diff --git a/op-node/p2p/gossip.go b/op-node/p2p/gossip.go
index 68746d2632a11..373c90da2514c 100644
--- a/op-node/p2p/gossip.go
+++ b/op-node/p2p/gossip.go
@@ -224,7 +224,11 @@ func BuildBlocksValidator(log log.Logger, cfg *rollup.Config) pubsub.ValidatorEx
 		signatureBytes, payloadBytes := data[:65], data[65:]
 
 		// [REJECT] if the signature by the sequencer is not valid
-		signingHash := BlockSigningHash(cfg, payloadBytes)
+		signingHash, err := BlockSigningHash(cfg, payloadBytes)
+		if err != nil {
+			log.Warn("failed to compute block signing hash", "err", err, "peer", id)
+			return pubsub.ValidationReject
+		}
 
 		pub, err := crypto.SigToPub(signingHash[:], signatureBytes)
 		if err != nil {
diff --git a/op-node/p2p/signer.go b/op-node/p2p/signer.go
index b7914b6ae8f84..c52e5c2927f73 100644
--- a/op-node/p2p/signer.go
+++ b/op-node/p2p/signer.go
@@ -23,19 +23,22 @@ type Signer interface {
 	io.Closer
 }
 
-func SigningHash(domain [32]byte, chainID *big.Int, payloadBytes []byte) common.Hash {
+func SigningHash(domain [32]byte, chainID *big.Int, payloadBytes []byte) (common.Hash, error) {
 	var msgInput [32 + 32 + 32]byte
 	// domain: first 32 bytes
 	copy(msgInput[:32], domain[:])
 	// chain_id: second 32 bytes
+	if chainID.BitLen() > 256 {
+		return common.Hash{}, errors.New("chain_id is too large")
+	}
 	chainID.FillBytes(msgInput[32:64])
 	// payload_hash: third 32 bytes, hash of encoded payload
 	copy(msgInput[32:], crypto.Keccak256(payloadBytes))
 
-	return crypto.Keccak256Hash(msgInput[:])
+	return crypto.Keccak256Hash(msgInput[:]), nil
 }
 
-func BlockSigningHash(cfg *rollup.Config, payloadBytes []byte) common.Hash {
+func BlockSigningHash(cfg *rollup.Config, payloadBytes []byte) (common.Hash, error) {
 	return SigningHash(SigningDomainBlocksV1, cfg.L2ChainID, payloadBytes)
 }
 
@@ -52,7 +55,10 @@ func (s *LocalSigner) Sign(ctx context.Context, domain [32]byte, chainID *big.In
 	if s.priv == nil {
 		return nil, errors.New("signer is closed")
 	}
-	signingHash := SigningHash(domain, chainID, encodedMsg)
+	signingHash, err := SigningHash(domain, chainID, encodedMsg)
+	if err != nil {
+		return nil, err
+	}
 	signature, err := crypto.Sign(signingHash[:], s.priv)
 	if err != nil {
 		return nil, err