racey if two published are
-			// done at the same time, but that's extremely unlikely even on the
-			// master branch.
-			for _, img := range []string{gethImage, toolImage} {
-				if exec.Command("docker", "pull", img).Run() != nil {
-					continue // Generally the only failure is a missing image, which is good
-				}
-				buildnum, err := exec.Command("docker", "inspect", "--format", "{{index .Config.Labels \"buildnum\"}}", img).CombinedOutput()
-				if err != nil {
-					log.Fatalf("Failed to inspect container: %v\nOutput: %s", err, string(buildnum))
-				}
-				buildnum = bytes.TrimSpace(buildnum)
-
-				if len(buildnum) > 0 && len(env.Buildnum) > 0 {
-					oldnum, err := strconv.Atoi(string(buildnum))
-					if err != nil {
-						log.Fatalf("Failed to parse old image build number: %v", err)
-					}
-					newnum, err := strconv.Atoi(env.Buildnum)
-					if err != nil {
-						log.Fatalf("Failed to parse current build number: %v", err)
-					}
-					if oldnum > newnum {
-						log.Fatalf("Current build number %d not newer than existing %d", newnum, oldnum)
-					} else {
-						log.Printf("Updating %s from build %d to %d", img, oldnum, newnum)
-					}
-				}
-			}
-			build.MustRunCommand("docker", "image", "tag", fmt.Sprintf("%s:TAG", *upload), gethImage)
-			build.MustRunCommand("docker", "image", "tag", fmt.Sprintf("%s:alltools-TAG", *upload), toolImage)
-			build.MustRunCommand("docker", "push", gethImage)
-			build.MustRunCommand("docker", "push", toolImage)
-		}
-	}
-	// If multi-arch image manifest push is requested, assemble it
-	if len(*manifest) != 0 {
-		// Since different architectures are pushed by different builders, wait
-		// until all required images are updated.
-		var mismatch bool
-		for i := 0; i < 2; i++ { // 2 attempts, second is race check
-			mismatch = false // hope there's no mismatch now
-
-			for _, tag := range tags {
-				for _, arch := range strings.Split(*manifest, ",") {
-					gethImage := fmt.Sprintf("%s:%s-%s", *upload, tag, arch)
-					toolImage := fmt.Sprintf("%s:alltools-%s-%s", *upload, tag, arch)
-
-					for _, img := range []string{gethImage, toolImage} {
-						if out, err := exec.Command("docker", "pull", img).CombinedOutput(); err != nil {
-							log.Printf("Required image %s unavailable: %v\nOutput: %s", img, err, out)
-							mismatch = true
-							break
-						}
-						buildnum, err := exec.Command("docker", "inspect", "--format", "{{index .Config.Labels \"buildnum\"}}", img).CombinedOutput()
-						if err != nil {
-							log.Fatalf("Failed to inspect container: %v\nOutput: %s", err, string(buildnum))
-						}
-						buildnum = bytes.TrimSpace(buildnum)
-
-						if string(buildnum) != env.Buildnum {
-							log.Printf("Build number mismatch on %s: want %s, have %s", img, env.Buildnum, buildnum)
-							mismatch = true
-							break
-						}
-					}
-					if mismatch {
-						break
-					}
-				}
-				if mismatch {
-					break
-				}
-			}
-			if mismatch {
-				// Build numbers mismatching, retry in a short time to
-				// avoid concurrent fails in both publisher images. If
-				// however the retry failed too, it means the concurrent
-				// builder is still crunching, let that do the publish.
-				if i == 0 {
-					time.Sleep(30 * time.Second)
-				}
-				continue
-			}
-			break
-		}
-		if mismatch {
-			log.Println("Relinquishing publish to other builder")
-			return
-		}
-		// Assemble and push the Geth manifest image
-		for _, tag := range tags {
-			gethImage := fmt.Sprintf("%s:%s", *upload, tag)
-
-			var gethSubImages []string
-			for _, arch := range strings.Split(*manifest, ",") {
-				gethSubImages = append(gethSubImages, gethImage+"-"+arch)
-			}
-			build.MustRunCommand("docker", append([]string{"manifest", "create", gethImage}, gethSubImages...)...)
-			build.MustRunCommand("docker", "manifest", "push", gethImage)
-		}
-		// Assemble and push the alltools manifest image
-		for _, tag := range tags {
-			toolImage := fmt.Sprintf("%s:alltools-%s", *upload, tag)
-
-			var toolSubImages []string
-			for _, arch := range strings.Split(*manifest, ",") {
-				toolSubImages = append(toolSubImages, toolImage+"-"+arch)
-			}
-			build.MustRunCommand("docker", append([]string{"manifest", "create", toolImage}, toolSubImages...)...)
-			build.MustRunCommand("docker", "manifest", "push", toolImage)
+	for _, spec := range []struct {
+		file string
+		base string
+	}{
+		{file: "Dockerfile", base: fmt.Sprintf("%s:", *upload)},
+		{file: "Dockerfile.alltools", base: fmt.Sprintf("%s:alltools-", *upload)},
+	} {
+		for _, tag := range tags { // latest, stable etc
+			gethImage := fmt.Sprintf("%s%s", spec.base, tag)
+			build.MustRunCommand("docker", "buildx", "build",
+				"--build-arg", "COMMIT="+env.Commit,
+				"--build-arg", "VERSION="+version.WithMeta,
+				"--build-arg", "BUILDNUM="+env.Buildnum,
+				"--tag", gethImage,
+				"--platform", *platform,
+				"--push",
+				"--file", spec.file, ".")
 		}
 	}
 }
@ -694,8 +766,8 @@ func doDebianSource(cmdline []string) {
 	}
 	// Download and verify the Go source packages.
 	var (
-		gobootbundle = downloadGoBootstrapSources(*cachedir)
-		gobundle     = downloadGoSources(*cachedir)
+		gobootbundles = downloadGoBootstrapSources(*cachedir)
+		gobundle      = downloadGoSources(*cachedir)
 	)
 	// Download all the dependencies needed to build the sources and run the ci script
 	srcdepfetch := tc.Go("mod", "download")
@ -708,17 +780,19 @@ func doDebianSource(cmdline []string) {

 	// Create Debian packages and upload them.
 	for _, pkg := range debPackages {
-		for distro, goboot := range debDistroGoBoots {
+		for _, distro := range debDistros {
 			// Prepare the debian package with the go-ethereum sources.
-			meta := newDebMetadata(distro, goboot, *signer, env, now, pkg.Name, pkg.Version, pkg.Executables)
+			meta := newDebMetadata(distro, *signer, env, now, pkg.Name, pkg.Version, pkg.Executables)
 			pkgdir := stageDebianSource(*workdir, meta)

 			// Add bootstrapper Go source code
-			if err := build.ExtractArchive(gobootbundle, pkgdir); err != nil {
-				log.Fatalf("Failed to extract bootstrapper Go sources: %v", err)
-			}
-			if err := os.Rename(filepath.Join(pkgdir, "go"), filepath.Join(pkgdir, ".goboot")); err != nil {
-				log.Fatalf("Failed to rename bootstrapper Go source folder: %v", err)
+			for i, gobootbundle := range gobootbundles {
+				if err := build.ExtractArchive(gobootbundle, pkgdir); err != nil {
+					log.Fatalf("Failed to extract bootstrapper Go sources: %v", err)
+				}
+				if err := os.Rename(filepath.Join(pkgdir, "go"), filepath.Join(pkgdir, fmt.Sprintf(".goboot-%d", i+1))); err != nil {
+					log.Fatalf("Failed to rename bootstrapper Go source folder: %v", err)
+				}
 			}
 			// Add builder Go source code
 			if err := build.ExtractArchive(gobundle, pkgdir); err != nil {
@ -754,21 +828,26 @@ func doDebianSource(cmdline []string) {
 	}
 }

-// downloadGoBootstrapSources downloads the Go source tarball that will be used
+// downloadGoBootstrapSources downloads the Go source tarball(s) that will be used
 // to bootstrap the builder Go.
-func downloadGoBootstrapSources(cachedir string) string {
+func downloadGoBootstrapSources(cachedir string) []string {
 	csdb := build.MustLoadChecksums("build/checksums.txt")
-	gobootVersion, err := build.Version(csdb, "ppa-builder")
-	if err != nil {
-		log.Fatal(err)
+
+	var bundles []string
+	for _, booter := range []string{"ppa-builder-1", "ppa-builder-2"} {
+		gobootVersion, err := build.Version(csdb, booter)
+		if err != nil {
+			log.Fatal(err)
+		}
+		file := fmt.Sprintf("go%s.src.tar.gz", gobootVersion)
+		url := "https://dl.google.com/go/" + file
+		dst := filepath.Join(cachedir, file)
+		if err := csdb.DownloadFile(url, dst); err != nil {
+			log.Fatal(err)
+		}
+		bundles = append(bundles, dst)
 	}
-	file := fmt.Sprintf("go%s.src.tar.gz", gobootVersion)
-	url := "https://dl.google.com/go/" + file
-	dst := filepath.Join(cachedir, file)
-	if err := csdb.DownloadFile(url, dst); err != nil {
-		log.Fatal(err)
-	}
-	return dst
+	return bundles
 }

 // downloadGoSources downloads the Go source tarball.
@ -800,7 +879,7 @@ func ppaUpload(workdir, ppa, sshUser string, files []string) {
 	var idfile string
 	if sshkey := getenvBase64("PPA_SSH_KEY"); len(sshkey) > 0 {
 		idfile = filepath.Join(workdir, "sshkey")
-		if !common.FileExist(idfile) {
+		if !build.FileExist(idfile) {
 			os.WriteFile(idfile, sshkey, 0600)
 		}
 	}
@ -846,10 +925,7 @@ type debPackage struct {
 }

 type debMetadata struct {
-	Env           build.Environment
-	GoBootPackage string
-	GoBootPath    string
-
+	Env         build.Environment
 	PackageName string

 	// go-ethereum version being built. Note that this
@ -877,21 +953,19 @@ func (d debExecutable) Package() string {
 	return d.BinaryName
 }

-func newDebMetadata(distro, goboot, author string, env build.Environment, t time.Time, name string, version string, exes []debExecutable) debMetadata {
+func newDebMetadata(distro, author string, env build.Environment, t time.Time, name string, version string, exes []debExecutable) debMetadata {
 	if author == "" {
 		// No signing key, use default author.
 		author = "Ethereum Builds <fjl@ethereum.org>"
 	}
 	return debMetadata{
-		GoBootPackage: goboot,
-		GoBootPath:    debGoBootPaths[goboot],
-		PackageName:   name,
-		Env:           env,
-		Author:        author,
-		Distro:        distro,
-		Version:       version,
-		Time:          t.Format(time.RFC1123Z),
-		Executables:   exes,
+		PackageName: name,
+		Env:         env,
+		Author:      author,
+		Distro:      distro,
+		Version:     version,
+		Time:        t.Format(time.RFC1123Z),
+		Executables: exes,
 	}
 }

@ -1030,19 +1104,19 @@ func doWindowsInstaller(cmdline []string) {
 	// Build the installer. This assumes that all the needed files have been previously
 	// built (don't mix building and packaging to keep cross compilation complexity to a
 	// minimum).
-	version := strings.Split(params.Version, ".")
+	ver := strings.Split(version.Semantic, ".")
 	if env.Commit != "" {
-		version[2] += "-" + env.Commit[:8]
+		ver[2] += "-" + env.Commit[:8]
 	}
-	installer, err := filepath.Abs("geth-" + archiveBasename(*arch, params.ArchiveVersion(env.Commit)) + ".exe")
+	installer, err := filepath.Abs("geth-" + archiveBasename(*arch, version.Archive(env.Commit)) + ".exe")
 	if err != nil {
 		log.Fatalf("Failed to convert installer file path: %v", err)
 	}
 	build.MustRunCommand("makensis.exe",
 		"/DOUTPUTFILE="+installer,
-		"/DMAJORVERSION="+version[0],
-		"/DMINORVERSION="+version[1],
-		"/DBUILDVERSION="+version[2],
+		"/DMAJORVERSION="+ver[0],
+		"/DMINORVERSION="+ver[1],
+		"/DBUILDVERSION="+ver[2],
 		"/DARCH="+*arch,
 		filepath.Join(*workdir, "geth.nsi"),
 	)
--- a/build/deb/ethereum/deb.control
+++ b/build/deb/ethereum/deb.control
@ -2,7 +2,7 @@ Source: {{.Name}}
 Section: science
 Priority: extra
 Maintainer: {{.Author}}
-Build-Depends: debhelper (>= 8.0.0), {{.GoBootPackage}}
+Build-Depends: debhelper (>= 8.0.0), golang-go
 Standards-Version: 3.9.5
 Homepage: https://ethereum.org
 Vcs-Git: https://github.com/ethereum/go-ethereum.git
--- a/build/deb/ethereum/deb.rules
+++ b/build/deb/ethereum/deb.rules
@ -7,7 +7,7 @@
 # Launchpad rejects Go's access to $HOME, use custom folders
 export GOCACHE=/tmp/go-build
 export GOPATH=/tmp/gopath
-export GOROOT_BOOTSTRAP={{.GoBootPath}}
+export GOROOT_BOOTSTRAP=/usr/lib/go

 override_dh_auto_clean:
 	# Don't try to be smart Launchpad, we know our build rules better than you
@ -19,8 +19,9 @@ override_dh_auto_build:
 	#
 	# We're also shipping the bootstrapper as of Go 1.20 as it had minimum version
 	# requirements opposed to older versions of Go.
-	(mv .goboot ../ && cd ../.goboot/src && ./make.bash)
-	(mv .go ../ && cd ../.go/src && GOROOT_BOOTSTRAP=`pwd`/../../.goboot ./make.bash)
+	(mv .goboot-1 ../ && cd ../.goboot-1/src && ./make.bash)
+	(mv .goboot-2 ../ && cd ../.goboot-2/src && GOROOT_BOOTSTRAP=`pwd`/../../.goboot-1 ./make.bash)
+	(mv .go ../ && cd ../.go/src && GOROOT_BOOTSTRAP=`pwd`/../../.goboot-2 ./make.bash)

 	# We can't download external go modules within Launchpad, so we're shipping the
 	# entire dependency source cache with go-ethereum.
--- a/build/tools/tools.go
+++ b/build/tools/tools.go
@ -22,6 +22,6 @@ package tools
 import (
 	// Tool imports for go:generate.
 	_ "github.com/fjl/gencodec"
-	_ "github.com/golang/protobuf/protoc-gen-go"
 	_ "golang.org/x/tools/cmd/stringer"
+	_ "google.golang.org/protobuf/cmd/protoc-gen-go"
 )
--- a/cmd/blsync/main.go
+++ b/cmd/blsync/main.go
@ -19,39 +19,22 @@ package main
 import (
 	"context"
 	"fmt"
-	"io"
 	"os"
+	"slices"

 	"github.com/ethereum/go-ethereum/beacon/blsync"
 	"github.com/ethereum/go-ethereum/cmd/utils"
+	"github.com/ethereum/go-ethereum/internal/debug"
 	"github.com/ethereum/go-ethereum/internal/flags"
 	"github.com/ethereum/go-ethereum/log"
 	"github.com/ethereum/go-ethereum/node"
 	"github.com/ethereum/go-ethereum/rpc"
-	"github.com/mattn/go-colorable"
-	"github.com/mattn/go-isatty"
 	"github.com/urfave/cli/v2"
 )

-var (
-	verbosityFlag = &cli.IntFlag{
-		Name:     "verbosity",
-		Usage:    "Logging verbosity: 0=silent, 1=error, 2=warn, 3=info, 4=debug, 5=detail",
-		Value:    3,
-		Category: flags.LoggingCategory,
-	}
-	vmoduleFlag = &cli.StringFlag{
-		Name:     "vmodule",
-		Usage:    "Per-module verbosity: comma-separated list of <pattern>=<level> (e.g. eth/*=5,p2p=4)",
-		Value:    "",
-		Hidden:   true,
-		Category: flags.LoggingCategory,
-	}
-)
-
 func main() {
 	app := flags.NewApp("beacon light syncer tool")
-	app.Flags = []cli.Flag{
+	app.Flags = slices.Concat([]cli.Flag{
 		utils.BeaconApiFlag,
 		utils.BeaconApiHeaderFlag,
 		utils.BeaconThresholdFlag,
@ -63,11 +46,19 @@ func main() {
 		//TODO datadir for optional permanent database
 		utils.MainnetFlag,
 		utils.SepoliaFlag,
-		utils.GoerliFlag,
+		utils.HoleskyFlag,
 		utils.BlsyncApiFlag,
 		utils.BlsyncJWTSecretFlag,
-		verbosityFlag,
-		vmoduleFlag,
+	},
+		debug.Flags,
+	)
+	app.Before = func(ctx *cli.Context) error {
+		flags.MigrateGlobalFlags(ctx)
+		return debug.Setup(ctx)
+	}
+	app.After = func(ctx *cli.Context) error {
+		debug.Exit()
+		return nil
 	}
 	app.Action = sync

@ -78,16 +69,8 @@ func main() {
 }

 func sync(ctx *cli.Context) error {
-	usecolor := (isatty.IsTerminal(os.Stderr.Fd()) || isatty.IsCygwinTerminal(os.Stderr.Fd())) && os.Getenv("TERM") != "dumb"
-	output := io.Writer(os.Stderr)
-	if usecolor {
-		output = colorable.NewColorable(os.Stderr)
-	}
-	verbosity := log.FromLegacyLevel(ctx.Int(verbosityFlag.Name))
-	log.SetDefault(log.NewLogger(log.NewTerminalHandlerWithLevel(output, verbosity, usecolor)))
-
 	// set up blsync
-	client := blsync.NewClient(ctx)
+	client := blsync.NewClient(utils.MakeBeaconLightConfig(ctx))
 	client.SetEngineRPC(makeRPCClient(ctx))
 	client.Start()

--- a/cmd/bootnode/main.go
+++ b/cmd/bootnode/main.go
@ -1,209 +0,0 @@
-// Copyright 2015 The go-ethereum Authors
-// This file is part of go-ethereum.
-//
-// go-ethereum is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// go-ethereum is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with go-ethereum. If not, see <http://www.gnu.org/licenses/>.
-
-// bootnode runs a bootstrap node for the Ethereum Discovery Protocol.
-package main
-
-import (
-	"crypto/ecdsa"
-	"flag"
-	"fmt"
-	"net"
-	"os"
-	"time"
-
-	"github.com/ethereum/go-ethereum/cmd/utils"
-	"github.com/ethereum/go-ethereum/crypto"
-	"github.com/ethereum/go-ethereum/log"
-	"github.com/ethereum/go-ethereum/p2p/discover"
-	"github.com/ethereum/go-ethereum/p2p/enode"
-	"github.com/ethereum/go-ethereum/p2p/nat"
-	"github.com/ethereum/go-ethereum/p2p/netutil"
-)
-
-func main() {
-	var (
-		listenAddr  = flag.String("addr", ":30301", "listen address")
-		genKey      = flag.String("genkey", "", "generate a node key")
-		writeAddr   = flag.Bool("writeaddress", false, "write out the node's public key and quit")
-		nodeKeyFile = flag.String("nodekey", "", "private key filename")
-		nodeKeyHex  = flag.String("nodekeyhex", "", "private key as hex (for testing)")
-		natdesc     = flag.String("nat", "none", "port mapping mechanism (any|none|upnp|pmp|pmp:<IP>|extip:<IP>)")
-		netrestrict = flag.String("netrestrict", "", "restrict network communication to the given IP networks (CIDR masks)")
-		runv5       = flag.Bool("v5", false, "run a v5 topic discovery bootnode")
-		verbosity   = flag.Int("verbosity", 3, "log verbosity (0-5)")
-		vmodule     = flag.String("vmodule", "", "log verbosity pattern")
-
-		nodeKey *ecdsa.PrivateKey
-		err     error
-	)
-	flag.Parse()
-
-	glogger := log.NewGlogHandler(log.NewTerminalHandler(os.Stderr, false))
-	slogVerbosity := log.FromLegacyLevel(*verbosity)
-	glogger.Verbosity(slogVerbosity)
-	glogger.Vmodule(*vmodule)
-	log.SetDefault(log.NewLogger(glogger))
-
-	natm, err := nat.Parse(*natdesc)
-	if err != nil {
-		utils.Fatalf("-nat: %v", err)
-	}
-	switch {
-	case *genKey != "":
-		nodeKey, err = crypto.GenerateKey()
-		if err != nil {
-			utils.Fatalf("could not generate key: %v", err)
-		}
-		if err = crypto.SaveECDSA(*genKey, nodeKey); err != nil {
-			utils.Fatalf("%v", err)
-		}
-		if !*writeAddr {
-			return
-		}
-	case *nodeKeyFile == "" && *nodeKeyHex == "":
-		utils.Fatalf("Use -nodekey or -nodekeyhex to specify a private key")
-	case *nodeKeyFile != "" && *nodeKeyHex != "":
-		utils.Fatalf("Options -nodekey and -nodekeyhex are mutually exclusive")
-	case *nodeKeyFile != "":
-		if nodeKey, err = crypto.LoadECDSA(*nodeKeyFile); err != nil {
-			utils.Fatalf("-nodekey: %v", err)
-		}
-	case *nodeKeyHex != "":
-		if nodeKey, err = crypto.HexToECDSA(*nodeKeyHex); err != nil {
-			utils.Fatalf("-nodekeyhex: %v", err)
-		}
-	}
-
-	if *writeAddr {
-		fmt.Printf("%x\n", crypto.FromECDSAPub(&nodeKey.PublicKey)[1:])
-		os.Exit(0)
-	}
-
-	var restrictList *netutil.Netlist
-	if *netrestrict != "" {
-		restrictList, err = netutil.ParseNetlist(*netrestrict)
-		if err != nil {
-			utils.Fatalf("-netrestrict: %v", err)
-		}
-	}
-
-	addr, err := net.ResolveUDPAddr("udp", *listenAddr)
-	if err != nil {
-		utils.Fatalf("-ResolveUDPAddr: %v", err)
-	}
-	conn, err := net.ListenUDP("udp", addr)
-	if err != nil {
-		utils.Fatalf("-ListenUDP: %v", err)
-	}
-	defer conn.Close()
-
-	db, _ := enode.OpenDB("")
-	ln := enode.NewLocalNode(db, nodeKey)
-
-	listenerAddr := conn.LocalAddr().(*net.UDPAddr)
-	if natm != nil && !listenerAddr.IP.IsLoopback() {
-		natAddr := doPortMapping(natm, ln, listenerAddr)
-		if natAddr != nil {
-			listenerAddr = natAddr
-		}
-	}
-
-	printNotice(&nodeKey.PublicKey, *listenerAddr)
-	cfg := discover.Config{
-		PrivateKey:  nodeKey,
-		NetRestrict: restrictList,
-	}
-	if *runv5 {
-		if _, err := discover.ListenV5(conn, ln, cfg); err != nil {
-			utils.Fatalf("%v", err)
-		}
-	} else {
-		if _, err := discover.ListenUDP(conn, ln, cfg); err != nil {
-			utils.Fatalf("%v", err)
-		}
-	}
-
-	select {}
-}
-
-func printNotice(nodeKey *ecdsa.PublicKey, addr net.UDPAddr) {
-	if addr.IP.IsUnspecified() {
-		addr.IP = net.IP{127, 0, 0, 1}
-	}
-	n := enode.NewV4(nodeKey, addr.IP, 0, addr.Port)
-	fmt.Println(n.URLv4())
-	fmt.Println("Note: you're using cmd/bootnode, a developer tool.")
-	fmt.Println("We recommend using a regular node as bootstrap node for production deployments.")
-}
-
-func doPortMapping(natm nat.Interface, ln *enode.LocalNode, addr *net.UDPAddr) *net.UDPAddr {
-	const (
-		protocol = "udp"
-		name     = "ethereum discovery"
-	)
-	newLogger := func(external int, internal int) log.Logger {
-		return log.New("proto", protocol, "extport", external, "intport", internal, "interface", natm)
-	}
-
-	var (
-		intport    = addr.Port
-		extaddr    = &net.UDPAddr{IP: addr.IP, Port: addr.Port}
-		mapTimeout = nat.DefaultMapTimeout
-		log        = newLogger(addr.Port, intport)
-	)
-	addMapping := func() {
-		// Get the external address.
-		var err error
-		extaddr.IP, err = natm.ExternalIP()
-		if err != nil {
-			log.Debug("Couldn't get external IP", "err", err)
-			return
-		}
-		// Create the mapping.
-		p, err := natm.AddMapping(protocol, extaddr.Port, intport, name, mapTimeout)
-		if err != nil {
-			log.Debug("Couldn't add port mapping", "err", err)
-			return
-		}
-		if p != uint16(extaddr.Port) {
-			extaddr.Port = int(p)
-			log = newLogger(extaddr.Port, intport)
-			log.Info("NAT mapped alternative port")
-		} else {
-			log.Info("NAT mapped port")
-		}
-		// Update IP/port information of the local node.
-		ln.SetStaticIP(extaddr.IP)
-		ln.SetFallbackUDP(extaddr.Port)
-	}
-
-	// Perform mapping once, synchronously.
-	log.Info("Attempting port mapping")
-	addMapping()
-
-	// Refresh the mapping periodically.
-	go func() {
-		refresh := time.NewTimer(mapTimeout)
-		defer refresh.Stop()
-		for range refresh.C {
-			addMapping()
-			refresh.Reset(mapTimeout)
-		}
-	}()
-
-	return extaddr
-}
--- a/cmd/clef/README.md
+++ b/cmd/clef/README.md
@ -29,7 +29,7 @@ GLOBAL OPTIONS:
   --loglevel value        log level to emit to the screen (default: 4)
   --keystore value        Directory for the keystore (default: "$HOME/.ethereum/keystore")
   --configdir value       Directory for Clef configuration (default: "$HOME/.clef")
-   --chainid value         Chain id to use for signing (1=mainnet, 5=Goerli) (default: 1)
+   --chainid value         Chain id to use for signing (1=mainnet, 17000=Holesky) (default: 1)
   --lightkdf              Reduce key-derivation RAM & CPU usage at some expense of KDF strength
   --nousb                 Disables monitoring for and managing USB hardware wallets
   --pcscdpath value       Path to the smartcard daemon (pcscd) socket file (default: "/run/pcscd/pcscd.comm")
@ -225,8 +225,8 @@ Response
     - `value` [number:optional]: amount of Wei to send with the transaction
     - `data` [data:optional]:  input data
     - `nonce` [number]: account nonce
-  1. method signature [string:optional]
-     - The method signature, if present, is to aid decoding the calldata. Should consist of `methodname(paramtype,...)`, e.g. `transfer(uint256,address)`. The signer may use this data to parse the supplied calldata, and show the user. The data, however, is considered totally untrusted, and reliability is not expected.
+  2. method signature [string:optional]
+       - The method signature, if present, is to aid decoding the calldata. Should consist of `methodname(paramtype,...)`, e.g. `transfer(uint256,address)`. The signer may use this data to parse the supplied calldata, and show the user. The data, however, is considered totally untrusted, and reliability is not expected.


 #### Result
--- a/cmd/clef/consolecmd_test.go
+++ b/cmd/clef/consolecmd_test.go
@ -27,9 +27,8 @@ import (
 // TestImportRaw tests clef --importraw
 func TestImportRaw(t *testing.T) {
 	t.Parallel()
-	keyPath := filepath.Join(os.TempDir(), fmt.Sprintf("%v-tempkey.test", t.Name()))
+	keyPath := filepath.Join(t.TempDir(), fmt.Sprintf("%v-tempkey.test", t.Name()))
 	os.WriteFile(keyPath, []byte("0102030405060708090a0102030405060708090a0102030405060708090a0102"), 0777)
-	t.Cleanup(func() { os.Remove(keyPath) })

 	t.Run("happy-path", func(t *testing.T) {
 		t.Parallel()
@ -68,9 +67,8 @@ func TestImportRaw(t *testing.T) {
 // TestListAccounts tests clef --list-accounts
 func TestListAccounts(t *testing.T) {
 	t.Parallel()
-	keyPath := filepath.Join(os.TempDir(), fmt.Sprintf("%v-tempkey.test", t.Name()))
+	keyPath := filepath.Join(t.TempDir(), fmt.Sprintf("%v-tempkey.test", t.Name()))
 	os.WriteFile(keyPath, []byte("0102030405060708090a0102030405060708090a0102030405060708090a0102"), 0777)
-	t.Cleanup(func() { os.Remove(keyPath) })

 	t.Run("no-accounts", func(t *testing.T) {
 		t.Parallel()
@ -97,9 +95,8 @@ func TestListAccounts(t *testing.T) {
 // TestListWallets tests clef --list-wallets
 func TestListWallets(t *testing.T) {
 	t.Parallel()
-	keyPath := filepath.Join(os.TempDir(), fmt.Sprintf("%v-tempkey.test", t.Name()))
+	keyPath := filepath.Join(t.TempDir(), fmt.Sprintf("%v-tempkey.test", t.Name()))
 	os.WriteFile(keyPath, []byte("0102030405060708090a0102030405060708090a0102030405060708090a0102"), 0777)
-	t.Cleanup(func() { os.Remove(keyPath) })

 	t.Run("no-accounts", func(t *testing.T) {
 		t.Parallel()
--- a/cmd/clef/main.go
+++ b/cmd/clef/main.go
@ -100,7 +100,7 @@ var (
 	chainIdFlag = &cli.Int64Flag{
 		Name:  "chainid",
 		Value: params.MainnetChainConfig.ChainID.Int64(),
-		Usage: "Chain id to use for signing (1=mainnet, 5=Goerli)",
+		Usage: "Chain id to use for signing (1=mainnet, 17000=Holesky)",
 	}
 	rpcPortFlag = &cli.IntFlag{
 		Name:     "http.port",
@ -552,7 +552,7 @@ func listWallets(c *cli.Context) error {
 // accountImport imports a raw hexadecimal private key via CLI.
 func accountImport(c *cli.Context) error {
 	if c.Args().Len() != 1 {
-		return errors.New("<keyfile> must be given as first argument.")
+		return errors.New("<keyfile> must be given as first argument")
 	}
 	internalApi, ui, err := initInternalApi(c)
 	if err != nil {
--- a/cmd/clef/rules.md
+++ b/cmd/clef/rules.md
@ -7,7 +7,7 @@ It enables usecases like the following:
 * I want to auto-approve transactions with contract `CasinoDapp`, with up to `0.05 ether` in value to maximum `1 ether` per 24h period
 * I want to auto-approve transaction to contract `EthAlarmClock` with `data`=`0xdeadbeef`, if `value=0`, `gas < 44k` and `gasPrice < 40Gwei`

-The two main features that are required for this to work well are;
+The two main features that are required for this to work well are:

 1. Rule Implementation: how to create, manage, and interpret rules in a flexible but secure manner
 2. Credential management and credentials; how to provide auto-unlock without exposing keys unnecessarily.
@ -29,10 +29,10 @@ function asBig(str) {

 // Approve transactions to a certain contract if the value is below a certain limit
 function ApproveTx(req) {
-	var limit = big.Newint("0xb1a2bc2ec50000")
+	var limit = new BigNumber("0xb1a2bc2ec50000")
 	var value = asBig(req.transaction.value);

-	if (req.transaction.to.toLowerCase() == "0xae967917c465db8578ca9024c205720b1a3651a9") && value.lt(limit)) {
+	if (req.transaction.to.toLowerCase() == "0xae967917c465db8578ca9024c205720b1a3651a9" && value.lt(limit)) {
 		return "Approve"
 	}
 	// If we return "Reject", it will be rejected.
--- a/cmd/devp2p/README.md
+++ b/cmd/devp2p/README.md
@ -44,7 +44,7 @@ set to standard output. The following filters are supported:
 - `-limit <N>` limits the output set to N entries, taking the top N nodes by score
 - `-ip <CIDR>` filters nodes by IP subnet
 - `-min-age <duration>` filters nodes by 'first seen' time
- `-eth-network <mainnet/goerli/sepolia/holesky>` filters nodes by "eth" ENR entry
+- `-eth-network <mainnet/sepolia/holesky>` filters nodes by "eth" ENR entry
 - `-les-server` filters nodes by LES server support
 - `-snap` filters nodes by snap protocol support

--- a/cmd/devp2p/discv4cmd.go
+++ b/cmd/devp2p/discv4cmd.go
@ -20,6 +20,8 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"net/http"
+	"slices"
 	"strconv"
 	"strings"
 	"time"
@ -27,10 +29,11 @@ import (
 	"github.com/ethereum/go-ethereum/cmd/devp2p/internal/v4test"
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/crypto"
-	"github.com/ethereum/go-ethereum/internal/flags"
+	"github.com/ethereum/go-ethereum/log"
 	"github.com/ethereum/go-ethereum/p2p/discover"
 	"github.com/ethereum/go-ethereum/p2p/enode"
 	"github.com/ethereum/go-ethereum/params"
+	"github.com/ethereum/go-ethereum/rpc"
 	"github.com/urfave/cli/v2"
 )

@ -45,6 +48,7 @@ var (
 			discv4ResolveJSONCommand,
 			discv4CrawlCommand,
 			discv4TestCommand,
+			discv4ListenCommand,
 		},
 	}
 	discv4PingCommand = &cli.Command{
@ -75,11 +79,19 @@ var (
 		Flags:     discoveryNodeFlags,
 		ArgsUsage: "<nodes.json file>",
 	}
+	discv4ListenCommand = &cli.Command{
+		Name:   "listen",
+		Usage:  "Runs a discovery node",
+		Action: discv4Listen,
+		Flags: slices.Concat(discoveryNodeFlags, []cli.Flag{
+			httpAddrFlag,
+		}),
+	}
 	discv4CrawlCommand = &cli.Command{
 		Name:   "crawl",
 		Usage:  "Updates a nodes.json file with random nodes found in the DHT",
 		Action: discv4Crawl,
-		Flags:  flags.Merge(discoveryNodeFlags, []cli.Flag{crawlTimeoutFlag, crawlParallelismFlag}),
+		Flags:  slices.Concat(discoveryNodeFlags, []cli.Flag{crawlTimeoutFlag, crawlParallelismFlag}),
 	}
 	discv4TestCommand = &cli.Command{
 		Name:   "test",
@ -131,6 +143,10 @@ var (
 		Usage:   "Enode of the remote node under test",
 		EnvVars: []string{"REMOTE_ENODE"},
 	}
+	httpAddrFlag = &cli.StringFlag{
+		Name:  "rpc",
+		Usage: "HTTP server listening address",
+	}
 )

 var discoveryNodeFlags = []cli.Flag{
@ -154,6 +170,27 @@ func discv4Ping(ctx *cli.Context) error {
 	return nil
 }

+func discv4Listen(ctx *cli.Context) error {
+	disc, _ := startV4(ctx)
+	defer disc.Close()
+
+	fmt.Println(disc.Self())
+
+	httpAddr := ctx.String(httpAddrFlag.Name)
+	if httpAddr == "" {
+		// Non-HTTP mode.
+		select {}
+	}
+
+	api := &discv4API{disc}
+	log.Info("Starting RPC API server", "addr", httpAddr)
+	srv := rpc.NewServer()
+	srv.RegisterName("discv4", api)
+	http.DefaultServeMux.Handle("/", srv)
+	httpsrv := http.Server{Addr: httpAddr, Handler: http.DefaultServeMux}
+	return httpsrv.ListenAndServe()
+}
+
 func discv4RequestRecord(ctx *cli.Context) error {
 	n := getNodeArg(ctx)
 	disc, _ := startV4(ctx)
@ -362,3 +399,23 @@ func parseBootnodes(ctx *cli.Context) ([]*enode.Node, error) {
 	}
 	return nodes, nil
 }
+
+type discv4API struct {
+	host *discover.UDPv4
+}
+
+func (api *discv4API) LookupRandom(n int) (ns []*enode.Node) {
+	it := api.host.RandomNodes()
+	for len(ns) < n && it.Next() {
+		ns = append(ns, it.Node())
+	}
+	return ns
+}
+
+func (api *discv4API) Buckets() [][]discover.BucketNode {
+	return api.host.TableBuckets()
+}
+
+func (api *discv4API) Self() *enode.Node {
+	return api.host.Self()
+}
--- a/cmd/devp2p/discv5cmd.go
+++ b/cmd/devp2p/discv5cmd.go
@ -19,11 +19,11 @@ package main
 import (
 	"errors"
 	"fmt"
+	"slices"
 	"time"

 	"github.com/ethereum/go-ethereum/cmd/devp2p/internal/v5test"
 	"github.com/ethereum/go-ethereum/common"
-	"github.com/ethereum/go-ethereum/internal/flags"
 	"github.com/ethereum/go-ethereum/p2p/discover"
 	"github.com/urfave/cli/v2"
 )
@ -56,7 +56,7 @@ var (
 		Name:   "crawl",
 		Usage:  "Updates a nodes.json file with random nodes found in the DHT",
 		Action: discv5Crawl,
-		Flags: flags.Merge(discoveryNodeFlags, []cli.Flag{
+		Flags: slices.Concat(discoveryNodeFlags, []cli.Flag{
 			crawlTimeoutFlag,
 		}),
 	}
--- a/cmd/devp2p/dns_cloudflare.go
+++ b/cmd/devp2p/dns_cloudflare.go
@ -88,7 +88,8 @@ func (c *cloudflareClient) checkZone(name string) error {
 	if !strings.HasSuffix(name, "."+zone.Name) {
 		return fmt.Errorf("CloudFlare zone name %q does not match name %q to be deployed", zone.Name, name)
 	}
-	needPerms := map[string]bool{"#zone:edit": false, "#zone:read": false}
+	// Necessary permissions for Cloudlare management - Zone:Read, DNS:Read, Zone:Edit, DNS:Edit
+	needPerms := map[string]bool{"#zone:edit": false, "#zone:read": false, "#dns_records:read": false, "#dns_records:edit": false}
 	for _, perm := range zone.Permissions {
 		if _, ok := needPerms[perm]; ok {
 			needPerms[perm] = true
--- a/cmd/devp2p/dns_route53.go
+++ b/cmd/devp2p/dns_route53.go
@ -17,6 +17,7 @@
 package main

 import (
+	"cmp"
 	"context"
 	"errors"
 	"fmt"
@ -292,13 +293,7 @@ func sortChanges(changes []types.Change) {
 		if a.Action == b.Action {
 			return strings.Compare(*a.ResourceRecordSet.Name, *b.ResourceRecordSet.Name)
 		}
-		if score[string(a.Action)] < score[string(b.Action)] {
-			return -1
-		}
-		if score[string(a.Action)] > score[string(b.Action)] {
-			return 1
-		}
-		return 0
+		return cmp.Compare(score[string(a.Action)], score[string(b.Action)])
 	})
 }

--- a/cmd/devp2p/internal/ethtest/chain.go
+++ b/cmd/devp2p/internal/ethtest/chain.go
@ -28,7 +28,6 @@ import (
 	"os"
 	"path/filepath"
 	"slices"
-	"sort"
 	"strings"

 	"github.com/ethereum/go-ethereum/common"
@ -41,6 +40,7 @@ import (
 	"github.com/ethereum/go-ethereum/eth/protocols/eth"
 	"github.com/ethereum/go-ethereum/params"
 	"github.com/ethereum/go-ethereum/rlp"
+	"golang.org/x/exp/maps"
 )

 // Chain is a lightweight blockchain-like store which can read a hivechain
@ -100,7 +100,6 @@ func (c *Chain) AccountsInHashOrder() []state.DumpAccount {
 	list := make([]state.DumpAccount, len(c.state))
 	i := 0
 	for addr, acc := range c.state {
-		addr := addr
 		list[i] = acc
 		list[i].Address = &addr
 		if len(acc.AddressHash) != 32 {
@ -167,11 +166,8 @@ func (c *Chain) RootAt(height int) common.Hash {
 // GetSender returns the address associated with account at the index in the
 // pre-funded accounts list.
 func (c *Chain) GetSender(idx int) (common.Address, uint64) {
-	var accounts Addresses
-	for addr := range c.senders {
-		accounts = append(accounts, addr)
-	}
-	sort.Sort(accounts)
+	accounts := maps.Keys(c.senders)
+	slices.SortFunc(accounts, common.Address.Cmp)
 	addr := accounts[idx]
 	return addr, c.senders[addr].Nonce
 }
@ -261,22 +257,6 @@ func loadGenesis(genesisFile string) (core.Genesis, error) {
 	return gen, nil
 }

-type Addresses []common.Address
-
-func (a Addresses) Len() int {
-	return len(a)
-}
-
-func (a Addresses) Less(i, j int) bool {
-	return bytes.Compare(a[i][:], a[j][:]) < 0
-}
-
-func (a Addresses) Swap(i, j int) {
-	tmp := a[i]
-	a[i] = a[j]
-	a[j] = tmp
-}
-
 func blocksFromFile(chainfile string, gblock *types.Block) ([]*types.Block, error) {
 	// Load chain.rlp.
 	fh, err := os.Open(chainfile)
--- a/cmd/devp2p/internal/ethtest/conn.go
+++ b/cmd/devp2p/internal/ethtest/conn.go
@ -53,7 +53,8 @@ func (s *Suite) dial() (*Conn, error) {
 // dialAs attempts to dial a given node and perform a handshake using the given
 // private key.
 func (s *Suite) dialAs(key *ecdsa.PrivateKey) (*Conn, error) {
-	fd, err := net.Dial("tcp", fmt.Sprintf("%v:%d", s.Dest.IP(), s.Dest.TCP()))
+	tcpEndpoint, _ := s.Dest.TCPEndpoint()
+	fd, err := net.Dial("tcp", tcpEndpoint.String())
 	if err != nil {
 		return nil, err
 	}
--- a/cmd/devp2p/internal/ethtest/protocol.go
+++ b/cmd/devp2p/internal/ethtest/protocol.go
@ -13,6 +13,7 @@
 //
 // You should have received a copy of the GNU General Public License
 // along with go-ethereum. If not, see <http://www.gnu.org/licenses/>.
+
 package ethtest

 import (
--- a/cmd/devp2p/internal/ethtest/snap.go
+++ b/cmd/devp2p/internal/ethtest/snap.go
@ -32,7 +32,6 @@ import (
 	"github.com/ethereum/go-ethereum/internal/utesting"
 	"github.com/ethereum/go-ethereum/trie"
 	"github.com/ethereum/go-ethereum/trie/trienode"
-	"golang.org/x/crypto/sha3"
 )

 func (c *Conn) snapRequest(code uint64, msg any) (any, error) {
@ -287,7 +286,6 @@ a key before startingHash (wrong order). The server should return the first avai
 	}

 	for i, tc := range tests {
-		tc := tc
 		if i > 0 {
 			t.Log("\n")
 		}
@ -430,7 +428,6 @@ of the test account. The server should return slots [2,3] (i.e. the 'next availa
 	}

 	for i, tc := range tests {
-		tc := tc
 		if i > 0 {
 			t.Log("\n")
 		}
@ -527,7 +524,6 @@ func (s *Suite) TestSnapGetByteCodes(t *utesting.T) {
 	}

 	for i, tc := range tests {
-		tc := tc
 		if i > 0 {
 			t.Log("\n")
 		}
@ -724,7 +720,6 @@ The server should reject the request.`,
 	}

 	for i, tc := range tests {
-		tc := tc
 		if i > 0 {
 			t.Log("\n")
 		}
@ -905,7 +900,7 @@ func (s *Suite) snapGetByteCodes(t *utesting.T, tc *byteCodesTest) error {
 	// that the serving node is missing
 	var (
 		bytecodes = res.Codes
-		hasher    = sha3.NewLegacyKeccak256().(crypto.KeccakState)
+		hasher    = crypto.NewKeccakState()
 		hash      = make([]byte, 32)
 		codes     = make([][]byte, len(req.Hashes))
 	)
@ -964,7 +959,7 @@ func (s *Suite) snapGetTrieNodes(t *utesting.T, tc *trieNodesTest) error {

 	// Cross reference the requested trienodes with the response to find gaps
 	// that the serving node is missing
-	hasher := sha3.NewLegacyKeccak256().(crypto.KeccakState)
+	hasher := crypto.NewKeccakState()
 	hash := make([]byte, 32)
 	trienodes := res.Nodes
 	if got, want := len(trienodes), len(tc.expHashes); got != want {
--- a/cmd/devp2p/internal/ethtest/suite.go
+++ b/cmd/devp2p/internal/ethtest/suite.go
@ -849,7 +849,16 @@ func (s *Suite) TestBlobViolations(t *utesting.T) {
 		if code, _, err := conn.Read(); err != nil {
 			t.Fatalf("expected disconnect on blob violation, got err: %v", err)
 		} else if code != discMsg {
-			t.Fatalf("expected disconnect on blob violation, got msg code: %d", code)
+			if code == protoOffset(ethProto)+eth.NewPooledTransactionHashesMsg {
+				// sometimes we'll get a blob transaction hashes announcement before the disconnect
+				// because blob transactions are scheduled to be fetched right away.
+				if code, _, err = conn.Read(); err != nil {
+					t.Fatalf("expected disconnect on blob violation, got err on second read: %v", err)
+				}
+			}
+			if code != discMsg {
+				t.Fatalf("expected disconnect on blob violation, got msg code: %d", code)
+			}
 		}
 		conn.Close()
 	}
--- a/cmd/devp2p/internal/ethtest/suite_test.go
+++ b/cmd/devp2p/internal/ethtest/suite_test.go
@ -34,12 +34,12 @@ import (
 	"github.com/ethereum/go-ethereum/p2p"
 )

-func makeJWTSecret() (string, [32]byte, error) {
+func makeJWTSecret(t *testing.T) (string, [32]byte, error) {
 	var secret [32]byte
 	if _, err := crand.Read(secret[:]); err != nil {
 		return "", secret, fmt.Errorf("failed to create jwt secret: %v", err)
 	}
-	jwtPath := filepath.Join(os.TempDir(), "jwt_secret")
+	jwtPath := filepath.Join(t.TempDir(), "jwt_secret")
 	if err := os.WriteFile(jwtPath, []byte(hexutil.Encode(secret[:])), 0600); err != nil {
 		return "", secret, fmt.Errorf("failed to prepare jwt secret file: %v", err)
 	}
@ -47,7 +47,7 @@ func makeJWTSecret() (string, [32]byte, error) {
 }

 func TestEthSuite(t *testing.T) {
-	jwtPath, secret, err := makeJWTSecret()
+	jwtPath, secret, err := makeJWTSecret(t)
 	if err != nil {
 		t.Fatalf("could not make jwt secret: %v", err)
 	}
@ -75,7 +75,7 @@ func TestEthSuite(t *testing.T) {
 }

 func TestSnapSuite(t *testing.T) {
-	jwtPath, secret, err := makeJWTSecret()
+	jwtPath, secret, err := makeJWTSecret(t)
 	if err != nil {
 		t.Fatalf("could not make jwt secret: %v", err)
 	}
--- a/cmd/devp2p/internal/ethtest/testdata/genesis.json
+++ b/cmd/devp2p/internal/ethtest/testdata/genesis.json
@ -18,7 +18,6 @@
    "shanghaiTime": 780,
    "cancunTime": 840,
    "terminalTotalDifficulty": 9454784,
-    "terminalTotalDifficultyPassed": true,
    "ethash": {}
  },
  "nonce": "0x0",
--- a/cmd/devp2p/internal/v4test/discv4tests.go
+++ b/cmd/devp2p/internal/v4test/discv4tests.go
@ -194,7 +194,7 @@ func PingExtraData(t *utesting.T) {
 	}
 }

-// This test sends a PING packet with additional data and wrong 'from' field
+// PingExtraDataWrongFrom sends a PING packet with additional data and wrong 'from' field
 // and expects a PONG response.
 func PingExtraDataWrongFrom(t *utesting.T) {
 	te := newTestEnv(Remote, Listen1, Listen2)
@ -215,7 +215,7 @@ func PingExtraDataWrongFrom(t *utesting.T) {
 	}
 }

-// This test sends a PING packet with an expiration in the past.
+// PingPastExpiration sends a PING packet with an expiration in the past.
 // The remote node should not respond.
 func PingPastExpiration(t *utesting.T) {
 	te := newTestEnv(Remote, Listen1, Listen2)
@ -234,7 +234,7 @@ func PingPastExpiration(t *utesting.T) {
 	}
 }

-// This test sends an invalid packet. The remote node should not respond.
+// WrongPacketType sends an invalid packet. The remote node should not respond.
 func WrongPacketType(t *utesting.T) {
 	te := newTestEnv(Remote, Listen1, Listen2)
 	defer te.close()
@ -252,7 +252,7 @@ func WrongPacketType(t *utesting.T) {
 	}
 }

-// This test verifies that the default behaviour of ignoring 'from' fields is unaffected by
+// BondThenPingWithWrongFrom verifies that the default behaviour of ignoring 'from' fields is unaffected by
 // the bonding process. After bonding, it pings the target with a different from endpoint.
 func BondThenPingWithWrongFrom(t *utesting.T) {
 	te := newTestEnv(Remote, Listen1, Listen2)
@ -289,7 +289,7 @@ waitForPong:
 	}
 }

-// This test just sends FINDNODE. The remote node should not reply
+// FindnodeWithoutEndpointProof sends FINDNODE. The remote node should not reply
 // because the endpoint proof has not completed.
 func FindnodeWithoutEndpointProof(t *utesting.T) {
 	te := newTestEnv(Remote, Listen1, Listen2)
@ -332,7 +332,7 @@ func BasicFindnode(t *utesting.T) {
 	}
 }

-// This test sends an unsolicited NEIGHBORS packet after the endpoint proof, then sends
+// UnsolicitedNeighbors sends an unsolicited NEIGHBORS packet after the endpoint proof, then sends
 // FINDNODE to read the remote table. The remote node should not return the node contained
 // in the unsolicited NEIGHBORS packet.
 func UnsolicitedNeighbors(t *utesting.T) {
@ -373,7 +373,7 @@ func UnsolicitedNeighbors(t *utesting.T) {
 	}
 }

-// This test sends FINDNODE with an expiration timestamp in the past.
+// FindnodePastExpiration sends FINDNODE with an expiration timestamp in the past.
 // The remote node should not respond.
 func FindnodePastExpiration(t *utesting.T) {
 	te := newTestEnv(Remote, Listen1, Listen2)
@ -426,7 +426,7 @@ func bond(t *utesting.T, te *testenv) {
 	}
 }

-// This test attempts to perform a traffic amplification attack against a
+// FindnodeAmplificationInvalidPongHash attempts to perform a traffic amplification attack against a
 // 'victim' endpoint using FINDNODE. In this attack scenario, the attacker
 // attempts to complete the endpoint proof non-interactively by sending a PONG
 // with mismatching reply token from the 'victim' endpoint. The attack works if
@ -478,7 +478,7 @@ func FindnodeAmplificationInvalidPongHash(t *utesting.T) {
 	}
 }

-// This test attempts to perform a traffic amplification attack using FINDNODE.
+// FindnodeAmplificationWrongIP attempts to perform a traffic amplification attack using FINDNODE.
 // The attack works if the remote node does not verify the IP address of FINDNODE
 // against the endpoint verification proof done by PING/PONG.
 func FindnodeAmplificationWrongIP(t *utesting.T) {
--- a/cmd/devp2p/internal/v4test/framework.go
+++ b/cmd/devp2p/internal/v4test/framework.go
@ -53,16 +53,18 @@ func newTestEnv(remote string, listen1, listen2 string) *testenv {
 	if err != nil {
 		panic(err)
 	}
-	if node.IP() == nil || node.UDP() == 0 {
+	if !node.IPAddr().IsValid() || node.UDP() == 0 {
 		var ip net.IP
 		var tcpPort, udpPort int
-		if ip = node.IP(); ip == nil {
+		if node.IPAddr().IsValid() {
+			ip = node.IPAddr().AsSlice()
+		} else {
 			ip = net.ParseIP("127.0.0.1")
 		}
 		if tcpPort = node.TCP(); tcpPort == 0 {
 			tcpPort = 30303
 		}
-		if udpPort = node.TCP(); udpPort == 0 {
+		if udpPort = node.UDP(); udpPort == 0 {
 			udpPort = 30303
 		}
 		node = enode.NewV4(node.Pubkey(), ip, tcpPort, udpPort)
@ -110,7 +112,7 @@ func (te *testenv) localEndpoint(c net.PacketConn) v4wire.Endpoint {
 }

 func (te *testenv) remoteEndpoint() v4wire.Endpoint {
-	return v4wire.NewEndpoint(te.remoteAddr, 0)
+	return v4wire.NewEndpoint(te.remoteAddr.AddrPort(), 0)
 }

 func contains(ns []v4wire.Node, key v4wire.Pubkey) bool {
--- a/cmd/devp2p/nodeset.go
+++ b/cmd/devp2p/nodeset.go
@ -18,6 +18,7 @@ package main

 import (
 	"bytes"
+	"cmp"
 	"encoding/json"
 	"fmt"
 	"os"
@ -104,13 +105,7 @@ func (ns nodeSet) topN(n int) nodeSet {
 		byscore = append(byscore, v)
 	}
 	slices.SortFunc(byscore, func(a, b nodeJSON) int {
-		if a.Score > b.Score {
-			return -1
-		}
-		if a.Score < b.Score {
-			return 1
-		}
-		return 0
+		return cmp.Compare(b.Score, a.Score)
 	})
 	result := make(nodeSet, n)
 	for _, v := range byscore[:n] {
--- a/cmd/devp2p/nodesetcmd.go
+++ b/cmd/devp2p/nodesetcmd.go
@ -19,7 +19,7 @@ package main
 import (
 	"errors"
 	"fmt"
-	"net"
+	"net/netip"
 	"sort"
 	"strconv"
 	"strings"
@ -205,11 +205,11 @@ func trueFilter(args []string) (nodeFilter, error) {
 }

 func ipFilter(args []string) (nodeFilter, error) {
-	_, cidr, err := net.ParseCIDR(args[0])
+	prefix, err := netip.ParsePrefix(args[0])
 	if err != nil {
 		return nil, err
 	}
-	f := func(n nodeJSON) bool { return cidr.Contains(n.N.IP()) }
+	f := func(n nodeJSON) bool { return prefix.Contains(n.N.IPAddr()) }
 	return f, nil
 }

@ -230,8 +230,6 @@ func ethFilter(args []string) (nodeFilter, error) {
 	switch args[0] {
 	case "mainnet":
 		filter = forkid.NewStaticFilter(params.MainnetChainConfig, core.DefaultGenesisBlock().ToBlock())
-	case "goerli":
-		filter = forkid.NewStaticFilter(params.GoerliChainConfig, core.DefaultGoerliGenesisBlock().ToBlock())
 	case "sepolia":
 		filter = forkid.NewStaticFilter(params.SepoliaChainConfig, core.DefaultSepoliaGenesisBlock().ToBlock())
 	case "holesky":
--- a/cmd/devp2p/rlpxcmd.go
+++ b/cmd/devp2p/rlpxcmd.go
@ -77,7 +77,11 @@ var (

 func rlpxPing(ctx *cli.Context) error {
 	n := getNodeArg(ctx)
-	fd, err := net.Dial("tcp", fmt.Sprintf("%v:%d", n.IP(), n.TCP()))
+	tcpEndpoint, ok := n.TCPEndpoint()
+	if !ok {
+		return errors.New("node has no TCP endpoint")
+	}
+	fd, err := net.Dial("tcp", tcpEndpoint.String())
 	if err != nil {
 		return err
 	}
@ -105,7 +109,7 @@ func rlpxPing(ctx *cli.Context) error {
 		}
 		return fmt.Errorf("received disconnect message: %v", msg[0])
 	default:
-		return fmt.Errorf("invalid message code %d, expected handshake (code zero)", code)
+		return fmt.Errorf("invalid message code %d, expected handshake (code zero) or disconnect (code one)", code)
 	}
 	return nil
 }
--- a/cmd/evm/README.md
+++ b/cmd/evm/README.md
@ -14,15 +14,15 @@ The `evm t8n` tool is a stateless state transition utility. It is a utility
 which can

 1. Take a prestate, including
-  - Accounts,
-  - Block context information,
-  - Previous blockshashes (*optional)
+   - Accounts,
+   - Block context information,
+   - Previous blockshashes (*optional)
 2. Apply a set of transactions,
 3. Apply a mining-reward (*optional),
 4. And generate a post-state, including
-  - State root, transaction root, receipt root,
-  - Information about rejected transactions,
-  - Optionally: a full or partial post-state dump
+   - State root, transaction root, receipt root,
+   - Information about rejected transactions,
+   - Optionally: a full or partial post-state dump

 ### Specification

--- a/cmd/evm/blockrunner.go
+++ b/cmd/evm/blockrunner.go
@ -22,79 +22,84 @@ import (
 	"fmt"
 	"os"
 	"regexp"
-	"sort"
+	"slices"

 	"github.com/ethereum/go-ethereum/core"
 	"github.com/ethereum/go-ethereum/core/rawdb"
-	"github.com/ethereum/go-ethereum/core/tracing"
-	"github.com/ethereum/go-ethereum/eth/tracers/logger"
 	"github.com/ethereum/go-ethereum/tests"
 	"github.com/urfave/cli/v2"
+	"golang.org/x/exp/maps"
 )

-var RunFlag = &cli.StringFlag{
-	Name:  "run",
-	Value: ".*",
-	Usage: "Run only those tests matching the regular expression.",
-}
-
 var blockTestCommand = &cli.Command{
 	Action:    blockTestCmd,
 	Name:      "blocktest",
 	Usage:     "Executes the given blockchain tests",
-	ArgsUsage: "<file>",
-	Flags:     []cli.Flag{RunFlag},
+	ArgsUsage: "<path>",
+	Flags: slices.Concat([]cli.Flag{
+		DumpFlag,
+		HumanReadableFlag,
+		RunFlag,
+		WitnessCrossCheckFlag,
+	}, traceFlags),
 }

 func blockTestCmd(ctx *cli.Context) error {
-	if len(ctx.Args().First()) == 0 {
-		return errors.New("path-to-test argument required")
+	path := ctx.Args().First()
+	if len(path) == 0 {
+		return errors.New("path argument required")
 	}
+	var (
+		collected = collectFiles(path)
+		results   []testResult
+	)
+	for _, fname := range collected {
+		r, err := runBlockTest(ctx, fname)
+		if err != nil {
+			return err
+		}
+		results = append(results, r...)
+	}
+	report(ctx, results)
+	return nil
+}

-	var tracer *tracing.Hooks
-	// Configure the EVM logger
-	if ctx.Bool(MachineFlag.Name) {
-		tracer = logger.NewJSONLogger(&logger.Config{
-			EnableMemory:     !ctx.Bool(DisableMemoryFlag.Name),
-			DisableStack:     ctx.Bool(DisableStackFlag.Name),
-			DisableStorage:   ctx.Bool(DisableStorageFlag.Name),
-			EnableReturnData: !ctx.Bool(DisableReturnDataFlag.Name),
-		}, os.Stderr)
-	}
-	// Load the test content from the input file
-	src, err := os.ReadFile(ctx.Args().First())
+func runBlockTest(ctx *cli.Context, fname string) ([]testResult, error) {
+	src, err := os.ReadFile(fname)
 	if err != nil {
-		return err
+		return nil, err
 	}
-	var tests map[string]tests.BlockTest
+	var tests map[string]*tests.BlockTest
 	if err = json.Unmarshal(src, &tests); err != nil {
-		return err
+		return nil, err
 	}
 	re, err := regexp.Compile(ctx.String(RunFlag.Name))
 	if err != nil {
-		return fmt.Errorf("invalid regex -%s: %v", RunFlag.Name, err)
+		return nil, fmt.Errorf("invalid regex -%s: %v", RunFlag.Name, err)
 	}
+	tracer := tracerFromFlags(ctx)

-	// Run them in order
-	var keys []string
-	for key := range tests {
-		keys = append(keys, key)
-	}
-	sort.Strings(keys)
+	// Pull out keys to sort and ensure tests are run in order.
+	keys := maps.Keys(tests)
+	slices.Sort(keys)
+
+	// Run all the tests.
+	var results []testResult
 	for _, name := range keys {
 		if !re.MatchString(name) {
 			continue
 		}
-		test := tests[name]
-		if err := test.Run(false, rawdb.HashScheme, tracer, func(res error, chain *core.BlockChain) {
+		result := &testResult{Name: name, Pass: true}
+		if err := tests[name].Run(false, rawdb.HashScheme, ctx.Bool(WitnessCrossCheckFlag.Name), tracer, func(res error, chain *core.BlockChain) {
 			if ctx.Bool(DumpFlag.Name) {
-				if state, _ := chain.State(); state != nil {
-					fmt.Println(string(state.Dump(nil)))
+				if s, _ := chain.State(); s != nil {
+					result.State = dump(s)
 				}
 			}
 		}); err != nil {
-			return fmt.Errorf("test %v: %w", name, err)
+			result.Pass, result.Error = false, err.Error()
 		}
+		results = append(results, *result)
 	}
-	return nil
+	return results, nil
 }
--- a/Show More
+++ b/Show More
				`@ -1 +0,0 @@`
				`{"address":"f466859ead1932d743d622cb74fc058882e8648a","crypto":{"cipher":"aes-128-ctr","ciphertext":"cb664472deacb41a2e995fa7f96fe29ce744471deb8d146a0e43c7898c9ddd4d","cipherparams":{"iv":"dfd9ee70812add5f4b8f89d0811c9158"},"kdf":"scrypt","kdfparams":{"dklen":32,"n":8,"p":16,"r":8,"salt":"0d6769bf016d45c479213990d6a08d938469c4adad8a02ce507b4a4e7b7739f1"},"mac":"bac9af994b15a45dd39669fc66f9aa8a3b9dd8c22cb16e4d8d7ea089d0f1a1a9"},"id":"472e8b3d-afb6-45b5-8111-72c89895099a","version":3}`
				`@ -1 +0,0 @@`
				`{"address":"7ef5a6135f1fd6a02593eedc869c6d41d934aef8","crypto":{"cipher":"aes-128-ctr","ciphertext":"1d0839166e7a15b9c1333fc865d69858b22df26815ccf601b28219b6192974e1","cipherparams":{"iv":"8df6caa7ff1b00c4e871f002cb7921ed"},"kdf":"scrypt","kdfparams":{"dklen":32,"n":8,"p":16,"r":8,"salt":"e5e6ef3f4ea695f496b643ebd3f75c0aa58ef4070e90c80c5d3fb0241bf1595c"},"mac":"6d16dfde774845e4585357f24bce530528bc69f4f84e1e22880d34fa45c273e5"},"id":"950077c7-71e3-4c44-a4a1-143919141ed4","version":3}`